A platform to create documentation/wiki content built with PHP & Laravel

Overview

BookStack

GitHub release license Crowdin Discord Repo Stats Build Status StyleCI

A platform for storing and organising information and documentation. Details for BookStack can be found on the official website at https://www.bookstackapp.com/.

📚 Project Definition

BookStack is an opinionated wiki system that provides a pleasant and simple out-of-the-box experience. New users to an instance should find the experience intuitive and only basic word-processing skills should be required to get involved in creating content on BookStack. The platform should provide advanced power features to those that desire it but they should not interfere with the core simple user experience.

BookStack is not designed as an extensible platform to be used for purposes that differ to the statement above.

In regard to development philosophy, BookStack has a relaxed, open & positive approach. At the end of the day this is free software developed and maintained by people donating their own free time.

🛣️ Road Map

Below is a high-level road map view for BookStack to provide a sense of direction of where the project is going. This can change at any point and does not reflect many features and improvements that will also be included as part of the journey along this road map. For more granular detail of what will be included in upcoming releases you can review the project milestones as defined in the "Release Process" section below.

  • Platform REST API (Base Implemented, In review and roll-out)
    • A REST API covering, at minimum, control of core content models (Books, Chapters, Pages) for automation and platform extension.
  • Editor Alignment & Review
    • Review the page editors with goal of achieving increased interoperability & feature parity while also considering collaborative editing potential.
  • Permission System Review
    • Improvement in how permissions are applied and a review of the efficiency of the permission & roles system.
  • Installation & Deployment Process Revamp
    • Creation of a streamlined & secure process for users to deploy & update BookStack with reduced development requirements (No git or composer requirement).

🚀 Release Versioning & Process

BookStack releases are each assigned a date-based version number in the format v . [. ] . For example:

  • v20.12 - New feature released launched during December 2020.
  • v21.06.2 - Second patch release upon the June 2021 feature release.

Patch releases are generally fairly minor, primarily intended for fixes and therefore is fairly unlikely to cause breakages upon update. Feature releases are generally larger, bringing new features in addition to fixes and enhancements. These releases have a greater chance of introducing breaking changes upon update, so it's worth checking for any notes in the update guide.

Each BookStack release will have a milestone created with issues & pull requests assigned to it to define what will be in that release. Milestones are built up then worked through until complete at which point, after some testing and documentation updates, the release will be deployed.

Feature releases, and some patch releases, will be accompanied by a post on the BookStack blog which will provide additional detail on features, changes & updates otherwise the GitHub release page will show a list of changes. You can sign up to be alerted to new BookStack blogs posts (once per week maximum) at this link.

🛠️ Development & Testing

All development on BookStack is currently done on the master branch. When it's time for a release the master branch is merged into release with built & minified CSS & JS then tagged at its version. Here are the current development requirements:

This project uses SASS for CSS development and this is built, along with the JavaScript, using a range of npm scripts. The below npm commands can be used to install the dependencies & run the build tasks:

# Install NPM Dependencies
npm install

# Build assets for development
npm run build

# Build and minify assets for production
npm run production

# Build for dev (With sourcemaps) and watch for changes
npm run dev

BookStack has many integration tests that use Laravel's built-in testing capabilities which makes use of PHPUnit. There is a mysql_testing database defined within the app config which is what is used by PHPUnit. This database is set with the database name, user name and password all defined as bookstack-test. You will have to create that database and that set of credentials before testing.

The testing database will also need migrating and seeding beforehand. This can be done with the following commands:

php artisan migrate --database=mysql_testing
php artisan db:seed --class=DummyContentSeeder --database=mysql_testing

Once done you can run php vendor/bin/phpunit in the application root directory to run all tests.

📜 Code Standards

PHP code style is enforced automatically using StyleCI. If submitting a PR, any formatting changes to be made will be automatically fixed after merging.

🐋 Development using Docker

This repository ships with a Docker Compose configuration intended for development purposes. It'll build a PHP image with all needed extensions installed and start up a MySQL server and a Node image watching the UI assets.

To get started, make sure you meet the following requirements:

  • Docker and Docker Compose are installed
  • Your user is part of the docker group

If all the conditions are met, you can proceed with the following steps:

  1. Copy .env.example to .env, change APP_KEY to a random 32 char string and set APP_ENV to local.
  2. Make sure port 8080 is unused or else change DEV_PORT to a free port on your host.
  3. Run chgrp -R docker storage. The development container will chown the storage directory to the www-data user inside the container so BookStack can write to it. You need to change the group to your host's docker group here to not lose access to the storage directory.
  4. Run docker-compose up and wait until the image is built and all database migrations have been done.
  5. You can now login with [email protected] and password as password on localhost:8080 (or another port if specified).

If needed, You'll be able to run any artisan commands via docker-compose like so:

docker-compose run app php artisan list

The docker-compose setup runs an instance of MailHog and sets environment variables to redirect any BookStack-sent emails to MailHog. You can view this mail via the MailHog web interface on localhost:8025. You can change the port MailHog is accessible on by setting a DEV_MAIL_PORT environment variable.

Running tests

After starting the general development Docker, migrate & seed the testing database:

# This only needs to be done once
docker-compose run app php artisan migrate --database=mysql_testing
docker-compose run app php artisan db:seed --class=DummyContentSeeder --database=mysql_testing

Once the database has been migrated & seeded, you can run the tests like so:

docker-compose run app php vendor/bin/phpunit

🌎 Translations

Translations for text within BookStack is managed through the BookStack project on Crowdin. Some strings have colon-prefixed variables in such as :userName. Leave these values as they are as they will be replaced at run-time. Crowdin is the preferred way to provide translations, otherwise the raw translations files can be found within the resources/lang path.

If you'd like a new language to be added to Crowdin, for you to be able to provide translations for, please open a new issue here.

Please note, translations in BookStack are provided to the "Crowdin Global Translation Memory" which helps BookStack and other projects with finding translations. If you are not happy with contributing to this then providing translations to BookStack, even manually via GitHub, is not advised.

🎁 Contributing, Issues & Pull Requests

Feel free to create issues to request new features or to report bugs & problems. Just please follow the template given when creating the issue.

Pull requests are welcome. Unless a small tweak or language update, It may be best to open the pull request early or create an issue for your intended change to discuss how it will fit in to the project and plan out the merge. Just because a feature request exists, or is tagged, does not mean that feature would be accepted into the core project.

Pull requests should be created from the master branch since they will be merged back into master once done. Please do not build from or request a merge into the release branch as this is only for publishing releases. If you are looking to alter CSS or JavaScript content please edit the source files found in resources/. Any CSS or JS files within public are built from these source files and therefore should not be edited directly.

The project's code of conduct can be found here.

🔒 Security

Security information for administering a BookStack instance can be found on the documentation site here.

If you'd like to be notified of new potential security concerns you can sign-up to the BookStack security mailing list.

If you would like to report a security concern in a more confidential manner than via a GitHub issue, You can directly email the lead maintainer ssddanbrown. You will need to login to be able to see the email address on the GitHub profile page. Alternatively you can send a DM via twitter to @ssddanbrown.

Accessibility

We want BookStack to remain accessible to as many people as possible. We aim for at least WCAG 2.1 Level A standards where possible although we do not strictly test this upon each release. If you come across any accessibility issues please feel free to open an issue.

