Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Feb 2019 10:47:51 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 235712] www/kanboard: Update to 1.2.8
Message-ID:  <bug-235712-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235712

            Bug ID: 235712
           Summary: www/kanboard: Update to 1.2.8
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: sa.inbox@gmail.com
                CC: bsd@if0.eu
                CC: bsd@if0.eu
             Flags: maintainer-feedback?(bsd@if0.eu)

Created attachment 201982
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D201982&action=
=3Dedit
update-kanboard-to-1.2.8.diff

Kanboard 1.2.8 released Feb 2, 2019

Breaking Changes:
=E2=80=A2Authorize only API tokens when 2FA is enabled (no user password)
=E2=80=A2Disable by default plugin installer for security reasons: =E2=97=
=A6There is no code
review or any approval process to submit a plugin.
=E2=97=A6This is up to the Kanboard instance owner to validate if a plugin =
is legit.


Fixes and Improvements:
=E2=80=A2Limit avatar image size
=E2=80=A2Avoid CSRF in users CSV import
=E2=80=A2Avoid XSS in pagination sorting
=E2=80=A2Do not show projects dropdown when prompting the 2FA code
=E2=80=A2Always returns a 404 instead of 403 to avoid people discovering us=
ers
=E2=80=A2Check if user role has changed while the session is open
=E2=80=A2Add missing CSRF check in TwoFactorController::deactivate()
=E2=80=A2Hide edit button when user cannot edit task
=E2=80=A2Fix permission check before "Assign to me"
=E2=80=A2Fix permission check before showing project options
=E2=80=A2Fix assignable users on a group with a custom role
=E2=80=A2Fix import of automatic actions when parameters are "unassigned" o=
r "no
category"
=E2=80=A2Update license year
=E2=80=A2Update Docker image to Alpine 3.9
=E2=80=A2Update translations
=E2=80=A2Fix PHP error in task views (tag colors)
=E2=80=A2Limit assignee drop-down selector scope

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235712-7788>