713 commits

Author	SHA1	Message	Date
Lauri Ojansivu	4ce181d172	Security Fix 12: FixDuplicateBleed. ... Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.	2026-01-18 20:07:12 +02:00
Lauri Ojansivu	0f5a9c3877	Security Fix 11: CardPubSubBleed. ... Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.	2026-01-18 20:00:37 +02:00
Lauri Ojansivu	053bf1dfb7	Security Fix 7: AttachmentMigrationBleed. ... Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.	2026-01-18 19:39:50 +02:00
Lauri Ojansivu	55576ec177	Security Fix 5: PositionHistoryBleed. ... Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.	2026-01-18 19:29:58 +02:00
Lauri Ojansivu	cc35dafef5	Security Fix 4: MigrationBleed. ... Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.	2026-01-18 19:24:07 +02:00
Lauri Ojansivu	eabb6a239d	Fix New Board Permissions: NormalAssignedOnly, CommentAssignedOnly, ReadOnly, ReadAssignedOnly. Part 1. ... Thanks to nazim-oss and xet7 ! Related #6060	2026-01-14 23:43:11 +02:00
Lauri Ojansivu	5cb712bee4	Added back feature: Toggle Drag Handles. Improved positions of Add List etc buttons. ... Thanks to xet7 !	2026-01-14 19:10:51 +02:00
Lauri Ojansivu	984a2dcec1	Some fixes to make WeKan working after Meteor 3 related router upgrades. ... Thanks to xet7 !	2026-01-14 01:11:42 +02:00
Harry Adel	0635a663f0	Remove pwix:blaze-layout	2026-01-14 00:13:21 +02:00
Lauri Ojansivu	cbb1cd78de	Security Fix 1: There was not enough permission checks. Moved migrations to Admin Panel/Settings/Cron. ... Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.	2026-01-06 00:15:16 +02:00
GitHub Copilot	2e564bd076	Fix attachment download error with non-ASCII filenames ... Fixes #6055. Signed-off-by: Buo-ren Lin (OSSII) <buoren.lin@ossii.com.tw>	2025-12-30 17:54:29 +08:00
Lauri Ojansivu	1d16955b6d	Security Fix 9: Attachment upload not scoped to card/board relationship. ... Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !	2025-12-29 17:06:22 +02:00
Lauri Ojansivu	6dfa3beb2b	Security Fix 8: Attachments publication leaks metadata without auth. ... Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !	2025-12-29 17:03:02 +02:00
Lauri Ojansivu	181f837d8c	Security Fix 5: Read-only roles can still update cards. ... Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !	2025-12-29 16:47:11 +02:00
Lauri Ojansivu	a039bb1066	Per-User and Board-level data save fixes. Part 3. ... Thanks to xet7 !	2025-12-23 09:03:41 +02:00
Lauri Ojansivu	58e970d685	Per-User and Board-level data save fixes. Part 2. ... Thanks to xet7 !	2025-12-23 08:01:30 +02:00
Lauri Ojansivu	414b8dbf41	Per-User and Board-level data save fixes. Per-User is collapse, width, height. Per-Board is Swimlanes, Lists, Cards etc. ... Thanks to xet7 ! Fixes #5997	2025-12-23 07:49:37 +02:00
Lauri Ojansivu	1b6e8797ec	Feature: Grey Icons. This makes WeKan very slow. Not recommended. ... Thanks to xet7 !	2025-11-25 04:33:42 +02:00
Lauri Ojansivu	e4638d5fbc	Fixed sidebar migrations to be per-board, not global. Clarified translations. ... Thanks to xet7 !	2025-11-05 20:22:56 +02:00
Lauri Ojansivu	ba49d4d140	Remove old translations and code not in use anymore. ... Thanks to xet7 !	2025-11-05 19:03:21 +02:00
Lauri Ojansivu	7713e613b4	Fix 8.16 Lists with no items are deleted every time when board is opened. Moved migrations to right sidebar. ... Thanks to xet7 ! Fixes #5994	2025-11-05 18:44:48 +02:00
Lauri Ojansivu	1b25d1d572	Moved migrations from opening board to right sidebar / Migrations. ... Thanks to xet7 !	2025-11-05 17:06:26 +02:00
Lauri Ojansivu	ccd9034339	Fix SECURITY ISSUE 5: Attachment API uses bearer value as userId and DoS (Low). ... Thanks to Siam Thanat Hack (STH) and xet7 !	2025-11-02 11:42:07 +02:00
