Lauri Ojansivu
|
ec57618c98
|
Updated translations.
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
|
2026-01-06 00:20:33 +02:00 |
|
Lauri Ojansivu
|
3b378961b0
|
Updated ChangeLog.
|
2026-01-06 00:16:48 +02:00 |
|
Lauri Ojansivu
|
cbb1cd78de
|
Security Fix 1: There was not enough permission checks. Moved migrations to Admin Panel/Settings/Cron.
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
|
2026-01-06 00:15:16 +02:00 |
|
Lauri Ojansivu
|
d6834d0287
|
Updated ChangeLog.
|
2026-01-05 21:49:52 +02:00 |
|
Lauri Ojansivu
|
a9a89b501a
|
Published @wekanteam npm packages to npmjs.com .
Thanks to xet7 !
|
2026-01-05 21:31:54 +02:00 |
|
Lauri Ojansivu
|
7de4385160
|
Updated dependencies.
Thanks to developers of dependencies !
|
2026-01-05 19:19:56 +02:00 |
|
Lauri Ojansivu
|
7ac5a2bba5
|
Updated translations.
|
2026-01-05 18:23:26 +02:00 |
|
Lauri Ojansivu
|
e0af5db1a9
|
Merge pull request #6056 from brlin-tw/patch-nonascii-attachment-download-error
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
WIP: AI: Fix attachment download error with non-ASCII filenames (#6055)
|
2026-01-04 20:06:06 +02:00 |
|
Lauri Ojansivu
|
87cd07dec7
|
Merge pull request #6059 from wekan/dependabot/npm_and_yarn/multi-8d39329a2d
Bump qs
|
2026-01-04 20:05:38 +02:00 |
|
dependabot[bot]
|
e80f8e5121
|
Bump qs
Bumps [qs](https://github.com/ljharb/qs) to 6.14.0 and updates ancestor dependency . These dependencies need to be updated together.
Updates `qs` from 6.14.0 to 6.14.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.0...v6.14.0)
Updates `qs` from 6.13.0 to 6.14.1
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.0...v6.14.0)
---
updated-dependencies:
- dependency-name: qs
dependency-version: 6.14.0
dependency-type: indirect
- dependency-name: qs
dependency-version: 6.14.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2026-01-01 13:35:17 +00:00 |
|
Lauri Ojansivu
|
2325a5c532
|
Updated translations
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
|
2025-12-30 12:19:55 +02:00 |
|
Lauri Ojansivu
|
b1db262b37
|
Updated ChangeLog.
|
2025-12-30 12:01:28 +02:00 |
|
GitHub Copilot
|
2e564bd076
|
Fix attachment download error with non-ASCII filenames
Fixes #6055.
Signed-off-by: Buo-ren Lin (OSSII) <buoren.lin@ossii.com.tw>
|
2025-12-30 17:54:29 +08:00 |
|
Lauri Ojansivu
|
e09e9114aa
|
v8.19
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
|
2025-12-29 21:54:10 +02:00 |
|
Lauri Ojansivu
|
efd91a8f72
|
Updated translations.
|
2025-12-29 21:49:37 +02:00 |
|
Lauri Ojansivu
|
fbfde81bc8
|
Opened card Checklist menu: Hide finished tasks. Show Checklist at Minicard.
Thanks to C0rn3j and xet7 !
Fixes #6019,
fixes #5567,
fixes #2984
|
2025-12-29 21:42:19 +02:00 |
|
Lauri Ojansivu
|
cf62807ad5
|
Fix Unable to delete Checklist. Added confirm delete to Checklist and Chekclist Item.
Thanks to C0rn3j and xet7 !
Fixes #6020
|
2025-12-29 19:42:20 +02:00 |
|
Lauri Ojansivu
|
2d87ba18b3
|
Fix move card last selection is gone.
Thanks to mimZD and xet7 !
Fixes #6046
|
2025-12-29 19:17:06 +02:00 |
|
Lauri Ojansivu
|
74f1dfde72
|
Fix copy move card at board and MultiSelect to have numbered target of board, card above or below. Added MultiSelect change color.
Thanks to mimZD and xet7 !
Fixes #6045
|
2025-12-29 19:09:45 +02:00 |
|
Lauri Ojansivu
|
db4b04d837
|
Fix find.sh work with spaces, for example: ./find.sh "Some text"
Thanks to xet7 !
|
2025-12-29 18:46:05 +02:00 |
|
Lauri Ojansivu
|
0b0e16c3ea
|
Security Fix 10: LDAP filter injection in LDAP auth.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 17:13:32 +02:00 |
|
Lauri Ojansivu
|
1d16955b6d
|
Security Fix 9: Attachment upload not scoped to card/board relationship.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 17:06:22 +02:00 |
|
Lauri Ojansivu
|
6dfa3beb2b
|
Security Fix 8: Attachments publication leaks metadata without auth.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 17:03:02 +02:00 |
|
Lauri Ojansivu
|
5cd875813f
|
Security Fix 7: Checklist create IDOR: cardId not verified against boardId.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:58:26 +02:00 |
|
Lauri Ojansivu
|
08a6f084eb
|
Security Fix 6: Checklist delete IDOR: checklist not verified against board/card.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:54:04 +02:00 |
|
Lauri Ojansivu
|
181f837d8c
|
Security Fix 5: Read-only roles can still update cards.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:47:11 +02:00 |
|
Lauri Ojansivu
|
198509e760
|
Security Fix 4: Cross-board card move without destination authorization.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:39:23 +02:00 |
|
Lauri Ojansivu
|
67cb47173c
|
Security Fix 3: Card comment author spoofing (IDOR) via API.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:34:00 +02:00 |
|
Lauri Ojansivu
|
7ed76c180e
|
Security Fix 2: Private-only board setting can be bypassed.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
|
2025-12-29 16:29:01 +02:00 |
|
Lauri Ojansivu
|
f244a43771
|
Security Fix 1: IDOR in setCreateTranslation. Non-admin could change Custom Translation.
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec.
|
2025-12-29 16:20:17 +02:00 |
|
Lauri Ojansivu
|
48e856fca2
|
Updated translations.
|
2025-12-29 16:12:37 +02:00 |
|
Lauri Ojansivu
|
7d83cb3d0b
|
Updated ChangeLog.
|
2025-12-29 15:31:26 +02:00 |
|
Lauri Ojansivu
|
3af3c9a89d
|
Converted Gantt from js to Jade. Part 2.
Thanks to xet7 !
|
2025-12-29 15:26:16 +02:00 |
|
Lauri Ojansivu
|
2d3bef9033
|
Converted Gantt from js to Jade.
Thanks to xet7 !
|
2025-12-29 15:17:27 +02:00 |
|
Lauri Ojansivu
|
ce9afbcaca
|
Updated ChangeLog.
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
|
2025-12-29 10:07:47 +02:00 |
|
Lauri Ojansivu
|
ba79d5389d
|
Updated ChangeLog.
|
2025-12-29 07:27:48 +02:00 |
|
Lauri Ojansivu
|
2f4c40c1db
|
Updated translations.
|
2025-12-29 07:25:26 +02:00 |
|
Lauri Ojansivu
|
6c9e8a4aa8
|
Merge pull request #6052 from Chostakovitch/6048-dnd-lists
Merge list component methods with same name
|
2025-12-29 07:19:35 +02:00 |
|
Lilou
|
223c38c50d
|
Set sortable methods of lists only once
|
2025-12-29 02:45:48 +01:00 |
|
Lilou
|
c1981dee9b
|
Merge list component methods with same name
Probably results in inconsistant behavior (which one overwrites the other?)
|
2025-12-29 01:48:33 +01:00 |
|
Lauri Ojansivu
|
45b3373145
|
Updated ChangeLog.
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
|
2025-12-28 23:45:21 +02:00 |
|
Lauri Ojansivu
|
54a566cfb1
|
Merge pull request #6050 from Chostakovitch/6049-announcements
Re-add JS closing class to unicode close announcement symbol
|
2025-12-28 23:40:28 +02:00 |
|
Lilou
|
5a51c2940a
|
Re-add JS closing class to unicode close announcement symbol
|
2025-12-28 21:54:39 +01:00 |
|
Lauri Ojansivu
|
7232070bd1
|
Updated ChangeLog.
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
|
2025-12-28 20:38:34 +02:00 |
|
Lauri Ojansivu
|
33ab8920ca
|
v8.18
|
2025-12-28 20:32:44 +02:00 |
|
Lauri Ojansivu
|
db4d47cc52
|
Updated ChangeLog.
|
2025-12-28 20:21:44 +02:00 |
|
Lauri Ojansivu
|
e210c9973b
|
Upgraded MongoDB to 7.0.28 to fix mongobleed at Snap Candidate.
Thanks to developers of MongoDB !
|
2025-12-28 19:59:36 +02:00 |
|
Lauri Ojansivu
|
98d05ce545
|
Updated translations
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
|
2025-12-25 08:47:55 +02:00 |
|
Lauri Ojansivu
|
9268d80974
|
Updated translations.
|
2025-12-25 08:46:43 +02:00 |
|
Lauri Ojansivu
|
1a221a6967
|
Updated translations.
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
|
2025-12-23 16:06:21 +02:00 |
|