tag:github.com,2008:https://github.com/linuxserver/docker-bookstack/releases

Release notes from docker-bookstack

2026-05-25T19:48:29Z tag:github.com,2008:Repository/139479093/v26.03.5-ls263 2026-05-25T19:55:21Z

v26.03.5-ls263

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.5-ls262...v26.03.5-ls263"><tt>v26.03.5-ls262...v26.03.5-ls263</tt></a></p> <p><strong>Remote Changes:</strong></p> <p>Updating to v26.03.5</p> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.5-ls262 2026-05-21T14:27:31Z

v26.03.5-ls262

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.4-ls261...v26.03.5-ls262"><tt>v26.03.4-ls261...v26.03.5-ls262</tt></a></p> <p><strong>Remote Changes:</strong></p> <p>Updating to v26.03.5</p> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.4-ls261 2026-05-11T20:08:59Z

v26.03.4-ls261

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.4-ls260...v26.03.4-ls261"><tt>v26.03.4-ls260...v26.03.4-ls261</tt></a></p> <p><strong>Remote Changes:</strong></p> <p>Updating to v26.03.4</p> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.4-ls260 2026-05-02T19:09:21Z

v26.03.4-ls260

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <ul> <li>Switch upstream to codeberg, add sponsor links by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/thespad/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/thespad">@thespad</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="4353602119" data-permission-text="Title is private" data-url="https://github.com/linuxserver/docker-bookstack/issues/292" data-hovercard-type="pull_request" data-hovercard-url="/linuxserver/docker-bookstack/pull/292/hovercard" href="https://github.com/linuxserver/docker-bookstack/pull/292">#292</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.4-ls259...v26.03.4-ls260"><tt>v26.03.4-ls259...v26.03.4-ls260</tt></a></p> <p><strong>Remote Changes:</strong></p> <p>Updating to v26.03.4</p> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.4-ls259 2026-04-30T17:04:20Z

v26.03.4-ls259

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.3-ls258...v26.03.4-ls259"><tt>v26.03.3-ls258...v26.03.4-ls259</tt></a></p> <p><strong>Remote Changes:</strong></p> <h3>Security Release</h3> <ul> <li><a href="https://www.bookstackapp.com/docs/admin/updates" rel="nofollow">Update Instructions</a></li> <li><a href="https://www.bookstackapp.com/blog/bookstack-release-v26-03-4/" rel="nofollow">Update details on blog</a></li> </ul> <p>This is a security release to improve attachment related permission checks, and URL validation for webhooks.</p> <p>Upgrade is advised if you allow untrusted users to delete attachments, or if untrusted users have permission to create webhooks on instances which make use of the <code>ALLOWED_SSR_HOSTS</code> BookStack env file option.</p> <p>Thanks to 404_pkj (<a href="https://github.com/404-pkj">GitHub</a>) and naruhodoowl (<a href="https://github.com/kilhsrito-crypto">GitHub</a>) for responsibly reporting these issues.</p> <h3>Full List of Changes</h3> <ul> <li>Updated PHP package versions.</li> <li>Updated attachment actions to align page access check.</li> <li>Updated URL validation in webhooks to help prevent escaping workarounds.</li> <li>Fixed issue where exact search term negation would lead to no results. (<a href="https://codeberg.org/bookstack/bookstack/issues/6121" rel="nofollow">#6121</a>)</li> </ul> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.3-ls258 2026-04-27T19:48:16Z

v26.03.3-ls258

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.3-ls257...v26.03.3-ls258"><tt>v26.03.3-ls257...v26.03.3-ls258</tt></a></p> <p><strong>Remote Changes:</strong></p> <h3>Links</h3> <ul> <li><a href="https://www.bookstackapp.com/docs/admin/updates" rel="nofollow">Update instructions</a></li> </ul> <h3>Full List of Changes</h3> <p>This release contains the following fixes and changes:</p> <ul> <li>Updated translations with latest Crowdin changes. (<a href="https://github.com/BookStackApp/BookStack/pull/6067" data-hovercard-type="pull_request" data-hovercard-url="/BookStackApp/BookStack/pull/6067/hovercard">#6067</a>)</li> <li>Updated PHP dependency versions.</li> </ul> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.3-ls257 2026-04-20T19:19:37Z

v26.03.3-ls257

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.3-ls256...v26.03.3-ls257"><tt>v26.03.3-ls256...v26.03.3-ls257</tt></a></p> <p><strong>Remote Changes:</strong></p> <h3>Links</h3> <ul> <li><a href="https://www.bookstackapp.com/docs/admin/updates" rel="nofollow">Update instructions</a></li> </ul> <h3>Full List of Changes</h3> <p>This release contains the following fixes and changes:</p> <ul> <li>Updated translations with latest Crowdin changes. (<a href="https://github.com/BookStackApp/BookStack/pull/6067" data-hovercard-type="pull_request" data-hovercard-url="/BookStackApp/BookStack/pull/6067/hovercard">#6067</a>)</li> <li>Updated PHP dependency versions.</li> </ul> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.3-ls256 2026-04-13T19:26:33Z

