Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 07:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
12758 commits 2 branches 844 tags 122 MiB
Commit graph

1416 commits

Author SHA1 Message Date
Mial Lewis
003a07ebce change restore to unarchive 2025-11-27 22:00:43 +00:00
Mial Lewis
d3c237bc66 fix more indenting 2025-11-27 08:29:36 +00:00
Mial Lewis
bac0fa81fc correce indent 2025-11-27 08:27:38 +00:00
Mial Lewis
5ff9bf331f add restore to api 2025-11-27 08:23:56 +00:00
Mial Lewis
36d7b0f8a7 correct return values 2025-11-27 00:52:28 +00:00
Mial Lewis
a81a603031 update bool to boolean 2025-11-26 23:59:00 +00:00
Mial Lewis
e30ce78053 add archive card to api 2025-11-26 23:57:49 +00:00
Lauri Ojansivu
0afbdc95b4 Feature: Workspaces, at All Boards page. 
Thanks to xet7 !
 2025-11-06 00:26:35 +02:00
Lauri Ojansivu
8711b476be Fix star board. 
Thanks to xet7 !
 2025-11-05 20:50:28 +02:00
Lauri Ojansivu
550d87ac6c Fix 8.16: Switching Board View fails with 403 error. 
Thanks to xet7 !
 2025-11-05 16:35:29 +02:00
Lauri Ojansivu
0a1a075f31 Fix SECURITY ISSUE 4: Members can forge others’ votes (Low). Bonus: Similar fixes to planning poker too done by xet7. 
Thanks to Siam Thanat Hack (STH) and xet7 !
 2025-11-02 11:12:41 +02:00
Lauri Ojansivu
ea310d7508 Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 10:13:45 +02:00
Lauri Ojansivu
f26d582018 Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 09:11:50 +02:00
Lauri Ojansivu
e9a727301d Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High). 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 08:36:29 +02:00
Lauri Ojansivu
30620d0ca4 Some migrations and mobile fixes.
Some checks failed
Docker / build (push) Has been cancelled
Details
Docker Image CI / build (push) Has been cancelled
Details
Release Charts / release (push) Has been cancelled
Details
Test suite / Meteor tests (push) Has been cancelled
Details
Test suite / Coverage report (push) Has been cancelled
Details 
Thanks to xet7 !
 2025-10-25 21:09:07 +03:00
Lauri Ojansivu
034dc08269 Disabled migrations that happen when opening board. Defaulting to per-swimlane lists and drag drop list to same or different swimlane. 
Thanks to xet7 !
 2025-10-25 19:17:09 +03:00
Lauri Ojansivu
b6e7b258e0 Fix duplicated lists. 
Thanks to xet7 !

Fixes #5952
 2025-10-21 15:14:01 +03:00
Lauri Ojansivu
80777b4663 When opening board, add missing lists. 
Thanks to xet7 !

Fixes #5926
 2025-10-20 17:06:42 +03:00
Lauri Ojansivu
2dd3916f7e Added Date Format setting to Opened Card. 
Thanks to xet7 !

Fixes #2011,
fixes #1176
 2025-10-20 01:36:44 +03:00
Lauri Ojansivu
1e6252de7f When opening board, migrate from Shared Lists to Per-Swimlane Lists. 
Thanks to xet7 !

Fixes #5952
 2025-10-20 00:22:26 +03:00
Lauri Ojansivu
951d2e4937 Legacy Lists button at one board view to restore missing lists/cards. 
Thanks to xet7 !

Fixes #5952
 2025-10-19 23:40:02 +03:00
Lauri Ojansivu
3514335247 At Public Board, drag resize list width and swimlane height. For logged in users, fix adding labels. 
Thanks to xet7 !

Fixes #5922
 2025-10-19 23:15:55 +03:00
Lauri Ojansivu
09631d6b0c Resize height of swimlane by dragging. Font Awesome to Unicode icons. 
Thanks to xet7 !
 2025-10-17 05:58:53 +03:00
Lauri Ojansivu
cb6afe67a7 Replaced moment.js with Javascript date. 
Thanks to xet7 !
 2025-10-17 00:26:11 +03:00
Lauri Ojansivu
2543df9425 Show original positions of swimlanes, lists and cards. 
Thanks to xet7 !

Fixes #5939
 2025-10-16 20:23:05 +03:00
Lauri Ojansivu
4283b5b0e3 Disable not working minio and s3 support temporarily. 
Thanks to xet7 !
 2025-10-16 17:49:39 +03:00
Lauri Ojansivu
abad8cc4d5 Change list width by dragging between lists. 
Thanks to xet7 !
 2025-10-14 09:36:11 +03:00
Lauri Ojansivu
cc99da5357 Fixed Error in migrate-lists-to-per-swimlane migration. 
Thanks to xet7 !

