diff options
| author | Lauri Ojansivu <x@xet7.org> | 2020-06-08 20:21:36 +0300 |
|---|---|---|
| committer | Lauri Ojansivu <x@xet7.org> | 2020-06-08 20:21:36 +0300 |
| commit | ca23934bde44f56285b86abeb79ffbfb56ebffe3 (patch) | |
| tree | 367428531b788c582fed119c94632d0184131dfc | |
| parent | 8a622ec7c3043bf8f34399ef34563e6a9a19dcd8 (diff) | |
| download | wekan-ca23934bde44f56285b86abeb79ffbfb56ebffe3.tar.gz wekan-ca23934bde44f56285b86abeb79ffbfb56ebffe3.tar.bz2 wekan-ca23934bde44f56285b86abeb79ffbfb56ebffe3.zip | |
Update ChangeLog.
| -rw-r--r-- | CHANGELOG.md | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f2e1d6b..35a09276 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,43 @@ +# Upcoming Wekan release + +This release fixes the following CRITICAL SECURITY VULNERABILITIES: + +- Fix XSS bug reported 2020-05-24 by [swsjona](https://twitter.com/swsjona), + [Part 1](https://github.com/wekan/wekan/commit/1f85b25549b50602380f1745f19e5fe44fe36d6f), + [Part 2](https://github.com/wekan/wekan/commit/fb44df981581354bf23a6928427ad2bf73c4550f), + [Part 3](https://github.com/wekan/wekan/commit/99f68f36b028d6c75acf2e5b83585b1acee65f97), + [Part 4](https://github.com/wekan/wekan/commit/8a622ec7c3043bf8f34399ef34563e6a9a19dcd8). + Logged in users could run javascript in input fields. This was partially fixed at v3.85, + but at some fields XSS was still possible. This affects at least Wekan versions v3.12-v4.12. + After this fix, Javascript in input fields is not executed. + Thanks to swsjona, marc1006 and xet7. + +and adds the following new features: + +- Change default view to Swimlanes + [Part 1](https://github.com/wekan/wekan/commit/8c3322f9a93c321e8a2cc5cfcd4b1d6316a5fb7c), + [Part 2](https://github.com/wekan/wekan/commit/61e682470cdaef42cce2d74b41fb752cfc61848b), + [Part 3 Change dropdown order to Swimlanes/Lists/Calendar](https://github.com/wekan/wekan/commit/7f6d500cbec15496ae357b05b9df3f10e51ed1f1), + [Part 4.1. Public board default view to Swimlane. Part 4.2. When changing Public board + view (sets view cookie), also reload page so view is changed + immediately](https://github.com/wekan/wekan/commit/39519d1cc944c567837be0f88ab4a037e2144c61). + Thanks to xet7. +- [Use markdown in Swimlane titles](https://github.com/wekan/wekan/commit/6b22f96313354b45b851b93c25aa392bbe346bdb). + Thanks to xet7. + +and adds the following updates: + +- [Update minifier-css](https://github.com/wekan/wekan/commit/cb1e91fee83eaad1e926c288c0abfc1e4f2a8bd4). + Thanks to xet7. + +and fixes the following bugs: + +- Fix indent [Part1](https://github.com/wekan/wekan/commit/415e94d187ffcb9a4afaecc5c6960a50a87ca7eb), +- [Part 2](https://github.com/wekan/wekan/commit/96494bacf550cde65598e6d59199517f311aa33d). + Thanks to xet7. + +Thanks to above GitHub users for their contributions and translators for their translations. + # v4.11 2020-06-04 Wekan release This release adds the following new platforms: |