Lauri Ojansivu	0a1a075f31	Fix SECURITY ISSUE 4: Members can forge others’ votes (Low). Bonus: Similar fixes to planning poker too done by xet7. ... Thanks to Siam Thanat Hack (STH) and xet7 !	2025-11-02 11:12:41 +02:00
Lauri Ojansivu	ea310d7508	Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort. ... Thanks to Siam Thanat Hack (STH) !	2025-11-02 10:13:45 +02:00
Lauri Ojansivu	f26d582018	Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions. ... Thanks to Siam Thanat Hack (STH) !	2025-11-02 09:11:50 +02:00
Lauri Ojansivu	e9a727301d	Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High). ... Thanks to Siam Thanat Hack (STH) !	2025-11-02 08:36:29 +02:00
Lauri Ojansivu	30620d0ca4	Some migrations and mobile fixes. ... Thanks to xet7 !	2025-10-25 21:09:07 +03:00
Lauri Ojansivu	ae11e80bde	Fix Regression - unable to view cards by due date v8.11. ... Thanks to xet7 ! Fixes #5964	2025-10-22 23:31:36 +03:00
Lauri Ojansivu	58df525b49	Fix duplicated lists and do not show debug messages when env DEBUG is not true. Part 3. ... Thanks to xet7 ! Fixes #5952	2025-10-21 15:31:34 +03:00
Lauri Ojansivu	b7ca2310b2	Fix duplicated lists. ... Thanks to xet7 ! Fixes #5952	2025-10-21 15:19:19 +03:00
Lauri Ojansivu	b6e7b258e0	Fix duplicated lists. ... Thanks to xet7 ! Fixes #5952	2025-10-21 15:14:01 +03:00
Lauri Ojansivu	347fa9e5cd	Fix Regression - due date taking a while to load all cards v8.06. ... Thanks to xet7 ! Fixes #5955	2025-10-21 15:08:50 +03:00
Lauri Ojansivu	4987a95d8e	Prevent opened board re-migrating and reloading every 5 seconds. ... Thanks to xet7 !	2025-10-21 14:12:12 +03:00
Lauri Ojansivu	9536e60bd1	Fix opening board migration of Shared Lists to Per-Swimlane lists to use ReactiveCache correctly without errors. ... Thanks to xet7 ! Fixes #5960	2025-10-21 10:46:37 +03:00
Lauri Ojansivu	80777b4663	When opening board, add missing lists. ... Thanks to xet7 ! Fixes #5926	2025-10-20 17:06:42 +03:00
Lauri Ojansivu	0acbf30b03	Fix migrations. ... Thanks to xet7 !	2025-10-20 01:20:28 +03:00
Lauri Ojansivu	eb6b42c4c9	Fix syntax error at migrations. ... Thanks to xet7 !	2025-10-20 00:28:19 +03:00
Lauri Ojansivu	1e6252de7f	When opening board, migrate from Shared Lists to Per-Swimlane Lists. ... Thanks to xet7 ! Fixes #5952	2025-10-20 00:22:26 +03:00
Lauri Ojansivu	951d2e4937	Legacy Lists button at one board view to restore missing lists/cards. ... Thanks to xet7 ! Fixes #5952	2025-10-19 23:40:02 +03:00
Lauri Ojansivu	66b444e2b0	Fix unable to see My Due Cards. ... Thanks to xet7 ! Fixes #5948	2025-10-19 20:05:36 +03:00
Lauri Ojansivu	cb6afe67a7	Replaced moment.js with Javascript date. ... Thanks to xet7 !	2025-10-17 00:26:11 +03:00
Lauri Ojansivu	79b94824ef	Changed wekan-boostrap-datepicker to HTML datepicker. ... Thanks to xet7 !	2025-10-16 23:19:26 +03:00
Lauri Ojansivu	2543df9425	Show original positions of swimlanes, lists and cards. ... Thanks to xet7 ! Fixes #5939	2025-10-16 20:23:05 +03:00
Lauri Ojansivu	0a34ee1b64	Removed not needed console log message. ... Thanks to xet7 !	2025-10-14 01:52:58 +03:00
Lauri Ojansivu	63c314ca18	Fixed migrations. ... Thanks to xet7 !	2025-10-14 01:30:59 +03:00
Lauri Ojansivu	bd8c565415	Fixes to make board showing correctly. ... Thanks to xet7 !	2025-10-12 03:48:21 +03:00
Lauri Ojansivu	317138ab72	If there is no cron jobs running, run migrations for boards that have not been opened yet. ... Thanks to xet7 !	2025-10-11 20:33:31 +03:00
Lauri Ojansivu	da68b01502	Added Cron Manager to Admin Panel for long running jobs, like running migrations when opening board, copying or moving boards swimlanes lists cards etc. ... Thanks to xet7 !	2025-10-11 19:41:09 +03:00
Lauri Ojansivu	2b5c56484a	Run database migrations when opening board. Not when updating WeKan. ... Thanks to xet7 !	2025-10-11 19:23:47 +03:00