Log in
BookStack v25.11.1
Links
Full List of Changes
This release contains the following fixes and changes:
- Fixes database queries causing errors with versions of MySQL <= 5.7. (#5877)
Lees weergave
BookStack v25.11
Links
Full List of Changes
- Added API endpoints for comments. (#5850, #4194))
- Added API endpoints for reading image data. (#5860, #5519)
- Added Groovy code syntax highlighting support. (#5822)
- Added new flags to the create admin command. (#5749)
- Added option for display timezone, and improved UI use consistency. (#5790, #4786)
- Added proper pagination to search. (#5854)
- Updated API docs with better model ordering, and quick navigation select. (#5865)
- Updated codebase to meet PHPstan level 3. (#5785)
- Updated database comments table to remove redundant text column. (#4821)
- Updated database format for core item types. (#5800)
- Updated framework to Laravel 12, and perform some major dependency upgrades. (#5782)
- Updated page delete handling to nullify related images instead of leaving old IDs. (#5846)
- Updated permission handling in code to use enums instead of strings. (#5793)
- Updated translations with latest Crowdin changes. (#5843)
- Updated user delete handling to nullify, or better handle, ID references on delete. (#5844)
- Fixed old API-scripts link leading to archived repo. (#5813)
- Fixed search timeout when a high per-page frequency match was encountered. (#5863)
BookStack v25.07.3
BookStack v25.07.2
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated new WYSIWYG editor with various fixes focused on collapsible block behaviour & interaction. (#5775)
- Updated translations with latest Crowdin changes. (#5759)
- Updated versions of PHP dependencies.
- Updated code to address some remaining PHP 8.4 deprecations.
- Fixed diagrams in ZIP imports not being editable post-import. (#5761)
- Fixed books detaching from shelves on shelf update where users don't have permission to view child books. (#5728)
BookStack v25.07.1
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5740)
- Updated PHP package versions.
- Fixed open redirect with stricter location checking.
- Fixed users being logged out on ZIP import errors. (#5754)
- Fixed menu accessibility tagging. (#5753, #5752)
- Fixed scenarios where MAIL_PORT could interfere with tests. (#5755)
BookStack v25.07
Links
Full List of Changes
- Added plaintext markdown page editor input option. (#5725, #5705)
- Added ZIP Import/Export API endpoints. Thanks to @LM-Nishant. (#5721, #5592)
- Added tag-classes based upon parent book/chapter. (#5681, #5217)
- Updated comment and description inputs to use the new WYSIWYG editor. (#5676)
- Updated 3-column layout with better usability. (#5685)
- Updated changelog input to large area with character counter. Thanks to @shresthkapoor7. (#5663, #5434)
- Updated mail logic to remove use of our custom patched Symfony mailer. (#5636)
- Updated translations with latest Crowdin changes. (#5696)
- Updated many actions to better handle parallel permission generation. (#5689, #4838)
- Updated new WYSIWYG editor with improvements & fixes. (#5731)
- Updated PHP package versions.
BookStack v25.05.2
Links
Full List of Changes
This release contains the following fixes and changes:
- Added Nepali Language. (#5677)
- Updated translations with latest Crowdin changes. (#5695)
- Updated PHP package versions.
- Updated content diffs to better group non-ascii language characters into words.
- Fixed error when loading opensearch endpoint with certain PHP in some environments. (#5673)
- Fixed namespace for test case. Thanks to @bumperbox. (#5668)
BookStack v25.05.1
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated new WYSIWYG editor with a range of fixes: (#5653)
- Added toolbar for media elements for easier menu access.
- Updated media embed code field to show existing embed code for direct editing.
- Updated media resize handling to be more reliable and to retain focus after resize.
- Updated table resize handles to be more efficient, and prevented them wondering far away from tables so often.
- Fixed buggy media selection scenarios.
- Fixed media form "src" field not working when video is using source elements.
- Fixed table resize handles overlapping table captions.
- Fixed text formatting being inconsistent on new paragraphs.
- Fixed tiny image resize square on image insert.
