Kanboard 1.2.30
·
89 commits
to main
since this release
Security Fixes:
- CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure
- CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software
- CVE-2023-33969: Stored XSS in the Task External Link Functionality
- CVE-2023-33970: Missing access control in internal task links feature
Other Fixes:
- Avoid PHP warning caused by
session_regenerate_id() - Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions