Skip to content

v25.12.1-ls239

Latest
Latest

Choose a tag to compare

View all tags
@LinuxServer-CI LinuxServer-CI released this 04 Jan 23:52
v25.12.1-ls239
4f99d38
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

CI Report:

N/A

LinuxServer Changes:

New Contributors

Full Changelog: v25.12.1-ls238...v25.12.1-ls239

Remote Changes:

Security Release

BookStack v25.12.1 has been released.

This is a security release which adds limits to search operations, and adds size checks to ZIP import files before they are extracted.
These changes help prevent potential abuse to host disk space usage and/or service availability.

We recommended to update your instance if untrusted users have ZIP import permissions, or if untrusted users can perform searches.

Thanks to Jeong Woo Lee (@eclipse07077-ljw) and Gabriel Rodrigues (aka TEXUGO) for reporting these vulnerabilities.

Full List of Changes

  • Updated application PHP dependencies.
  • Add some additional resource-based limits. (#5968)
  • Updated translations with latest Crowdin changes. (#5962)

Contributors

pfeyz and thespad
Assets 2
Loading