Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-02-20 23:14:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
13167 commits 1 branch 861 tags 178 MiB
Commit graph

728 commits

Author SHA1 Message Date
Harry Adel
15f979f08a Fix unhandled Promise rejection in cron migration job callback 
The createCronJob method's job callback was not async and did not await
this.runMigrationStep(step), causing the returned Promise to float.
When runMigrationStep threw, the unhandled rejection triggered
quave:synced-cron's global handler which called process.exit(0),
crashing the app on startup.
 2026-02-18 22:41:16 +02:00
Lauri Ojansivu
b5a13f0206 Admin Panel/Settings/Layout, for PWA: Custom head meta, link, icons, assetlinks.json, site.webmanifest. 
Thanks to xet7 !
 2026-02-15 21:49:55 +02:00
Lauri Ojansivu
1b8b8d2eef Reverted New UI Design of WeKan v8.29 and added more fixes and performance improvements. 
Thanks to xet7 !
 2026-02-08 00:48:39 +02:00
Harry Adel
b431600d32 Migrate accounts-lockout server files to async for Meteor 3.0 
- lockedUsers.js: async getLockedUsers, unlockUser, unlockAllUsers
- lockoutSettings.js: async reloadAccountsLockout with findOneAsync
- accounts-lockout-config.js: async startup with findOneAsync
- models/lockoutSettings.js: upsert → upsertAsync
 2026-01-29 21:29:56 +02:00
Lauri Ojansivu
a419d831a4 Fix Filebleed of Floppybleed. 
Thanks to Luke Hebenstreit Twitter lheben_ and xet7 !
 2026-01-28 13:20:28 +02:00
Lauri Ojansivu
25eedd187e
Merge pull request #6093 from harryadel/createIndex-migration 
Migrate createIndex to createIndexAsync
 2026-01-24 02:04:35 +02:00
Harry Adel
ca2083c858 Migrate createIndex to createIndexAsync 2026-01-24 01:55:29 +02:00
Harry Adel
94a3575e2c Replace mquandalle:collection-mutations with collection helpers 2026-01-21 19:22:54 +02:00
Harry Adel
a5444e08ab Replace cottz:publish-relations with reywood:publish-composite 2026-01-21 07:52:04 +02:00
Lauri Ojansivu
a31a615da6 Fix DB migration from 8.19 to 8.21 stuck forever. 
Thanks to MaccabeeY and xet7 !

Fixes #6078
 2026-01-21 00:56:42 +02:00
Harry Adel
526251397e Migrate from percolate:synced-cron to quave:synced-cron 2026-01-20 17:56:52 +02:00
Lauri Ojansivu
ad511bd137 Fixed Add member and @mentions. 
Thanks to xet7 !

Fixes #6076,
fixes #6077
 2026-01-20 02:28:32 +02:00
Lauri Ojansivu
2fa490d83d Fix DB migration from 8.19 to 8.20 is in a loop. 
Thanks to MaccabeeY and xet7 !

Fixes #6072
 2026-01-18 20:27:23 +02:00
Lauri Ojansivu
a787bcddf3 Security Fix 14: RulesBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 20:18:38 +02:00
Lauri Ojansivu
91a936e07d Security Fix 13: LinkedBoardActivitiesBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 20:13:25 +02:00
Lauri Ojansivu
4ce181d172 Security Fix 12: FixDuplicateBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 20:07:12 +02:00
Lauri Ojansivu
0f5a9c3877 Security Fix 11: CardPubSubBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 20:00:37 +02:00
Lauri Ojansivu
053bf1dfb7 Security Fix 7: AttachmentMigrationBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:39:50 +02:00
Lauri Ojansivu
55576ec177 Security Fix 5: PositionHistoryBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:29:58 +02:00
Lauri Ojansivu
cc35dafef5 Security Fix 4: MigrationBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:24:07 +02:00
Lauri Ojansivu
eabb6a239d Fix New Board Permissions: NormalAssignedOnly, CommentAssignedOnly, ReadOnly, ReadAssignedOnly. Part 1. 
Thanks to nazim-oss and xet7 !

Related #6060
 2026-01-14 23:43:11 +02:00
Lauri Ojansivu
5cb712bee4 Added back feature: Toggle Drag Handles. Improved positions of Add List etc buttons. 
Thanks to xet7 !
 2026-01-14 19:10:51 +02:00
Lauri Ojansivu
984a2dcec1 Some fixes to make WeKan working after Meteor 3 related router upgrades. 
Thanks to xet7 !
 2026-01-14 01:11:42 +02:00
Harry Adel
0635a663f0 Remove pwix:blaze-layout 2026-01-14 00:13:21 +02:00
Lauri Ojansivu
cbb1cd78de Security Fix 1: There was not enough permission checks. Moved migrations to Admin Panel/Settings/Cron. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-06 00:15:16 +02:00
GitHub Copilot
2e564bd076
Fix attachment download error with non-ASCII filenames 
Fixes #6055.

