BookStackApp/BookStack (BookStackApp/BookStack)
### [`v23.10.4`](https://togithub.com/BookStackApp/BookStack/releases/tag/v23.10.4): BookStack v23.10.4
[Compare Source](https://togithub.com/BookStackApp/BookStack/compare/v23.10.3...v23.10.4)
This was simply a follow-up of v23.10.3 to fix the app version number.
Please refer to the [v23.10.3 security release](https://togithub.com/BookStackApp/BookStack/releases/tag/v23.10.3) for details if updating from an earlier version.
### [`v23.10.3`](https://togithub.com/BookStackApp/BookStack/releases/tag/v23.10.3): BookStack v23.10.3
[Compare Source](https://togithub.com/BookStackApp/BookStack/compare/v23.10.2...v23.10.3)
##### Security Release
- [Update Instructions](https://www.bookstackapp.com/docs/admin/updates)
- [Update details on blog](https://www.bookstackapp.com/blog/bookstack-release-v23-10-3/)
This is a security release that addresses a vulnerability in image handling which could be exploited to perform server-side requests or read the contents of files on the server system.
Additionally, this update addresses a lack of permission check in some image creation actions.
Upgrade is strongly advised where untrusted users have permission to create/edit/update page content in your instance.
Thanks to [Carlos Bello](https://www.linkedin.com/in/carlos-andres-bello/) from the [Fluid Attacks](https://fluidattacks.com/) Research Team for discovering and reporting this vulnerability.
##### Full List of Changes
- Updated thumbnail handling to for use of content as image data. ([#4681](https://togithub.com/BookStackApp/BookStack/pull/4681))
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v23.10.2->v23.10.4Release Notes
BookStackApp/BookStack (BookStackApp/BookStack)
### [`v23.10.4`](https://togithub.com/BookStackApp/BookStack/releases/tag/v23.10.4): BookStack v23.10.4 [Compare Source](https://togithub.com/BookStackApp/BookStack/compare/v23.10.3...v23.10.4) This was simply a follow-up of v23.10.3 to fix the app version number. Please refer to the [v23.10.3 security release](https://togithub.com/BookStackApp/BookStack/releases/tag/v23.10.3) for details if updating from an earlier version. ### [`v23.10.3`](https://togithub.com/BookStackApp/BookStack/releases/tag/v23.10.3): BookStack v23.10.3 [Compare Source](https://togithub.com/BookStackApp/BookStack/compare/v23.10.2...v23.10.3) ##### Security Release - [Update Instructions](https://www.bookstackapp.com/docs/admin/updates) - [Update details on blog](https://www.bookstackapp.com/blog/bookstack-release-v23-10-3/) This is a security release that addresses a vulnerability in image handling which could be exploited to perform server-side requests or read the contents of files on the server system. Additionally, this update addresses a lack of permission check in some image creation actions. Upgrade is strongly advised where untrusted users have permission to create/edit/update page content in your instance. Thanks to [Carlos Bello](https://www.linkedin.com/in/carlos-andres-bello/) from the [Fluid Attacks](https://fluidattacks.com/) Research Team for discovering and reporting this vulnerability. ##### Full List of Changes - Updated thumbnail handling to for use of content as image data. ([#4681](https://togithub.com/BookStackApp/BookStack/pull/4681))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.