AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update ChangeLog

This commit is contained in:
Frédéric Guillot 2019-02-02 10:50:22 -08:00
parent 233fd1a8a1
commit ba5878e786
3 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
ChangeLog
View File

@ -1,3 +1,33 @@
Version 1.2.8 (February 2, 2019)
--------------------------------
Breaking Changes:
* Authorize only API tokens when 2FA is enabled (no user password)
* Disable by default plugin installer for security reasons:
- There is no code review or any approval process to submit a plugin.
- This is up to the Kanboard instance owner to validate if a plugin is legit.
Fixes and Improvements:
* Limit avatar image size
* Avoid CSRF in users CSV import
* Avoid XSS in pagination sorting
* Do not show projects dropdown when prompting the 2FA code
* Always returns a 404 instead of 403 to avoid people discovering users
* Check if user role has changed while the session is open
* Add missing CSRF check in TwoFactorController::deactivate()
* Hide edit button when user cannot edit task
* Fix permission check before "Assign to me"
* Fix permission check before showing project options
* Fix assignable users on a group with a custom role
* Fix import of automatic actions when parameters are "unassigned" or "no category"
* Update license year
* Update Docker image to Alpine 3.9
* Update translations
* Fix PHP error in task views (tag colors)
* Limit assignee drop-down selector scope
Version 1.2.7 (December 19, 2018)
---------------------------------

2
app/constants.php
View File

@ -21,7 +21,7 @@ defined('CACHE_DIR') or define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache'
// Plugins settings
defined('PLUGINS_DIR') or define('PLUGINS_DIR', ROOT_DIR.DIRECTORY_SEPARATOR.'plugins');
defined('PLUGIN_API_URL') or define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', false); // Disabled by default for security reason
defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', false); // Disabled by default for security reasons
// Enable/disable debug
defined('DEBUG') or define('DEBUG', strtolower(getenv('DEBUG')) === 'true');

4
config.default.php
View File

@ -24,7 +24,9 @@ define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins');
// Plugins directory URL
define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
// Enable/Disable plugin installer (Disabled by default for security reason)
// Enable/Disable plugin installer (Disabled by default for security reasons)
// There is no code review or any approval process to submit a plugin.
// This is up to the Kanboard instance owner to validate if a plugin is legit.
define('PLUGIN_INSTALLER', false);
// Available cache drivers are "file" and "memory"