Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-15 14:08:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
12873 commits 1 branch 846 tags 141 MiB
Commit graph

12873 commits

This branch
This branch
All branches
Author SHA1 Message Date
Lauri Ojansivu
4a373b45e1 Updated GitHub issue templates. Part 2. 
Thanks to xet7 !
 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
32733023ca Updated ChangeLog. 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
0ffb0fa24f Updated ChangeLog. 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
b5177e3870 Added FerretDB2/PostgreSQL Docs. Part 4. 
Thanks to juri_ at WeKan Libera.Chat IRC and xet7 !
 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
c326e58d5e Updated ChangeLog. 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
4d4046986f Updated GitHub issue templates. 
Thanks to xet7 !
 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
36cbd3a606 Updated ChangeLog. 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
715d47dd2c Added FerretDB2/PostgreSQL Docs. Part 3. 
Thanks to juri_ at WeKan Libera.Chat IRC and xet7 !
 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
71d84f58a4 Updated ChangeLog. 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
306305a95c Docs: Added s390x firewall info. 
Thanks to xet7 !
 2026-01-14 01:00:58 +02:00
Lauri Ojansivu
2bc9fa1629 Updated ChangeLog. 2026-01-14 01:00:57 +02:00
Lauri Ojansivu
fd45ae2a62 Added FerretDB2/PostgreSQL Docs. Part 2. 
Thanks to juri_ at WeKan Libera.Chat IRC and xet7 !
 2026-01-14 01:00:57 +02:00
Lauri Ojansivu
46100cfd1d Updated ChangeLog. 2026-01-14 01:00:57 +02:00
Lauri Ojansivu
1d62322b3c Added FerretDB2/PostgreSQL Docs. 
Thanks to juri_ at WeKan Libera.Chat IRC and xet7 !
 2026-01-14 01:00:57 +02:00
Harry Adel
0635a663f0 Remove pwix:blaze-layout 2026-01-14 00:13:21 +02:00
Harry Adel
9ebf4d2426 Migrate routing layer from deprecated kadira packages to modern alternatives 
- Remove deprecated kadira:flow-router, kadira:blaze-layout, arillo:flow-router-helpers
- Add ostrio:flow-router-extra (modern, actively maintained)
- Add pwix:blaze-layout (maintained fork of kadira:blaze-layout)
- Convert all 22 BlazeLayout.render() calls to this.render() in route actions
- Maintain full backward compatibility with existing FlowRouter API
- All route definitions remain functional without syntax changes
- Build compilation succeeds without errors

This migration prepares Wekan for Meteor 3.0 compatibility by replacing
9-year-old deprecated routing packages with modern alternatives.

Next phase: Schema and async collection methods migration
 2026-01-13 19:46:32 +02:00
Lauri Ojansivu
59ad67c08c Updated translations.
Some checks failed
Docker / build (push) Has been cancelled
Details
Docker Image CI / build (push) Has been cancelled
Details
Release Charts / release (push) Has been cancelled
Details
Test suite / Meteor tests (push) Has been cancelled
Details
Test suite / Coverage report (push) Has been cancelled
Details
2026-01-09 18:49:54 +02:00
Lauri Ojansivu
ec57618c98 Updated translations.
Some checks failed
Docker / build (push) Has been cancelled
Details
Docker Image CI / build (push) Has been cancelled
Details
Release Charts / release (push) Has been cancelled
Details
Test suite / Meteor tests (push) Has been cancelled
Details
Test suite / Coverage report (push) Has been cancelled
Details
2026-01-06 00:20:33 +02:00
Lauri Ojansivu
3b378961b0 Updated ChangeLog. 2026-01-06 00:16:48 +02:00
Lauri Ojansivu
cbb1cd78de Security Fix 1: There was not enough permission checks. Moved migrations to Admin Panel/Settings/Cron. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-06 00:15:16 +02:00
Lauri Ojansivu
d6834d0287 Updated ChangeLog. 2026-01-05 21:49:52 +02:00
Lauri Ojansivu
a9a89b501a Published @wekanteam npm packages to npmjs.com . 
Thanks to xet7 !
 2026-01-05 21:31:54 +02:00
Lauri Ojansivu
7de4385160 Updated dependencies. 
Thanks to developers of dependencies !
 2026-01-05 19:19:56 +02:00
Lauri Ojansivu
7ac5a2bba5 Updated translations. 2026-01-05 18:23:26 +02:00
Lauri Ojansivu
e0af5db1a9
Merge pull request #6056 from brlin-tw/patch-nonascii-attachment-download-error
Some checks are pending
Docker / build (push) Waiting to run
Details
Docker Image CI / build (push) Waiting to run
Details
Release Charts / release (push) Waiting to run
Details
Test suite / Meteor tests (push) Waiting to run
Details
Test suite / Coverage report (push) Blocked by required conditions
Details 
WIP: AI: Fix attachment download error with non-ASCII filenames (#6055)
 2026-01-04 20:06:06 +02:00
Lauri Ojansivu
87cd07dec7
Merge pull request #6059 from wekan/dependabot/npm_and_yarn/multi-8d39329a2d 
Bump qs
 2026-01-04 20:05:38 +02:00
dependabot[bot]
e80f8e5121
Bump qs 
Bumps [qs](https://github.com/ljharb/qs) to 6.14.0 and updates ancestor dependency . These dependencies need to be updated together.


