BookStack Blog

For a while I’ve been playing with the idea of being able to mount a BookStack instance as a Linux file system. I attempted this a while ago, but recently dedicated a day to finishing up a proof on concept for this. The resulting project, with usage details, can be found here on Codeberg:

Yesterday I released BookStack v25.02.1 which included a range of updates to the system CLI, one of which being a new command:

Today we release BookStack v25.02! This aimed to be a maintenance release with the primary goal of upgrading our core framework, but it grew a little to include some goodies like automatic sorting, theme system additions, and editor improvements.

As we cross over yet another year boundary we look back at the progress, maintenance and funding of the project for 2024 with a view of potential plans in 2025:

For this Christmas time period we have BookStack v24.12 which includes the gift of a new import & export format, while improving upon the new editor introduced in the last release.

BookStack v24.10.2 has been released.

This is a security release to address a vulnerability in our dependencies where specifically formatted requests could be used to manipulate application configuration in environments where a certain PHP option (register_argc_argv) is enabled. This is not an option that’s typically enabled in production web-serving environments, but it’s advised to update where uncertain.

This laggard of a release finally lingers to deployment this day in October bringing the first alpha-state inclusion of the new WYSIWYG editor, which has been the main development focus, but that doesn’t stop a few other goodies being included for this release too!

Since we’ve gone a few months without an update I thought it’d be good to provide a post regarding project progress & other activities, so here’s what’s been going on over the last few months:

BookStack v24.05.4 has been released.

This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in “book-show” API responses which would not have permissions applied properly.

Today the BookStack project becomes 9 years old! Like last year’s post, and the years before it, we’ll take this as an opportunity to provide an update on the status of the project including the financials, current development status, and the growth figures.

BookStack v24.05.1 has been released. This is a security release that adds extra rate-limiting to some forms that are accessible without authentication, while also implementing changes to prevent methods that could be used to indicate if specific user emails exist in the system.

Today we release a new BookStack feature update that’s mainly focused on updating the core underlying framework and some accompanying code, but that work comes with a sprinkling of extra additions and tweaks too.

For our first feature release of 2024 we have a variety enhancements to enjoy! Many of these build upon the work from the previous release, while many others address some common pain-points in BookStack.

BookStack v23.12.3 has been released. This is a security release that addresses a vulnerability in PDF generation that could be exploited to perform blind server-side-request forgery.

As we enter into 2024 I thought we’d once again look back over the past year to review the development of the platform throughout 2023 while also diving into topics about the wider project including funding and the impact of AI.

As a little Christmas-time treat we have BookStack v23.12 slipping in as the last release of the year. This release focuses on providing a simple WYSIWYG editor for description inputs, along with adding default page templates within books, in addition to some other additional gifts.

BookStack v23.10.3 has been released. This is a security release that addresses a vulnerability in image handling which could be exploited to perform server-side requests or read the contents of files on the server system. Additionally, this update addresses a lack of permission check in some image creation actions.

This October maintenance release brings with it more than originally planned, with a significant revamp of user self-management in addition to an updated editor design, along with many other additions & improvements.

The August release of BookStack is now here! This is focused upon an initial implementation of a notification system for content, but as usual there are a few other improvements to enjoy.

Since setting it up in 2021, the BookStack YouTube channel has grown to be a fairly significant repository of guides and visual project updates. Our following on YouTube has also grown reaching 1.5k subscribers, which means I can even earn from our content on the platform as an extra minor revenue stream.

As we veer towards the middle of July we hit the 8-year mark for the BookStack project. Following the pattern from previous years, we’ll compare the project’s various metrics year-on-year, and provide an update on finances.

Today brings us BookStack v23.06 which aims to improve how comments are displayed & used, while also providing a revamp to the image manager among many other fixes and improvements.

BookStack v23.05 releases today, sneaking into the start of May with a bunch of additions, updates and changes including a new command line tool to help with admin operations.

There’s no new feature release for BookStack this month, due to various distractions and the type of work done in this release cycle, so I thought it’d be good to instead provide a general project update to highlight what has happened in the last month or so.

BookStack v23.02 is here, acting primarily as a maintenance release to upgrade the underlying framework while optimizing things and making a few other additions.

