Dan Brown
1db1083064
Updated version and assets for release v25.12.7
v25.12.7
2026-02-19 23:34:11 +00:00
Dan Brown
664eb6d980
Merge branch 'v25-12' into release
2026-02-19 23:32:47 +00:00
Dan Brown
80204518a2
Page Content: Better handling for empty content filtering
...
For #6028
2026-02-19 23:25:00 +00:00
Dan Brown
7528bc19b7
Updated version and assets for release v25.12.6
v25.12.6
2026-02-18 19:50:09 +00:00
Dan Brown
6854687d7c
Merge branch 'v25-12' into release
2026-02-18 19:49:03 +00:00
Dan Brown
a8d96fd389
Content filter: Allowed custom diagram attribute in allow-list
...
For #6026
2026-02-18 19:33:35 +00:00
Dan Brown
9d15c79fee
Deps: Updated PHP package versions
2026-02-18 19:24:06 +00:00
Dan Brown
ad540a015f
Updated version and assets for release v25.12.5
v25.12.5
2026-02-17 18:38:13 +00:00
Dan Brown
f54f507854
Merge branch 'v25-12' into release
2026-02-17 18:37:11 +00:00
Dan Brown
e1de1f0583
git: Added old purifier location to gitignore
2026-02-17 18:34:14 +00:00
Dan Brown
a2017ffa55
Caching: Altered purifier cache folder to be server-created
...
Moved from a static folder to a dynamically created folder in the
framework/cache directory, to increase the chance that it's created with
server-writable permissions.
This is due to an issue where users had permission issues, since adding
a new folder means it's created by the git user and often
non-web-writable.
2026-02-17 18:22:13 +00:00
Dan Brown
f484fbc110
Updated version and assets for release v25.12.4
v25.12.4
2026-02-17 11:40:21 +00:00
Dan Brown
299d3b3149
Merge branch 'v25-12' into release
2026-02-17 11:39:12 +00:00
Dan Brown
9646339933
Testing: Addressed failing tests and static checks
2026-02-17 11:31:47 +00:00
Dan Brown
e4383765e1
Meta: Updated licenses and config wording
2026-02-17 11:00:37 +00:00
Dan Brown
5d547fcf4c
Deps: Updated PHP packages
...
Also fixed test namespace
2026-02-17 09:44:56 +00:00
Dan Brown
826b36c985
Editors: Added HTML filtering in certain loading conditions
...
When loaded via ajax for draft revert live in editor, or when loaded
into the editor by a different user.
2026-02-16 15:50:54 +00:00
Dan Brown
3fa1174e7a
Content filtering: Updated config and readme attribution
2026-02-16 13:46:45 +00:00
Dan Brown
50e8501027
Content Filter: Added extra object filtering
...
Was blocked by CSP anyway, but best to have an extra layer.
2026-02-16 13:02:24 +00:00
Dan Brown
8a221f64e4
Content Filtering: Covered new config options and filters with tests
2026-02-16 10:11:48 +00:00
Dan Brown
035be66ebc
Content: Updated tests and CSP usage of content script setting
...
Updates CSP to use new content_filtering option.
Splits out content filtering tests to their own class.
Updated tests where needed to adapt to changes.
2026-02-15 18:44:14 +00:00
Dan Brown
227027fc45
Content: Updated purifier and content caching
...
- Updated page content cache to use app version in cache key
- Moved purifier cache into framework to better work with existing
expected folders.
- Added app version check to purifier so that it will reset its own
cache on app version change.
2026-02-15 16:46:09 +00:00
Dan Brown
0f040fe8b1
Content: Tuned HTML purifier for our use
...
Tested it with a range of supported, including uncommon, content types
and added support, or changed config, where needed.
Been through docs for all HTMLPurifier options to assess what's
relevant.
2026-02-15 16:17:03 +00:00
Dan Brown
10ebe53bd9
Page Content: Added more complex & configurable content filtering
...
- Added new option to control parts of the filter.
- Added whitelist filtering pass via HTMLPurifier.
