Releases: orbivort/scrumooth
Release list
Scrumooth v2.0.3
Docker Images
docker pull ghcr.io/orbivort/scrumooth/backend:2.0.3
docker pull ghcr.io/orbivort/scrumooth/frontend:2.0.3Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v2.0.3 https://github.com/orbivort/scrumooth.git
cd scrumooth
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[2.0.3] - 2026-06-19
Security
-
nodemailer: fix high vulnerability - arbitrary file read and SSRF via message-level raw option bypassing disableFileAccess/disableUrlAccess - GHSA-p6gq-j5cr-w38f (upgrade to 9.0.1)
-
undici: fix high vulnerability - TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent - CVE-2026-9697 / GHSA-vmh5-mc38-953g (override to 7.28.0)
-
hono: fix high vulnerability - CORS middleware reflects any Origin with credentials when
origindefaults to the wildcard - CVE-2026-54290 / GHSA-88fw-hqm2-52qc (override to 4.12.25) -
undici: fix moderate vulnerability - cross-user information disclosure via shared cache whitespace bypass - CVE-2026-9678 / GHSA-pr7r-676h-xcf6 (override to 7.28.0)
-
hono: fix 4 moderate vulnerabilities in Prisma dev tools transitive dependency (override to 4.12.25)
- CVE-2026-54286 / GHSA-wwfh-h76j-fc44 - path traversal in serve-static on Windows via encoded backslash
- CVE-2026-54287 / GHSA-j6c9-x7qj-28xf - AWS Lambda adapter merges multiple Set-Cookie headers incorrectly
- CVE-2026-54288 / GHSA-rv63-4mwf-qqc2 - Body Limit Middleware bypass on AWS Lambda
- CVE-2026-54289 / GHSA-wgpf-jwqj-8h8p - Lambda@Edge adapter drops repeated request headers
Full Changelog: v2.0.2...v2.0.3
Scrumooth v2.0.2
Docker Images
docker pull ghcr.io/orbivort/scrumooth/backend:2.0.2
docker pull ghcr.io/orbivort/scrumooth/frontend:2.0.2Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v2.0.2 https://github.com/orbivort/scrumooth.git
cd scrumooth
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[2.0.2] - 2026-06-16
Security
- form-data: fix CRLF injection vulnerability in form-data via unescaped multipart field names and filenames - CVE-2026-12143
Full Changelog: v2.0.1...v2.0.2
Scrumooth v2.0.1
Docker Images
docker pull ghcr.io/orbivort/scrumooth/backend:2.0.1
docker pull ghcr.io/orbivort/scrumooth/frontend:2.0.1Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v2.0.1 https://github.com/orbivort/scrumooth.git
cd scrumooth
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[2.0.1] - 2026-06-13
Security
- esbuild: fix high RCE vulnerability via NPM_CONFIG_REGISTRY due to missing binary integrity verification in Deno module - GHSA-gv7w-rqvm-qjhr
Full Changelog: v2.0.0...v2.0.1
Scrumooth v2.0.0
Docker Images
docker pull ghcr.io/orbivort/scrumooth/backend:2.0.0
docker pull ghcr.io/orbivort/scrumooth/frontend:2.0.0Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v2.0.0 https://github.com/orbivort/scrumooth.git
cd scrumooth
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[2.0.0] - 2026-06-09
Changed
- BREAKING: rename repository from scrsphere to scrumooth
- change repository url from github.com/orbivort/scrsphere to github.com/orbivort/scrumooth
- change package names from @scrsphere/_ to @scrumooth/_
- change docker container names from scrsphere-_ to scrumooth-_
- change database names from scrsphere to scrumooth
- update all import statements from @scrsphere/shared to @scrumooth/shared
- update all documentation files with new product name
- update environment configuration templates
- update docker compose configurations
- update github actions workflows
- update all scripts and utilities
- update brand assets
- pnpm: upgrade to 11.5.0 and migrate configuration to pnpm-workspace.yaml
- docker: update development and production configurations
- prisma: remove old migrations and update initial migration
- dependencies: update various frontend and backend dependencies
- dependencies: remove unused dependencies
Security
- pnpm: enable supply chain protection to prevent zero-day supply chain attacks
- dependencies: fix 2 high transitive vulnerabilities