🖥️ Website, Docs & Blog

The website which contains the project docs & Blog can be found in the BookStackApp/website repo.

⚖️ License

The BookStack source is provided under the MIT License. The libraries used by, and included with, BookStack are provided under their own licenses.

👪 Attribution

The great people that have worked to build and improve BookStack can be seen here.

The wonderful people that have provided translations, either through GitHub or via Crowdin can be seen here.

These are the great open-source projects used to help build BookStack:

Comments
  • Notification webhook framework

    Notification webhook framework

    It would be nice if there was a global settings page and the framework to enable activity log notifications.

    Notification when a page is created/modified/deleted Notification when a user is created/modified/deleted Notification when a file is created/modified/deleted

    Notifications could be sent to several possible endpoints, but Slack and Rocket.Chat would be likely good first choices. Eventual additions could be email or messenger platform notifications to the admins

    :hammer_and_wrench: Enhancement :coffee: Open to discussion 
    opened by DeftNerd 53
  • LDAP over SSL not working - ldap_bind(): Unable to bind to server: Can't contact LDAP server

    LDAP over SSL not working - ldap_bind(): Unable to bind to server: Can't contact LDAP server

    Describe the bug LDAP authentication when using LDAPS is not working. I get this error: image

    Already added the CA to the trust store on the server. LDAP configs:

    General auth

    AUTH_METHOD=ldap LDAP_SERVER=ldaps://dc02-srv2016.ad.mydomain.com:636 LDAP_BASE_DN=DC=ad,DC=mydomain,DC=com LDAP_DN=bookstack.connector@domain... LDAP_PASS=mypasshere LDAP_USER_FILTER=(&(sAMAccountName=${user})) LDAP_VERSION=3 LDAP_EMAIL_ATTRIBUTE=mail LDAP_DISPLAY_NAME_ATTRIBUTE=cn LDAP_ID_ATTRIBUTE=BIN;objectGUID APP_DEBUG=true

    If I change to ldap and port 389, it works perfectly... any ideas?

    opened by joaomezzari 49
  • [Feature Request] Change names of objects in the hierarchy (eg,

    [Feature Request] Change names of objects in the hierarchy (eg, "Books" to "Products")

    It would be valuable to have a simple UI-accessible way to rename the types of objects in the wiki hierarchy. I wanted to change from Books -> Chapters -> Pages, to Products -> Features -> Pages. I had to change these in the localization files so it'd be nice to have a simpler way to mass-change these names.

    :hammer_and_wrench: Enhancement 
    opened by bensulli 46
  • 2019 design

    2019 design

    This is a WIP design update targeted for early 2019. It includes some functional aspects of the design as well as just styles.

    Design Goals

    • Improved design consistency and feature usage throughout application.
    • Provide a more modern, less "stock" feel.
    • Cleanup of colour-scheme for easier customizability.
    • Lessen usage of glaring entity colours.
    • Improved mobile usability.
    • Increased functionality in core areas for improved app usage efficiency. (Book list sorting, for example)

    Early Preview (Comparison)

    Old Books List View bookstack_books_redesign_old

    New Books List View bookstack_books_redesign

    :hammer_and_wrench: Enhancement :wrench: Maintenance :art: Design :computer: Front-End :massage: UX 
    opened by ssddanbrown 33
  • [Feature Request] 2FA Implementation

    [Feature Request] 2FA Implementation

    Describe the feature you'd like Implementation of 2FA time based tokens.

    Describe the benefits this feature would bring to BookStack users The benefit would be that I would feel confident allowing BookStack face the public internet if 2FA could be turned on and enforced. This would allow the user direct access without having to turn on a VPN to get inside our network. I realize this might not be the use case for a lot of folks, but for those who are documenting sensitive systems this would be a huge win.

    :hammer_and_wrench: Enhancement :computer: Front-End :factory: Back-End :door: Authentication :hammer: Feature Request 
    opened by cb3inco 33
  • PDF Export issue

    PDF Export issue

    • BookStack Version: 0.16.2
    • PHP Version: 5.6.30
    • MySQL Version: 5.5.52-MariaDB

    Hi, Firstly, thank's a lot for this tool. Secondly, I have an issue with PDF exports. When I try to export an article as PDF, all images are missing from the file created.

    I tried to use WKHTMLTOPDF instead, but without success.

    :bug: Bug 
    opened by Dav31 32
  • Problem with Version 0.31.0

    Problem with Version 0.31.0

    I run BookStack on Ubuntu Container, i want to update to new Version 0.31.0, but after upgrade Bookstack dont work anymore.

    I go to /var/www/html/Bookstack and run git pull origin release && composer install --no-dev && php artisan migrate

    After update Bookstack dont work anymore? Can somebody help me pleas?

    opened by dugs951 31
  • Authenticate via header, e.g. Auth Proxy

    Authenticate via header, e.g. Auth Proxy

    Support for authentication via header would be a great low-cost addition to Bookstack. With this authentication mode, Bookstack would check for the request header X-Webauth-User, and attempt to log-in as that user automatically with no password/token. This mode leverages an external service, the auth proxy, to authenticate users and add the header. Sessions are stored externally also; the user remains logged-in while the header is present.

    Louketo is a good example auth proxy that supports OIDC providers, like Keycloak, Dex, etc.

    Grafana has an authentication module that works in this way.

    To be clear, I am planning to make a pull request to add these features. It would be great to get some feedback on the plan first though!

    How it works

    The login flow looks like:

    1. User visits bookstack.example.com
    2. The request comes through to an auth proxy, not Bookstack. For example:
      • Nginx configured with Basic Auth, or
      • Louketo, connected to an external OIDC IdP like Keycloak.
    3. The auth proxy authenticates the user (via a login page, an SSO token, etc)
    4. The auth proxy adds/populates the X-Webauth-User header, and proxies the request to Bookstack.
    5. Bookstack sees the header, trusts the auth proxy, and logs the user in automatically.
    6. User is redirected to the application, skipping the login page.

    A variety of auth proxies can be used to authenticate and set the header, for example: Basic Auth, vouch proxy, oauth2-proxy.

    Benefits

    • Allows a variety of authn services to be used; e.g. Keycloak supports almost any OIDC provider.
    • Allows sessions to be managed externally (useful for strict security policies).
    • Allows seamless SSO; users only presented with login page once, then have immediate access to other applications.
    • Highly secure; leveraging an auth proxy project whose sole focus is on security.
    • Easy to implement; minimal code to get it working.
    • The Keycloak/Louketo setup is popular in Kubernetes, and would allow Bookstack to fit into existing setups very nicely.
    • Permissions still handled within Bookstack; the auth proxy only handles authentication.

    Considerations

    LDAP: It would be very useful if LDAP Group Sync could continue working. When a user visits Bookstack, they should be authenticated via auth proxy, but their user info (and groups) could still come from LDAP sync.

    Documentation: It is very important that users are not able to forge the X-Webauth-User header as it allows passwordless login to any account. It is also important that users (either via web, or CLI on the server hosting Bookstack) are not able to bypass the auth proxy. There should be a dedicated section in the docs about protecting that header in Nginx, Apache, etc.

    Logout: Logging-out can be handled in many different ways, depending on the auth proxy. The Logout button in the Bookstack UI should be configurable to provide maximum flexibility.