2026-02-13 14:14:28 +00:00
Dan Brown
7abc269316
Updated version and assets for release v25.12.3
v25.12.3
2026-01-29 15:19:46 +00:00
Dan Brown
f0cf4bd0f8
Merge branch 'development' into release
2026-01-29 15:18:47 +00:00
Dan Brown
46dcc30bf7
Updated translator & dependency attribution before release v25.12.3
2026-01-29 15:18:06 +00:00
Dan Brown
9f7d3b55dd
Updated translations with latest Crowdin changes ( #5997 )
2026-01-29 15:11:40 +00:00
Dan Brown
3e5e88dc87
Deps: Updated PHP package versions via composer
2026-01-29 14:57:05 +00:00
Dan Brown
c77a0fdff3
Page Content: Added form elements to filtering
...
Added and updated tests to cover.
Also updated API auth to a narrower focus of existing session instead of also existing user auth.
This is mainly for tests, to ensure they're following the session
process we'd see for activity in the UI.
2026-01-29 14:54:08 +00:00
Dan Brown
6a63b38bb3
API: Prevented non-GET requests when using cookie-based auth
...
Added test to cover.
2026-01-29 03:37:16 +00:00
Dan Brown
ed4baed28c
Updated version and assets for release v25.12.2
v25.12.2
2026-01-24 13:57:12 +00:00
Dan Brown
90d011fc15
Merge branch 'development' into release
2026-01-24 13:54:51 +00:00
Dan Brown
ff59bbdc07
Updated translator & dependency attribution before release v25.12.2
2026-01-24 13:53:55 +00:00
Dan Brown
4dc443b7df
Updated translations with latest Crowdin changes ( #5970 )
2026-01-22 17:53:58 +00:00
Dan Brown
19f02d927e
Deps: Updated PHP package versions
2026-01-22 17:39:26 +00:00
Dan Brown
da7bedd2e4
Sponsors: Added Onyx
2026-01-13 13:23:54 +00:00
Dan Brown
20db372596
Merge branch 'development' of github.com:BookStackApp/BookStack into development
2026-01-07 11:10:55 +00:00
Dan Brown
43eed1660c
Meta: Updated dev version, license year, crowdin config
...
Added Id to crowdin config for compatibility with upcoming change to
crowdin CLI process after switch to codeberg
2026-01-07 11:09:39 +00:00
Dan Brown
e6b754fad0
Merge pull request #5969 from shaoliang123456/fix/git-safe-directory-in-docker
...
Git 2.35+ may refuse to operate on bind-mounted repos with differing ownership ("dubious ownership"), Mark /app as safe within the container.
2026-01-03 17:56:52 +00:00
leon
018de5def3
fix: Configure safe directory for git in dockerfile
2025-12-31 16:20:52 +08:00
leon
5c4fc3dc2c
fix: Docker: Add
...
git safe.directory config for bind-mounted repos.Mark
/app as safe directory to handle Git 2.35+ ownership
checks in Docker containers.
2025-12-31 11:53:22 +08:00
Dan Brown
805fd98c0f
Updated version and assets for release v25.12.1
v25.12.1
2025-12-30 17:19:10 +00:00
Dan Brown
fcbae16730
Merge branch 'development' into release
2025-12-30 17:18:06 +00:00
Dan Brown
07ec880e33
Testing: Updated search tests to consider new limits
2025-12-30 17:09:26 +00:00
Dan Brown
ab436ed5c3
Updated translations with latest Crowdin changes ( #5962 )
2025-12-30 16:32:21 +00:00
Dan Brown
082befb2fc
Updated PHP packages and translators pre v25.12.1
2025-12-30 16:16:39 +00:00
Dan Brown
b0a8cb0c5d
Merge pull request #5968 from BookStackApp/limits
...
Add some additional resource-based limits
2025-12-30 16:14:04 +00:00
Dan Brown
b08d1b36de
Search: Set limits on the amount of search terms
...
Sets some reasonable limits, which are higher when logged in since that
infers a little extra trust.
Helps prevent against large resource consuption attacks via super heavy
search queries.
Thanks to Gabriel Rodrigues AKA TEXUGO for reporting.
2025-12-30 13:32:14 +00:00
Dan Brown
88d86df66f
ZIP Exports: Added limit to ZIP file size before extraction
...
Checks files within the ZIP again the app upload file limit
before using/streaming/extracting, to help ensure that they do no exceed
what might be expected on that instance, and to prevent disk exhaustion
via things like super high compression ratio files.
Thanks to Jeong Woo Lee (eclipse07077-ljw) for reporting.
2025-12-29 23:08:18 +00:00