|
@@ -27,9 +27,11 @@ Those are fixed at WeKan 8.07 where database directory is back to /var/snap/weka
|
|
|
This release fixes the following CRITICAL SECURITY ISSUES:
|
|
This release fixes the following CRITICAL SECURITY ISSUES:
|
|
|
|
|
|
|
|
- [Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High)](https://github.com/wekan/wekan/commit/e9a727301d7b4f1689a703503df668c0f4f4cab8).
|
|
- [Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High)](https://github.com/wekan/wekan/commit/e9a727301d7b4f1689a703503df668c0f4f4cab8).
|
|
|
- Thanks to Siam Thanat Hack (STH).
|
|
|
|
|
|
|
+ Thanks to Siam Thanat Hack (STH) and xet7.
|
|
|
- [Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions](https://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81).
|
|
- [Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions](https://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81).
|
|
|
- Thanks to Siam Thanat Hack (STH).
|
|
|
|
|
|
|
+ Thanks to Siam Thanat Hack (STH) and xet7.
|
|
|
|
|
+- [ Fix SECURITY ISSUE 3: Unauthenticated (or any) user can update board sort](https://github.com/wekan/wekan/commit/ea310d7508b344512e5de0dfbc9bdfd38145c5c5).
|
|
|
|
|
+ Thanks to Siam Thanat Hack (STH) and xet7.
|
|
|
|
|
|
|
|
and adds the following new features:
|
|
and adds the following new features:
|
|
|
|
|
|
Lauri Ojansivu