Update to v26.03.4#10
Open
rbertram90 wants to merge 392 commits into
Open
Conversation
- Updated esbuild system to be module, and fixed build command. - Reverted module use in package.json by default as this impacted test runs/files. - Updated mention user select: - To look better in dark mode. - To not remove text after on select. - To properly revert/restore focus on enter or cancel.
- Added advisory on role permission form to advise which allow listing of users/roles. - Updated database config to avoid PHP8.5 deprecation. - Tweaked migration to remove unused index. - Fixed test namespace.
Update "Microsoft URL Rewrite Module for IIS" download link
Includes major version change of antonioribeiro/google2fa which changes secret length. From manual testing of old MFA secrets and new, this should not be breaking at all.
For #5951 Added test to cover.
Lexical fixes for v25.12
- The init & update commands will now use download-vendor logic instead of using composer to install required PHP packages. - The init command will now use our source.bookstackapp.com git mirror instead of GitHub. - Updated depenancy PHP package versions.
System CLI: Update to v0.4
Checks files within the ZIP again the app upload file limit before using/streaming/extracting, to help ensure that they do no exceed what might be expected on that instance, and to prevent disk exhaustion via things like super high compression ratio files. Thanks to Jeong Woo Lee (eclipse07077-ljw) for reporting.
Sets some reasonable limits, which are higher when logged in since that infers a little extra trust. Helps prevent against large resource consuption attacks via super heavy search queries. Thanks to Gabriel Rodrigues AKA TEXUGO for reporting.
Add some additional resource-based limits
git safe.directory config for bind-mounted repos.Mark /app as safe directory to handle Git 2.35+ ownership checks in Docker containers.
Added visual system, not yet added on-click logic. Related to #4218
Added jump-to-header logic for lexical WYSIWYG, and both codemirror & plaintext markdown editor windows.
|
The composer.lock diff comment has been updated to reflect new changes in this PR. |
… into development Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6133
- Removed unused import - Added some trailing newlines to code files - Prevented <hr>s confusing logic in MD editor - Aligned logic to select end of header across editors
…_editor_contents into development Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6131
## Details <!-- Write details of your pull request in here --> <!-- Include references to any relevant issues/discussions --> ## Checklist <!-- Put an 'x' in between the brackets below to confirm these elements --> - [ ] I have read the [BookStack community rules](https://www.bookstackapp.com/about/community-rules/). - [ ] This PR does not feature significant use of LLM/AI generation as per the community rules above. Co-authored-by: Crowdin Bot <support+bot@crowdin.com> Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6139
|
The composer.lock diff comment has been updated to reflect new changes in this PR. |
Currently causing extra files to be created alongside previous files in crowdin
These would trigger an error on use, and could be abused to fill logs. Added test to cover. Thanks to Stephen O. / Sakusen for reporting.
Updated allow list/purifier system to only allow file protocol use on anchor hrefs to avoid potential security concerns with, after export, content being auto loaded via interactive elements like embeds/objects/videos etc... Updated tests to cover. Thanks to Gurmandeep Deol at Seneca Polytechnic for reporting.
Avoids providing responses with potential sensitive attachment info before permission checks. Added tests to cover. Thanks to Rafael Castilho for reporting.
This is to reduce the amount of content which will be logged, since these messages don't really indicate an actual system error but advise the user of something which went wrong with their request.
|
The composer.lock diff comment has been updated to reflect new changes in this PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.