    Configuration: Some extra configuration options will be needed:

    • User auth header (configure which header is used to pass the username/email to Bookstack).
    • User auth field (does the header refer to username, or email?).
    • Proxy IP whitelist (restrict incoming connections to a list of IPs, to ensure users can't bypass the auth proxy).
    • Auto sing-up (if the user doesn't exist, should they be signed up? not applicable if LDAP sync is being used).
    • Signup group (add new sign-ups to this group? again, not applicable for LDAP sync).
    :door: Authentication :hammer: Feature Request 
    opened by ryanc-me 30
  • Logical theme system example: IP based access permissions

    Logical theme system example: IP based access permissions

    As per https://github.com/BookStackApp/BookStack/issues/3374#issuecomment-1140344900, re-purposing this to provide a logical theme system example.


    Describe the feature you'd like

    Hello Thanks for building BookStack

    I would like to see an option to limit the access for some /pages/books/shelves based on (public) viewer public IP address so it will check with a list of IPs in the settings that you already provided the works as whitelist.

    Describe the benefits this would bring to existing BookStack users

    For instance you have a public BookStack on your server and it's publicly available to everyone but there are pages and books and you don't want people to see/access so you set custom permissions for it but each time for accessing it you have to login, which is no problem for one or two device but for like 10 or more in the office it's nightmarish and imagine you have multi-factor authentication enabled as well. So, how it will help? well in those cases all those devices are on the same network so will have the same public IP address and BookStack will override the custom permissions and let them access/see the pages/books/shelves that are not publicly available for the IP addresses that are not in the whitelist even though the user did not logged in.

    Can the goal of this request already be achieved via other means?

    Not sure.

    Have you searched for an existing open/closed issue?

    • [ ] I have searched for existing issues and none cover my fundemental request

    How long have you been using BookStack?

    0 to 6 months

    Additional context

    No response

    :hammer: Feature Request 
    opened by AuthorShin 29
  • 404 on settings page

    404 on settings page

    Describe the Bug

    Hello, actually I have version v22.02.3 installed and want to upgrade to the new version. Everything is fine but the settings page comes with the 404 error message. In the url I see that it want to open /settings/features and in the old version it will only open /settings thanks and regards Stephan

    Steps to Reproduce

    1. Logged in as admin
    2. click on settings

    Expected Behaviour

    I wanted to see the settings page.

    Screenshots or Additional Context

    Bookstack nach Update

    Browser Details

    Firefox 102.1.0esr (64-Bit)

    Exact BookStack Version

    v22.02.3

    PHP Version

    7.4.28

    Hosting Environment

    Debian GNU/Linux 11 (bullseye)

    :bug: Bug 
    opened by Stephan9283 28
  • Agnostic S3 Integration

    Agnostic S3 Integration

    Describe the feature you'd like I'd like an "agnostic" S3 implementation

    Describe the benefits this feature would bring to BookStack users Currently, S3 is limited ONLY to amazon, that I can tell

    Additional context There are other S3 implementations besides Amazon. As it stands, my options for storage with bookstack are, as follows:

    • File (local only)
    • FTP (old, complicated to make highly available, etc)
    • "s3" (Amazon only, meaning it's limited ONLY to paying a cloud provider)
    • Rackspace (rackspace only, again limited to paying a cloud provider)

    I want a better solution for storing uploads, etc. than local storage and FTP, and as it happens, I am running a full ceph cluster, complete with a rados gateway, 3 separate instances, load balanced by a highly available, 3-node traefik cluster, to ensure that my rados gateway (and thus, it's s3 api as well) is always up and available, and 3+ nodes in my ceph cluster, with multiple TBs of redundant storage. I have created a user and a bucket, and they are available via the s3 API (http://docs.ceph.com/docs/mimic/radosgw/s3/) - yet, no matter what I do, going so far as working with a friend to add some custom PHP code, BookStack still insists on using on amazonaws.com for s3...

    :hammer_and_wrench: Enhancement :book: Docs Update :factory: Back-End 
    opened by Gorian 28
  • Configure the Hyperlinks to New Window as default

    Configure the Hyperlinks to New Window as default

    Attempted Debugging

    • [X] I have read the debugging page

    Searched GitHub Issues

    • [X] I have searched GitHub for the issue.

    Describe the Scenario

    Hi, is there a way to change the default hyperlink window to New Window instead of Current Window?

    Exact BookStack Version

    v22.10.2

    Log Content

    No response

    PHP Version

    No response

    Hosting Environment

    Docker

    :dog2: Support 
    opened by adriangalbincea 0
  • Remove use of

    Remove use of "admin.com" default admin user email

    Describe the feature you'd like

    Instead of using admin.com as default domain better us example.com or example.org. The domain admin.com resolves to a privately owned website whereas example.com and example.org are special domains, which are valid and provided by ICANN for testing purposes.

    When a user logs in the first time on a fresh install of BookStack with the default admin credentials and tests the email settings one will successfully send an email but also get a bounce from [email protected]. This is bad for the reputation of the email server (either self hosted or third party service).

    To solve this issue it's a better solution to use [email protected] because when sending emails to this address the email will get successfully send and delivered.

    Describe the benefits this would bring to existing BookStack users

    Testing email delivery on a fresh install will not result in a bounced email.

    Can the goal of this request already be achieved via other means?

    Changing the default mail address of the admin user to a personal mail address.

    This feature request will prevent bounced emails even if a user forgets to change the mail address before testing email settings.

    Have you searched for an existing open/closed issue?

    • [X] I have searched for existing issues and none cover my fundemental request

    How long have you been using BookStack?

    1 to 5 years

    Additional context

    No response

    :hammer: Feature Request 
    opened by timptner 1
  • [Code-Block/SQL] Escape of character '

    [Code-Block/SQL] Escape of character '

    Describe the Bug

    Escape of character '

    Generally it should be [' ']. Only in in MySQL and PostgreSQL ['] escapes it.

    Works in MSSQL + Oracle:

    update FileConnection set ServerPath = REPLACE(ServerPath, '\edi\','\edi_test\') where ConnectName = 'EDI';
    

    In Bookstack it destroys the coloring

    CodeMirror Give me this:

    import {basicSetup, EditorView} from "codemirror"
    import {sql, MSSQL} from "@codemirror/lang-sql"
    
    new EditorView({
     doc: "update FileConnection set ServerPath = REPLACE(ServerPath, '\edi\','\edi_test\') where ConnectName = 'EDI';",
     extensions: [basicSetup, sql({dialect: MSSQL})],
     parent: document.body
    })
    

    Steps to Reproduce

    CodeMirrors Code-Block

    SQL-Code

    update FileConnection set ServerPath = REPLACE(ServerPath, '\edi\','\edi_test\') where ConnectName = 'EDI';
    

    Expected Behaviour

    There are several SQL Server products and with other logic, please do for example: SQL (MYSQL/PostgreSQL) With the right highlighting SQL (ORACLE/MSSQL) With the right highlighting

    Screenshots or Additional Context

    No response

    Browser Details

    all Browser

    Exact BookStack Version

    22.11.1

    PHP Version

    8.1

    Hosting Environment

    Docker

    :bug: Bug 
    opened by reddexx 0
  • DB Connection don't work

    DB Connection don't work

    Attempted Debugging

    • [X] I have read the debugging page

    Searched GitHub Issues

    • [X] I have searched GitHub for the issue.

