Lauri Ojansivu
|
5cd875813f
|
Security Fix 7: Checklist create IDOR: cardId not verified against boardId.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:58:26 +02:00 |
|
Lauri Ojansivu
|
08a6f084eb
|
Security Fix 6: Checklist delete IDOR: checklist not verified against board/card.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:54:04 +02:00 |
|
Lauri Ojansivu
|
181f837d8c
|
Security Fix 5: Read-only roles can still update cards.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:47:11 +02:00 |
|
Lauri Ojansivu
|
198509e760
|
Security Fix 4: Cross-board card move without destination authorization.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:39:23 +02:00 |
|
Lauri Ojansivu
|
67cb47173c
|
Security Fix 3: Card comment author spoofing (IDOR) via API.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:34:00 +02:00 |
|
Lauri Ojansivu
|
7ed76c180e
|
Security Fix 2: Private-only board setting can be bypassed.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:29:01 +02:00 |
|
Lauri Ojansivu
|
f244a43771
|
Security Fix 1: IDOR in setCreateTranslation. Non-admin could change Custom Translation.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec.
|
2025-12-29 16:20:17 +02:00 |
|
Lilou
|
223c38c50d
|
Set sortable methods of lists only once
|
2025-12-29 02:45:48 +01:00 |
|
Lauri Ojansivu
|
a039bb1066
|
Per-User and Board-level data save fixes. Part 3.
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
Thanks to xet7 !
|
2025-12-23 09:03:41 +02:00 |
|
Lauri Ojansivu
|
58e970d685
|
Per-User and Board-level data save fixes. Part 2.
Thanks to xet7 !
|
2025-12-23 08:01:30 +02:00 |
|
Lauri Ojansivu
|
414b8dbf41
|
Per-User and Board-level data save fixes. Per-User is collapse, width, height. Per-Board is Swimlanes, Lists, Cards etc.
Thanks to xet7 !
Fixes #5997
|
2025-12-23 07:49:37 +02:00 |
|
Lauri Ojansivu
|
58f4884ad6
|
Collapse Swimlane, List, Opened Card. Opened Card window X and Y position can be moved freely from drag handle. Fix some dragging not possible. Fix iPhone Safari.
Thanks to xet7 !
Fixes #6040,
fixes #6027,
fixes #6021,
fixes #6002
|
2025-12-23 06:47:02 +02:00 |
|
Lauri Ojansivu
|
4408eae158
|
feat: grey unicode icons without UI freezes
|
2025-12-22 23:26:30 +02:00 |
|
Lauri Ojansivu
|
ecfb0f0fdf
|
Manually merged fixes from seve12.
Thanks to seve12 !
Related https://github.com/wekan/wekan/pull/5967
|
2025-12-22 23:18:01 +02:00 |
|
Lauri Ojansivu
|
a7400dca45
|
More translations. Added support page to Admin Panel / Settings / Layout.
Thanks to xet7 !
|
2025-12-22 22:24:35 +02:00 |
|
Lauri Ojansivu
|
c1168d181b
|
New Board Permissions: NormalAssignedOnly, CommentAssignedOnly, ReadOnly, ReadAssignedOnly.
Thanks to xet7 !
Fixes #1122,
fixes #6033,
fixes #3300
|
2025-12-22 21:45:09 +02:00 |
|
Lauri Ojansivu
|
f34e4c0e36
|
Gantt chart view to one board view menu Swimlanes/Lists/Calendar/Gantt.
Thanks to xet7 !
Fixes #2870
|
2025-12-22 16:51:10 +02:00 |
|
Mial Lewis
|
003a07ebce
|
change restore to unarchive
|
2025-11-27 22:00:43 +00:00 |
|
Mial Lewis
|
d3c237bc66
|
fix more indenting
|
2025-11-27 08:29:36 +00:00 |
|
Mial Lewis
|
bac0fa81fc
|
correce indent
|
2025-11-27 08:27:38 +00:00 |
|
Mial Lewis
|
5ff9bf331f
|
add restore to api
|
2025-11-27 08:23:56 +00:00 |
|
Mial Lewis
|
36d7b0f8a7
|
correct return values
|
2025-11-27 00:52:28 +00:00 |
|
Mial Lewis
|
a81a603031
|
update bool to boolean
|
2025-11-26 23:59:00 +00:00 |
|
Mial Lewis
|
e30ce78053
|
add archive card to api
|
2025-11-26 23:57:49 +00:00 |
|
Lauri Ojansivu
|
1b6e8797ec
|
Feature: Grey Icons. This makes WeKan very slow. Not recommended.
Thanks to xet7 !
|
2025-11-25 04:33:42 +02:00 |
|
Lauri Ojansivu
|
0afbdc95b4
|
Feature: Workspaces, at All Boards page.
Thanks to xet7 !
|
2025-11-06 00:26:35 +02:00 |
|
Lauri Ojansivu
|
8711b476be
|
Fix star board.