Fixes #5918
 2025-10-13 20:34:23 +03:00
Lauri Ojansivu
bd8c565415 Fixes to make board showing correctly. 
Thanks to xet7 !
 2025-10-12 03:48:21 +03:00
Lauri Ojansivu
2b5c56484a Run database migrations when opening board. Not when updating WeKan. 
Thanks to xet7 !
 2025-10-11 19:23:47 +03:00
Lauri Ojansivu
a86ff1e8d0 Fixed attachments and minicard related bugs that prevented WeKan starting. 
Thanks to xet7 !
 2025-10-11 12:13:11 +03:00
Lauri Ojansivu
fc32a89292 Fixed per-card and per-board settings of showing checkist at minicard. 
Thanks to xet7 !
 2025-10-11 11:31:57 +03:00
Lauri Ojansivu
ae1f80a52c Added attachments API and admin panel attachment management for file storage backends settings. Fixed drag drop upload attachments from file manager to minicard or opened card. 
Thanks to xet7 !
 2025-10-11 11:05:46 +03:00
Lauri Ojansivu
74ccfea570 Add support for MongoDB 3-8, detecting which one is in use. 
Thanks to xet7 !
 2025-10-11 10:32:20 +03:00
Lauri Ojansivu
3ccdc2e307 Made possible to start WeKan immediately without running any database migrations. 
Thanks to xet7 !
 2025-10-11 10:15:08 +03:00
Lauri Ojansivu
7769124401 Fix DOMPurify paths. Part 2. 
Thanks to xet7 !
 2025-10-11 00:58:00 +03:00
Lauri Ojansivu
90899f0928 Fix DOMPurify paths. 
Thanks to xet7 !
 2025-10-11 00:49:43 +03:00
Lauri Ojansivu
f6591d7820 Security Fix usd-2022-0041: CWE-284 Improper Access Control. 
Thanks to Christian Pöschl of usd AG and xet7 !
 2025-10-10 23:19:58 +03:00
Lauri Ojansivu
ee79cab7b2 Security Fix JVN#86586539: Stored XSS. 
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7.
 2025-10-10 23:14:06 +03:00
Lauri Ojansivu
e1fa607f87 Security Fix JVN#74210258: Stored XSS. 
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7 !
 2025-10-10 23:06:06 +03:00
Lauri Ojansivu
9720e703fd Security Fix JVN#14269684: Broken access control. 
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7 !
 2025-10-10 22:59:20 +03:00
Lauri Ojansivu
30c1597b65 Security Fix FG-VD-22-078: Prevent SVG Billion Laughs Attack. 
Thanks to Nguyen Thanh Nguyen of Fortinet's FortiGuard Labs and xet7 !
 2025-10-10 22:16:47 +03:00
Lauri Ojansivu
d0f118e7af Security Fix: Computational Resource Abuse in Export endpoints. 
Thanks to Anynymous Security Researcher and xet7 !
 2025-10-10 22:09:27 +03:00
Lauri Ojansivu
b87cff1289 Security Fix: IDOR CWE-639 that affected WeKan 7.80-7.93. 
Thanks to apitech.fr and xet7 !
 2025-10-10 21:59:04 +03:00
Lauri Ojansivu
719ef87efc Make possible for lists to have different names at different swimlanes. Make possible to drag list from one swimlane to another swimlane. 
Thanks to xet7 !
 2025-10-10 21:14:44 +03:00
Lauri Ojansivu
a8de2f224f Use attachments from old CollectionFS database structure, when not yet migrated to Meteor-Files/ostrio-files, without needing to migrate database structure. 
Thanks to xet7 !
 2025-10-10 19:07:04 +03:00
Lauri Ojansivu
3e9481c5bd Drag any files from file manager to minicard or opened card. 
Thanks to xet7 !

Fixes #2936
 2025-10-10 18:52:30 +03:00
Lauri Ojansivu
752699d1c2 Mobile one board per row. Board zoom size percent. Board toggle mobile/desktop mode. In Progress. 
Thanks to xet7 !

Related #5902
 2025-10-09 05:48:41 +03:00
seve12
a5651c686f fix 22.9 Unable to download large PDF files attached to card issue fixed 2025-09-23 13:40:14 +03:00
Lauri Ojansivu
ae0d059b6f Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. 
Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active.
Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users.
Added "Unlock All" button to quickly unlock all brute force locked users.
Added ability to toggle user active status directly from the People page.
Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI.

Thanks to xet7.
 2025-08-05 00:31:43 +03:00