Created attachment 185777 [details] Patch to update from 1.0.44 to 1.0.46 No breaking changes. Changelog: Version 1.0.46 (August 13, 2017) -------------------------------- Security Issues: * Fix two privilege escalation issues: a standard user could reset the password of another user (including admin) by altering form data. (CVE-2017-12850 and CVE-2017-12851, discovered by "chbi"). Improvements: * Add "Create another link" checkbox for internal link as in sub-task creation * Updated translations Bug fixes: * Fix parsing issue in phpToBytes() method Version 1.0.45 (June 23, 2017) ------------------------------ New features: * Automatic action to assign tasks to its creator * Add the possibility to create a comment when a task is sent by email * Add dropdown menu to autocomplete email field from project members * Add configurable list of predefined subjects when sending a task or a a comment by email * Add command line argument to filter overdue notification for a given project Improvements: * Improve SQL migrations when old default swimlanes have the same name as a normal swimlanes Bug fixes: * Add missing subtask permissions for project viewer role * Fix Javascript language mapping
Created attachment 185778 [details] Testport results
A commit references this bug: Author: tobik Date: Sat Aug 26 12:59:28 UTC 2017 New revision: 448768 URL: https://svnweb.freebsd.org/changeset/ports/448768 Log: Document vulnerabilities of www/kanboard PR: 221826 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: tobik Date: Sat Aug 26 13:03:03 UTC 2017 New revision: 448769 URL: https://svnweb.freebsd.org/changeset/ports/448769 Log: www/kanboard: Update to 1.0.46 Changes: https://github.com/kanboard/kanboard/blob/master/ChangeLog PR: 221826 Submitted by: Bart Wrobel <bsd@if0.eu> (maintainer) MFH: 2017Q3 Security: CVE-2017-12850 Security: CVE-2017-12851 Changes: head/www/kanboard/Makefile head/www/kanboard/distinfo head/www/kanboard/pkg-plist
A commit references this bug: Author: tobik Date: Sun Aug 27 05:19:04 UTC 2017 New revision: 448803 URL: https://svnweb.freebsd.org/changeset/ports/448803 Log: MFH: r448769 www/kanboard: Update to 1.0.46 Changes: https://github.com/kanboard/kanboard/blob/master/ChangeLog PR: 221826 Submitted by: Bart Wrobel <bsd@if0.eu> (maintainer) Security: CVE-2017-12850 Security: CVE-2017-12851 Approved by: ports-secteam (delphij) Changes: _U branches/2017Q3/ branches/2017Q3/www/kanboard/Makefile branches/2017Q3/www/kanboard/distinfo branches/2017Q3/www/kanboard/pkg-plist
MARKED AS SPAM