Thanks to xet7 !
|
2025-11-05 20:50:28 +02:00 |
|
Lauri Ojansivu
|
550d87ac6c
|
Fix 8.16: Switching Board View fails with 403 error.
Thanks to xet7 !
|
2025-11-05 16:35:29 +02:00 |
|
Lauri Ojansivu
|
0a1a075f31
|
Fix SECURITY ISSUE 4: Members can forge others’ votes (Low). Bonus: Similar fixes to planning poker too done by xet7.
Thanks to Siam Thanat Hack (STH) and xet7 !
|
2025-11-02 11:12:41 +02:00 |
|
Lauri Ojansivu
|
ea310d7508
|
Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort.
Thanks to Siam Thanat Hack (STH) !
|
2025-11-02 10:13:45 +02:00 |
|
Lauri Ojansivu
|
f26d582018
|
Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions.
Thanks to Siam Thanat Hack (STH) !
|
2025-11-02 09:11:50 +02:00 |
|
Lauri Ojansivu
|
e9a727301d
|
Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High).
Thanks to Siam Thanat Hack (STH) !
|
2025-11-02 08:36:29 +02:00 |
|
Lauri Ojansivu
|
30620d0ca4
|
Some migrations and mobile fixes.
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
Thanks to xet7 !
|
2025-10-25 21:09:07 +03:00 |
|
Lauri Ojansivu
|
034dc08269
|
Disabled migrations that happen when opening board. Defaulting to per-swimlane lists and drag drop list to same or different swimlane.
Thanks to xet7 !
|
2025-10-25 19:17:09 +03:00 |
|
Lauri Ojansivu
|
b6e7b258e0
|
Fix duplicated lists.
Thanks to xet7 !
Fixes #5952
|
2025-10-21 15:14:01 +03:00 |
|
Lauri Ojansivu
|
80777b4663
|
When opening board, add missing lists.
Thanks to xet7 !
Fixes #5926
|
2025-10-20 17:06:42 +03:00 |
|
Lauri Ojansivu
|
2dd3916f7e
|
Added Date Format setting to Opened Card.
Thanks to xet7 !
Fixes #2011,
fixes #1176
|
2025-10-20 01:36:44 +03:00 |
|
Lauri Ojansivu
|
1e6252de7f
|
When opening board, migrate from Shared Lists to Per-Swimlane Lists.
Thanks to xet7 !
Fixes #5952
|
2025-10-20 00:22:26 +03:00 |
|
Lauri Ojansivu
|
951d2e4937
|
Legacy Lists button at one board view to restore missing lists/cards.
Thanks to xet7 !
Fixes #5952
|
2025-10-19 23:40:02 +03:00 |
|
Lauri Ojansivu
|
3514335247
|
At Public Board, drag resize list width and swimlane height. For logged in users, fix adding labels.
Thanks to xet7 !
Fixes #5922
|
2025-10-19 23:15:55 +03:00 |
|
Lauri Ojansivu
|
09631d6b0c
|
Resize height of swimlane by dragging. Font Awesome to Unicode icons.
Thanks to xet7 !
|
2025-10-17 05:58:53 +03:00 |
|
Lauri Ojansivu
|
cb6afe67a7
|
Replaced moment.js with Javascript date.
Thanks to xet7 !
|
2025-10-17 00:26:11 +03:00 |
|
Lauri Ojansivu
|
2543df9425
|
Show original positions of swimlanes, lists and cards.
Thanks to xet7 !
Fixes #5939
|
2025-10-16 20:23:05 +03:00 |
|
Lauri Ojansivu
|
4283b5b0e3
|
Disable not working minio and s3 support temporarily.
Thanks to xet7 !
|
2025-10-16 17:49:39 +03:00 |
|
Lauri Ojansivu
|
abad8cc4d5
|
Change list width by dragging between lists.
Thanks to xet7 !
|
2025-10-14 09:36:11 +03:00 |
|
Lauri Ojansivu
|
cc99da5357
|
Fixed Error in migrate-lists-to-per-swimlane migration.
Thanks to xet7 !
Fixes #5918
|
2025-10-13 20:34:23 +03:00 |
|
Lauri Ojansivu
|
bd8c565415
|
Fixes to make board showing correctly.
Thanks to xet7 !
|
2025-10-12 03:48:21 +03:00 |
|
Lauri Ojansivu
|
2b5c56484a
|
Run database migrations when opening board. Not when updating WeKan.
Thanks to xet7 !
|
2025-10-11 19:23:47 +03:00 |
|
Lauri Ojansivu
|
a86ff1e8d0
|
Fixed attachments and minicard related bugs that prevented WeKan starting.
Thanks to xet7 !
|
2025-10-11 12:13:11 +03:00 |
|
Lauri Ojansivu
|
fc32a89292
|
Fixed per-card and per-board settings of showing checkist at minicard.
Thanks to xet7 !
|
2025-10-11 11:31:57 +03:00 |
|