702 commits

Author	SHA1	Message	Date
Lauri Ojansivu	1d16955b6d	Security Fix 9: Attachment upload not scoped to card/board relationship. ... Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !	2025-12-29 17:06:22 +02:00
Lauri Ojansivu	6dfa3beb2b	Security Fix 8: Attachments publication leaks metadata without auth. ... Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !	2025-12-29 17:03:02 +02:00
Lauri Ojansivu	181f837d8c	Security Fix 5: Read-only roles can still update cards. ... Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !	2025-12-29 16:47:11 +02:00
Lauri Ojansivu	a039bb1066	Per-User and Board-level data save fixes. Part 3. ... Thanks to xet7 !	2025-12-23 09:03:41 +02:00
Lauri Ojansivu	58e970d685	Per-User and Board-level data save fixes. Part 2. ... Thanks to xet7 !	2025-12-23 08:01:30 +02:00
Lauri Ojansivu	414b8dbf41	Per-User and Board-level data save fixes. Per-User is collapse, width, height. Per-Board is Swimlanes, Lists, Cards etc. ... Thanks to xet7 ! Fixes #5997	2025-12-23 07:49:37 +02:00
Lauri Ojansivu	1b6e8797ec	Feature: Grey Icons. This makes WeKan very slow. Not recommended. ... Thanks to xet7 !	2025-11-25 04:33:42 +02:00
Lauri Ojansivu	e4638d5fbc	Fixed sidebar migrations to be per-board, not global. Clarified translations. ... Thanks to xet7 !	2025-11-05 20:22:56 +02:00
Lauri Ojansivu	ba49d4d140	Remove old translations and code not in use anymore. ... Thanks to xet7 !	2025-11-05 19:03:21 +02:00
Lauri Ojansivu	7713e613b4	Fix 8.16 Lists with no items are deleted every time when board is opened. Moved migrations to right sidebar. ... Thanks to xet7 ! Fixes #5994	2025-11-05 18:44:48 +02:00
Lauri Ojansivu	1b25d1d572	Moved migrations from opening board to right sidebar / Migrations. ... Thanks to xet7 !	2025-11-05 17:06:26 +02:00
Lauri Ojansivu	ccd9034339	Fix SECURITY ISSUE 5: Attachment API uses bearer value as userId and DoS (Low). ... Thanks to Siam Thanat Hack (STH) and xet7 !	2025-11-02 11:42:07 +02:00
Lauri Ojansivu	0a1a075f31	Fix SECURITY ISSUE 4: Members can forge others’ votes (Low). Bonus: Similar fixes to planning poker too done by xet7. ... Thanks to Siam Thanat Hack (STH) and xet7 !	2025-11-02 11:12:41 +02:00
Lauri Ojansivu	ea310d7508	Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort. ... Thanks to Siam Thanat Hack (STH) !	2025-11-02 10:13:45 +02:00
Lauri Ojansivu	f26d582018	Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions. ... Thanks to Siam Thanat Hack (STH) !	2025-11-02 09:11:50 +02:00
Lauri Ojansivu	e9a727301d	Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High). ... Thanks to Siam Thanat Hack (STH) !	2025-11-02 08:36:29 +02:00
Lauri Ojansivu	30620d0ca4	Some migrations and mobile fixes. ... Thanks to xet7 !	2025-10-25 21:09:07 +03:00
Lauri Ojansivu	ae11e80bde	Fix Regression - unable to view cards by due date v8.11. ... Thanks to xet7 ! Fixes #5964	2025-10-22 23:31:36 +03:00
Lauri Ojansivu	58df525b49	Fix duplicated lists and do not show debug messages when env DEBUG is not true. Part 3. ... Thanks to xet7 ! Fixes #5952	2025-10-21 15:31:34 +03:00
Lauri Ojansivu	b7ca2310b2	Fix duplicated lists. ... Thanks to xet7 ! Fixes #5952	2025-10-21 15:19:19 +03:00
Lauri Ojansivu	b6e7b258e0	Fix duplicated lists. ... Thanks to xet7 ! Fixes #5952	2025-10-21 15:14:01 +03:00
Lauri Ojansivu	347fa9e5cd	Fix Regression - due date taking a while to load all cards v8.06. ... Thanks to xet7 ! Fixes #5955	2025-10-21 15:08:50 +03:00
Lauri Ojansivu	4987a95d8e	Prevent opened board re-migrating and reloading every 5 seconds. ... Thanks to xet7 !	2025-10-21 14:12:12 +03:00
Lauri Ojansivu	9536e60bd1	Fix opening board migration of Shared Lists to Per-Swimlane lists to use ReactiveCache correctly without errors. ... Thanks to xet7 ! Fixes #5960	2025-10-21 10:46:37 +03:00
