Beta Security Release v0.18.5 + Other Bugfix Releases
Dan Brown posted on the 11th of November 2017
Security Release v0.18.5
This release fixes the following security issue:
- Fixed issue where email confirmation was not forced when domain restriction was enabled. (#573)
This issue meant that if you have domain restriction enabled on sign-up, and you did not enable email confirmation, a user could sign up via email (Using an approved email domain) but then login right away without confirming they own the email.
It is suggested that if you had email confirmation disabled but domain restriction enabled you check all user accounts to ensure they are legitimate. This change may also mean that, after updating, some users will need to confirm their email address to access the BookStack instance.
Sincere apologies for this issue.
Other Bugfix Releases
Since the last blogpost for v0.18 we’ve deployed quite a few bugfix releases. Here’s the full changelog of v0.18.1 to v0.18.5:
- Fixed issue where images would jump to the bottom when pasted into a page. (#489)
- Fixed bug preventing pages being saved when including other page content. (#514)
- ‘Spanish Argentina’ translations added, Thanks to @leomartinez. (#517)
- Russian translations added, Thanks to @turbotankist. (#506)
- Some Dutch translations updated, Thanks to @sanderdw. (#510)
- When using social authentication, You are now redirected to your original intended location upon login. (#508)
- Updated code colorscheme to highlight shell commands. (#535)
- Prevented homepage item ‘details’ overflowing out of the lists. (#533)
- Improved search indexing to better split words apart. Fixes words at the start of sentances not being searchable. (#531)
- Updated Italian translations. Thanks to @cipi1965. (#529)
- Updated Russian translations. Thanks to @turbotankist. (#528)
- Update Dutch translations. Thanks to @sanderdw. (#523)
- Removed trailing spaces from input to achieve cleaner URLs. (#526)
- Migrated all AngularJS code. Results in much less JavaScript. (#524)
- Added Office 365/AzureAD as a social auth option. (#509)
- Added search filter to sort pages by last commented. (#440)
- Fixed issues where shortcuts would overwrite ‘Alt-Gr’ based character input. (#330)
- Improved image fetching for exporting. A hopeful solution to #392.
- Prevented duplicate hypens in generated slugs. (#589)
- Fixed url slugs when multi-byte characters are included. Thanks to @wowkaster. (#582)
- Allow custom session lifetime expiry. (#570)
- Fixed tag suggestions not functioning when BookStack is on a URI sub-path. Thanks to @10bass. (#563)
- Updated pt_BR translations. Thanks to @lbguilherme. (#558)
Header Image Credits: Jason Blackeye