Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 07:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
12758 commits 2 branches 844 tags 122 MiB
Commit graph

695 commits

Author SHA1 Message Date
Lauri Ojansivu
e4638d5fbc Fixed sidebar migrations to be per-board, not global. Clarified translations. 
Thanks to xet7 !
 2025-11-05 20:22:56 +02:00
Lauri Ojansivu
ba49d4d140 Remove old translations and code not in use anymore. 
Thanks to xet7 !
 2025-11-05 19:03:21 +02:00
Lauri Ojansivu
7713e613b4 Fix 8.16 Lists with no items are deleted every time when board is opened. Moved migrations to right sidebar. 
Thanks to xet7 !

Fixes #5994
 2025-11-05 18:44:48 +02:00
Lauri Ojansivu
1b25d1d572 Moved migrations from opening board to right sidebar / Migrations. 
Thanks to xet7 !
 2025-11-05 17:06:26 +02:00
Lauri Ojansivu
ccd9034339 Fix SECURITY ISSUE 5: Attachment API uses bearer value as userId and DoS (Low). 
Thanks to Siam Thanat Hack (STH) and xet7 !
 2025-11-02 11:42:07 +02:00
Lauri Ojansivu
0a1a075f31 Fix SECURITY ISSUE 4: Members can forge others’ votes (Low). Bonus: Similar fixes to planning poker too done by xet7. 
Thanks to Siam Thanat Hack (STH) and xet7 !
 2025-11-02 11:12:41 +02:00
Lauri Ojansivu
ea310d7508 Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 10:13:45 +02:00
Lauri Ojansivu
f26d582018 Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 09:11:50 +02:00
Lauri Ojansivu
e9a727301d Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High). 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 08:36:29 +02:00
Lauri Ojansivu
30620d0ca4 Some migrations and mobile fixes.
Some checks failed
Docker / build (push) Has been cancelled
Details
Docker Image CI / build (push) Has been cancelled
Details
Release Charts / release (push) Has been cancelled
Details
Test suite / Meteor tests (push) Has been cancelled
Details
Test suite / Coverage report (push) Has been cancelled
Details 
Thanks to xet7 !
 2025-10-25 21:09:07 +03:00
Lauri Ojansivu
ae11e80bde Fix Regression - unable to view cards by due date v8.11. 
Thanks to xet7 !

Fixes #5964
 2025-10-22 23:31:36 +03:00
Lauri Ojansivu
58df525b49 Fix duplicated lists and do not show debug messages when env DEBUG is not true. Part 3. 
Thanks to xet7 !

Fixes #5952
 2025-10-21 15:31:34 +03:00
Lauri Ojansivu
b7ca2310b2 Fix duplicated lists. 
Thanks to xet7 !

Fixes #5952
 2025-10-21 15:19:19 +03:00
Lauri Ojansivu
b6e7b258e0 Fix duplicated lists. 
Thanks to xet7 !

Fixes #5952
 2025-10-21 15:14:01 +03:00
Lauri Ojansivu
347fa9e5cd Fix Regression - due date taking a while to load all cards v8.06. 
Thanks to xet7 !

Fixes #5955
 2025-10-21 15:08:50 +03:00
Lauri Ojansivu
4987a95d8e Prevent opened board re-migrating and reloading every 5 seconds. 
Thanks to xet7 !
 2025-10-21 14:12:12 +03:00
Lauri Ojansivu
9536e60bd1 Fix opening board migration of Shared Lists to Per-Swimlane lists to use ReactiveCache correctly without errors. 
Thanks to xet7 !

Fixes #5960
 2025-10-21 10:46:37 +03:00
Lauri Ojansivu
80777b4663 When opening board, add missing lists. 
Thanks to xet7 !

Fixes #5926
 2025-10-20 17:06:42 +03:00
Lauri Ojansivu
0acbf30b03 Fix migrations. 
Thanks to xet7 !
 2025-10-20 01:20:28 +03:00
Lauri Ojansivu
eb6b42c4c9 Fix syntax error at migrations. 
Thanks to xet7 !
 2025-10-20 00:28:19 +03:00
Lauri Ojansivu
1e6252de7f When opening board, migrate from Shared Lists to Per-Swimlane Lists. 
Thanks to xet7 !

Fixes #5952
 2025-10-20 00:22:26 +03:00
Lauri Ojansivu
951d2e4937 Legacy Lists button at one board view to restore missing lists/cards. 
Thanks to xet7 !

Fixes #5952
 2025-10-19 23:40:02 +03:00
Lauri Ojansivu
66b444e2b0 Fix unable to see My Due Cards. 
Thanks to xet7 !

Fixes #5948
 2025-10-19 20:05:36 +03:00
Lauri Ojansivu
cb6afe67a7 Replaced moment.js with Javascript date. 
Thanks to xet7 !
 2025-10-17 00:26:11 +03:00
Lauri Ojansivu
79b94824ef Changed wekan-boostrap-datepicker to HTML datepicker. 
Thanks to xet7 !
 2025-10-16 23:19:26 +03:00
Lauri Ojansivu
2543df9425 Show original positions of swimlanes, lists and cards. 
Thanks to xet7 !

