BookStack Security Release v21.11.3

Dan Brown posted on the 15th of December 2021

BookStack v21.11.3 has been released. This is a security release that helps prevent potential discovery and harvesting of user details including name and email address.

It’s advised to upgrade as soon as possible if your BookStack instance is public or is used by untrusted members.

Thanks to @haxatron for discovering and reporting this vulnerability via huntr.dev.

Full List of Changes

Helped prevent discovery and harvesting of user information. Thanks @haxatron for reporting. (#3108)
Updated search API results to include the highlighted preview content. (#3096)
Updated search API results to include item URL. (#3080)
Updated translations with latest Crowdin changes. (#3093)

For More Information

If you have any questions or comments about this advisory:

Open an issue in the BookStack GitHub repository.
Ask on the BookStack Discord chat.
Follow the BookStack security policy to contact someone privately.

Header Image Credits: Photo by Lucas Santos on Unsplash

Want to let me know what you think of BookStack or this post?
You can find me on Mastodon @danb@fosstodon.org or on the BookStack Discord server.

Subscribe to Updates

There are two lists you can sign-up to for updates, A general news & updates list, sent on a weekly basis, and a security alerts list that's sent when new security updates are available.

News and Updates | Security Alerts