Releases: kanboard/kanboard
Releases · kanboard/kanboard
Kanboard 1.2.35
- Add missing HTML escaping when showing group membership in user profile (CVE-2024-22720)
- Update Dutch translation
- Update Bulgarian translation
- Bump
phpunit/phpunit
from9.6.15
to9.6.16
- Bump
symfony/console
from5.4.32
to5.4.34
Kanboard 1.2.34
- Upgrade Docker image to Alpine 3.19 and PHP 8.3
- API: Avoid PHP notice when searching for a project name that does not exist
- Update Bulgarian translation
- Bump
symfony/console
from5.4.28
to5.4.32
- Bump
phpunit/phpunit
from9.6.13
to9.6.15
Kanboard 1.2.33
- Do not close modals when clicking on the background
- Add Bulgarian translation
- Update Ukrainian and Russian translations
- Show the two factor form in the middle of the screen like the login form does
- Do not override the
creator_id
with the current logged user if the task is imported - Add basic Dev Container configs
- Add adaptive SVG favicon and more SVG variants:
- See https://web.dev/building-an-adaptive-favicon/
- Added more variant of the original Inkscape icon:
- Text SVG
- Vectorized text path SVG
- Optimized SVG icon
- Remove
project_id
from task links (A few were missed in #4892) - Remove unused and invalid method in
ProjectModel
- Update
phpunit/phpunit
andsymfony/*
dependencies - Update vendor folder
Kanboard 1.2.32
- Fix unexpected
EventDispatcher
exception in cronjob and during logout - Integration Tests: Run
apt update
before installing Apache - Automatic action
TaskMoveColumnClosed
does not log column movement - Tweak Sqlite connection settings to reduce database locked errors
- Bump
phpunit/phpunit
from9.6.9
to9.6.10
Kanboard 1.2.31
Security Fixes:
Other fixes and updates:
- Run tests with PHP 8 on GitHub Actions
- Bump Symfony dependencies
- Update Composer dependencies to be able to run tests with PHP 8.2
- Add
/usr/bin/php
symlink in the Docker image - Replace usage of
at()
matcher with alternatives in unit tests - Adjust plugin directory test case to work on released versions
- Fix incorrect background dynamic property in captcha library
- Update translations
Kanboard 1.2.30
Security Fixes:
- CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure
- CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software
- CVE-2023-33969: Stored XSS in the Task External Link Functionality
- CVE-2023-33970: Missing access control in internal task links feature
Other Fixes:
- Avoid PHP warning caused by
session_regenerate_id()
- Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions
Kanboard 1.2.29
- Avoid potential clipboard based cross-site scripting (CVE-2023-32685)
- Upgrade Docker image to PHP 8.2 and Alpine 3.18
- Add themes support: dark, light and automatic mode
- Fix broken "Hide this Column" feature
- Do not close modals when clicking on the background if the form has changed
- Fix incorrect route for "My Activity Stream"
- Fix incorrect parameter encoding when using URLs rewriting
- Add support for task links in Markdown headings
- Handle 413 responses from Nginx when uploading files too large
- Restore all previously loaded translations when sending user notifications
- Regenerate session ID after successful authentication
- Use
SESSION_DURATION
option to define the session lifetime stored in the database- The option
SESSION_DURATION
is used to define the cookie lifetime. - With this change, Kanboard will try to use first
SESSION_DURATION
instead of the
defaultsession.gc_maxlifetime
value.
- The option
- Bump
phpunit/phpunit
from9.6.6
to9.6.8
Kanboard 1.2.28
- Trigger
EVENT_MOVE_COLUMN
event when moving task to another swimlane - Allow moving closed tasks when using the API
- Duplicate external links when duplicating tasks
- Add support for comparison operator to priority filter
- Prevents users to convert subtaks to tasks when custom role does not allow it
- Avoid deprecation messages when sending an email with PHP 8.2
- Declare most common routes to have nice URLs
- Improve wording of bulk action modal to move tasks position
- Allow closing modals by clicking on the background
- Improve wording of the menu to close all tasks in a given column/swimlane
- Fix bug that prevent reordering subtasks after changing the status
- Bump version of
phpunit/phpunit
,symfony/stopwatch
, andsymfony/finder
- Use
GITHUB_TOKEN
instead of a personal token to run GitHub Actions - Duplicate attachments & external links during task duplication & importing
- Move Docker image to run automated tests to GitHub Registry
- Push Docker images to an additional registry Quay.io (RedHat)
- Use the appropriate config for the start column in user iCal export
- Improved translations
Kanboard 1.2.27
- Fix category filter when the category name is a number
- Better handling of max file upload size according to PHP settings
- Allow unlimited size
- Better parsing of PHP size
- Add dropdown menu on the board to reorder tasks by ID
- Separate
font-family
specification for input and textarea. This avoids the use of!important
in custom CSS - Change the total number of tasks displayed in the table header to match the description "Total number of tasks in this column across all swimlanes"
- Allow full name to be retrieved by the reverse proxy authentication
- Fix
pull-right
CSS class alignment - Use a separate dropdown menu for column sorting
- Use
assertEqualsWithDelta()
to testtime_spent
- Add
color_id
argument to tag API procedures - Update task time spent/estimated when removing a subtask
- Command
db:migrate
should work even ifDB_RUN_MIGRATIONS
is false - Always trim the username before saving changes in the database
- Avoid Postgres SQL error when using project filter with a large integer
- Enable Sqlite WAL mode by default:
- WAL provides more concurrency as readers do not block writers and,
a writer does not block readers. Reading and writing can proceed concurrently.
This change might reduce the number of errors related to locked databases.
- WAL provides more concurrency as readers do not block writers and,
- Update translations
- Update PHP dependencies:
phpunit/phpunit
,symfony/stopwatch
andsymfony/finder
Kanboard 1.2.26
- Fire events after
TaskMoveColumnOnDueDate
action - Update date parsing logic to be compatible with PHP 8.2
- Fix potential XSS on the Settings / API page
- Use wildcard operator for tag filter
- Fix broken user mentions in popup comment form
- Test Docker image build on pull-requests
- Bump Alpine Linux Docker image from 3.16 to 3.17
- Update translations
- Fixed a bug about unselecting in the file
list-item-selection.js
- Add functionality to import tasks from a project
- Add missing jQuery UI CSS dependency