Bug 235712 - www/kanboard: Update to 1.2.8
Summary: www/kanboard: Update to 1.2.8
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kai Knoblich
URL:
Keywords: easy
Depends on:
Blocks:
 
Reported: 2019-02-13 10:47 UTC by Alexander
Modified: 2019-02-27 16:09 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (bsd)

Attachments
update-kanboard-to-1.2.8.diff (1.03 KB, patch)
2019-02-13 10:47 UTC, Alexander 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander 2019-02-13 10:47:51 UTC 
Created attachment 201982 [details]
update-kanboard-to-1.2.8.diff

Kanboard 1.2.8 released Feb 2, 2019

Breaking Changes:
•Authorize only API tokens when 2FA is enabled (no user password)
•Disable by default plugin installer for security reasons: ◦There is no code review or any approval process to submit a plugin.
◦This is up to the Kanboard instance owner to validate if a plugin is legit.


Fixes and Improvements:
•Limit avatar image size
•Avoid CSRF in users CSV import
•Avoid XSS in pagination sorting
•Do not show projects dropdown when prompting the 2FA code
•Always returns a 404 instead of 403 to avoid people discovering users
•Check if user role has changed while the session is open
•Add missing CSRF check in TwoFactorController::deactivate()
•Hide edit button when user cannot edit task
•Fix permission check before "Assign to me"
•Fix permission check before showing project options
•Fix assignable users on a group with a custom role
•Fix import of automatic actions when parameters are "unassigned" or "no category"
•Update license year
•Update Docker image to Alpine 3.9
•Update translations
•Fix PHP error in task views (tag colors)
•Limit assignee drop-down selector scope
Comment 1 Alexander 2019-02-13 10:52:39 UTC 
I have tested 1.2.8- it works without any issues.
Comment 2 commit-hook freebsd_committer freebsd_triage 2019-02-27 16:08:08 UTC 
A commit references this bug:

Author: kai
Date: Wed Feb 27 16:07:49 UTC 2019
New revision: 494066
URL: https://svnweb.freebsd.org/changeset/ports/494066

Log:
  www/kanboard: Update to 1.2.8

  While I'm here:

  * Convert PORTVERSION to DISTVERSION
  * Move related variables to USES block
  * Update requirements for the MYSQL option since PHP 5.x has gone from the
    ports tree
  * Add MYSQL_USES as USE_MYSQL is deprecated

  Changelog:

  Breaking Changes:

  * Authorize only API tokens when 2FA is enabled (no user password)
  * Disable by default plugin installer for security reasons:
      - There is no code review or any approval process to submit a plugin.
      - This is up to the Kanboard instance owner to validate if a plugin
        is legit.

  Fixes and Improvements:

  * Limit avatar image size
  * Avoid CSRF in users CSV import
  * Avoid XSS in pagination sorting
  * Do not show projects dropdown when prompting the 2FA code
  * Always returns a 404 instead of 403 to avoid people discovering users
  * Check if user role has changed while the session is open
  * Add missing CSRF check in TwoFactorController::deactivate()
  * Hide edit button when user cannot edit task
  * Fix permission check before "Assign to me"
  * Fix permission check before showing project options
  * Fix assignable users on a group with a custom role
  * Fix import of automatic actions when parameters are "unassigned"
    or "no category"
  * Update license year
  * Update Docker image to Alpine 3.9
  * Update translations
  * Fix PHP error in task views (tag colors)
  * Limit assignee drop-down selector scope

  PR:		235712
  Submitted by:	Alexander <sa.inbox@gmail.com>
  Approved by:	tcberner (mentor), maintainer timeout
  Differential Revision:	https://reviews.freebsd.org/D19217

Changes:
  head/www/kanboard/Makefile
  head/www/kanboard/distinfo
Comment 3 Kai Knoblich freebsd_committer freebsd_triage 2019-02-27 16:09:04 UTC 
Committed, thanks!