    Describe the Scenario

    It looks to me like there was a problem with the database during an update. I have already tried to log into bookstack_db, but without success, as if the user password was not set. In the console I get the following problem. Update was carried out with Watchtower, the image was updated, everything still worked in the previous year, can anyone help me here?

    Waiting for DB to be available
       Illuminate\Database\QueryException 
      SQLSTATE[HY000] [1045] Access denied for user 'bookstack'@'bookstack.bookstack_default' (using password: YES) (SQL: select * from information_schema.tables where table_schema = bookstackapp and table_name = migrations and table_type = 'BASE TABLE')
      at /app/www/vendor/laravel/framework/src/Illuminate/Database/Connection.php:712
        708▕         // If an exception occurs when attempting to run a query, we'll format the error
        709▕         // message to include the bindings with SQL, which will make this exception a
        710▕         // lot more helpful to the developer instead of just the database's errors.
        711▕         catch (Exception $e) {
      ➜ 712▕             throw new QueryException(
        713▕                 $query, $this->prepareBindings($bindings), $e
        714▕             );
        715▕         }
        716▕     }
          +33 vendor frames 
      34  /app/www/artisan:37
          Illuminate\Foundation\Console\Kernel::handle()
    

    Debug:

    Error
    Illuminate\Database\QueryException
    SQLSTATE[HY000] [1045] Access denied for user 'bookstack'@'bookstack.bookstack_default' (using password: YES) (SQL: select * from `settings` where `setting_key` = app-public limit 1)
    #0 /app/www/vendor/laravel/framework/src/Illuminate/Database/Connection.php(672): Illuminate\Database\Connection->runQueryCallback()
    #1 /app/www/vendor/laravel/framework/src/Illuminate/Database/Connection.php(376): Illuminate\Database\Connection->run()
    #2 /app/www/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2414): Illuminate\Database\Connection->select()
    #3 /app/www/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2402): Illuminate\Database\Query\Builder->runSelect()
    #4 /app/www/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2936): Illuminate\Database\Query\Builder->Illuminate\Database\Query\{closure}()
    #5 /app/www/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php(2403): Illuminate\Database\Query\Builder->onceWithColumns()
    #6 /app/www/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(625): Illuminate\Database\Query\Builder->get()
    #7 /app/www/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php(609): Illuminate\Database\Eloquent\Builder->getModels()
    #8 /app/www/vendor/laravel/framework/src/Illuminate/Database/Concerns/BuildsQueries.php(294): Illuminate\Database\Eloquent\Builder->get()
    #9 /app/www/app/Settings/SettingService.php(257): Illuminate\Database\Eloquent\Builder->first()
    #10 /app/www/app/Settings/SettingService.php(100): BookStack\Settings\SettingService->getSettingObjectByKey()
    #11 /app/www/app/Settings/SettingService.php(44): BookStack\Settings\SettingService->getValueFromStore()
    #12 /app/www/app/helpers.php(97): BookStack\Settings\SettingService->get()
    #13 /app/www/app/helpers.php(54): setting()
    #14 /app/www/app/Http/Middleware/Authenticate.php(15): hasAppAccess()
    #15 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Authenticate->handle()
    #16 /app/www/app/Http/Middleware/Localization.php(45): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #17 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Localization->handle()
    #18 /app/www/app/Http/Middleware/RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #19 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RunThemeActions->handle()
    #20 /app/www/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #21 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckEmailConfirmed->handle()
    #22 /app/www/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #23 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle()
    #24 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #25 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
    #26 /app/www/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #27 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
    #28 /app/www/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #29 /app/www/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
    #30 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle()
    #31 /app/www/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #32 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
    #33 /app/www/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #34 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\EncryptCookies->handle()
    #35 /app/www/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #36 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\ApplyCspRules->handle()
    #37 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #38 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then()
    #39 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack()
    #40 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute()
    #41 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute()
    #42 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch()
    #43 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
    #44 /app/www/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #45 /app/www/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle()
    #46 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\TrustProxies->handle()
    #47 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #48 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
    #49 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle()
    #50 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #51 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
    #52 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #53 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
    #54 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
    #55 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then()
    #56 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
    #57 /app/www/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle()
    #58 {main}
    

    Exact BookStack Version

    v22.11.1

    Log Content

    No response

    PHP Version

    8.0.25

    Hosting Environment

    Ubuntu 20.04, Docker from Linuxserv

    :dog2: Support 
    opened by michaelortnersanube 8
  • Chrome autofill tries to fill the page editor with address info

    Chrome autofill tries to fill the page editor with address info

    Describe the Bug

    When editing any page, chrome tries to autofill the editor with address info

    image

    Steps to Reproduce

    1. Make sure chrome has address info saved
    2. Using markdown page editor
    3. Create a new document
    4. Click on the Editor area

    Autofill pops up in chrome

    Additional notes:

    • Clicking on the autofill fills the page title with First name and the page with the first letter of last name
    • The title input also triggers this behavior

    Expected Behaviour

    There should not be an autofill prompt with addresses when clicked

    Screenshots or Additional Context

    No response

    Browser Details

    Chrome Version 108.0.5359.125

    Exact BookStack Version

    v22.11

    PHP Version

    PHP 7.4.3

    Hosting Environment

    Running on an ubuntu VM behind a HTTPS reverse proxy (Bookstack is HTTP only)

    :bug: Bug 
    opened by Isaacntk 0
  • SAML 2.0 SLO is not provided a session index

    SAML 2.0 SLO is not provided a session index

    Describe the Bug

    Trying using the SAML SLO functionality I get this error:

    <samlp:StatusMessage>Missing SessionIndex: session participants MUST include at least one <SessionIndex> element in the logout request</samlp:StatusMessage>
    

    Steps to Reproduce

    Configure SAML Authentication with SLO functionality based on the documentation

    Expected Behaviour

    <SessionIndex> Object included in SLO Request

    Screenshots or Additional Context

    Currently the SLO Request looks like this:

    <samlp:LogoutRequest
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        ID="redacted"
        Version="2.0"
        IssueInstant="2022-12-28T10:00:34Z"
        Destination="redacted">
        <saml:Issuer>https://redacted/saml2/metadata</saml:Issuer>
        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">redacted</saml:NameID>
    </samlp:LogoutRequest>
    

    SAML Login Response (mostly truncated) - Includes SessionIndex

    <samlp:Response Version="2.0" ID="redacted" IssueInstant="2022-12-28T10:08:33.861Z" InResponseTo="redacted" Destination="https://redacted/saml2/acs" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:Assertion ID="redacted" IssueInstant="2022-12-28T10:08:33.894Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
            <saml:AuthnStatement SessionIndex="redacted" AuthnInstant="2022-12-28T10:08:33.885Z">
                <saml:AuthnContext>
                    <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
                </saml:AuthnContext>
            </saml:AuthnStatement>
        </saml:Assertion>
    </samlp:Response>
    

    Browser Details

    No response

    Exact BookStack Version

    v22.11

    PHP Version

    No response

    Hosting Environment

    Inside official Docker Container on our Kubernetes Instance.

