Lauri Ojansivu
fd45ae2a62
Added FerretDB2/PostgreSQL Docs. Part 2.
...
Thanks to juri_ at WeKan Libera.Chat IRC and xet7 !
2026-01-14 01:00:57 +02:00
Lauri Ojansivu
46100cfd1d
Updated ChangeLog.
2026-01-14 01:00:57 +02:00
Lauri Ojansivu
1d62322b3c
Added FerretDB2/PostgreSQL Docs.
...
Thanks to juri_ at WeKan Libera.Chat IRC and xet7 !
2026-01-14 01:00:57 +02:00
Harry Adel
0635a663f0
Remove pwix:blaze-layout
2026-01-14 00:13:21 +02:00
Harry Adel
9ebf4d2426
Migrate routing layer from deprecated kadira packages to modern alternatives
...
- Remove deprecated kadira:flow-router, kadira:blaze-layout, arillo:flow-router-helpers
- Add ostrio:flow-router-extra (modern, actively maintained)
- Add pwix:blaze-layout (maintained fork of kadira:blaze-layout)
- Convert all 22 BlazeLayout.render() calls to this.render() in route actions
- Maintain full backward compatibility with existing FlowRouter API
- All route definitions remain functional without syntax changes
- Build compilation succeeds without errors
This migration prepares Wekan for Meteor 3.0 compatibility by replacing
9-year-old deprecated routing packages with modern alternatives.
Next phase: Schema and async collection methods migration
2026-01-13 19:46:32 +02:00
Lauri Ojansivu
59ad67c08c
Updated translations.
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
2026-01-09 18:49:54 +02:00
Lauri Ojansivu
ec57618c98
Updated translations.
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
2026-01-06 00:20:33 +02:00
Lauri Ojansivu
3b378961b0
Updated ChangeLog.
2026-01-06 00:16:48 +02:00
Lauri Ojansivu
cbb1cd78de
Security Fix 1: There was not enough permission checks. Moved migrations to Admin Panel/Settings/Cron.
...
Thanks to [Joshua Rogers](https://joshua.hu ) of [Aisle Research](https://aisle.com ) and xet7.
2026-01-06 00:15:16 +02:00
Lauri Ojansivu
d6834d0287
Updated ChangeLog.
2026-01-05 21:49:52 +02:00
Lauri Ojansivu
a9a89b501a
Published @wekanteam npm packages to npmjs.com .
...
Thanks to xet7 !
2026-01-05 21:31:54 +02:00
Lauri Ojansivu
7de4385160
Updated dependencies.
...
Thanks to developers of dependencies !
2026-01-05 19:19:56 +02:00
Lauri Ojansivu
7ac5a2bba5
Updated translations.
2026-01-05 18:23:26 +02:00
Lauri Ojansivu
e0af5db1a9
Merge pull request #6056 from brlin-tw/patch-nonascii-attachment-download-error
...
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
WIP: AI: Fix attachment download error with non-ASCII filenames (#6055 )
2026-01-04 20:06:06 +02:00
Lauri Ojansivu
87cd07dec7
Merge pull request #6059 from wekan/dependabot/npm_and_yarn/multi-8d39329a2d
...
Bump qs
2026-01-04 20:05:38 +02:00
dependabot[bot]
e80f8e5121
Bump qs
...
Bumps [qs](https://github.com/ljharb/qs ) to 6.14.0 and updates ancestor dependency . These dependencies need to be updated together.
Updates `qs` from 6.14.0 to 6.14.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.14.0...v6.14.0 )
Updates `qs` from 6.13.0 to 6.14.1
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.14.0...v6.14.0 )
---
updated-dependencies:
- dependency-name: qs
dependency-version: 6.14.0
dependency-type: indirect
- dependency-name: qs
dependency-version: 6.14.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-01-01 13:35:17 +00:00
Lauri Ojansivu
2325a5c532
Updated translations
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
2025-12-30 12:19:55 +02:00
Lauri Ojansivu
b1db262b37
Updated ChangeLog.
2025-12-30 12:01:28 +02:00
GitHub Copilot
2e564bd076
Fix attachment download error with non-ASCII filenames
...
Fixes #6055 .
Signed-off-by: Buo-ren Lin (OSSII) <buoren.lin@ossii.com.tw>
2025-12-30 17:54:29 +08:00
Lauri Ojansivu
e09e9114aa
v8.19
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
2025-12-29 21:54:10 +02:00
Lauri Ojansivu
efd91a8f72
Updated translations.
2025-12-29 21:49:37 +02:00
Lauri Ojansivu
fbfde81bc8
Opened card Checklist menu: Hide finished tasks. Show Checklist at Minicard.
...
Thanks to C0rn3j and xet7 !