Lauri Ojansivu	80777b4663	When opening board, add missing lists. ... Thanks to xet7 ! Fixes #5926	2025-10-20 17:06:42 +03:00
Lauri Ojansivu	0acbf30b03	Fix migrations. ... Thanks to xet7 !	2025-10-20 01:20:28 +03:00
Lauri Ojansivu	eb6b42c4c9	Fix syntax error at migrations. ... Thanks to xet7 !	2025-10-20 00:28:19 +03:00
Lauri Ojansivu	1e6252de7f	When opening board, migrate from Shared Lists to Per-Swimlane Lists. ... Thanks to xet7 ! Fixes #5952	2025-10-20 00:22:26 +03:00
Lauri Ojansivu	951d2e4937	Legacy Lists button at one board view to restore missing lists/cards. ... Thanks to xet7 ! Fixes #5952	2025-10-19 23:40:02 +03:00
Lauri Ojansivu	66b444e2b0	Fix unable to see My Due Cards. ... Thanks to xet7 ! Fixes #5948	2025-10-19 20:05:36 +03:00
Lauri Ojansivu	cb6afe67a7	Replaced moment.js with Javascript date. ... Thanks to xet7 !	2025-10-17 00:26:11 +03:00
Lauri Ojansivu	79b94824ef	Changed wekan-boostrap-datepicker to HTML datepicker. ... Thanks to xet7 !	2025-10-16 23:19:26 +03:00
Lauri Ojansivu	2543df9425	Show original positions of swimlanes, lists and cards. ... Thanks to xet7 ! Fixes #5939	2025-10-16 20:23:05 +03:00
Lauri Ojansivu	0a34ee1b64	Removed not needed console log message. ... Thanks to xet7 !	2025-10-14 01:52:58 +03:00
Lauri Ojansivu	63c314ca18	Fixed migrations. ... Thanks to xet7 !	2025-10-14 01:30:59 +03:00
Lauri Ojansivu	bd8c565415	Fixes to make board showing correctly. ... Thanks to xet7 !	2025-10-12 03:48:21 +03:00
Lauri Ojansivu	317138ab72	If there is no cron jobs running, run migrations for boards that have not been opened yet. ... Thanks to xet7 !	2025-10-11 20:33:31 +03:00
Lauri Ojansivu	da68b01502	Added Cron Manager to Admin Panel for long running jobs, like running migrations when opening board, copying or moving boards swimlanes lists cards etc. ... Thanks to xet7 !	2025-10-11 19:41:09 +03:00
Lauri Ojansivu	2b5c56484a	Run database migrations when opening board. Not when updating WeKan. ... Thanks to xet7 !	2025-10-11 19:23:47 +03:00
Lauri Ojansivu	fc32a89292	Fixed per-card and per-board settings of showing checkist at minicard. ... Thanks to xet7 !	2025-10-11 11:31:57 +03:00
Lauri Ojansivu	ae1f80a52c	Added attachments API and admin panel attachment management for file storage backends settings. Fixed drag drop upload attachments from file manager to minicard or opened card. ... Thanks to xet7 !	2025-10-11 11:05:46 +03:00
Lauri Ojansivu	d59683eff1	Fixed attachments migrations at Admin Panel to not use too much CPU while migrating attachments. ... Thanks to xet7 !	2025-10-11 10:48:12 +03:00
Lauri Ojansivu	74ccfea570	Add support for MongoDB 3-8, detecting which one is in use. ... Thanks to xet7 !	2025-10-11 10:32:20 +03:00
Lauri Ojansivu	3ccdc2e307	Made possible to start WeKan immediately without running any database migrations. ... Thanks to xet7 !	2025-10-11 10:15:08 +03:00
Lauri Ojansivu	1a7bd65e59	Fixed showing translations always, regardsless of is ROOT_URL set correctly or not. ... Thanks to xet7 !	2025-10-11 01:57:08 +03:00
Lauri Ojansivu	f6591d7820	Security Fix usd-2022-0041: CWE-284 Improper Access Control. ... Thanks to Christian Pöschl of usd AG and xet7 !	2025-10-10 23:19:58 +03:00
Lauri Ojansivu	ee79cab7b2	Security Fix JVN#86586539: Stored XSS. ... Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7.	2025-10-10 23:14:06 +03:00
Lauri Ojansivu	e1fa607f87	Security Fix JVN#74210258: Stored XSS. ... Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7 !	2025-10-10 23:06:06 +03:00
Lauri Ojansivu	1c84b19f24	Show console.log 'Legacy attachments route loaded' only when environment variable DEBUG=true. ... Thanks to xet7 !	2025-10-10 21:19:00 +03:00
Lauri Ojansivu	719ef87efc	Make possible for lists to have different names at different swimlanes. Make possible to drag list from one swimlane to another swimlane. ... Thanks to xet7 !	2025-10-10 21:14:44 +03:00