- CVE-2020-7788 (ini prototype pollution) - fixed by upgrading ini to 4.1.3
- CVE-2025-64756 (glob command injection) - fixed by upgrading glob to 11.1.0
Full Changelog: v1.5.1...v2.0.0
v1.5.1
Docker Images
docker pull ghcr.io/orbivort/scrsphere/backend:1.5.1
docker pull ghcr.io/orbivort/scrsphere/frontend:1.5.1Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v1.5.1 https://github.com/orbivort/scrsphere.git
cd scrsphere
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[1.5.1] - 2026-06-05
Security
- react-router: fix high DoS vulnerability - CVE-2026-42342
- hono: fix 4 moderate vulnerabilities - CVE-2026-47673, CVE-2026-47674, CVE-2026-47675, CVE-2026-47676
Full Changelog: v1.5.0...v1.5.1
v1.5.0
Docker Images
docker pull ghcr.io/orbivort/scrsphere/backend:1.5.0
docker pull ghcr.io/orbivort/scrsphere/frontend:1.5.0Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v1.5.0 https://github.com/orbivort/scrsphere.git
cd scrsphere
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[1.5.0] - 2026-05-29
Added
- frontend: add base path support for flexible deployment configurations
- frontend: add GitHub Pages support for live demo deployment
- docs: add user guide and core feature documentation
Changed
- auth: remove unused administrator role, streamline role-based access control
Fixed
- product backlog: resolve React Query cache conflict between Sprint Planning and Product Backlog views
Security
- axios: fix 4 vulnerabilities (2 high, 1 moderate, 1 low) - CVE-2026-44492, CVE-2026-44494, CVE-2026-44490, CVE-2026-44489
Full Changelog: v1.5.0...v1.5.0
v1.4.1
Docker Images
docker pull ghcr.io/orbivort/scrsphere/backend:1.4.1
docker pull ghcr.io/orbivort/scrsphere/frontend:1.4.1Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v1.4.1 https://github.com/orbivort/scrsphere.git
cd scrsphere
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[1.4.1] - 2026-05-23
Security
- qs: fix moderate severity DoS vulnerability - CVE-2026-8723
Full Changelog: v1.4.0...v1.4.1
v1.4.0
Docker Images
docker pull ghcr.io/orbivort/scrsphere/backend:1.4.0
docker pull ghcr.io/orbivort/scrsphere/frontend:1.4.0Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v1.4.0 https://github.com/orbivort/scrsphere.git
cd scrsphere
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[1.4.0] - 2026-05-22
Added
- product backlog: add configurable maximum backlog size control
Changed
- sprint configuration: adjust sprint end date to previous Friday if it falls on a weekend
Full Changelog: v1.3.0...v1.4.0
v1.3.0
Docker Images
docker pull ghcr.io/orbivort/scrsphere/backend:1.3.0
docker pull ghcr.io/orbivort/scrsphere/frontend:1.3.0Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v1.3.0 https://github.com/orbivort/scrsphere.git
cd scrsphere
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[1.3.0] - 2026-05-15
Added
- sprint configuration: add 1-week and 3-week sprint duration options
Changed
- frontend: enhance mock data flow for running frontend without backend server
Security
- sanitize-html: fix critical XSS vulnerability - CVE-2026-44990
Full Changelog: v1.3.0...v1.3.0
v1.2.0
Docker Images
docker pull ghcr.io/orbivort/scrsphere/backend:1.2.0
docker pull ghcr.io/orbivort/scrsphere/frontend:1.2.0Deployment
See the Deployment Guide for complete setup instructions.
Quick start:
git clone --depth 1 --branch v1.2.0 https://github.com/orbivort/scrsphere.git
cd scrsphere
cp packages/backend/.env.example packages/backend/.env.production
# Edit .env.production with your settings
docker compose up -dWhat's Changed
[1.2.0] - 2026-05-10
Added
- configuration: add production environment templates
- docs: add comprehensive API and architecture documentation
Changed
- frontend: improve end-to-end test reliability and mock state management
Fixed
- frontend: resolve 3 CodeQL warnings for useless conditionals and unreachable code
- frontend: resolve 1232 ESLint warnings for type safety and code quality
- backend: resolve 351 ESLint warnings for type safety and code quality
Full Changelog: v1.2.0...v1.2.0