- Fixed comment updates showing incorrect notification text. (#5642)
- Fixed search system ignoring words adjacent to non-breaking spaces. (#5640)
- Updated translations with latest Crowdin changes. (#5637)
BookStack v25.05
Links
Full List of Changes
- Added support for comments to reference page sections. (#5584, #1265)
- Added comment archive support. (#5584)
- Added AVIF image support. (#5625, #5474)
- Added new system info API endpoint. (#5607, #5603)
- Added user avatar image fetching for OIDC authentication. Thanks to @rubentalstra. (#5626, #5429, #4271)
- Updated new WYSIWYG editor with further fixes. (#5627)
- Updated page-edit redirect to page-view if permission failed on edit. (#5568)
- Updated translations with latest Crowdin changes. (#5622)
- Update codebase and packages to address php 8.4 depreactions. (#5358)
BookStack v25.02.5
Links
Full List of Changes
This release contains the following fixes and changes:
- Fixed incorrect image directory permissions. (#5609, #5605)
- Updated translations with latest Crowdin changes. (#5608)
- Updated PHP packages.
- Updated system CLI:
- Fixed handling of database credentials with escaped special characters.
- Updated download-vendor command with extra clean-up handling.
BookStack v25.02.4
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated PHP dependency package versions to fix compatibility issue on systems with recent libxml versions (eg. Arch Linux).
BookStack v25.02.3
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated image file permission error handling for images to log instead of fail. (#5601, #5269)
- Fixed style issues in exports due to CSS variables being ignored. (#5576)
- Updated translations with latest Crowdin changes. (#5566)
- Updated PHP dependency package versions.
BookStack v25.02.2
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated name sort rule handling to consider accented characters. Thanks to @bernardo-campos. (#5550, #5542)
- Updated translations with latest Crowdin changes. (#5537)
- Updated PHP dependency package versions.
- Fixed a range of issues for the new WYSIWYG editor: (#5558)
- Fixed content saving issues, specifically on save shortcut usage.
- Fixed list conversion & parsing which was mishandling tasks lists.
- Fixed a range of list selection and nesting scenarios.
- Updated keyboard navigation to be more reliable around images & media embeds.
- Fixed comment times not being shown. (#5555)
BookStack v25.02.1
Links
Full List of Changes
This release contains the following fixes and changes:
- Added ipv6 database host address support. (#5464)
- Updated translations with latest Crowdin changes. (#5505)
- Updated revisions list to hide changes link for oldest revision. (#5454)
- Updated system CLI:
- Added new
download-vendorcommand. - Updated restore command to take environment variables into account. (#5489)
- Updated backup command to use mariadb-dump where available. (#5373)
- Updated update command to check, warn and exit early if the CLI is making changes to itself. (#5335)
- Updated MySQL handling to use option files to pass details to CLI executions.
- Updated MySQL handling to consider common xampp directory.
- Added new
- Updated PHP dependencies.
BookStack v25.02
Links
Upgrade Notices
- PHP Version Requirement Change - The minimum supported PHP version has changed from PHP 8.1 to PHP 8.2 in this release. Please see our "Updating PHP & Composer" documentation page for guidance on updating PHP where needed.
- Sorting - Basic sort order changes for chapters and pages will no longer affect the "updated" time for these items. Wider changes during sorting (moving to a new parent) will still increment the "updated" time.
- Theme System - A
public/folder within an active theme folder will now be exposed for public access. If for some reason you already have such a folder that you don't want exposed, rename it before upgrading.
Full List of Changes
- Added sort rules with automatic book sorting. (#5457, #2065)
- Added method to serve public files via the theme system. (#5405, #3904)
- Updated app framework to Laravel 11. (#5400)
- Updated codebase minimum PHP version from 8.1 to 8.2. (#5397)
- Updated codebase to address various PHP 8.4 deprecations. (#5491)
- Updated new WYSIWYG editor with a range of fixes. (#5415)
- Updated search indexing to handle guillemets. Thanks to @inv-hareesh. (#5475, #5471)
- Updated search indexing with advanced tokenization along with hyphen handling. (#5488, #2095)
- Updated sort handling to not increment the updated date for sorted content. (#1777)
- Updated translations with latest Crowdin changes. (#5409, #5399)
- Fixed incorrect image orientation handling. (#5462)
- Fixed layout issues at specific breakpoints. (#5396)
- Fixed LDAP error thrown when server does not provide a cn value. (#5443)
- Fixed wrong condition for showing new books list. Thanks to @Silverlan. (#5470)
BookStack v24.12.1
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated export logic to have better temp file clean-up. (#5374, #5379)
- Updated in-app export endpoints to have rate limits. (#5379)
- Updated translations with latest Crowdin changes. (#5370)
- Updated PHP dependency package versions.