Over the last few years BookStack has gained a few different methods that can be used to customize functionally and aesthetics. Quite often, for ideas that don’t quite fit for quick implementation within the core BookStack codebase, I’d provide a simplistic customization that can used to achieve that idea right now, using BookStack’s methods of hackery. These were scattered around GitHub issues, GitHub gists and discord messages, which required me to also provide implementation guidance each time. To organize and streamline the process of sharing these, there’s now a dedicated section on the BookStack site:

BookStack v23.01.1 has been released. This is a security release that addresses a potential vulnerability in PDF generation that could be used to make server-side requests or run potential other PHP code.

To start off our releases for the year we have BookStack v23.01 which adds many user experience enhancements & options while also making subtle further back-end changes to permissions.

Well 2022 is now in the past. During the year BookStack had a few milestones which included reaching the top of Hacker News, becoming 7 years old and hitting 10K stars on GitHub. In this post we’ll look back on how the project has progressed over the year, not just in terms of the codebase but also elements of the wider project as a whole.

Just sneaking into November is BookStack v22.11 which comes with a splendid spread of surprises intended to enhance many existing interfaces and features of BookStack. There’s no upgrade notices for this one, so let’s jump right in.

This spooky season supplies us with BookStack v22.10, which continues our work to improve permission control while bringing along some extra treats, without any tricks.

Today, after over 7 years of continuous active development, we’ve now reached 10,000 stars on GitHub! 🥳 🥳 🥳

Previously when hitting star milestones I’ve written about the the project growth relative to this metric but, since I’ve already published such as post this year, I thought we’d do something different via video.

The BookStack September release is here with a variety of desired features that build upon, and enhance, existing BookStack systems. As usual, it also includes language updates and a bunch of tweaks & fixes.

As the maintainer of a documentation platform, I find myself taking note of methods of how people go about creating documentation. I strongly believe that there’s no “single best method” when it comes to documentation, and that any option that’d actually be used is a value gain.

BookStack v22.07.3 has been released. This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack’s usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

For July we have what could be considered a “stepping-stone” release since it marks the start of some underlying permission system changes but it does bundle in a rich set of system enhancements & minor features. Let’s jump right in.

Another year goes by with BookStack now being 7 years in development from its original commit on the 12th of July 2015. In this post we’ll continue the yearly tradition of reviewing the figures while exploring how this year has proved different to the years before it.

BookStack v22.06 is now here! This release was primarily refinement focused but it does include some great new features that may streamline your usage of the platform.

Today brings the release of BookStack v22.04! This includes the much-awaited feature of easier page editor switching, in addition to a bunch of other additions and improvements.

To support today’s release of the next LTS version of Ubuntu, 22.04 (Jammy Jellyfish), we have added a new BookStack install script for users of this OS:

It’s been a while since I last put out a blogpost regarding a GitHub star milestone, with the last being a December 2017 blogpost where we hit 1000 stars. Well today I’m happy to say we’ve now hit 9,000 stars on GitHub! 🥳 🥳 🥳

Today we release BookStack v22.03 which features some further additions to the WYSIWYG editor, aiming to align its feature-set with our markdown editor. We also see some changes to the settings view while LDAP users get a useful new debugging option.

Today I’m happy to announce availability of official BookStack support services! These services are broken down into a couple of different plans, the detail of which can be found on our new support page.

BookStack v22.02.3 has been released. This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.

Today we announce the first BookStack feature release of 2022. This brings updates & features to the WYSIWYG editor, user management API endpoints and much more. In this post we cover features added in this release in addition to some notable changes in the v21.12 patch releases.

A few times recently people have asked how they can get involved and help BookStack so I thought I’d formalize my response into this blog post. While the below is my view in regards to BookStack contributions, it will likely apply to many open source projects

BookStack v21.12.1 has been released. This is a security release that better enforces permissions on book-sort & chapter-move operations to address scenarios where content could be moved to non-permissible locations.

Thought it would be nice to take some time out to look back over the last year and review how things have progressed. This’ll be a relatively high level summary but more detailed figures can be found in our six years of BookStack post from back in July.

As our last feature release of the year BookStack v21.12 is now available. Upon a bunch of fixes & improvements, this release features outgoing webhooks in addition to the ability of copying entire chapters and books.

BookStack v21.11.3 has been released. This is a security release that helps prevent potential discovery and harvesting of user details including name and email address.