    :bug: Bug :door: Authentication 
    opened by kompetenzlandkarte 1
Releases(v22.11.1)
  • v22.11.1(Dec 16, 2022)

  • v22.11(Nov 30, 2022)

    Links

    Upgrade Notices

    No notices for this release

    Full List of Changes

    • Added user interface shortcuts system. (#3830, #1216)
    • Added global search live preview. (#3850)
    • Added markdown preview pane resize/hide/sync controls. (#2215)
    • Added Dart/Flutter support for code blocks & editor. (#3808)
    • Added Swift language support for code blocks & editor. (#3847)
    • Added login/register message partials for easier use via theme system. (#3848, #608)
    • Added Georgian Language support on Crowdin. (#3823)
    • Updated all interface tabular list views to new format with added functionality. (#3821)
    • Updated markdown codebase to be modular and tidied some styles. (#3875)
    • Updated dark mode styles with fixes and browser color scheme support. (#3878)
    • Updated email confirmation routes to be confirmed via POST. (#3797)
    • Updated JavaScript usage to align on single cleaned-up component system. (#3853)
    • Updated our testing process to ensure PHP8.2 Support. (#3852)
    • Updated tests to cover issue of permission regeneration with chapter in the recycle bin. (#3796)
    • Updated translations with latest Crowdin changes. (#3828)
    • Fixed app logo not being stored for public access when using "local_secure_restricted" images. (#3827)
    • Fixed missing translations for some editor elements. (#3822)
    • Fixed OIDC JWKs parsing when "use" property missing on keys. (#3869)
    Source code(tar.gz)
    Source code(zip)
  • v22.10.2(Nov 2, 2022)

  • v22.10.1(Oct 21, 2022)

  • v22.10(Oct 21, 2022)

    Links

    Upgrade Notices

    • Permission Management Changes - The interface and logic for managing shelf, book, chapter & page permissions has changed significantly in this release. The following should be noted:
      • Content permissions that were not active (where the "Enable Custom Permissions" checkbox was unchecked) will be removed upon upgrade to v22.10.
      • Content permission role entries, that had no permissions provided, will not be reflected/shown as a row in the permissions interface immediately upon upgrade. Instead such cases will be reflected via the "Everyone Else" permission entry being active, in a non-inheriting state, with no permissions set.
      • There should be no functional change to active permissions upon upgrade. Care has been taken to ensure existing permissions are migrated so that access control remains the same as pre-upgrade.

    Full List of Changes

    • Added Greek language. (#3732)
    • Added MATLAB code syntax highlighting. (#3744)
    • Added toolbar for code blocks in WYSIWYG editor to make mobile editing possible. (#2815)
    • Updated content permissions interface & logic to allow more selective/intuitive control. (#3760)
    • Update WYSIWYG table toolbar icons to be a little more legible. (#3397)
    • Updated auth controller components to not depend on older Laravel library. (#3745, #3627)
    • Updated book copy behaviour to copy book-shelf relations if permissions allow. (#3699)
    • Updated books-read API endpoint to list child book/chapter tree. (#3734)
    • Updated list style handling to align deeply nested list styling in & out of editor. (#3685)
    • Updated shelf book management for easier touch device usage. (#2301)
    • Updated tag suggestions to provide more accurate results. (#3720)
    • Updated testing to support parallel running. (#3751)
    • Updated tests to align/clean-up certain common actions. (#3757)
    • Updated translations with latest Crowdin changes. (#3737)
    • Fixed custom code block theme not used within the WYSIWYG editor. (#3753)
    • Fixed issue where revision delete control would show to those without permission. (#3723)
    • Fixed justified text not applying to list content. (#3750)
    • Fixed not being able to deselect "Created/Update by me" search options. Thanks to @Wertisdk. (#3770, #3762)
    • Fixed page popover being hidden behind content in chromium-based browsers. (#3774)
    • Fixed SAML2 metadata display depending on external IDP metadata page. (#2480)
    • Fixed squashing of columns in users list. (#3787)
    Source code(tar.gz)
    Source code(zip)
  • v22.09.1(Sep 20, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Added PHPCS for project PHP formatting. (#3728)
    • Updated SAML error handling to display additional error detail. (#3731)
    • Updated translations with latest Crowdin updates. (#3710)
    • Updated locale setting to help apply right locale on Windows. (#3650)
    Source code(tar.gz)
    Source code(zip)
  • v22.09(Sep 8, 2022)

    Links

    Upgrade Notices

    • Security - This release cycle contained a security release that added detail that's important to consider when BookStack content is used externally. See the v22.07.3 post for more detail.
    • Revision Visibility - This update fixes a permission disparity with revisions. Revision content has always been accessible to those with page-view permissions, but the links to the revisions list previously required page-edit permission to show. This has been aligned, which may mean page revision links may now show to those that did not previously see them.
    • Revision Limit Change - The default, per-page, revision limit has been doubled from 50 to 100, to account for new system-content updates that may occur. If desired, you can configure this to a custom value.
    • Reference Index - New features have been added to track links between content in BookStack, which uses an internal reference index. Upon upgrade from an older BookStack version, this index will need to be rebuilt. This can be done with the "Regenerate References" command or via the "Regenerate References" maintenance action within BookStack.

    Full List of Changes

    • Added cross-item link reference tracking & updating. (#3656, #3683, #1969)
    • Added OIDC group sync functionality. (#3616, #3004)
    • Added reference view to shelves, chapters, books & pages. (#2864)
    • Added new local_secure_restricted image storage option. (#3693)
    • Added "page_include_parse" theme event. (#3698)
    • Updated API docs to add detail for the request format. (#3652)
    • Updated revision link visibility to show to users. (#2946)
    • Updated shelf naming to be consistent across system. (#3553)
    • Updated translations with latest Crowdin changes. (#3643, #3701)
    • Updated role edit/create form with clarification upon image access permissions. (#3688)
    • Fixed dates not using the correct encoding on some systems. (#3590)
    • Fixed image delete button showing to those without permission to delete. (#3697)
    • Fixed incorrect comment counts on Chinese language options. (#3554)
    • Fixed list indentation when next to floated images. (#3672)
    • Fixed various RTL text interface issues. (#3702)
    • Fixed WYSIWYG drawing update not triggering draft save. (#3682)
    • Fixed some additional SVG-based script cases not being filtered. (#3705)
    Source code(tar.gz)
    Source code(zip)
  • v22.07.3(Aug 11, 2022)

    Security Release

    This is a security release that adds additional filtering to page content to prevent certain cross-site-scripting techniques. These cross-site-scripting techniques would be already by blocked by BookStack's usage of Content-Security-Policy, but this change will help scenarios where BookStack content is used externally.

    In addition, the API documentation has been updated with a section focused on content security to explain the security techniques BookStack uses by default, and to relay considerations for using BookStack content in an external system. The security page of our documentation has also been updated with such considerations:

    https://www.bookstackapp.com/docs/admin/security/#using-content-externally

    Upgrade is advised where BookStack content, accessible to edit by untrusted users, is used externally. Those using BookStack content externally (API-based app developers) should read the new documentation and add any advised protections as necessary.

    Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, for disclosing their report of the relevant vulnerability scenarios.

    Full List of Changes

    • Added API documentation section to advise of content security. (#3636)
    • Updated Persian translations. Thanks to @samadha56. (#3639)
    • Updated code block rendering to help prevent blank blocks on fresh cache. (#3637)
    • Updated HTML filtering to prevent SVG animate case. (#3636)
    • Updated translations with latest changes from Crowdin. (#3635)
    • Updated revision list view to help prevent system memory exhaustion. (#3633)
    • Fixed issue with permission checking prevent certain actions where permission should have allowed. (#3632)
    Source code(tar.gz)
    Source code(zip)
  • v22.07.2(Aug 9, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Added body-start/end partials to export template, for easier export customization via the visual theme system. (#3630)
    • Added activity recording for revision delete/restore. (#3628)
    • Updated translations with latest changes from Crowdin. (#3625)
    • Updated user validation with sensible limit to name input. (#3614)
    • Fixed issue where activity type could not be selected in the audit log. (#3623)
    • Fixed possibility of breaking page load due to bad user language input. (#3615)
    Source code(tar.gz)
    Source code(zip)
  • v22.07.1(Aug 2, 2022)

  • v22.07(Jul 28, 2022)

    Links

    Full List of Changes

    • Added 'Sort Book' action to chapters. (#3598, #2335)
    • Added ability to favourite code languages in the WYSIWYG code editor. (#3593, #3542)
    • Added option to set IP address storage precision. (#3560)
    • Added tag-based css classes to the HTML body tag for tag-based content CSS targeting. (#3583)
    • Added new Logical Theme System event, emitted upon any system activity event. (#3572)
    • Added editor shortcuts for bullet and numbered lists. (#3599, #1269)
    • Updated shelf book management interface with better usability and book search bar. (#3591, #3266)
    • Updated translations with latest changes from Crowdin. (#3600, #3545)
    • Updated WYSIWYG editor to TinyMCE 6. (#3580, #3517)
    • Updated DOMPDF, and other PHP dependencies. (#3579)
    • Updated permission system to only "cache" view-based permissions for better performance, and made many other performance improvements. (#3569)
    • Updated WYSIWYG color options to have no names, for better cross-language usage. (#3530)
    • Updated tests to use ssddanbrown/asserthtml library. (#3519)
    • Fixed comment count translation in Chinese translations. Thanks to @GongMingCai. (#3556)
    • Fixed issue where AVATAR_URL=false would not properly disable Gravatar fetching. (#1835)
    • Fixed some German translation typos and grammar. Thanks to @smartshogu. (#3570)
    • Fixed issue where WYSIWYG toolbar would remain when after inserting a drawing. (#3597)
    Source code(tar.gz)
    Source code(zip)
  • v22.06.2(Jun 28, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Updated translations with latest CrowdIn changes. (#3540, #3531)
    • Fixed bug causing LDAP/SAML2 group mapping to fail if the "External Auth Ids" role field contained upper case characters. (#3535)
    • Fixed differing behaviour, between select button and double-click, in the link selector popup. (#3534)
    Source code(tar.gz)
    Source code(zip)
  • v22.06.1(Jun 25, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Updated entity-selector-popup to reset state upon successful selection. (#3528)
    • Updated translations with latest CrowdIn changes. (#3526)
    • Fixed non-translated settings category options. (#3529)
    • Fixed issue where tags would not be saved upon book update. (#3527)
    • Fixed long code in "Custom Head" setting breaking page layout. (#3523)
    Source code(tar.gz)
    Source code(zip)
  • v22.06(Jun 24, 2022)

    Links

    Upgrade Notices

    • SAML/LDAP Group Mapping - Within the "External Authentication Ids" field for a BookStack role, a backslash followed by a comma (\,) will now cause the comma to be treated as a literal comma within the mapping name, instead of acting as a value separator to define multiple mappings.

    Full List of Changes

    • Added ability to convert chapters to books, and books to shelves. (#3499, #1087)
    • Added ability to auto-initiate login for SAML and OIDC auth users. Thanks to @rjmidau. (#3406, #3216, #2175)
    • Added ability to use commas in the role "External Auth ID". (#3416, #3405)
    • Added body-start/end templates as a convenience to theme system users. (#894)
    • Added OCaml to the code editor language list and fixed highlighting type. (#3511)
    • Added TypeScript to the code editor language list. (#3494)
    • Added common audio types to our WebSafeMimeSniffer for non-download attachment usage. (#3485)
    • Added LaTex to the code editor language list. (#3458)
    • Updated the UI/design with a mass of fixes & improvements. (#3433)
    • Updated WYSIWYG code editor interface. (#3512)
    • Updated API docs to remove non-existant image_id field. (#3474)
    • Updated logging system to not log StoppedAuthenticationException events. (#3468)
    • Updated the markdown editor preview display to be patch-updated. (#3454)
    • Updated export templates into smaller chunks for easier override. (#3443)
    • Updated translations with latest Crowdin changes. (#3428)
    • Fixed tag overview entity-counts showing incorrect values. (#3435)
    • Fixed incorrectly placed debug script on default home page. (#3430)
    • Fixed text after line-breaks not being indexed. (#3508)
    • Fixed new WYSIWYG code snippets being shown as a single line. (#3507)
    Source code(tar.gz)
    Source code(zip)
  • v22.04.2(May 9, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Added Persian to language list. (#3426)
    • Updated API docs to detail rate-limit information. (#3423)
    • Updated translations with latest Crowdin changes. (#3418)
    • Fixed broken attachment downloads in environments where PHP output buffering is disabled. (#3415)
    • Fixed LDAP_DUMP_* options throwing error when LDAP details contain binary data. (#3396)
    • Updated PHP dependency versions.
    Source code(tar.gz)
    Source code(zip)
  • v22.04.1(May 4, 2022)

  • v22.04(Apr 29, 2022)

    Links

    Upgrade Notices

    • Database Changes - This release makes some significant changes to data within the database which may cause the update to take a little longer than usual to run. Please give the update extra time to complete.
    • REST API Page Create/Update Changes - Create & update page requests now have the potential to change the current editor type for that page, depending on the content type sent in the request, if the API user has permission to change the page editor.
    • URL Handling - The way we handle URLs has changed this release to hopefully address some issues in specific scenarios. These changes have been tested and should not affect existing working environments but there's an increased risk this release for setups with more complex URL handling. Please raise an issue or jump into our Discord server if you have any issues with URLs after upgrading.

    Full List of Changes

    • Added ability to switch editor types on a per-page basis. (#3387, #458, #369)
    • Added new recycle bin API endpoints. Thanks to @Julesdevops. (#3377, #3372)
    • Added ability to pass diagrams.net configuration options. (#3391)
    • Added Uzbek language option to allow translation, not yet active in the interface. (#3383)
    • Updated translations with latest Crowdin updates. (#3384, #3358)
    • Updated database polymorphic relations to simpler morphmap. (#3395)
    • Updated file handling in many cases to stream data for better efficiency, reduce memory usage and avoid hitting limits. (#3365, #2886)
    • Updated URL handling to be more stable in sub-path scenarios. (#3364, #2765, #2058)
    • Updated content update handling to increment updated_at field, even if only tags are changed. (#3319)
    • Fixed editor Portuguese translation duplication. Thanks to @evandroamaro. (#3373)
    • Fixed API issue where tags would not be applied on API shelf update. (#3370)
    • Fixed development build command lacking Windows/non-bash compatibility. (#3323)
    Source code(tar.gz)
    Source code(zip)
  • v22.03.1(Mar 30, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Fixed issue where /settings redirect would lead to wrong location in some scenarios. (#3356)
    • Fixed non-active prevention of custom HTML head content on settings views. (#3355)
    • Updated translations with latest Crowdin changes. (#3354)
    • Updated project PHP dependencies.
    Source code(tar.gz)
    Source code(zip)
  • v22.03(Mar 30, 2022)

    Links

    Upgrade Notices

    • Webhook Data Changes - Properties found at the related_item -> created_by/updated_by/owned_by path of the webhook data will now be an object instead of an ID integer. If you were using these ids you'd now need to access them within the relevant objects. (For example related_item.created_by.id).

