BookStack Beta v0.26.4
Security Release
The release enhances the security of BookStack in a few different areas:
- Updated user profile behaviour so that users cannot change their email address unless they have permission to manage users. This is to prevent a user acting as an imposter, changing their email to one they don't own. Thanks to @Irrational-NX for raising.
- Improved the script escaping logic that was enhanced in the previous release, by also checking for iframes using javascript or data urls. Thanks again to @billford for raising this issue. (#1531)
- Updated the provided, and added an additional,
.htaccess
file to prevent apache indexes from listing image directories. Thanks to @davidtessier for raising.