Summary: | www/mattermost-{webapp,server}: Update to 5.15.0 | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Raúl <raul.munoz> | ||||||||||||||||||
Component: | Individual Port(s) | Assignee: | Steve Wills <swills> | ||||||||||||||||||
Status: | Closed FIXED | ||||||||||||||||||||
Severity: | Affects Many People | CC: | loic.blot, ports-secteam, raul.munoz, swills | ||||||||||||||||||
Priority: | Normal | Keywords: | needs-patch, needs-qa, security | ||||||||||||||||||
Version: | Latest | Flags: | loic.blot:
maintainer-feedback+
koobs: merge-quarterly? |
||||||||||||||||||
Hardware: | Any | ||||||||||||||||||||
OS: | Any | ||||||||||||||||||||
URL: | https://docs.mattermost.com/administration/changelog.html | ||||||||||||||||||||
Attachments: |
|
Created attachment 206932 [details]
portmaster log
Release contains a security fix (details not yet released) [1], and numerous bugfixes, MFH [1] See Also: https://mattermost.com/security-updates/ Created attachment 206986 [details]
proposed patch
v5.14.1, released 2019-08-28
Fixed issues with keyboard accessibility where post and search textboxes did not read characters when using the arrow keys to move back and forth through the text. MM-17964 and MM-17974
Created attachment 206987 [details]
portmaster log
5.14.2 released, please update: ) Created attachment 207121 [details]
proposed patch
Created attachment 207122 [details]
portmaster log
v5.14.2, released 2019-08-30 Fixed an issue where Mattermost crashed when date-related search terms on: before: and after: were used in search. MM-18143 OKay for me, thanks for your time Created attachment 207549 [details]
proposed patch
Created attachment 207550 [details]
portmaster log
https://docs.mattermost.com/administration/changelog.html [....] Release v5.15 - Quality Release Release Day: 2019-09-16 Mattermost v5.15.0 contains low level security fixes. Upgrading is recommended. Details will be posted on our security updates page 30 days after release as per the Mattermost Responsible Disclosure Policy. [....] Comment on attachment 207549 [details]
proposed patch
@Maintainer Can you please review and QA this patch to confirm it passes. We also need VuXML entry added for the security vulnerabilities fixed between the current port versions and this one
(In reply to Kubilay Kocak from comment #13) As per mattermost policy, security issues are disclosed within a month after fixes are available. Right now, one known: https://mattermost.com/security-updates/#mattermost-server [....] Security Update #5.14.0.1 (Denial of Service) Fixed an issue where a specifically constructed SVG could be uploaded which would cause the web and desktop apps to freeze when viewing that channel. Thanks to severus for contributing to this improvement under the Mattermost responsible disclosure policy. [....] and a ton of fixes / improvements: https://docs.mattermost.com/administration/changelog.html [....] Fixed an issue where an invalid locale caused a white screen. Fixed an issue where rate limited posts failed to load threads. Improved the group linking failure error message and logging to make it clear that the group id attribute is most likely misconfigured. Fixed an issue where the right-hand side did not fetch messages on socket reconnect when a different channel was in center. Fixed an issue where posting a message in an empty channel sometimes caused the channel to display a loading spinner. Fixed an issue where deleting the last post in a channel caused the channel to only display a loading spinner. Fixed an issue with an absence of unread badges on private channels on mobile apps. Fixed an issue where at-sign was missing in front of usernames in push notifications. Fixed some bugs related to the new keyboard accessibility feature. Fixed an issue where the “@” sign was replaced with keyboard accessibility feature on Italian keyboard. Fixed an issue where joining a new channel with few posts sometimes did not take the user to the bottom of the channel. Fixed an issue where scroll pop sometimes occured with embedded Youtube links. Fixed an issue with stuttery dropdowns in Safari. Fixed an issue where clicking on a post would highlight it after returning to the tab/window. Fixed an issue where SVG attachments bled over into subsequent posts. Fixed an issue where long posts were overlapping in compact view. Fixed an issue where the expand/collapse button in images were underlined. Fixed an issue where incoming webhook URL was clickable and shown as a