Fixes #6019 ,
fixes #5567 ,
fixes #2984
2025-12-29 21:42:19 +02:00
Lauri Ojansivu
cf62807ad5
Fix Unable to delete Checklist. Added confirm delete to Checklist and Chekclist Item.
...
Thanks to C0rn3j and xet7 !
Fixes #6020
2025-12-29 19:42:20 +02:00
Lauri Ojansivu
2d87ba18b3
Fix move card last selection is gone.
...
Thanks to mimZD and xet7 !
Fixes #6046
2025-12-29 19:17:06 +02:00
Lauri Ojansivu
74f1dfde72
Fix copy move card at board and MultiSelect to have numbered target of board, card above or below. Added MultiSelect change color.
...
Thanks to mimZD and xet7 !
Fixes #6045
2025-12-29 19:09:45 +02:00
Lauri Ojansivu
db4b04d837
Fix find.sh work with spaces, for example: ./find.sh "Some text"
...
Thanks to xet7 !
2025-12-29 18:46:05 +02:00
Lauri Ojansivu
0b0e16c3ea
Security Fix 10: LDAP filter injection in LDAP auth.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 17:13:32 +02:00
Lauri Ojansivu
1d16955b6d
Security Fix 9: Attachment upload not scoped to card/board relationship.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 17:06:22 +02:00
Lauri Ojansivu
6dfa3beb2b
Security Fix 8: Attachments publication leaks metadata without auth.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 17:03:02 +02:00
Lauri Ojansivu
5cd875813f
Security Fix 7: Checklist create IDOR: cardId not verified against boardId.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 16:58:26 +02:00
Lauri Ojansivu
08a6f084eb
Security Fix 6: Checklist delete IDOR: checklist not verified against board/card.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 16:54:04 +02:00
Lauri Ojansivu
181f837d8c
Security Fix 5: Read-only roles can still update cards.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 16:47:11 +02:00
Lauri Ojansivu
198509e760
Security Fix 4: Cross-board card move without destination authorization.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 16:39:23 +02:00
Lauri Ojansivu
67cb47173c
Security Fix 3: Card comment author spoofing (IDOR) via API.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 16:34:00 +02:00
Lauri Ojansivu
7ed76c180e
Security Fix 2: Private-only board setting can be bypassed.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec !
2025-12-29 16:29:01 +02:00
Lauri Ojansivu
f244a43771
Security Fix 1: IDOR in setCreateTranslation. Non-admin could change Custom Translation.
...
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec.
2025-12-29 16:20:17 +02:00
Lauri Ojansivu
48e856fca2
Updated translations.
2025-12-29 16:12:37 +02:00
Lauri Ojansivu
7d83cb3d0b
Updated ChangeLog.
2025-12-29 15:31:26 +02:00
Lauri Ojansivu
3af3c9a89d
Converted Gantt from js to Jade. Part 2.
...
Thanks to xet7 !
2025-12-29 15:26:16 +02:00
Lauri Ojansivu
2d3bef9033
Converted Gantt from js to Jade.
...
Thanks to xet7 !
2025-12-29 15:17:27 +02:00
Lauri Ojansivu
ce9afbcaca
Updated ChangeLog.
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
2025-12-29 10:07:47 +02:00
Lauri Ojansivu
ba79d5389d
Updated ChangeLog.
2025-12-29 07:27:48 +02:00
Lauri Ojansivu
2f4c40c1db
Updated translations.
2025-12-29 07:25:26 +02:00
Lauri Ojansivu
6c9e8a4aa8
Merge pull request #6052 from Chostakovitch/6048-dnd-lists
...
Merge list component methods with same name
2025-12-29 07:19:35 +02:00
Lilou
223c38c50d
Set sortable methods of lists only once
2025-12-29 02:45:48 +01:00
Lilou
c1981dee9b
Merge list component methods with same name
...
Probably results in inconsistant behavior (which one overwrites the other?)
2025-12-29 01:48:33 +01:00
Lauri Ojansivu
45b3373145
Updated ChangeLog.
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
2025-12-28 23:45:21 +02:00
Lauri Ojansivu
54a566cfb1
Merge pull request #6050 from Chostakovitch/6049-announcements
...
Re-add JS closing class to unicode close announcement symbol
2025-12-28 23:40:28 +02:00
Lilou
5a51c2940a
Re-add JS closing class to unicode close announcement symbol
2025-12-28 21:54:39 +01:00
Lauri Ojansivu
7232070bd1
Updated ChangeLog.
Docker / build (push) Waiting to run
Docker Image CI / build (push) Waiting to run
Release Charts / release (push) Waiting to run
Test suite / Meteor tests (push) Waiting to run
Test suite / Coverage report (push) Blocked by required conditions
2025-12-28 20:38:34 +02:00