Updates `qs` from 6.14.0 to 6.14.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.0...v6.14.0)

Updates `qs` from 6.13.0 to 6.14.1
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.0...v6.14.0)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.0
  dependency-type: indirect
- dependency-name: qs
  dependency-version: 6.14.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-01 13:35:17 +00:00
Lauri Ojansivu
2325a5c532 Updated translations
Some checks failed
Docker / build (push) Has been cancelled
Details
Docker Image CI / build (push) Has been cancelled
Details
Release Charts / release (push) Has been cancelled
Details
Test suite / Meteor tests (push) Has been cancelled
Details
Test suite / Coverage report (push) Has been cancelled
Details
2025-12-30 12:19:55 +02:00
Lauri Ojansivu
b1db262b37 Updated ChangeLog. 2025-12-30 12:01:28 +02:00
GitHub Copilot
2e564bd076
Fix attachment download error with non-ASCII filenames 
Fixes #6055.

Signed-off-by: Buo-ren Lin (OSSII) <buoren.lin@ossii.com.tw>
 2025-12-30 17:54:29 +08:00
Lauri Ojansivu
e09e9114aa v8.19
Some checks are pending
Docker / build (push) Waiting to run
Details
Docker Image CI / build (push) Waiting to run
Details
Release Charts / release (push) Waiting to run
Details
Test suite / Meteor tests (push) Waiting to run
Details
Test suite / Coverage report (push) Blocked by required conditions
Details
2025-12-29 21:54:10 +02:00
Lauri Ojansivu
efd91a8f72 Updated translations. 2025-12-29 21:49:37 +02:00
Lauri Ojansivu
fbfde81bc8 Opened card Checklist menu: Hide finished tasks. Show Checklist at Minicard. 
Thanks to C0rn3j and xet7 !

Fixes #6019,
fixes #5567,
fixes #2984
 2025-12-29 21:42:19 +02:00
Lauri Ojansivu
cf62807ad5 Fix Unable to delete Checklist. Added confirm delete to Checklist and Chekclist Item. 
Thanks to C0rn3j and xet7 !

Fixes #6020
 2025-12-29 19:42:20 +02:00
Lauri Ojansivu
2d87ba18b3 Fix move card last selection is gone. 
Thanks to mimZD and xet7 !

Fixes #6046
 2025-12-29 19:17:06 +02:00
Lauri Ojansivu
74f1dfde72 Fix copy move card at board and MultiSelect to have numbered target of board, card above or below. Added MultiSelect change color. 
Thanks to mimZD and xet7 !

Fixes #6045
 2025-12-29 19:09:45 +02:00
Lauri Ojansivu
db4b04d837 Fix find.sh work with spaces, for example: ./find.sh "Some text" 
Thanks to xet7 !
 2025-12-29 18:46:05 +02:00
Lauri Ojansivu
0b0e16c3ea Security Fix 10: LDAP filter injection in LDAP auth. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 17:13:32 +02:00
Lauri Ojansivu
1d16955b6d Security Fix 9: Attachment upload not scoped to card/board relationship. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 17:06:22 +02:00
Lauri Ojansivu
6dfa3beb2b Security Fix 8: Attachments publication leaks metadata without auth. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 17:03:02 +02:00
Lauri Ojansivu
5cd875813f Security Fix 7: Checklist create IDOR: cardId not verified against boardId. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:58:26 +02:00
Lauri Ojansivu
08a6f084eb Security Fix 6: Checklist delete IDOR: checklist not verified against board/card. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:54:04 +02:00
Lauri Ojansivu
181f837d8c Security Fix 5: Read-only roles can still update cards. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:47:11 +02:00
Lauri Ojansivu
198509e760 Security Fix 4: Cross-board card move without destination authorization. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:39:23 +02:00
Lauri Ojansivu
67cb47173c Security Fix 3: Card comment author spoofing (IDOR) via API. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:34:00 +02:00
Lauri Ojansivu
7ed76c180e Security Fix 2: Private-only board setting can be bypassed. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:29:01 +02:00
Lauri Ojansivu
f244a43771 Security Fix 1: IDOR in setCreateTranslation. Non-admin could change Custom Translation. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec.
 2025-12-29 16:20:17 +02:00
Lauri Ojansivu
48e856fca2 Updated translations. 2025-12-29 16:12:37 +02:00
Lauri Ojansivu
7d83cb3d0b Updated ChangeLog. 2025-12-29 15:31:26 +02:00
Lauri Ojansivu
3af3c9a89d Converted Gantt from js to Jade. Part 2. 
Thanks to xet7 !
 2025-12-29 15:26:16 +02:00