Fixes #5939
 2025-10-16 20:23:05 +03:00
Lauri Ojansivu
0a34ee1b64 Removed not needed console log message. 
Thanks to xet7 !
 2025-10-14 01:52:58 +03:00
Lauri Ojansivu
63c314ca18 Fixed migrations. 
Thanks to xet7 !
 2025-10-14 01:30:59 +03:00
Lauri Ojansivu
bd8c565415 Fixes to make board showing correctly. 
Thanks to xet7 !
 2025-10-12 03:48:21 +03:00
Lauri Ojansivu
317138ab72 If there is no cron jobs running, run migrations for boards that have not been opened yet. 
Thanks to xet7 !
 2025-10-11 20:33:31 +03:00
Lauri Ojansivu
da68b01502 Added Cron Manager to Admin Panel for long running jobs, like running migrations when opening board, copying or moving boards swimlanes lists cards etc. 
Thanks to xet7 !
 2025-10-11 19:41:09 +03:00
Lauri Ojansivu
2b5c56484a Run database migrations when opening board. Not when updating WeKan. 
Thanks to xet7 !
 2025-10-11 19:23:47 +03:00
Lauri Ojansivu
fc32a89292 Fixed per-card and per-board settings of showing checkist at minicard. 
Thanks to xet7 !
 2025-10-11 11:31:57 +03:00
Lauri Ojansivu
ae1f80a52c Added attachments API and admin panel attachment management for file storage backends settings. Fixed drag drop upload attachments from file manager to minicard or opened card. 
Thanks to xet7 !
 2025-10-11 11:05:46 +03:00
Lauri Ojansivu
d59683eff1 Fixed attachments migrations at Admin Panel to not use too much CPU while migrating attachments. 
Thanks to xet7 !
 2025-10-11 10:48:12 +03:00
Lauri Ojansivu
74ccfea570 Add support for MongoDB 3-8, detecting which one is in use. 
Thanks to xet7 !
 2025-10-11 10:32:20 +03:00
Lauri Ojansivu
3ccdc2e307 Made possible to start WeKan immediately without running any database migrations. 
Thanks to xet7 !
 2025-10-11 10:15:08 +03:00
Lauri Ojansivu
1a7bd65e59 Fixed showing translations always, regardsless of is ROOT_URL set correctly or not. 
Thanks to xet7 !
 2025-10-11 01:57:08 +03:00
Lauri Ojansivu
f6591d7820 Security Fix usd-2022-0041: CWE-284 Improper Access Control. 
Thanks to Christian Pöschl of usd AG and xet7 !
 2025-10-10 23:19:58 +03:00
Lauri Ojansivu
ee79cab7b2 Security Fix JVN#86586539: Stored XSS. 
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7.
 2025-10-10 23:14:06 +03:00
Lauri Ojansivu
e1fa607f87 Security Fix JVN#74210258: Stored XSS. 
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7 !
 2025-10-10 23:06:06 +03:00
Lauri Ojansivu
1c84b19f24 Show console.log 'Legacy attachments route loaded' only when environment variable DEBUG=true. 
Thanks to xet7 !
 2025-10-10 21:19:00 +03:00
Lauri Ojansivu
719ef87efc Make possible for lists to have different names at different swimlanes. Make possible to drag list from one swimlane to another swimlane. 
Thanks to xet7 !
 2025-10-10 21:14:44 +03:00
Lauri Ojansivu
a8de2f224f Use attachments from old CollectionFS database structure, when not yet migrated to Meteor-Files/ostrio-files, without needing to migrate database structure. 
Thanks to xet7 !
 2025-10-10 19:07:04 +03:00
Lauri Ojansivu
ae0d059b6f Feature: Added brute force login protection settings to Admin Panel/People/Locked Users. 
Added filtering of Admin Panel/People/People: All Users/Locked Users Only/Active/Not Active.
Added visual indicators: red lock icon for locked users, green check for active users, and red X for inactive users.
Added "Unlock All" button to quickly unlock all brute force locked users.
Added ability to toggle user active status directly from the People page.
Moved lockout settings from environment variables to database so admins can configure the lockout thresholds directly in the UI.

Thanks to xet7.
 2025-08-05 00:31:43 +03:00
Lauri Ojansivu
d83ce5e633 Feature: Accessibility page at /accessibility. Settings at Admin Panel. When enabled, link at right sidebar. 
Thanks to xet7 !
 2025-08-04 21:22:14 +03:00
Omar Abid
2ab9bd3172 Add email notifications language localization feature 2025-05-13 19:45:08 +01:00
Lauri Ojansivu
a4ec20a7c8 Merge remote-tracking branch 'origin/feature-accessibility' 2024-12-08 17:07:39 +02:00
Lauri Ojansivu
c062bd63bb Fix in API user role is not considered. 
Thanks to mohammadZahedian and xet7 !

Fixes #5422
 2024-12-08 02:56:37 +02:00
Lauri Ojansivu
729d8fb435 Accessibility statement. Part 1. In Progress. 
Thanks to xet7 !
 2024-12-02 14:17:58 +02:00