Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#5065)
• Updated callouts with LTR text handling where supported. (#5104)
• Updated project PHP and JavaScript dependencies.
• Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
• Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
• Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
• Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
• Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed initial page publish changelog message not being saved if set. (#5056)
• Fixed incorrect WYSIWYG code shortcut reference. Thanks to @bradenterpstra01. (#5036)
• Added role create/update validation to warn about too-long external auth ID values. (#5037)
• Updated GIF thumbnail generation to no support animation, to avoid issues with large-frame-count GIFs. (#5029)
• Updated translations with latest Crowdin changes. (#5022)
• Updated backup code description text to clarify their use. (#5017)
• Updated docker-compose.yml to remove deprecated version. Thanks to @michaelortnerit. (#5052)

Security Release

• Update Instructions
• Update details on blog

BookStack v24.05.1 has been released.
This is a security release that adds extra rate-limiting to some forms that are accessible without authentication, while also implementing changes to prevent methods that could be used to indicate if specific user emails exist in the system.

Upgrade is advised for instances accessible on the public web.

Full List of Changes

• Updated PHP dependencies.
• Updated routes with IP-based rate limiting. (#4993)
• Updated email confirmation flow to not require email submission form.
• Updated translations with latest Crowdin changes. (#4994)
• Updated WYSIWYG alignment handling to also consider table align attributes. (#5011)
• Fixed attachment upload validation errors appearing as JSON. (#4996)
• Fixed incorrect notification preferences URL in email. Thanks to @KiDxS. (#5008, #5005)
• Fixed non-visible MFA setup titles in dark mode. (#5018)
• Fixed outdated path in visual theme system guidance. (#4998)
• Fixed potential cache permission issues by reverting cache location. (#4999)

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• PHP Version Requirement Change - The minimum supported PHP version has changed from PHP 8.0.2 to PHP 8.1 in this release. Please see our "Updating PHP & Composer" documentation page for guidance on updating PHP.
• Composer Version Requirement Change - The minimum supported composer version has changed from v2.0 to v2.2 in this release. Please see our "Updating PHP & Composer" documentation page for guidance on updating Composer.
• Page Content - Text links in page content will now be underlined by default for accessibility. Refer to the release blogpost for an simple customization to override & revert this if desired.
• PDF Exports - The WKHTMLTOPDF option is now considered deprecated, with the alternative being the newly added EXPORT_PDF_COMMAND which is detailed in our documentation here. The WKHTMLTOPDF option will though remain supported for a number of feature releases though to avoid unexpected breaking changes.
• OIDC Authentication - The OIDC "userinfo" endpoint may now be called in very rare scenarios where not all expected claims were being properly provided in the user ID Token, which could alter the details used for new users on access, and the groups obtained for user group/role sync, but only in edge case scenarios where functionality was not matching configuration before the update.
• LDAP Authentication - The LDAP_USER_FILTER BookStack option now uses {user} as a placeholder instead of ${user} by default. The older ${user} placeholder format is still supported but you may want to use the new format instead. This should not cause any issues on existing instances, unless {user} was used as a literal part of your user filter which would be very unlikely.

