Kanboard 1.2.51

Changes

Security fixes

• Add SSRF protection for webhook notifications with the new configuration option WEBHOOK_ALLOW_PRIVATE_NETWORKS
• Prevent unsafe deserialization in the database session handler
• Restrict invite signup input to expected fields only to prevent parameter injection
• Add missing permission checks in several API procedures
• Validate user external ID values
• Check file attachment ownership before deletion
• Prevent SSRF bypasses by controlling HTTP client redirect behavior

Improvements

• Improve accessibility by increasing text/background contrast in the light theme

Dependencies and build

• Upgrade PHPUnit to version 12
• Update several GitHub Actions and dependencies
• Update dependency pimple/pimple to version 3.6.2

Links

• https://github.com/kanboard/kanboard/tree/v1.2.51
• https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.51.zip
• https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.51.tar.gz

Docker Images

• docker pull docker.io/kanboard/kanboard:v1.2.51
• docker pull ghcr.io/kanboard/kanboard:v1.2.51
• docker pull quay.io/kanboard/kanboard:v1.2.51