- Fixed markdown editor focus jumping on image insert. (#5384)
BookStack v24.12
Links
Full List of Changes
- Added new portable ZIP import/export format. (#5260, #43)
- Added support for concatenating multiple LDAP attributes in displayName. Thanks to @MatthieuLeboeuf. (#5295, #1684)
- Added book and chapter titles to search API results. Thanks to @rashadkhan359. (#5280, #5140)
- Added cover image details to book/shelf API list responses. (#5180)
- Updated dev dockerfile setup to simplify things. Thanks to @johnroyer. (#5293)
- Updated guest account form to hide language preference to prevent confusion. (#5356)
- Updated new WYSIWYG editor codebase to merge nodes & re-organise code. (#5349)
- Updated notification handling to not block user with errors on send failures. (#5315)
- Updated our JavaScript service files to TypeScript. (#5259)
- Updated project NPM package & SASS deprecations/changes. (#5354)
- Updated the new WYSIWYG editor with a range of fixes/updates. (#5365)
- Updated translations with latest Crowdin changes. (#5345)
- Fixed API attachment update issue when name not provided. (#5353)
- Fixed attachment actions showing when lacking permissions. (#5323)
- Fixed missing book description and formatting in markdown exports. Thanks to @czemu. (#5313)
- Fixed page indexing breaking with very large pages. (#5322)
BookStack v24.10.3
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated PHP dependency package versions.
- Updated translations with latest Crowdin changes. (#5331)
- Fixed attachment stream handling for better Chrome video support. (#5342, #5088)
- Fixed page include issue caused by PHP 8.3.14 bug. (#5341)
- Fixed OIDC userinfo handling when response included charset content type. Thanks to @wesbiggs. (#5337)
- Fixed differing code line height between dark/light modes. (#5146)
BookStack v24.10.2
Security Release
BookStack v24.10.2 has been released.
This is a security release to address a vulnerability in our dependencies where specifically formatted requests could be used to manipulate application configuration in environments where a certain PHP option (register_argc_argv) is enabled. This is not an option that's typically enabled in production web-serving environments, but it's advised to update where uncertain.
Full List of Changes
- Updated application PHP dependencies.
- Updated translations with latest Crowdin changes. (#5317)
BookStack v24.10.1
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated System CLI with fixes and updated dependencies. (#5312)
- Fixed update-url command not updating revisions & drafts. (#5292)
- Fixed the namespaces of some tests. Thanks to @LordSimal. (#5291, #5071)
- Fixed misaligned user input validation. (#5263)
- Updated setting categories to validate by for existing views, allowing custom categories to be used via the theme system. Thanks to @LachTrip. (#5255, #5251)
- Updated translations with latest Crowdin changes. (#5250)
BookStack v24.10
Links
Full List of Changes
- Added ability to configure the PDF export command timeout. (#5119)
- Added new Lexical based editor. (#5058)
- Added not operator to search. (#4536)
- Added OpenSearch support. Thanks to @maximilian-walter. (#5198)
- Added SAS and R code language support. (#5206)
- Added search term negation support. (#5239)
- Added Welsh language to language list. (#5240)
- Updated dompdf and bacon-qr-code libraries to new major versions. (#5222)
- Updated page editor type to always exist in API and database. (#5117)
- Updated translations with latest Crowdin changes. (#5188)
- Updated user account creation to provide better email failure feedback. (#5195)
- Fixed drifting search icon on smaller screen sizes. (#5204)
BookStack v24.05.4
Security Release
BookStack v24.05.4 has been released.
This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.
Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).
Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.
Full List of Changes
- Updated API docs with consistent parameter types. (#5183)
- Updated default content iframe embed max-width to align with other content types. (#5130)
- Updated LDAP group sync to query via full DN.
- Updated translations with latest Crowdin changes. (#5118)
- Fixed books read API response not applying visibility control to chapter contents.
