Bug 221826 - www/kanboard: Update to 1.0.46
Summary: www/kanboard: Update to 1.0.46
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Tobias Kortkamp
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-08-26 09:07 UTC by Bart Wrobel
Modified: 2017-09-02 07:32 UTC (History)
2 users (show)

See Also:
tobik: merge-quarterly+

Attachments
Patch to update from 1.0.44 to 1.0.46 (47.23 KB, patch)
2017-08-26 09:07 UTC, Bart Wrobel 		no flags Details | Diff
Testport results (155.05 KB, text/plain)
2017-08-26 09:11 UTC, Bart Wrobel 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bart Wrobel 2017-08-26 09:07:57 UTC 
Created attachment 185777 [details]
Patch to update from 1.0.44 to 1.0.46

No breaking changes.

Changelog:

Version 1.0.46 (August 13, 2017)
--------------------------------

Security Issues:

* Fix two privilege escalation issues: a standard user could reset the password 
of another user (including admin) by altering form data.
(CVE-2017-12850 and CVE-2017-12851, discovered by "chbi").

Improvements:

* Add "Create another link" checkbox for internal link as in sub-task creation
* Updated translations

Bug fixes:

* Fix parsing issue in phpToBytes() method

Version 1.0.45 (June 23, 2017)
------------------------------

New features:

* Automatic action to assign tasks to its creator
* Add the possibility to create a comment when a task is sent by email
* Add dropdown menu to autocomplete email field from project members
* Add configurable list of predefined subjects when sending a task or a a comment by email
* Add command line argument to filter overdue notification for a given project

Improvements:

* Improve SQL migrations when old default swimlanes have the same name as a normal swimlanes

Bug fixes:

* Add missing subtask permissions for project viewer role
* Fix Javascript language mapping
Comment 1 Bart Wrobel 2017-08-26 09:11:22 UTC 
Created attachment 185778 [details]
Testport results
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-08-26 12:59:59 UTC 
A commit references this bug:

Author: tobik
Date: Sat Aug 26 12:59:28 UTC 2017
New revision: 448768
URL: https://svnweb.freebsd.org/changeset/ports/448768

Log:
  Document vulnerabilities of www/kanboard

  PR:		221826

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-08-26 13:04:03 UTC 
A commit references this bug:

Author: tobik
Date: Sat Aug 26 13:03:03 UTC 2017
New revision: 448769
URL: https://svnweb.freebsd.org/changeset/ports/448769

Log:
  www/kanboard: Update to 1.0.46

  Changes:	https://github.com/kanboard/kanboard/blob/master/ChangeLog
  PR:		221826
  Submitted by:	Bart Wrobel <bsd@if0.eu> (maintainer)
  MFH:		2017Q3
  Security:	CVE-2017-12850
  Security:	CVE-2017-12851

Changes:
  head/www/kanboard/Makefile
  head/www/kanboard/distinfo
  head/www/kanboard/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-08-27 05:19:57 UTC 
A commit references this bug:

Author: tobik
Date: Sun Aug 27 05:19:04 UTC 2017
New revision: 448803
URL: https://svnweb.freebsd.org/changeset/ports/448803

Log:
  MFH: r448769

  www/kanboard: Update to 1.0.46

  Changes:	https://github.com/kanboard/kanboard/blob/master/ChangeLog
  PR:		221826
  Submitted by:	Bart Wrobel <bsd@if0.eu> (maintainer)
  Security:	CVE-2017-12850
  Security:	CVE-2017-12851

  Approved by:	ports-secteam (delphij)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/www/kanboard/Makefile
  branches/2017Q3/www/kanboard/distinfo
  branches/2017Q3/www/kanboard/pkg-plist
Comment 5 rahu 2017-09-02 07:32:42 UTC 
MARKED AS SPAM