v26.03.3-ls256

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.3-ls255...v26.03.3-ls256"><tt>v26.03.3-ls255...v26.03.3-ls256</tt></a></p> <p><strong>Remote Changes:</strong></p> <h3>Links</h3> <ul> <li><a href="https://www.bookstackapp.com/docs/admin/updates" rel="nofollow">Update instructions</a></li> </ul> <h3>Full List of Changes</h3> <p>This release contains the following fixes and changes:</p> <ul> <li>Updated translations with latest Crowdin changes. (<a href="https://github.com/BookStackApp/BookStack/pull/6067" data-hovercard-type="pull_request" data-hovercard-url="/BookStackApp/BookStack/pull/6067/hovercard">#6067</a>)</li> <li>Updated PHP dependency versions.</li> </ul> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.3-ls255 2026-04-05T22:03:00Z

v26.03.3-ls255

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.2-ls254...v26.03.3-ls255"><tt>v26.03.2-ls254...v26.03.3-ls255</tt></a></p> <p><strong>Remote Changes:</strong></p> <h3>Links</h3> <ul> <li><a href="https://www.bookstackapp.com/docs/admin/updates" rel="nofollow">Update instructions</a></li> </ul> <h3>Full List of Changes</h3> <p>This release contains the following fixes and changes:</p> <ul> <li>Updated translations with latest Crowdin changes. (<a href="https://github.com/BookStackApp/BookStack/pull/6067" data-hovercard-type="pull_request" data-hovercard-url="/BookStackApp/BookStack/pull/6067/hovercard">#6067</a>)</li> <li>Updated PHP dependency versions.</li> </ul> LinuxServer-CI tag:github.com,2008:Repository/139479093/v26.03.2-ls254 2026-03-23T14:02:22Z

v26.03.2-ls254

<p><strong>CI Report:</strong></p> <p>N/A</p> <p><strong>LinuxServer Changes:</strong></p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://github.com/linuxserver/docker-bookstack/compare/v26.03.1-ls253...v26.03.2-ls254"><tt>v26.03.1-ls253...v26.03.2-ls254</tt></a></p> <p><strong>Remote Changes:</strong></p> <h3>Security Release</h3> <ul> <li><a href="https://www.bookstackapp.com/docs/admin/updates" rel="nofollow">Update Instructions</a></li> <li><a href="https://www.bookstackapp.com/blog/bookstack-release-v26-03-2/" rel="nofollow">Update details on blog</a></li> </ul> <p>This is a security release to address a vulnerability where the registration form could be manipulated to gain access to additional roles.</p> <p>Upgrade is <strong>very strongly</strong> advised if your instance has user registration enabled.</p> <p>Thanks to Kwonyong Lee (<a href="https://www.linkedin.com/in/kwonyong-lee-854bb0372" rel="nofollow">LinkedIn</a>) for responsibly reporting this issue.<br> Also thanks to Boustani OSAMA (<a href="https://www.linkedin.com/in/boustani-osama-cy/" rel="nofollow">LinkedIn</a>) for also reporting this before public announcement.</p> <h3>Full List of Changes</h3> <ul> <li>Updated user creation to only use validated input from registration.</li> <li>Updated PHP package versions.</li> <li>Updated translations with latest Crowdin changes. (<a href="https://github.com/BookStackApp/BookStack/pull/6064" data-hovercard-type="pull_request" data-hovercard-url="/BookStackApp/BookStack/pull/6064/hovercard">#6064</a>)</li> <li>Updated PHP_CodeSniffer repository link. Thanks to <a href="https://github.com/BookStackApp/BookStack/pull/6060" data-hovercard-type="pull_request" data-hovercard-url="/BookStackApp/BookStack/pull/6060/hovercard">@rodrigoprimo</a>. (<a href="https://github.com/BookStackApp/BookStack/pull/6060" data-hovercard-type="pull_request" data-hovercard-url="/BookStackApp/BookStack/pull/6060/hovercard">#6060</a>)</li> <li>Updated WYSIWYG editors to have consistent collapsible block double click behavior. (<a href="https://github.com/BookStackApp/BookStack/issues/6059" data-hovercard-type="issue" data-hovercard-url="/BookStackApp/BookStack/issues/6059/hovercard">#6059</a>)</li> </ul> LinuxServer-CI