Skip to content

BookStack Beta v0.18.5
Compare
Choose a tag to compare
@ssddanbrown ssddanbrown released this 11 Nov 18:42
· 4114 commits to development since this release
v0.18.5
This tag was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Learn about vigilant mode.
757cddd
This commit was signed with the committer’s verified signature.
ssddanbrown Dan Brown
GPG key ID: 46D9F943C24A2EF9
Learn about vigilant mode.

This release fixes the following security issue:

  • Fixed issue where email confirmation was not forced when domain restriction was enabled. (#573)

This issue meant that if you have domain restriction enabled on sign-up, and you did not enable email confirmation, a user could sign up via email (Using an approved email domain) but then login right away without confirming they own the email.

It is suggested that if you had email confirmation disabled but domain restriction enabled you check all user accounts to ensure they are legitimate. This change may also mean that, after updating, some users will need to confirm their email address to access the BookStack instance.

This release also contains the following fixes and changes:

  • Prevented duplicate hypens in generated slugs. (#589)
  • Fixed url slugs when multi-byte characters are included. Thanks to @wowkaster. (#582)
  • Allow custom session lifetime expiry. (#570)
  • Fixed tag suggestions not functioning when BookStack is on a URI sub-path. Thanks to @10bass. (#563)
  • Updated pt_BR translations. Thanks to @lbguilherme. (#558)
Assets 2
Loading