Signed-off-by: Buo-ren Lin (OSSII) <buoren.lin@ossii.com.tw>
 2025-12-30 17:54:29 +08:00
Lauri Ojansivu
1d16955b6d Security Fix 9: Attachment upload not scoped to card/board relationship. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 17:06:22 +02:00
Lauri Ojansivu
6dfa3beb2b Security Fix 8: Attachments publication leaks metadata without auth. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 17:03:02 +02:00
Lauri Ojansivu
181f837d8c Security Fix 5: Read-only roles can still update cards. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:47:11 +02:00
Lauri Ojansivu
a039bb1066 Per-User and Board-level data save fixes. Part 3.
Some checks are pending
Docker / build (push) Waiting to run
Details
Docker Image CI / build (push) Waiting to run
Details
Release Charts / release (push) Waiting to run
Details
Test suite / Meteor tests (push) Waiting to run
Details
Test suite / Coverage report (push) Blocked by required conditions
Details 
Thanks to xet7 !
 2025-12-23 09:03:41 +02:00
Lauri Ojansivu
58e970d685 Per-User and Board-level data save fixes. Part 2. 
Thanks to xet7 !
 2025-12-23 08:01:30 +02:00
Lauri Ojansivu
414b8dbf41 Per-User and Board-level data save fixes. Per-User is collapse, width, height. Per-Board is Swimlanes, Lists, Cards etc. 
Thanks to xet7 !

Fixes #5997
 2025-12-23 07:49:37 +02:00
Lauri Ojansivu
1b6e8797ec Feature: Grey Icons. This makes WeKan very slow. Not recommended. 
Thanks to xet7 !
 2025-11-25 04:33:42 +02:00
Lauri Ojansivu
e4638d5fbc Fixed sidebar migrations to be per-board, not global. Clarified translations. 
Thanks to xet7 !
 2025-11-05 20:22:56 +02:00
Lauri Ojansivu
ba49d4d140 Remove old translations and code not in use anymore. 
Thanks to xet7 !
 2025-11-05 19:03:21 +02:00
Lauri Ojansivu
7713e613b4 Fix 8.16 Lists with no items are deleted every time when board is opened. Moved migrations to right sidebar. 
Thanks to xet7 !

Fixes #5994
 2025-11-05 18:44:48 +02:00
Lauri Ojansivu
1b25d1d572 Moved migrations from opening board to right sidebar / Migrations. 
Thanks to xet7 !
 2025-11-05 17:06:26 +02:00
Lauri Ojansivu
ccd9034339 Fix SECURITY ISSUE 5: Attachment API uses bearer value as userId and DoS (Low). 
Thanks to Siam Thanat Hack (STH) and xet7 !
 2025-11-02 11:42:07 +02:00
Lauri Ojansivu
0a1a075f31 Fix SECURITY ISSUE 4: Members can forge others’ votes (Low). Bonus: Similar fixes to planning poker too done by xet7. 
Thanks to Siam Thanat Hack (STH) and xet7 !
 2025-11-02 11:12:41 +02:00
Lauri Ojansivu
ea310d7508 Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 10:13:45 +02:00
Lauri Ojansivu
f26d582018 Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 09:11:50 +02:00
Lauri Ojansivu
e9a727301d Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High). 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 08:36:29 +02:00
Lauri Ojansivu
30620d0ca4 Some migrations and mobile fixes.
Some checks failed
Docker / build (push) Has been cancelled
Details
Docker Image CI / build (push) Has been cancelled
Details
Release Charts / release (push) Has been cancelled
Details
Test suite / Meteor tests (push) Has been cancelled
Details
Test suite / Coverage report (push) Has been cancelled
Details 
Thanks to xet7 !
 2025-10-25 21:09:07 +03:00
Lauri Ojansivu
ae11e80bde Fix Regression - unable to view cards by due date v8.11. 
Thanks to xet7 !

Fixes #5964
 2025-10-22 23:31:36 +03:00
Lauri Ojansivu
58df525b49 Fix duplicated lists and do not show debug messages when env DEBUG is not true. Part 3. 
Thanks to xet7 !

Fixes #5952
 2025-10-21 15:31:34 +03:00
Lauri Ojansivu
b7ca2310b2 Fix duplicated lists. 
Thanks to xet7 !

Fixes #5952
 2025-10-21 15:19:19 +03:00
Lauri Ojansivu
b6e7b258e0 Fix duplicated lists. 
Thanks to xet7 !

Fixes #5952
 2025-10-21 15:14:01 +03:00
Lauri Ojansivu
347fa9e5cd Fix Regression - due date taking a while to load all cards v8.06. 
Thanks to xet7 !

Fixes #5955
 2025-10-21 15:08:50 +03:00
Lauri Ojansivu
4987a95d8e Prevent opened board re-migrating and reloading every 5 seconds. 
Thanks to xet7 !
 2025-10-21 14:12:12 +03:00
Lauri Ojansivu
9536e60bd1 Fix opening board migration of Shared Lists to Per-Swimlane lists to use ReactiveCache correctly without errors. 
Thanks to xet7 !

Fixes #5960
 2025-10-21 10:46:37 +03:00