Kanboard 1.2.50

Changes

Security Improvements

• Added missing authorization checks in multiple controllers.
• Enforced project-level authorization checks where they were missing.
• Improved plugin security by enforcing installer checks in PluginController actions.
• Enabled Parsedown safe mode to add an extra layer of protection to Markdown rendering against unsafe content.
• Added CSRF protection for project role changes and enforced JSON content type for related endpoints.

Maintenance & Tooling

• Updated the PHPUnit version used for the test suite.
• Switched the GitHub workflow to use the php-cs-fixer Docker image instead of installing it via Composer.

Dependencies

• Updated pimple/pimple from version 3.5.0 to 3.6.1.

Links

• https://github.com/kanboard/kanboard/tree/v1.2.50
• https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.50.zip
• https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.50.tar.gz

Docker Images

• docker pull docker.io/kanboard/kanboard:v1.2.50
• docker pull ghcr.io/kanboard/kanboard:v1.2.50
• docker pull quay.io/kanboard/kanboard:v1.2.50