    Full List of Changes

    • Added support for checkbox tasklists in the WYSIWYG editor. (#3333, #4)
    • Added WYSIWYG control to remove & edit links. (#3276, #3298)
    • Added WYSIWYG Ctrl+Shift+K shortcut to show entity selector popup shortcut in WYSIWYG editor. (#3244, #3298)
    • Added LDAP user group debugging option. (#3345)
    • Added support for the Basque language. (#3296)
    • Updated settings view with a re-organized layout for a less confusing user experience. (#3349, #3221)
    • Updated code block rendering in WYSIWYG to help prevent scroll jumping upon undo/redo. (#3326)
    • Updated translations with latest Crowdin updates. (#3320)
    • Updated webhook data to include details of page/chapter/shelf/book creator/updater/owner. (#3279)
    • Updated webhook data to include revision details on page_update and page_create events. (#3218)
    • Fixed lack of translation support for some editor buttons. (#3342)
    • Fixed incorrect page concatenation in book markdown export. (#3341)
    • Fixed usage of <br> tags within code blocks instead of newlines when using the WYSIWYG editor. (#3327)
    • Fixed image thumbnail generation not taking EXIF rotation data into account. (#1854)
    Source code(tar.gz)
    Source code(zip)
  • v22.02.3(Mar 7, 2022)

    Security Release

    This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.

    A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.

    Please see this link for more detail regarding this option:

    • https://www.bookstackapp.com/docs/admin/security/#iframe-src-control
      • ("Iframe Source Control" section)

    It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.

    Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.

    Full List of Changes

    • Added iframe allow-list control to prevent a range of malicious uses of untrusted iframe sources. (#3314)
    • Updated translations with latest Crowdin changes. (#3312)
    Source code(tar.gz)
    Source code(zip)
  • v22.02.2(Mar 1, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Added cache breaker to WYSIWYG onward loading to prevent plugin errors appearing if cached. (#3303)
    • Updated translations with latest Crowdin changes. (#3301)
    • Updated sidebar fade to be more subtle when in dark mode. (#3203)
    • Fixed WYISWYG editor issue where blank lines would collapse. (#3302)
    Source code(tar.gz)
    Source code(zip)
  • v22.02.1(Feb 27, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Updated editor references to avoid caching issue that would prevent WYSIWYG editor from opening. (#3293)
    • Updated code blocks within the editor to be more reliable, especially on first insertion. (#3292)
    • Updated translations with latest changes from Crowdin. (#3291)
    Source code(tar.gz)
    Source code(zip)
  • v22.02(Feb 26, 2022)

    Links

    Upgrade Notices

    • PHP Requirements Change - The minimum required version of PHP has changed from 7.3 to 7.4.

    Full List of Changes

    • Added collapsible content blocks support to the WYSIWYG editor. (#78, #3260)
    • Added translation support to the WYSIWYG editor. (#1838)
    • Added user management API endpoints. (#3238, #1363, #2701)
    • Changed minimum PHP version from 7.3 to 7.4. (#3245, #3152)
    • Updated translations with latest Crowdin changes. (#3258, #3251, #3259)
    • Updated Korean translations. Thanks to @ististyle. (#3256)
    • Updated TinyMCE WYSIWYG editor to the latest version. (#3247)
    • Improved PDF export rendering of images within tables. (#3190)
    • Fixed potential web console error message when loading the editor. (#2461)
    • Fixed issue where OIDC token failures would not be shown to the user. (#3264)
    • Fixed issue where the editor could jump-scroll to the top after format change on FireFox (#2692)
    Source code(tar.gz)
    Source code(zip)
  • v21.12.5(Feb 6, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Added text for "file" validation messages to provide better responses in Attachment API validation failures. (#3248)
    • Fixed WYSIWYG editor code block creation across mulitple lines and block elements. Thanks to @Julesdevops. (#3246, #3200)
    • Fixed markdown image data URI extraction failing on large images due to regex match limits. (#3249)
    • Updated translations with latest Crowdin changes. (#3225)
    Source code(tar.gz)
    Source code(zip)
  • v21.12.4(Feb 1, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Added --external-auth-id option to the bookstack:create-admin command for use with LDAP/SAML2/OIDC instances. (#3222)
    • Added the ability select preferred language when creating a new user. (#2408, #2576)
    • Added configuration option for PDF export page size. (#995)
    • Updated 503 error view to simplify and prevent thrown errors. Thanks to @Julesdevops. (#3210, #3205)
    • Updated translations with latest Crowdin changes. (#3214)
    • Fixed mis-represented default registration role and allowed disabling of this option. (#3220, #2338)
    • Fixed OIDC autodiscovery when keys are provided in a certain format, as provided by Azure. (#3206)
    • Development change: The default development branch name is now development instead of master. (#3195)
    Source code(tar.gz)
    Source code(zip)
  • v21.12.3(Jan 24, 2022)

    Links

    Upgrade Notices

    • Composer Version Requirement Change - Composer v2.0 or greater is now required to install or update BookStack.
      • You can check your composer version by running composer -V.
      • You can often update composer by running sudo composer self-update
        • (Or you may be prompted to run sudo composer self-update --2).
      • If you're using a system-supplied composer package you may need to first uninstall that (eg. sudo apt remove composer) then follow the composer download documentation to get the latest version.
        • Take notice of the sudo mv composer.phar /usr/local/bin/composer command shown in the documentation to install composer globally for easier usage.

    Full List of Changes

    This release contains the following fixes and changes:

    • Updated development docker environment with xdebug support. Thanks to @Julesdevops. (#3193)
    • Updated user creation flow to not persist the user on invitation sending failure. Thanks to @Julesdevops. (#3179, #3174)
    • Updated "Recently Updated Pages" view to show update author and date. Thanks to @Julesdevops. (#3177, #3045)
    • Updated translations with latest Crowdin changes. (#3158)
    • Updated PDF page export image display to help fix image sizing issues again. (#3120)
    • Updated "Recently Updated Pages" view to show parent context chain. (#3183)
    • Fixed potential errors in revision diff view when multi-byte characters are used. (#3170)
    • Fixed duplicate display in image gallery when uploading multiple images at once. (#3160)
    • Fixed inaccurate markdown editor cursor position upon sidebar usage. (#3186)
    Source code(tar.gz)
    Source code(zip)
  • v21.12.2(Jan 10, 2022)

    Links

    Full List of Changes

    This release contains the following fixes and changes:

    • Improved handling of uploaded images when thumbnails fail to load. (#3142)
    • Updated translations with latest Crowdin changes. (#3148)
    • Fixed issue where webhooks would error for specific recycle bin operations. (#3154)
    • Fixed Spanish invite email subject translation. Thanks to @AitorMatxi. (#3153)
    • Fixed issue where custom homepage could cause strange deletion behavior and lead to errors. (#3150)
    Source code(tar.gz)
    Source code(zip)
  • v21.12.1(Jan 6, 2022)

    Security Release

    BookStack v21.12.1 has been released. This is a security release that better enforces permissions on book-sort & chapter-move operations to address scenarios where content could be moved to non-permissible locations.