Full List of Changes

• Added new command-based PDF export option. (#4969, #4732)
• Added Audit Log API list endpoint. (#4987, #4316)
• Added LDAP option to provide a custom CA cert. Thanks to @mmoore2012. (#4985, #4913)
• Added OIDC userinfo endpoint support. Thanks to @LukeShu. (#4955, #4726, #3873)
• Added simple registration form honeypot. Thanks to @nesges. (#4970)
• Added Scala to list of supported languages in code blocks. (#4953)
• Added licenses page supported by licenses list building process. (#4907)
• Updated app framework from Laravel 9 to 10. (#4903)
• Updated content links to be underlined by default for accessibility. (#4939)
• Updated dev Dockerfile with improvements. Thanks to @C0rn3j. (#4895)
• Updated included images with extra compression to save data. Thanks to @C0rn3j. (#4904)
• Updated JS build system to split markdown-focused packages to own file. (#4930, #4858)
• Updated LDAP user filter option to support new placeholder format. (#4967)
• Updated minimum required PHP version from 8.0 to 8.1. (#4894, #4893)
• Updated translations with latest Crowdin changes. (#4890)
• Fixed code direction in WYSWIYG editor lacking direction support in code editor. (#4943)
• Fixed difference of line-heights for paragraphs in tables between editor and page view. (#4960)
• Fixed extra space at the beginning of a translation. Thanks to @johnroyer. (#4972)
• Fixed failing drag and drop of attachments into editor on Chrome. (#4975)
• Fixed incorrect tag counts when tagged items are in the recycle bin. (#4892)
• Fixed WYSIWYG object embeds in the editor showing image toolbar button. (#4974)
• Fixed WYSIWYG table cell format handling which could clear styles unexpectedly. (#4964)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed non-working "Open Link In..." option for description editors. (#4925)
• Fixed failed reference loading when references are from recycle bin items. (#4918)
• Fixed failed code block rendering when a code language was not set. (#4917)
• Updated page editor max content widths to align with page display. (#4916)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• New version to address missed version and asset changes in v24.02.1. (#4889)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#4877)
• Updated breadcrumb book & shelf lists to be name-ordered. (#4876)
• Updated MFA inputs to avoid auto-complete. Thanks to @ImMattic. (#4849)
• Fixed non-breaking spaces causing combined words in page navigation. (#4836)
• Fixed page navigation click not jumping to headers in nested collapsible blocks. (#4878)

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Security - The v23.12 branch of BookStack recently had a security release, which you can find details of in our v23.12.3 blogpost.
• Comments - The ability to use markdown content in comments has been removed in this release, replaced by a WYSIWYG editor. Markdown in comments was a fairly hidden feature though so was not commonly utilised. Existing markdown comments will remain although formatting may be lost if old markdown comments are edited.
• Commands - The "Regenerate Comment Content" command has been removed in this release since this action is now redundant.
• OIDC Authentication - Proof Key for Code Exchange (PKCE) support has been added to BookStack OIDC authentication. This should not affect existing OIDC use but you may want to enforce PKCE to be required for BookStack on your authentication system, if supported, for extra security.

Full List of Changes

• Added simple WYSIWYG comment editor inputs. (#4815, #3018)
• Added default page templates for chapters. Thanks to @Man-in-Black. (#4750, #4764)
• Added PKCE support for OIDC. (#4804, #4734)
• Added "Clear table formatting" & "Resize to contents" WYSIWYG table options. (#4845)
• Added "Toggle header row" button to table toolbar in WYSWIYG editor. (#985)
• Added attachment serving range request support. (#4758, #3274)
• Added new AUTH_PRE_REGISTER logical theme event. (#4833)
• Updated app entity loading to be more efficient and avoid global addSelects. (#4827, #4823)
• Updated book/shelf cover image wording to make sizing in usage clearer. (#4748)
• Updated PWA manifest to allow landscape use. Thanks to @shashinma. (#4828)
• Updated redirect handling to reduce chance of redirecting to images. (#4863)
• Updated some EN text for consistency/readability. (#4794)
• Updated WYSIWYG editor with improved cell selection formatting clearing. (#4850)
• Updated WYSIWYG text direction & alignment controls to work more reliably on complex structures. (#4843)
• Fixed breadcrumb dropdowns being partially out of view on mobile screen sizes. (#4824)
• Fixed description WYSIWYG not respecting RTL text. (#4810)
• Fixed header bar collapse on smaller screen sizes when no name or logo is used. (#4841)
• Fixed incorrect pagination display in RTL layout. (#4808)
• Fixed JavaScript error logged on WYSIWYG editor load due to how custom styles were imported. (#4814)
• Fixed scrollbars showing on WYSIWYG table cell range selection in some browsers. (#4844)
• Fixed WYSIWYG code block text direction controls not being respected. (#4809)

Security Release

• Update Instructions
• Update details on blog

BookStack v23.12.3 has been released.
This is a security release that addresses a vulnerability in PDF generation that could be exploited to perform blind server-side-request forgery.

Upgrade is advised where untrusted users have permission to create/edit/update page content in your instance.

Full List of Changes

• Updated PHP dependencies, primarily to update php-svg-lib package.

