@dusoft Logins/registration via social systems did not have the same vulnerability. This only affected registrations via in-built email/password register form, which can be used when the 'standard' primary authentication type is used, and when the registration option is enabled in the BookStack settings.
B
bookstack@fosstodon.org
@bookstack@fosstodon.org
Posts
-
BookStack Security Release v26.03.2 is now available. -
BookStack Security Release v26.03.2 is now available.BookStack Security Release v26.03.2 is now available.
Updating is VERY STRONGLY ADVISED where user registration is enabled
BookStack Security Release v26.03.2 · BookStack
BookStack v26.03.2 has been released. This is a security release to address a vulnerability where the registration form could be manipulated to gain access to additional roles.
BookStack (www.bookstackapp.com)
-
BookStack v25.12.9 has been released.BookStack v25.12.9 has been released.
This is a security release to address a vulnerability where style code in page content could be used to manipulate the page beyond the expected content area in some revision views, opening up risk of potential phishing and/or tracking by bad page editors.
We advise that you update your instance if you allow untrusted users to create or edit pages.
BookStack Security Release v25.12.9 · BookStack
BookStack v25.12.9 has been released. This is a security release to address a vulnerability where style code in page content could be used to manipulate the page beyond the expected content area in some revision views, opening up risk of potential phishing and/or tracking by bad page editors.
BookStack (www.bookstackapp.com)