    It's advised to upgrade as soon as possible if untrusted users can update books or chapters in your BookStack instance.

    Thanks again to @haxatron for discovering and reporting this vulnerability via huntr.dev.

    Full List of Changes

    • Added timeout and debugging statuses to webhooks. (#3139)
    • Added new webhook_call_before logical theme system event hook. (#3138)
    • Updated support for APNG images to retain animation. (#3136)
    • Updated book sort and chapter move handling to enforce more permissions. (#3134)
    • Updated item-search/select box to autofocus on search field. (#3127)
    • Updated webhooks to not stop application on endpoint call failure. (#3122)
    • Updated translations with latest Crowdin changes. (#3117)
    • Fixed webhooks list view issue where columns would become to narrow. (#3135)
    • Fixed linked images showing small in PDF export. (#3120)
    • Fixed issue where pasting certain code blocks would cause erratic editor behavior. (#3133)
    Source code(tar.gz)
    Source code(zip)
  • v21.12(Dec 22, 2021)

    Links

    Full List of Changes

    • Added webhooks. (#147, #3099)
    • Added ability to copy books, chapters & roles. (#3118, #1123)
    • Added audit log IP address search. Thanks to @johnroyer. (#3081)
    • Updated translations with latest Crowdin changes. (#3117)
    • Fixed issue where non-ascii content could break search result previews. Thanks to @Kristian-Krastev. (#3113)
    • Fixed mismatched password validation rules across the application. (#2237)
    Source code(tar.gz)
    Source code(zip)
  • v21.11.3(Dec 15, 2021)

    Security Release

    BookStack v21.11.3 has been released. This is a security release that helps prevent potential discovery and harvesting of user details including name and email address.

    It's advised to upgrade as soon as possible if your BookStack instance is public or is used by untrusted members.

    Thanks to @haxatron for discovering and reporting this vulnerability via huntr.dev.

    Full List of Changes

    • Helped prevent discovery and harvesting of user information. Thanks @haxatron for reporting. (#3108)
    • Updated search API results to include the highlighted preview content. (#3096)
    • Updated search API results to include item URL. (#3080)
    • Updated translations with latest Crowdin changes. (#3093)
    Source code(tar.gz)
    Source code(zip)
A Blogging Platform with a built-in Feed Aggregator. Built with AngularJS and Laravel.

ReMark ReMark is an open source publishing platform built with the informed content creator in mind. It works as: A blogging platform A feed aggregato

Ren 4 Nov 1, 2019
Backend of the Articly wiki/cms project

Documentation | Changelog | Roadmap Currently under heavy development & testing. Fast, easy and reliable wiki software running in the web. What is Art

null 4 Feb 14, 2022
a super lightweight markdown wiki/blog/tweeting system.

laMDWiki is a super light weight blog/wiki platform running on PHP!

null 4 Dec 24, 2021
A wiki to ease developers' work by providing a user authentication librariesthat can be used as middleware within a web application to authenticate

A wiki to ease developers' work by providing a user authentication librariesthat can be used as middleware within a web application to authenticate (their application user) requests.

Zuri Training 6 Aug 8, 2022
Self-hosted platform to keep and share your content: web links, posts, passwords and pictures.

Shaark is a self-hosted platform to keep and share your content: web links, posts, passwords and pictures. All of your data can be private, public or

MarceauKa 482 Dec 30, 2022
Drupal is an open source content management platform supporting a variety of websites ranging from personal weblogs to large community-driven websites.

Drupal is an open source content management platform supporting a variety of websites ranging from personal weblogs to large community-driven websites.

Drupal 3.8k Jan 4, 2023
This is a plugin written in PHP programming language and running on the PocketMine platform that works stably on the API 4.0.0 platform. It allows you to query some other server information

QueryServer This is a plugin written in PHP programming language and running on the PocketMine platform that works stably on the API 4.0.0 platform. I

Thành Nhân 1 Jul 6, 2022
The platform allows you to manage articles, comments, tags, categories, and users for a blogging platform.

Laravel Blogging Platform The platform allows you to manage articles, comments, tags, categories, and users for a blogging platform. The project was w

Khaled Farhat 6 Oct 2, 2022
QuidPHP/Core is a PHP library that provides an extendable platform to create dynamic applications

QuidPHP/Core About QuidPHP/Core is a PHP library that provides an extendable platform to create dynamic applications. It is part of the QuidPHP packag

QuidPHP 4 Jul 2, 2022
mTube is a simple video sharing platform built with Laravel.

mTube is a simple video sharing platform built with Laravel. Create personal channel share videos online with friends and family.

Nyi Nyi Lwin 115 Dec 28, 2022
A powerful open source Laravel Blog with WYSWYG and CRUD (Create Read Update Delete) built on Laravel 5.8 and Bootstrap 4

Larablog A powerful open source Laravel Blog with WYSWYG and CRUD (Create Read Update Delete) built on Laravel 5.8 and Bootstrap 4 Table of contents F

Jeremy Kenedy 144 Oct 11, 2022
Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP

Audio Video Platform AVideo is a term that means absolutely nothing, or anything video. Since it doesn't mean anything the brand simply is identifiabl

World Wide Broadcast Network 1.7k Jan 8, 2023
This is a clone of Angry birds's homepage built using Wordpress, it is configured to run on the Pantheon platform.

Angry-Birds-UI-Clone Description This is a clone of Angry birds's homepage built using Wordpress, it is configured to run on the Pantheon platform. Li

Abir Bouhriz Daidj 3 Oct 20, 2021
A11Y platform - built by a community who believes in an open internet.

Equalify the web! 96.8% of homepages are inaccessible, according to WebAIM. That statistic is unacceptable. Everyone should have access to online info

Blake Bertuccelli 65 Dec 13, 2022
Create videos programmatically in the cloud from PHP: add watermarks, resize videos, create slideshows, add soundtrack, voice-over with text-to-speech (TTS), text animations.

Create videos programmatically in the cloud from PHP: add watermarks, resize videos, create slideshows, add soundtrack, voice-over with text-to-speech (TTS), text animations.

null 6 Oct 21, 2022
Create a PHP 8 CRUD (Create, Read, Update, Delete) RESTful API with an MySQL database.

Créer une API RESTful PHP 8 CRUD (Create, Read, Update , Delete) simple avec MySQL et PDO (PHP Data Objects) Détails du référentiel : Lire, insérer, m

HOUESSOU Béryl 5 Oct 10, 2022
Easily self host your documentation.

Docs for Laravel Generate docs for your projects Support us Like our work? You can support us by purchasing one of our products. Installation WIP, do

Flowframe 6 Oct 31, 2022
Anemone - an application that centralizes users' documentation queries

Anemone C. Sun, F. Imadegbelo, F. Johnston, T. Rowe, W. Zhai Anemone is an application that centralizes users' documentation queries. A user will be a

Temple University, CIS department 5 Apr 22, 2022
Cakephp-book allows you to search in the official CakePHP documentation directly from the console.

CakeDC/Book plugin for CakePHP cakephp-book allows you to search in the official CakePHP documentation directly from the console. Requirements CakePHP

Cake Development Corporation 3 Apr 13, 2022