link on the desktop app. Fixed an issue where the markdown helper text was missing on Edit Channel Header modal. Fixed an issue on mobile view where Edit/Delete/More options were not displayed on the right-hand side after a message was posted. Fixed an issue where the channel mute icon was displayed in the incorrect position when a channel was muted. Fixed an issue where there was an extra menu divider on Town Square channel menu. Fixed an issue on Firefox where post and comment boxes were expanding too early. Fixed an issue where focus was not automatically set on text input box after selecting an emoji from the emoji picker. Fixed an issue where channel changes were not updated for other users until refresh. Fixed an issue where changes to Account Settings were being saved even when the user did not click the Save button. Fixed an issue where some of the links in System Console opened the page on the same tab instead of opening it on a new browser/tab. Fixed an issue where installing a plugin via URL failed if the download took longer then 30 seconds. Fixed an issue where plugins did not get disabled when removing them. Fixed an issue where plugin translation files were not updated on web-clients when plugins were upgraded. Fixed an issue where bots could not be added to any team if server wide email domain restriction was enabled. Fixed an issue where pagination broke when adding users to a team. Fixed an issue where list of users were not paginated on warning modal for LDAP group sync team / channel removal. Fixed an issue where enabling LDAP Trace prevented login. Fixed an issue where Google User API Endpoint showed an outdated helper text. Fixed an issue where a markdown image with an SVG briefly displayed for sender with EnableSVGs set to false. Fixed an issue with an incorrect error message on Custom URL Schemes field. [....] plus the 5.14 fixes and enhancementes: [....] v5.14.3, release date TBD Fixing an issue where edited posts are not included in Compliance Export (Beta). MM-18522 v5.14.2, released 2019-08-30 Fixed an issue where Mattermost crashed when date-related search terms on: before: and after: were used in search. MM-18143 v5.14.1, released 2019-08-28 Fixed issues with keyboard accessibility where post and search textboxes did not read characters when using the arrow keys to move back and forth through the text. MM-17964 and MM-17974 [....] [....] Fixed an issue where pagination of group members was broken in LDAP Groups. Fixed an issue where the options to leave a team was disabled for all teams and not just the primary team when a primary team was set. Fixed an issue where bulk import got stuck when importing lines were missing the “type” entry. Fixed an issue where titles for webhooks, commands and OAuth apps were no longer bolded in the System Console. Fixed an issue where disabling email notifications also disabled email invites. Fixed an issue where Admins were shown a warning of a user’s bot being deactivated even if they already were. Fixed an issue where a bot profile image disappeared when saving bot details. Fixed an issue where plus-sign was not visible on mobile browser view for reacting with a new emoji next to existing reactions. Fixed an issue in the System Console where the UserID in User Activity Logs changed from email to UserID. Fixed an issue where user got a notification to add a bot to a channel when mentioning it. Fixed an issue where permanenently deleting a bot user didn’t remove it from the bots table. Fixed an issue where a scroll pop was caused by large image dimensions in markdown. [....] Hope it helps. Comment on attachment 207549 [details]
proposed patch
Sorry koobs i'm unavailable for some time to review it. It sounds good as an overview but i don't have time/system to test it currently
A commit references this bug: Author: swills Date: Tue Oct 15 13:09:39 UTC 2019 New revision: 514522 URL: https://svnweb.freebsd.org/changeset/ports/514522 Log: www/mattermost-{webapp,server}: Update to 5.15.0 While here, clean up rc script PR: 240132 Submitted by: Ra?l <raul.munoz@custos.es> Approved by: loic.blot@unix-experience.fr (maintainer) Changes: head/www/mattermost-server/Makefile head/www/mattermost-server/distinfo head/www/mattermost-server/files/mattermostd.in head/www/mattermost-server/pkg-plist head/www/mattermost-webapp/Makefile head/www/mattermost-webapp/distinfo head/www/mattermost-webapp/pkg-plist Committed, thanks! |
Created attachment 206931 [details] proposed patch