Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 15:30:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Updated ChangeLog.
Some checks are pending
Docker / build (push) Waiting to run
Details
Docker Image CI / build (push) Waiting to run
Details
Release Charts / release (push) Waiting to run
Details
Test suite / Meteor tests (push) Waiting to run
Details
Test suite / Coverage report (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Lauri Ojansivu 2025-11-02 11:43:33 +02:00
parent ccd9034339
commit c2e20ee4a3
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGELOG.md
View file

@ -24,7 +24,7 @@ Those are fixed at WeKan 8.07 where database directory is back to /var/snap/weka
# Upcoming WeKan ® release
This release fixes the following CRITICAL SECURITY ISSUES:
This release fixes SpaceBleed that is the following CRITICAL SECURITY ISSUES:
- [Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High)](https://github.com/wekan/wekan/commit/e9a727301d7b4f1689a703503df668c0f4f4cab8).
Thanks to Siam Thanat Hack (STH) and xet7.
@ -32,6 +32,10 @@ This release fixes the following CRITICAL SECURITY ISSUES:
Thanks to Siam Thanat Hack (STH) and xet7.
- [Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort](https://github.com/wekan/wekan/commit/ea310d7508b344512e5de0dfbc9bdfd38145c5c5).
Thanks to Siam Thanat Hack (STH) and xet7.
- [Fix SECURITY ISSUE 4: Members can forge others votes (Low). Bonus: Similar fixes to planning poker too done by xet7](https://github.com/wekan/wekan/commit/0a1a075f3153e71d9a858576f1c68d2925230d9c).
Thanks to Siam Thanat Hack (STH) and xet7.
- [Fix SECURITY ISSUE 5: Attachment API uses bearer value as userId and DoS (Low)](https://github.com/wekan/wekan/commit/ccd90343394f433b287733ad0a33c08e0a71f53c).
Thanks to Siam Thanat Hack (STH) and xet7.
and adds the following new features: