BookStack Security Release v24.10.2

Dan Brown posted on the 13th of November 2024

BookStack v24.10.2 has been released.

This is a security release to address a vulnerability in our dependencies where specifically formatted requests could be used to manipulate application configuration in environments where a certain PHP option (register_argc_argv) is enabled. This is not an option that’s typically enabled in production web-serving environments, but it’s advised to update where uncertain.

Full List of Changes

Updated application PHP dependencies.
Updated translations with latest Crowdin changes. (#5317)

For More Information

If you have any questions or comments about this advisory:

Open an issue in the BookStack GitHub repository.
Ask on the BookStack Discord chat.
Follow the BookStack security policy to contact someone privately.

Header Image Credits: Photo by Dietmar Rabich (CC-BY-SA 4.0) - Image Modified

Want to let me know what you think of BookStack or this post?
You can find me on Mastodon @danb@fosstodon.org or on the BookStack Discord server.

Subscribe to Updates

There are two lists you can sign-up to for updates, A general news & updates list, sent on a weekly basis, and a security alerts list that's sent when new security updates are available.

News and Updates | Security Alerts