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed attachment list ctrl-click not opening attachments inline. (#4782)
• Updated translations with latest Crowdin changes. (#4779)
• Fixed entity selector popup pre-fill not searching term as expected. (#4778)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed chapter API missing expected "book_slug" field. (#4765)
• Updated translations with latest Crowdin changes. (#4747)

We are pleased to release version 3.7.0 of the VLC version for the Android platform.
It comes with a completely new equalizer and an improved settings backup. See our Android page.

This weekend, VideoLAN is present at FOSDEM in Bruxelles, Belgium with a booth at the K building on Level 1. Throw balls, win rare prices and see our latest work on VLC including our AI based live subtitles generator!

VideoLAN and the VLC team are publishing the 3.0.23 release of VLC today, which is the 24th update to VLC's 3.0 branch: it updates codecs, adds a dark mode option on Windows and Linux, support for Windows ARM64 and improves support for Windows XP SP3. This is the largest bug fix release ever with a large number of stability and security improvements to demuxers (reported by rub.de, oss-fuzz and others) and updates to most third party libraries. Additional details on the release page. The security impact of this release is detailed here.
The major maintenance effort of this release to strengthen VLC's overall stability as well as the compatibility with old releases of Windows and macOS was made possible by a generous sponsorship of the Sovereign Tech Fund by Germany's Federal Ministry for Digital Transformation and Government Modernisation.

Alongside the 3.0.23 release for desktop, VideoLAN and the VLC team are publishing a larger update for Apple's mobile platforms to include the latest improvements of VLC's 3.0 branch plus important bug fixes and amendments for the 26 versions of the OS. Previously, we added pCloud as a European choice for cloud storage allowing direct streaming and downloads within the app.

We are pleased to release versions 1.6 of biTStream, 3.5 of DVBlast and 2.4 of multicat.
DVBlast and multicat had major improvements and new features.

New releases of libdvdread, libdvdnav and libdvdcss have been published today.
The biggest features of those releases (libdvdread/nav 7 and libdvdcss 1.5) are related to DVD-Audio support, including DRM decryption.

We are pleased to release version 3.6.0 of the VLC version for the Android platform.
It comes with the new Remote Access feature, a parental control and a lot of fixes. See our Android page.

VideoLAN and the VLC team are publishing the 3.0.21 release of VLC today, which is the 22nd update to VLC's 3.0 branch: it updates codecs, adds Super Resolution and VQ Enhancement filtering with AMD GPUs, NVIDIA TrueHDR to generate a HDR representation from SDR sources with NVIDIA GPUs and improves playback of numerous formats including improved subtitles rendering notably on macOS with Asian languages. Additional details on the release page. This release also fixes a security issue, which is detailed here.

We are happy to announce a major update of VLC for iOS, iPadOS and tvOS adding playback history, A to B playback, Siri integration, support for external subtitles and audio tracks, a way to favorite folders on local network servers, improved CarPlay integration and many small improvements.

Today, VideoLAN is publishing the 3.0.20 release of VLC, which is a medium update to VLC's 3.0 branch: it updates codecs, fixes a FLAC quality issue and improves playback of numerous formats including improved subtitles rendering. It also fixes a freeze when using frame-by-frame actions. On macOS, audio layout problems are resolved. Finally, we update the user interface translations and add support for more. Additional details on the release page. This release also fixes two security issues, which are detailed here and there.

We are happy to announce a major update of VLC for iOS, iPadOS and tvOS adding a new audio playback interface, CarPlay integration, various improvements to the local media library and iterations to existing features such as WiFi Sharing. Notably, we also added maintenance improvements to the port to tvOS including support for the Apple Remote's single click mode. See the press release for details.

Today, VideoLAN is publishing the 3.0.18 release of VLC, which adds support for a few formats, improves adaptive streaming support, fixes some crashes and updates many third party libraries. More details on the release page. This release also fixes multiple security issues, which are detailed here.

VideoLAN is a de-facto pacifist organization and cares about cross-countries cooperations, and believes in the power of knowledge and sharing. War goes against those ideals. As a response Russia's invasion of Ukraine, we decided to financially support the United Nations High Commissioner for Refugees and their work on aiding and protecting forcibly displaced people and communities, in the places where they are necessary. See our press statement.

