v6.86
This release fixes the following CRITICAL SECURITY FIXES:
- Security fix to InvisibleBleed in WeKan. Escape HTML comment tags so that HTML comments are visible.
Thanks to xet7 for fixing. - Security Fix to AdminBleed in WeKan, so that non-admin can not change to Admin.
Thanks to Christian Pöschl of usd AG Responsible Disclosure Team for reporting and xet7 for fixing.
and adds the following new features:
- Feature: Show plus sign in front of attachments.
Thanks to Meeques and xet7.
and adds the following updates:
- Upgrade to Meteor 2.12-beta.2.
Thanks to Meteor developers. - Update Docker Ubuntu base image and Meteor version.
Thanks to xet7.
and fixes the following bugs:
- Fix Exception in callback of async function: TypeError: this._now is not a function.
Part 1,
Part 2.
Thanks to xet7. - Remove extra debug message and disable some rarely used feature that produces errors.
Thanks to xet7. - Revert some migration filename changes.
Thanks to xet7. - Add back node-gyp related dependencies.
Thanks to xet7.
Thanks to above GitHub users for their contributions and translators for their translations.