Kanboard - Package Updates
-
[1.15.4]
- Update Kanboard to 1.2.29
- Full changelog
- Avoid potential clipboard based cross-site scripting (CVE-2023-32685)
- Add themes support: dark, light and automatic mode
- Fix broken "Hide this Column" feature
- Do not close modals when clicking on the background if the form has changed
- Fix incorrect route for "My Activity Stream"
- Fix incorrect parameter encoding when using URLs rewriting
- Add support for task links in Markdown headings
- Handle 413 responses from Nginx when uploading files too large
-
[1.15.5]
- Update Kanboard to 1.2.30
- Full changelog
- CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure
- CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software
- CVE-2023-33969: Stored XSS in the Task External Link Functionality
- CVE-2023-33970: Missing access control in internal task links feature
- Avoid PHP warning caused by session_regenerate_id()
- Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions
-
[1.15.6]
- Update Kanboard to 1.2.32
- Full changelog
- Fix unexpected EventDispatcher exception in cronjob and during logout
- Integration Tests: Run apt update before installing Apache
- Automatic action TaskMoveColumnClosed does not log column movement
- Tweak Sqlite connection settings to reduce database locked errors
- Bump phpunit/phpunit from 9.6.9 to 9.6.10
-
[1.15.7]
- Update Kanboard to 1.2.33
- Update base image to 4.2.0
- Full changelog
- Do not close modals when clicking on the background
- Add Bulgarian translation
- Update Ukrainian and Russian translations
- Show the two factor form in the middle of the screen like the login form does
- Do not override the creator_id with the current logged user if the task is imported
- Add basic Dev Container configs
- Add adaptive SVG favicon and more SVG variants:
- Remove project_id from task links (A few were missed in #4892)
- Remove unused and invalid method in ProjectModel
- Update phpunit/phpunit and symfony/* dependencies
- Update vendor folder
-
[1.15.8]
- Update Kanboard to 1.2.34
- Full changelog
- API: Avoid PHP notice when searching for a project name that does not exist
- Update Bulgarian translation
- Bump symfony/console from 5.4.28 to 5.4.32
- Bump phpunit/phpunit from 9.6.13 to 9.6.15
-
[1.15.10]
- Update Kanboard to 1.2.36
- Full changelog
- Add comments visibility
- Add explicit int casting to avoid PHP 8 TypeError when having empty automatic action parameters
- Add new config option
DASHBOARD_MAX_PROJECTS - Add reply feature to comments
- Fix search bar layout when adding more buttons via third-party plugins
- Introduce a Git hook to automatically update version.txt during Git checkout
-
[1.15.11]
- Update Kanboard to 1.2.37
- Full changelog
- Add comments visibility
- Add explicit int casting to avoid PHP 8 TypeError when having empty automatic action parameters
- Add new config option
DASHBOARD_MAX_PROJECTS - Add reply feature to comments
- Fix search bar layout when adding more buttons via third-party plugins
-
[1.16.1]
- Update Kanboard to 1.2.38
- Full changelog
-
[1.16.2]
- Update Kanboard to 1.2.39
- Full changelog
- fix: remove CSS which caused responsive issues on mobile
- fix: incorrect template condition that set the username field to read only for remote users
- fix: tasks count across swimlanes was incorrect
- fix: avoid warning from libpng when loading PNG image with incorrect iCCP profiles
- feat: improve column header task counts
-
[1.16.3]
- Update Kanboard to 1.2.40
- Full changelog
- fix: avoid PHP error if no subtask in progress is found
- fix: avoid potential XSS and HTML injection in comment replies
- fix: prevent duplicated columns when enabling per-swimlane column task limits
- fix(api): check comment visibility in API procedures
- fix(api): verify comment ownership in API procedures
- fix(mssql): escape identifiers in timesheet queries
- fix(mssql): use ANSI OFFSET/FETCH syntax for pagination queries
- fix(test): use explicit ORDER BY for queries returning multiple rows
-
[1.16.4]
- Update Kanboard to 1.2.41
- Full changelog
- feat: add new plugin hooks in project forms
- feat: add option to add BOM at the beginning of CSV files (required for Microsoft Excel)
- feat: validate app config form values
- feat: add cancel button on 2FA code validation screen
-
[1.16.5]
- Update kanboard to 1.2.42
- Full Changelog
- fix: validate translation filename before loading locales
- fix: avoid path traversal in
FileStorage - feat: add Peruvian Sol to the list of currencies
- build(deps): bump
symfony/finderfrom5.4.43to5.4.45 - build(deps-dev): bump
symfony/stopwatchfrom5.4.40to5.4.45
-
[1.16.6]
- checklist added to CloudronManifest
-
[1.16.7]
- Update kanboard to 1.2.43
- Full Changelog
- fix: verify the session hasn't expired before returning data
- fix: avoid PHP 8.4 deprecation notices in third-party libraries
- fix: avoid Composer warnings regarding PSR compatibility
- feat(locale): add missing Brazilian Portuguese translations
-
[1.16.8]
- Update kanboard to 1.2.44
- Full Changelog
- fix: prevent internal task titles from wrapping under the dropdown menu icon
- feat(locale): update Greek and French translations
- feat: display tag color squares next to their names in project and global settings
- feat: enable bulk addition/removal of internal links
- feat: provide an option to add tags without replacing existing ones during bulk operations
-
[1.17.0]
- Update base image to 5.0.0
-
[1.17.1]
- Update kanboard to 1.2.45
- Full Changelog
- refactor: reuse existing helpers in tasks import form
- fix(filter): handle
nullinput in theLexerclass - fix(api): allow and validate creator ID assignment in task creation
- feat(routes): add
viewroutes for project and task file browsing - feat(locale): update all language files using machine translation
- feat(api): add priority fields to
createProjectandupdateProjectprocedures - feat: allow attaching screenshots and files when creating a task
- feat: add task title to overdue notification title
