BookStack Security Release v26.03.2 is now available.
-
BookStack Security Release v26.03.2 is now available.
Updating is VERY STRONGLY ADVISED where user registration is enabled
BookStack Security Release v26.03.2 · BookStack
BookStack v26.03.2 has been released. This is a security release to address a vulnerability where the registration form could be manipulated to gain access to additional roles.
BookStack (www.bookstackapp.com)
-
BookStack Security Release v26.03.2 is now available.
Updating is VERY STRONGLY ADVISED where user registration is enabled
BookStack Security Release v26.03.2 · BookStack
BookStack v26.03.2 has been released. This is a security release to address a vulnerability where the registration form could be manipulated to gain access to additional roles.
BookStack (www.bookstackapp.com)
@bookstack Also for automatic social logins?
-
@bookstack Also for automatic social logins?
@dusoft Logins/registration via social systems did not have the same vulnerability. This only affected registrations via in-built email/password register form, which can be used when the 'standard' primary authentication type is used, and when the registration option is enabled in the BookStack settings.
-
R relay@relay.infosec.exchange shared this topic
