Releases: wekan/wekan
v6.86
This release fixes the following CRITICAL SECURITY FIXES:
- Security fix to InvisibleBleed in WeKan. Escape HTML comment tags so that HTML comments are visible.
Thanks to xet7 for fixing. - Security Fix to AdminBleed in WeKan, so that non-admin can not change to Admin.
Thanks to Christian Pöschl of usd AG Responsible Disclosure Team for reporting and xet7 for fixing.
and adds the following new features:
- Feature: Show plus sign in front of attachments.
Thanks to Meeques and xet7.
and adds the following updates:
- Upgrade to Meteor 2.12-beta.2.
Thanks to Meteor developers. - Update Docker Ubuntu base image and Meteor version.
Thanks to xet7.
and fixes the following bugs:
- Fix Exception in callback of async function: TypeError: this._now is not a function.
Part 1,
Part 2.
Thanks to xet7. - Remove extra debug message and disable some rarely used feature that produces errors.
Thanks to xet7. - Revert some migration filename changes.
Thanks to xet7. - Add back node-gyp related dependencies.
Thanks to xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.85
This release adds the following CRITICAL SECURITY FIXES:
- Security fix to ReactionBleed in WeKan. It is XSS in feature "Reaction to comment".
Thanks to Alexander Starikov at Jet Infosystems (https://jetinfosystems.com/).
and adds the following updates:
- Updated dependencies.
Thanks to xet7.
and fixes the following bugs:
- Disable file validation temporarily, because it causes data loss of some attachments when upgrading.
Thanks to xet7. - Added uploadedAt and copies to be migrated when migrating CollectionFS to ostrio-files.
Thanks to xet7 - Added more descriptive times of attachment migrations and uploads.
Thanks to xet7. - Fix LDAP Group Filtering does not work.
Thanks to emilburggraf, psteinforth, craig-silva, Daniel-H76, benh57, falkheiland and xet7. - Save files serverside with filename ObjectID, without filename.
Thanks to g-roliveira, iamabrantes, Floaz, koelle25, scott-dunt, mfilser and xet7. - Fixed count of found cards in Global Search.
Thanks to xet7. - Fix Card opens full width by opening at left.
Thanks to xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.84
This release fixes the following bugs:
- Get card drag/drop working for empty swimlane.
Thanks to mfilser. - Added 'next week' due date filter.
Thanks to helioguardabaxo.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.83
This release fixes the following bugs:
- Fix open card position by opening card to fullscreen.
Thanks to SmartPhoneLover, BabyFnord and xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.82
This release fixes the following bugs:
- Added missing docs of Snap avatars max size etc.
Thanks to xet7. - Fix avatar if Meteor.user() is undefined.
Thanks to mfilser. - Fix broken add_board_member API and return value for remove_board_member.
Thanks to gustavengstrom. - Try to fix card open position and make card resizeable.
Thanks to xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.81
This release fixes the following bugs:
- Helm Chart - fix: broken secretEnv indentation.
Fixed in already released WeKan Helm Chart 1.2.7.
Thanks to Nightreaver. - Fix Bug: Card options disappear behind scrollbar in german.
Thanks to Meeques and xet7. - Add some info about allowed filesizes and filetypes for attachments and avatars.
Thanks to Meeques and xet7. - Disable MongoDB telemetry and free monitoring in WeKan Snap.
Thanks to webenefits and xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.80
This release adds the following improvements:
- Helm Charts secretEnv: Modify secret and deployment to allow users to provide secretEnv with empty value.
Thanks to jehutyy.
and fixes the following bugs:
- Custom Fields, display Grid Button only if more than 1 custom field.
Thanks to mfilser. - Helm Charts: Add missing data-storage as pvc for WRITABLE_PATH.
Part 1,
Part 2,
Part 3.
Thanks to Nightreaver, NotTheEvilOne and xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.79
This release adds the following updates:
- Upgraded to Meteor 2.11.0.
Thanks to Meteor developers. - Use MongoDB 6.
Thanks to to MongoDB.
and fixes the following bugs:
- Avatar upload was broken if no size is configured.
Thanks to mfilser.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.78
This release fixes the following CRITICAL SECURITY ISSUES:
- Try to fix some security issue.
Thanks to Responsible Security Disclousure contributors and xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
v6.77
This release adds the following updates:
and fixes the following bugs:
- Fixed indentation for image size and compression in docker-compose.yml.
Thanks to Entepotenz. - Made ☰ menu buttons bigger at minicard and list, they were too hard to click when they were small.
Thanks to mohammadZahedian and xet7. - Added "Move card to archive" to minicard ☰ menu.
Thanks to mohammadZahedian and xet7. - Fix attachment migration error about avatarUrl startsWith undefined.
Thanks to xet7. - Try to fix attachment migrations to ostrioFiles, allow existing files to be migrated.
Part 1,
Part 2.
Thanks to xet7. - MongoDB to 5 for beta Snap. MongoDB 5 does not seem to show some errors that only MongoDB 6 has.
Thanks to xet7. - Use MongoDB 5 at docker-compose.yml.
Thanks to xet7.
Thanks to above GitHub users for their contributions and translators for their translations.