v7.98
This release adds the following CRITICAL SECURITY FIXES:
- Security Fix: IDOR CWE-639 that affected WeKan 7.80-7.93.
Thanks to Romain Korpas at apitech.fr and xet7. - Security Fix: Computational Resource Abuse in Export endpoints.
Thanks to Anynymous Security Researcher and xet7. - Security Fix FG-VD-22-078: Prevent SVG Billion Laughs Attack.
Thanks to Nguyen Thanh Nguyen of Fortinet's FortiGuard Labs and xet7. - Security Fix JVN#14269684: Broken access control.
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7. - Security Fix JVN#74210258: Stored XSS.
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7. - Security Fix JVN#86586539: Stored XSS.
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7. - Security Fix usd-2022-0041: CWE-284 Improper Access Control.
Thanks to Christian Pöschl of usd AG and xet7.
and adds the following new features:
- Mobile one board per row. Board zoom size percent. Board toggle mobile/desktop mode. In Progress.
Thanks to xet7. - [Drag any files from file manager to minicard or opened card.
Part 1,
Part 2.
Thanks to xet7. - Use attachments from old CollectionFS database structure, when not yet migrated to Meteor-Files/ostrio-files, without needing to migrate database structure.
Thanks to xet7. - Show console.log 'Legacy attachments route loaded' only when environment variable DEBUG=true.
Thanks to xet7. - Make possible for lists to have different names at different swimlanes. Make possible to drag list from one swimlane to another swimlane.
Thanks to xet7. - Add support for Docker/Compose Secrets for passwords to Docker/Snap/Bundle platforms.
Thanks to Roemer and xet7. - Add Snap automatic upgrades.
Part 1,
Part 2.
Thanks to xet7.
and fixes the following bugs:
- Fix DOMPurify paths.
Part 1,
Part 2,
Part 3,
Part 4.
Thanks to xet7. - Fix sizes of drag handles at desktop mode.
Thanks to xet7. - Fixed showing translations always, regardsless of is ROOT_URL set correctly or not.
Thanks to xet7.
Thanks to above GitHub users for their contributions and translators for their translations.