Update docs to note potential risks/memory usage of LDAP avatar imports #4970

New Issue

Closed

opened 2026-02-05 09:30:14 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 09:30:14 +03:00

Owner

Copy Link

Originally created by @florent4014 on GitHub (Sep 28, 2024).

Describe the Bug

Using the linuxserver.io Bookstack docker image, and the docker compose from the documentation (with some LDAP env variables in order to log with LDAP accounts). A user with like a 2MB profile pic will cause HTTP ERROR 500 when logging in to Bookstack app, thus causing the unavailability of the service and requiring a reboot.

I was able to eliminate the problem by adding memory_limit = 512M to php-local.ini. Here is the log of the error :

2024/09/27 23:25:21 [error] 320#320: *108 FastCGI sent in stderr: "PHP message: PHP Fatal error:  
Allowed memory size of 134217728 bytes exhausted (tried to allocate 24576 bytes) in /app/www/vendor/intervention/image/src/Drivers/Gd/Decoders/BinaryImageDecoder.php 
on line 43; PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted 
(tried to allocate 32768 bytes) in /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php 
on line 402" while reading response header from upstream, client: 192.168.1.56, server: _, 
request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "bookstack.domain.lan"

Steps to Reproduce

1. Run a dockerized version of bookstack
2. Set up a LDAP account with >2MB profile pic
3. Try to connect to Bookstack
4. Enjoy ERROR 500

Expected Behaviour

Being able to log without causing critical behaviour

Screenshots or Additional Context

No response

Browser Details

BRAVE Version 1.70.119 Chromium: 129.0.6668.70 (64 bits)

Exact BookStack Version

BookStack v24.05.4

Originally created by @florent4014 on GitHub (Sep 28, 2024). ### Describe the Bug Using the linuxserver.io Bookstack docker image, and the docker compose from the documentation (with some LDAP env variables in order to log with LDAP accounts). A user with like a 2MB profile pic will cause **HTTP ERROR 500** when logging in to Bookstack app, thus causing the unavailability of the service and requiring a reboot. I was able to eliminate the problem by adding `memory_limit = 512M` to *php-local.ini*. Here is the log of the error : ``` 2024/09/27 23:25:21 [error] 320#320: *108 FastCGI sent in stderr: "PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 24576 bytes) in /app/www/vendor/intervention/image/src/Drivers/Gd/Decoders/BinaryImageDecoder.php on line 43; PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 32768 bytes) in /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php on line 402" while reading response header from upstream, client: 192.168.1.56, server: _, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "bookstack.domain.lan" ``` ### Steps to Reproduce 1. Run a dockerized version of bookstack 2. Set up a LDAP account with >2MB profile pic 3. Try to connect to Bookstack 4. Enjoy ERROR 500 ### Expected Behaviour Being able to log without causing critical behaviour ### Screenshots or Additional Context _No response_ ### Browser Details BRAVE Version 1.70.119 Chromium: 129.0.6668.70 (64 bits) ### Exact BookStack Version BookStack v24.05.4

OVERLORD added the 📖 Docs Update label 2026-02-05 09:30:14 +03:00

OVERLORD closed this issue 2026-02-05 09:30:16 +03:00

OVERLORD commented 2026-02-05 09:30:18 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 28, 2024):

Yeah, this will happen during the image resize process with large source images.
Memory exhaustion limits are a pain to handle, since the app/framework jumps to a shutdown state in out of memory scenarios rather than it being a normal catchable error like logical errors.

We could add specific handling (like we have done elsewhere in a few key areas) but I'm not sure if it's worthwhile to add complexity to logins for this rare edge-case of a scenario.

Another option is to skip certain potentially problematic images, but we don't really know the memory use beforehand.

@ssddanbrown commented on GitHub (Sep 28, 2024): Yeah, this will happen during the image resize process with large source images. Memory exhaustion limits are a pain to handle, since the app/framework jumps to a shutdown state in out of memory scenarios rather than it being a normal catchable error like logical errors. We could add specific handling (like we have done elsewhere in a few key areas) but I'm not sure if it's worthwhile to add complexity to logins for this rare edge-case of a scenario. Another option is to skip certain potentially problematic images, but we don't really know the memory use beforehand.

OVERLORD commented 2026-02-05 09:30:22 +03:00

Author

Owner

Copy Link

@florent4014 commented on GitHub (Sep 28, 2024):

I guess the less time consuming would be to put a warning in the documentation so that other users can be aware of this issue. Or maybe (i'm no dev) imagine a system, like you said, to ignore profile pics on resolution or size criteria. At least, once you spot the problem, it is easy to fix.

@florent4014 commented on GitHub (Sep 28, 2024): I guess the less time consuming would be to put a warning in the documentation so that other users can be aware of this issue. Or maybe (i'm no dev) imagine a system, like you said, to ignore profile pics on resolution or size criteria. At least, once you spot the problem, it is easy to fix.

OVERLORD commented 2026-02-05 09:30:23 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 28, 2024):

Yeah, that's a good idea. I'll update & tag this issue to focus on adding an comment for the setting in our docs to note/consider this scenario.

@ssddanbrown commented on GitHub (Sep 28, 2024): Yeah, that's a good idea. I'll update & tag this issue to focus on adding an comment for the setting in our docs to note/consider this scenario.

OVERLORD commented 2026-02-05 09:30:24 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 30, 2024):

I've now updated the ldap docs to add a comment for that option to warn about possible liklihood of additional issues. I'll therefore close this off.

@ssddanbrown commented on GitHub (Sep 30, 2024): I've now updated the [ldap docs](https://www.bookstackapp.com/docs/admin/ldap-auth/) to add a comment for that option to warn about possible liklihood of additional issues. I'll therefore close this off.

OVERLORD commented 2026-02-05 09:30:25 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 14, 2024):

Whoops, forgot to actually close this off 😅

@ssddanbrown commented on GitHub (Oct 14, 2024): Whoops, forgot to actually close this off 😅

OVERLORD referenced this issue 2026-02-05 10:32:12 +03:00

[PR #4970] [MERGED] Honeypot against Bot registrations #6435

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 📖 Docs Update

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4970