Sets some reasonable limits, which are higher when logged in since that
infers a little extra trust.
Helps prevent against large resource consuption attacks via super heavy
search queries.
Thanks to Gabriel Rodrigues AKA TEXUGO for reporting.
Checks files within the ZIP again the app upload file limit
before using/streaming/extracting, to help ensure that they do no exceed
what might be expected on that instance, and to prevent disk exhaustion
via things like super high compression ratio files.
Thanks to Jeong Woo Lee (eclipse07077-ljw) for reporting.
- The init & update commands will now use download-vendor logic instead
of using composer to install required PHP packages.
- The init command will now use our source.bookstackapp.com git mirror
instead of GitHub.
- Updated depenancy PHP package versions.
Includes major version change of antonioribeiro/google2fa which changes
secret length. From manual testing of old MFA secrets and new, this
should not be breaking at all.
- Added advisory on role permission form to advise which allow listing
of users/roles.
- Updated database config to avoid PHP8.5 deprecation.
- Tweaked migration to remove unused index.
- Fixed test namespace.
- Updated esbuild system to be module, and fixed build command.
- Reverted module use in package.json by default as this impacted test
runs/files.
- Updated mention user select:
- To look better in dark mode.
- To not remove text after on select.
- To properly revert/restore focus on enter or cancel.
- Added new user notification preference, opt-in by default
- Added parser to extract mentions from comment HTML, with tests to
cover.
- Added notification and notification handling
Not yet tested, needs testing coverage.
Allows better selection.
Also updated existing decorator file names to align with classes so
they're easier to find.
Also aligned/fixed decorator constuctor/setup methods.