VideoLAN is proud to release the new major version of VLC for Android. It comes with new widgets, network media indexation, a better tablet and foldable support, design improvements in the audio screen, improved accessibility and performance improvements.

Today, VideoLAN is publishing the 3.0.17 release of VLC, which adds support for a few formats, improves adaptive streaming support, fixes some crashes and updates many third party libraries. More details on the release page.

+ Windows GUI: Dark/Light theme preference is saved
+ Windows GUI: Fix opening subdirectories
+ Windows GUI: Add translations for Windows GUI theme menu
+ Windows GUI: Dark mode for HTML view
+ Windows GUI: Add 608/708 captions detection options
+ Cocoa GUI: Associate with image files
+ Qt build: various fixes about the GUI
+ I1881, MXF & MOV: customizable seek pos and duration of caption probe
+ I1882, CEA-608/708: option for forcing all CC1-CC4/T1 if stream is detected
+ JPEG 2000: support of HTJ2K profile
+ JPEG 2000: readout of jp2h colr atom, more file extensions, better support of broken files
+ DAT: Support of raw Digital Audio Tape
+ Enable Control Flow Guard (CFG) and Control-flow Enforcement Technology (CET)
+ Conformance checker: an element is indicated bigger than its upper element
+ Conformance checker: option for max count of items per check
x Windows GUI: Fix unwanted deactivation of the ffmpeg plugin
x I2086, MXF: StreamOrder for tracks in ANC
x I2076, Dolby E: StreamOrder includes all underlying streams
x I2087, MPEG-TS: general duration includes before and after PCR offsets
x WavPack: various fixes for multichannel & DSD files
x Supported platforms: this is the last version compatible with RHEL/CentOS 7, SLE 12, Debian 10, Mageia 8

+ Italian translation updated
+ Windows GUI: Dark theme
+ Windows GUI: Support of high DPI
+ Windows GUI: Sheet view is resizable
+ Windows GUI: Allow selecting multiple files in open file dialog
+ Windows GUI: Use system dialog for opening folders
+ I2029, MXF: decode of VBI (Line 21 & VITC)
+ I2058, VorbisCom: show MusicBrainz IDs in XML or full text output
+ I1881, MXF & MOV: customizable seek pos and duration of caption probe
+ I2005, WavPack: support of non-standard sampling rate
+ I2021, MP4: support of Qt style AudioSampleEntry in ISO MP4
+ Conformance checker: report of malformed frames for AVC & HEVC & AAC
+ Conformance checker: an element is indicated bigger than its upper element
+ Conformance checker: Add more stream synchronization related checks
+ Conformance checker: Check coherency of MXF elements having vectors
+ Conformance checker: check of MPEG Audio sync loss in raw MP3 & truncated file
+ Conformance checker: FFV1 checks also when in AVI and MOV/MP4
+ Conformance checker: check if a TIFF file is complete
+ Conformance checker: span of frames & frame/timestamp/byte offset
x Windows GUI: Fix position of open folder dialog
x Windows GUI: Fix text view strings after e.g. XML view
x Linux GUI: Use transparent icons
x Avoid infinite loop with distant files
x MXF: Support of SMPTE ST 422-2019 I2
x I2055, Dolby Vision: fix crash with some files
x I2054, ID3v2: fix crash with some malformed files
x FFV1: fix conformance checker crash with Golomb Rice parsing
x AC-3: fix crash with some TrueHD files
x I2005, WavPack: handle of small files
x BMP: fix bitdepth info

+ ADM: more AdvSS Emission profile checks
+ AC-3 & Dolby E: more AC-3 metadata readouts
+ AV1: support of chroma_sample_position
+ I1999, WAV: support of BS.2088 BW64 chunkId
+ I2008, Wavpack: support of DSD
+ I1882, CEA-608/708: options for ignoring command only streams
+ I1990, FLV: support of enhanced RTMP
x WAV: fix support of 4+ GB ADM
x I2005, WavPack: fix duration with small files
x I2009, IVF: fix division by zero with buggy files