- Fixed API docs users response showing extra property. (#5178)
- Fixed database error thrown when using out dev docker setup. (#5124)
- Fixed RTL display issues with tasklist checkboxes. (#5134)
BookStack v24.05.3
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#5065)
- Updated callouts with LTR text handling where supported. (#5104)
- Updated project PHP and JavaScript dependencies.
- Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
- Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
- Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
- Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
- Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)
BookStack v24.05.2
Links
Full List of Changes
This release contains the following fixes and changes:
- Fixed initial page publish changelog message not being saved if set. (#5056)
- Fixed incorrect WYSIWYG code shortcut reference. Thanks to @bradenterpstra01. (#5036)
- Added role create/update validation to warn about too-long external auth ID values. (#5037)
- Updated GIF thumbnail generation to no support animation, to avoid issues with large-frame-count GIFs. (#5029)
- Updated translations with latest Crowdin changes. (#5022)
- Updated backup code description text to clarify their use. (#5017)
- Updated docker-compose.yml to remove deprecated version. Thanks to @michaelortnerit. (#5052)
BookStack v24.05.1
Security Release
BookStack v24.05.1 has been released.
This is a security release that adds extra rate-limiting to some forms that are accessible without authentication, while also implementing changes to prevent methods that could be used to indicate if specific user emails exist in the system.
Upgrade is advised for instances accessible on the public web.
Full List of Changes
- Updated PHP dependencies.
- Updated routes with IP-based rate limiting. (#4993)
- Updated email confirmation flow to not require email submission form.
- Updated translations with latest Crowdin changes. (#4994)
- Updated WYSIWYG alignment handling to also consider table
alignattributes. (#5011) - Fixed attachment upload validation errors appearing as JSON. (#4996)
- Fixed incorrect notification preferences URL in email. Thanks to @KiDxS. (#5008, #5005)
- Fixed non-visible MFA setup titles in dark mode. (#5018)
- Fixed outdated path in visual theme system guidance. (#4998)
- Fixed potential cache permission issues by reverting cache location. (#4999)
BookStack v24.05
Links
Upgrade Notices
- PHP Version Requirement Change - The minimum supported PHP version has changed from PHP 8.0.2 to PHP 8.1 in this release. Please see our "Updating PHP & Composer" documentation page for guidance on updating PHP.
- Composer Version Requirement Change - The minimum supported composer version has changed from v2.0 to v2.2 in this release. Please see our "Updating PHP & Composer" documentation page for guidance on updating Composer.
- Page Content - Text links in page content will now be underlined by default for accessibility. Refer to the release blogpost for an simple customization to override & revert this if desired.
- PDF Exports - The
WKHTMLTOPDFoption is now considered deprecated, with the alternative being the newly addedEXPORT_PDF_COMMANDwhich is detailed in our documentation here. TheWKHTMLTOPDFoption will though remain supported for a number of feature releases though to avoid unexpected breaking changes. - OIDC Authentication - The OIDC "userinfo" endpoint may now be called in very rare scenarios where not all expected claims were being properly provided in the user ID Token, which could alter the details used for new users on access, and the groups obtained for user group/role sync, but only in edge case scenarios where functionality was not matching configuration before the update.
- LDAP Authentication - The
LDAP_USER_FILTERBookStack option now uses{user}as a placeholder instead of${user}by default. The older${user}placeholder format is still supported but you may want to use the new format instead. This should not cause any issues on existing instances, unless{user}was used as a literal part of your user filter which would be very unlikely.
