Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-24 18:26:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
13010 commits 1 branch 851 tags 154 MiB
Commit graph

1453 commits

Author SHA1 Message Date
Lauri Ojansivu
d0dc206ffc
Merge pull request #6087 from harryadel/speakingurl-to-limax 
Replace ongoworks:speakingurl with limax
 2026-01-24 01:51:52 +02:00
Harry Adel
e0249493d0 Fix swimlanes 2026-01-23 22:28:59 +02:00
Harry Adel
2d0c4f5bd8 Replace ongoworks:speakingurl with limax 2026-01-21 19:39:01 +02:00
Harry Adel
94a3575e2c Replace mquandalle:collection-mutations with collection helpers 2026-01-21 19:22:54 +02:00
Harry Adel
526251397e Migrate from percolate:synced-cron to quave:synced-cron 2026-01-20 17:56:52 +02:00
Lauri Ojansivu
ad511bd137 Fixed Add member and @mentions. 
Thanks to xet7 !

Fixes #6076,
fixes #6077
 2026-01-20 02:28:32 +02:00
Lauri Ojansivu
545566f566 Security Fix 10: BoardTitleRESTBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:55:48 +02:00
Lauri Ojansivu
8c0b4f79d8 Security Fix 9: ListWIPBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:50:29 +02:00
Lauri Ojansivu
c413a7e860 Security Fix 8: MoveStorageBleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:45:44 +02:00
Lauri Ojansivu
251d49eea9 Security Fix 3: Checklist REST Bleed. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:13:14 +02:00
Lauri Ojansivu
cabfeed9a6 Security Fix 2: Orgs Teams permissions checks. 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
 2026-01-18 19:08:28 +02:00
Lauri Ojansivu
d337afd5d3 Fixed "Copy card link to clipboard" icon often not working. 
Thanks to brlin-tw and xet7 !

Fixes #6068
 2026-01-18 15:21:33 +02:00
Lauri Ojansivu
eabb6a239d Fix New Board Permissions: NormalAssignedOnly, CommentAssignedOnly, ReadOnly, ReadAssignedOnly. Part 1. 
Thanks to nazim-oss and xet7 !

Related #6060
 2026-01-14 23:43:11 +02:00
Lauri Ojansivu
20b5e2ab8f Fix mentions and notifications drawer. 
Thanks to xet7 !

Fixes #6062,
fixes #6003,
fixes #5996,
fixes #5720,
fixes #5911,
fixes #5792,
fixes #5163,
fixes #4431,
fixes #4126,
fixes #3363,
fixes #3150
 2026-01-14 21:02:10 +02:00
Lauri Ojansivu
984a2dcec1 Some fixes to make WeKan working after Meteor 3 related router upgrades. 
Thanks to xet7 !
 2026-01-14 01:11:42 +02:00
Lauri Ojansivu
e89f4d260c Fixed Change Avatar. Improved Admin Panel: People columns order, selected tab background color. 
Thanks to xet7 !
 2026-01-14 01:00:59 +02:00
Harry Adel
0635a663f0 Remove pwix:blaze-layout 2026-01-14 00:13:21 +02:00
Lauri Ojansivu
fbfde81bc8 Opened card Checklist menu: Hide finished tasks. Show Checklist at Minicard. 
Thanks to C0rn3j and xet7 !

Fixes #6019,
fixes #5567,
fixes #2984
 2025-12-29 21:42:19 +02:00
Lauri Ojansivu
74f1dfde72 Fix copy move card at board and MultiSelect to have numbered target of board, card above or below. Added MultiSelect change color. 
Thanks to mimZD and xet7 !

