BookStack v25.12

Links

• Release video overview
• Update instructions
• Update details on blog

Full List of Changes

• Added user mentions for comments. (#5944, #560)
• Added slug history tracking system. (#5913, #5411)
• Added initial developer API for the new WYSIWYG editor. (#5928, #5763)
• Added internal reference handling on content copying. (#5917, #3239)
• Added settings to control the number of books/shelves that will be displayed per page. Thanks to @Xenoamor. (#5606, #2343)
• Updated translations with latest Crowdin changes. (#5933)
• Updated new WYSIWYG editor with a range of fixes. (#5939)
• Updated BookStack system CLI to v0.4. (#5956)
• Updated CSS dark/light mode handling so all CSS variables exist by default. (#5923)
• Updated "Microsoft URL Rewrite Module for IIS" download link. Thanks to @gerundt. (#5952)
• Updated image thumbnail generation to more reliably log issues on error. (#5869)
• Updated database to add index to views table to make view-based queries more efficient. (#5948)
• Updated application database requirements. (#5882)
• Fixed search pagination not using APP_URL value, and breaking for sub-path usage. (#5951)
• Fixed search pagination overflowing view on smaller screen sizes. (#5920)

BookStack v25.11.6

Security Release

• Update Instructions
• Update details on blog

BookStack v25.11.6 has been released.

This is a security release to address a vulnerability in our dependencies related to XML
handling, which could allow users to replay SAML authentication requests with specially crafted & manipulated requests.

It's strongly advised to update if you're using SAML authentication for BookStack.

Full List of Changes

• Updated application PHP dependencies.

BookStack v25.11.5

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated OIDC state handling to prevent other requests causing the process to fail, which was occurring in Chromium based browsers. (#5929)
• Updated session history handling to prevent redirects to common asset locations. (#5925)
• Updated PHP dependency versions.

BookStack v25.11.4

Note: This was originally accidentally published as v24.11.4, so this is essential a re-publish with the correct version.
The wrong version number commit/history has been retained though to prevent any breakages for git-managed environments.

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed error thrown when attempting to send new comment notifications. (#5918)
• Updated PHP dependency versions.

BookStack v25.11.3

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed overly-strict image access permission changes in v25.11.2 which could block images when a secure storage option was used alongside public access. (#5906, #5909)
• Updated app PHP dependencies to latest versions.

BookStack v25.11.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed image permission checking in ZIP exports to prevent error and to align with UI access. (#5899, #5885)
• Updated translations with latest Crowdin changes. (#5887)
• Updated test environment refresh database command to set env timezone option to ensure test database is consistent. (#5881)
• Updated app PHP dependencies to latest versions.

BookStack v25.11.1

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixes database queries causing errors with versions of MySQL <= 5.7. (#5877)

BookStack v25.11

Links

• Release video overview
• Update instructions
• Update details on blog

Full List of Changes

• Added API endpoints for comments. (#5850, #4194))
• Added API endpoints for reading image data. (#5860, #5519)
• Added Groovy code syntax highlighting support. (#5822)
• Added new flags to the create admin command. (#5749)
• Added option for display timezone, and improved UI use consistency. (#5790, #4786)
• Added proper pagination to search. (#5854)
• Updated API docs with better model ordering, and quick navigation select. (#5865)
• Updated codebase to meet PHPstan level 3. (#5785)
• Updated database comments table to remove redundant text column. (#4821)
• Updated database format for core item types. (#5800)
• Updated framework to Laravel 12, and perform some major dependency upgrades. (#5782)
• Updated page delete handling to nullify related images instead of leaving old IDs. (#5846)
• Updated permission handling in code to use enums instead of strings. (#5793)
• Updated translations with latest Crowdin changes. (#5843)
• Updated user delete handling to nullify, or better handle, ID references on delete. (#5844)
• Fixed old API-scripts link leading to archived repo. (#5813)
• Fixed search timeout when a high per-page frequency match was encountered. (#5863)

BookStack v25.07.3

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#5786)
• Updated PHP package versions.
• Fixed PWA manifest access when behind authenticated proxies. Thanks to @tfnh621. (#5820)

BookStack v25.07.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated new WYSIWYG editor with various fixes focused on collapsible block behaviour & interaction. (#5775)
• Updated translations with latest Crowdin changes. (#5759)
• Updated versions of PHP dependencies.
• Updated code to address some remaining PHP 8.4 deprecations.
• Fixed diagrams in ZIP imports not being editable post-import. (#5761)
• Fixed books detaching from shelves on shelf update where users don't have permission to view child books. (#5728)