Full List of Changes
- Added new command-based PDF export option. (#4969, #4732)
- Added Audit Log API list endpoint. (#4987, #4316)
- Added LDAP option to provide a custom CA cert. Thanks to @mmoore2012. (#4985, #4913)
- Added OIDC userinfo endpoint support. Thanks to @LukeShu. (#4955, #4726, #3873)
- Added simple registration form honeypot. Thanks to @nesges. (#4970)
- Added Scala to list of supported languages in code blocks. (#4953)
- Added licenses page supported by licenses list building process. (#4907)
- Updated app framework from Laravel 9 to 10. (#4903)
- Updated content links to be underlined by default for accessibility. (#4939)
- Updated dev Dockerfile with improvements. Thanks to @C0rn3j. (#4895)
- Updated included images with extra compression to save data. Thanks to @C0rn3j. (#4904)
- Updated JS build system to split markdown-focused packages to own file. (#4930, #4858)
- Updated LDAP user filter option to support new placeholder format. (#4967)
- Updated minimum required PHP version from 8.0 to 8.1. (#4894, #4893)
- Updated translations with latest Crowdin changes. (#4890)
- Fixed code direction in WYSWIYG editor lacking direction support in code editor. (#4943)
- Fixed difference of line-heights for paragraphs in tables between editor and page view. (#4960)
- Fixed extra space at the beginning of a translation. Thanks to @johnroyer. (#4972)
- Fixed failing drag and drop of attachments into editor on Chrome. (#4975)
- Fixed incorrect tag counts when tagged items are in the recycle bin. (#4892)
- Fixed WYSIWYG object embeds in the editor showing image toolbar button. (#4974)
- Fixed WYSIWYG table cell format handling which could clear styles unexpectedly. (#4964)
BookStack v24.02.3
Links
Full List of Changes
This release contains the following fixes and changes:
- Fixed non-working "Open Link In..." option for description editors. (#4925)
- Fixed failed reference loading when references are from recycle bin items. (#4918)
- Fixed failed code block rendering when a code language was not set. (#4917)
- Updated page editor max content widths to align with page display. (#4916)
BookStack v24.02.2
Links
Full List of Changes
This release contains the following fixes and changes:
- New version to address missed version and asset changes in v24.02.1. (#4889)
BookStack v24.02.1
Links
Full List of Changes
This release contains the following fixes and changes:
- Updated translations with latest Crowdin changes. (#4877)
- Updated breadcrumb book & shelf lists to be name-ordered. (#4876)
- Updated MFA inputs to avoid auto-complete. Thanks to @ImMattic. (#4849)
- Fixed non-breaking spaces causing combined words in page navigation. (#4836)
- Fixed page navigation click not jumping to headers in nested collapsible blocks. (#4878)
BookStack v24.02
Links
Upgrade Notices
- Security - The v23.12 branch of BookStack recently had a security release, which you can find details of in our v23.12.3 blogpost.
- Comments - The ability to use markdown content in comments has been removed in this release, replaced by a WYSIWYG editor. Markdown in comments was a fairly hidden feature though so was not commonly utilised. Existing markdown comments will remain although formatting may be lost if old markdown comments are edited.
- Commands - The "Regenerate Comment Content" command has been removed in this release since this action is now redundant.
- OIDC Authentication - Proof Key for Code Exchange (PKCE) support has been added to BookStack OIDC authentication. This should not affect existing OIDC use but you may want to enforce PKCE to be required for BookStack on your authentication system, if supported, for extra security.
Full List of Changes
- Added simple WYSIWYG comment editor inputs. (#4815, #3018)
- Added default page templates for chapters. Thanks to @Man-in-Black. (#4750, #4764)
- Added PKCE support for OIDC. (#4804, #4734)
- Added "Clear table formatting" & "Resize to contents" WYSIWYG table options. (#4845)
- Added "Toggle header row" button to table toolbar in WYSWIYG editor. (#985)
- Added attachment serving range request support. (#4758, #3274)
- Added new
AUTH_PRE_REGISTERlogical theme event. (#4833) - Updated app entity loading to be more efficient and avoid global addSelects. (#4827, #4823)
- Updated book/shelf cover image wording to make sizing in usage clearer. (#4748)
- Updated PWA manifest to allow landscape use. Thanks to @shashinma. (#4828)
- Updated redirect handling to reduce chance of redirecting to images. (#4863)
- Updated some EN text for consistency/readability. (#4794)
- Updated WYSIWYG editor with improved cell selection formatting clearing. (#4850)
- Updated WYSIWYG text direction & alignment controls to work more reliably on complex structures. (#4843)
- Fixed breadcrumb dropdowns being partially out of view on mobile screen sizes. (#4824)
- Fixed description WYSIWYG not respecting RTL text. (#4810)
- Fixed header bar collapse on smaller screen sizes when no name or logo is used. (#4841)
- Fixed incorrect pagination display in RTL layout. (#4808)
- Fixed JavaScript error logged on WYSIWYG editor load due to how custom styles were imported. (#4814)
- Fixed scrollbars showing on WYSIWYG table cell range selection in some browsers. (#4844)
- Fixed WYSIWYG code block text direction controls not being respected. (#4809)