Fixes #6045
 2025-12-29 19:09:45 +02:00
Lauri Ojansivu
5cd875813f Security Fix 7: Checklist create IDOR: cardId not verified against boardId. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:58:26 +02:00
Lauri Ojansivu
08a6f084eb Security Fix 6: Checklist delete IDOR: checklist not verified against board/card. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:54:04 +02:00
Lauri Ojansivu
181f837d8c Security Fix 5: Read-only roles can still update cards. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:47:11 +02:00
Lauri Ojansivu
198509e760 Security Fix 4: Cross-board card move without destination authorization. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:39:23 +02:00
Lauri Ojansivu
67cb47173c Security Fix 3: Card comment author spoofing (IDOR) via API. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:34:00 +02:00
Lauri Ojansivu
7ed76c180e Security Fix 2: Private-only board setting can be bypassed. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
 2025-12-29 16:29:01 +02:00
Lauri Ojansivu
f244a43771 Security Fix 1: IDOR in setCreateTranslation. Non-admin could change Custom Translation. 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec.
 2025-12-29 16:20:17 +02:00
Lilou
223c38c50d Set sortable methods of lists only once 2025-12-29 02:45:48 +01:00
Lauri Ojansivu
a039bb1066 Per-User and Board-level data save fixes. Part 3.
Some checks are pending
Docker / build (push) Waiting to run
Details
Docker Image CI / build (push) Waiting to run
Details
Release Charts / release (push) Waiting to run
Details
Test suite / Meteor tests (push) Waiting to run
Details
Test suite / Coverage report (push) Blocked by required conditions
Details 
Thanks to xet7 !
 2025-12-23 09:03:41 +02:00
Lauri Ojansivu
58e970d685 Per-User and Board-level data save fixes. Part 2. 
Thanks to xet7 !
 2025-12-23 08:01:30 +02:00
Lauri Ojansivu
414b8dbf41 Per-User and Board-level data save fixes. Per-User is collapse, width, height. Per-Board is Swimlanes, Lists, Cards etc. 
Thanks to xet7 !

Fixes #5997
 2025-12-23 07:49:37 +02:00
Lauri Ojansivu
58f4884ad6 Collapse Swimlane, List, Opened Card. Opened Card window X and Y position can be moved freely from drag handle. Fix some dragging not possible. Fix iPhone Safari. 
Thanks to xet7 !

Fixes #6040,
fixes #6027,
fixes #6021,
fixes #6002
 2025-12-23 06:47:02 +02:00
Lauri Ojansivu
4408eae158 feat: grey unicode icons without UI freezes 2025-12-22 23:26:30 +02:00
Lauri Ojansivu
ecfb0f0fdf Manually merged fixes from seve12. 
Thanks to seve12 !

Related https://github.com/wekan/wekan/pull/5967
 2025-12-22 23:18:01 +02:00
Lauri Ojansivu
a7400dca45 More translations. Added support page to Admin Panel / Settings / Layout. 
Thanks to xet7 !
 2025-12-22 22:24:35 +02:00
Lauri Ojansivu
c1168d181b New Board Permissions: NormalAssignedOnly, CommentAssignedOnly, ReadOnly, ReadAssignedOnly. 
Thanks to xet7 !

Fixes #1122,
fixes #6033,
fixes #3300
 2025-12-22 21:45:09 +02:00
Lauri Ojansivu
f34e4c0e36 Gantt chart view to one board view menu Swimlanes/Lists/Calendar/Gantt. 
Thanks to xet7 !

Fixes #2870
 2025-12-22 16:51:10 +02:00
Mial Lewis
003a07ebce change restore to unarchive 2025-11-27 22:00:43 +00:00
Mial Lewis
d3c237bc66 fix more indenting 2025-11-27 08:29:36 +00:00
Mial Lewis
bac0fa81fc correce indent 2025-11-27 08:27:38 +00:00
Mial Lewis
5ff9bf331f add restore to api 2025-11-27 08:23:56 +00:00
Mial Lewis
36d7b0f8a7 correct return values 2025-11-27 00:52:28 +00:00
Mial Lewis
a81a603031 update bool to boolean 2025-11-26 23:59:00 +00:00
Mial Lewis
e30ce78053 add archive card to api 2025-11-26 23:57:49 +00:00
Lauri Ojansivu
1b6e8797ec Feature: Grey Icons. This makes WeKan very slow. Not recommended. 
Thanks to xet7 !
 2025-11-25 04:33:42 +02:00
Lauri Ojansivu
0afbdc95b4 Feature: Workspaces, at All Boards page. 
Thanks to xet7 !
 2025-11-06 00:26:35 +02:00
Lauri Ojansivu
8711b476be Fix star board. 
Thanks to xet7 !
 2025-11-05 20:50:28 +02:00
Lauri Ojansivu
550d87ac6c Fix 8.16: Switching Board View fails with 403 error. 
Thanks to xet7 !
 2025-11-05 16:35:29 +02:00
Lauri Ojansivu
0a1a075f31 Fix SECURITY ISSUE 4: Members can forge others’ votes (Low). Bonus: Similar fixes to planning poker too done by xet7. 
Thanks to Siam Thanat Hack (STH) and xet7 !
 2025-11-02 11:12:41 +02:00
Lauri Ojansivu
ea310d7508 Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 10:13:45 +02:00
Lauri Ojansivu
f26d582018 Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions. 
Thanks to Siam Thanat Hack (STH) !
 2025-11-02 09:11:50 +02:00