Wekan - Package Updates
-
[4.111.0]
- Update wekan to 9.64
- Full Changelog
- Fixed ChecklistBleed: any authenticated user can write checklist data into a private board they are not a member of (cross-board write via collection allow rule)
- Fixed ProxyBleed: Header-login IP allowlist bypass via X-Forwarded-For spoofing allows unauthenticated full account takeover (incl. admin)
- Fixed TokenBleed: unauthenticated login-token minting via un-awaited auth check in
POST /api/createtoken/:userId - Fixed BoardBleed: Broken access control lets any authenticated user move their Cards/Lists/Swimlanes into a private board they are not a member of (cross-board write via collection allow rule)
- Added card dependency "Red Strings" / PI program board
- Greatly expanded board automation Rules
- Added Jira import
- Full right-to-left (RTL) UI for every page when an RTL language is selected
- Greatly improved import from Trello to WeKan
- Fixed SyncedCron crash
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login