Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: BookStackApp/BookStack
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: l10n_development
Choose a base ref
...
head repository: BookStackApp/BookStack
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: development
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 8 commits
  • 20 files changed
  • 2 contributors

Commits on Jun 30, 2026

  1. Content filtering: Added srcset protocol filter

    Upstream libraries used did not specifically treat values in srcset as
    URIs like other attributes, so this adds a simple filter for possible
    bad values.
    Updated tests to cover.
    
    Thanks for Gurmandeep Deol for reporting.
    ssddanbrown committed Jun 30, 2026
    Configuration menu
    Copy the full SHA
    59bbf50 View commit details
    Browse the repository at this point in the history
  2. Attachments: Added more extensive URL filtering

    Added a central URLFilter class to check & clean URLs used for
    attachments, which is also used for validation, and by the purifier to
    standardise protocols (and to make protocol config easier in future).
    
    Thanks to mfk25 for reporting.
    ssddanbrown committed Jun 30, 2026
    Configuration menu
    Copy the full SHA
    01dc1e7 View commit details
    Browse the repository at this point in the history

Commits on Jul 1, 2026

  1. Comments: Added visibility check to comment delete

    Aligns it with other actions/endpoints, and ensures an extra layer of
    control against malicious use.
    
    Thanks to mfk25 for reporting.
    ssddanbrown committed Jul 1, 2026
    Configuration menu
    Copy the full SHA
    fe39b69 View commit details
    Browse the repository at this point in the history
  2. Access: Hardened usage of referring URLs via login

    Adds a more substantial URL check, via a new class which is shared and
    used in other parts of the app for consistency.
    
    Thanks to mfk25 for reporting.
    ssddanbrown committed Jul 1, 2026
    Configuration menu
    Copy the full SHA
    caeea65 View commit details
    Browse the repository at this point in the history

Commits on Jul 2, 2026

  1. Merge pull request 'Updated translations with latest crowdin changes'…

    … (#6166) from l10n_development into development
    
    Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6166
    Dan Brown committed Jul 2, 2026
    Configuration menu
    Copy the full SHA
    a213175 View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    b87789d View commit details
    Browse the repository at this point in the history
  3. Configuration menu
    Copy the full SHA
    ad283ef View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    6107161 View commit details
    Browse the repository at this point in the history
Loading