Kanboard 1.2.31
12 July 2023
Kanboard version 1.2.31 is now available (security release).
Upgrading to Kanboard 1.2.31
Kanboard 1.2.31 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Kanboard updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Kanboard install to test the 1.2.31 upgrade prior to applying it live. Get started managing your Kanboard installations with Installatron
What's New in Kanboard 1.2.31
1.2.31
Security
- CVE-2023-36813: Avoid potential SQL injections without breaking compatibility with plugins
Bug Fixes and Changes
- Run tests with PHP 8 on GitHub Actions
- Bump Symfony dependencies
- Update Composer dependencies to be able to run tests with PHP 8.2
- Add /usr/bin/php symlink in the Docker image
- Replace usage of at() matcher with alternatives in unit tests
- Adjust plugin directory test case to work on released versions
- Fix incorrect background dynamic property in captcha library
- Update translations
1.2.30
Security
- CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure
- CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software
- CVE-2023-33969: Stored XSS in the Task External Link Functionality
- CVE-2023-33970: Missing access control in internal task links feature
Bug Fixes
- Avoid PHP warning caused by session_regenerate_id()
- Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions
1.2.29
Bug Fixes and Changes
- Avoid potential clipboard based cross-site scripting (CVE-2023-32685)
- Upgrade Docker image to PHP 8.2 and Alpine 3.18
- Add themes support: dark, light and automatic mode
- Fix broken "Hide this Column" feature
- Do not close modals when clicking on the background if the form has changed
- Fix incorrect route for "My Activity Stream"
- Fix incorrect parameter encoding when using URLs rewriting
- Add support for task links in Markdown headings
- Handle 413 responses from Nginx when uploading files too large
- Restore all previously loaded translations when sending user notifications
- Regenerate session ID after successful authentication
- Use SESSION_DURATION option to define the session lifetime stored in the database
- The option SESSION_DURATION is used to define the cookie lifetime.
- With this change, Kanboard will try to use first SESSION_DURATION instead of the
- default session.gc_maxlifetime value.
- Bump phpunit/phpunit from 9.6.6 to 9.6.8