Skip to content

Commit

Permalink
Update ChangeLog
Browse files Browse the repository at this point in the history
  • Loading branch information
@fguillot
fguillot committed Feb 2, 2019
1 parent 233fd1a commit ba5878e
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 2 deletions.
30 changes: 30 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,33 @@
Version 1.2.8 (February 2, 2019)
--------------------------------

Breaking Changes:

* Authorize only API tokens when 2FA is enabled (no user password)
* Disable by default plugin installer for security reasons:
- There is no code review or any approval process to submit a plugin.
- This is up to the Kanboard instance owner to validate if a plugin is legit.

Fixes and Improvements:

* Limit avatar image size
* Avoid CSRF in users CSV import
* Avoid XSS in pagination sorting
* Do not show projects dropdown when prompting the 2FA code
* Always returns a 404 instead of 403 to avoid people discovering users
* Check if user role has changed while the session is open
* Add missing CSRF check in TwoFactorController::deactivate()
* Hide edit button when user cannot edit task
* Fix permission check before "Assign to me"
* Fix permission check before showing project options
* Fix assignable users on a group with a custom role
* Fix import of automatic actions when parameters are "unassigned" or "no category"
* Update license year
* Update Docker image to Alpine 3.9
* Update translations
* Fix PHP error in task views (tag colors)
* Limit assignee drop-down selector scope

Version 1.2.7 (December 19, 2018)
---------------------------------

Expand Down
2 changes: 1 addition & 1 deletion app/constants.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
// Plugins settings
defined('PLUGINS_DIR') or define('PLUGINS_DIR', ROOT_DIR.DIRECTORY_SEPARATOR.'plugins');
defined('PLUGIN_API_URL') or define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', false); // Disabled by default for security reason
defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', false); // Disabled by default for security reasons

// Enable/disable debug
defined('DEBUG') or define('DEBUG', strtolower(getenv('DEBUG')) === 'true');
Expand Down
4 changes: 3 additions & 1 deletion config.default.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,9 @@
// Plugins directory URL
define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');

// Enable/Disable plugin installer (Disabled by default for security reason)
// Enable/Disable plugin installer (Disabled by default for security reasons)
// There is no code review or any approval process to submit a plugin.
// This is up to the Kanboard instance owner to validate if a plugin is legit.
define('PLUGIN_INSTALLER', false);

// Available cache drivers are "file" and "memory"
Expand Down

0 comments on commit ba5878e

Please sign in to comment.