Kanboard 1.2.52
Release date:
Changes
- Enforce comment visibility rules for public and unauthenticated users:
- Restricted comments are no longer exposed in public task views.
- Users cannot create comments with a visibility level higher than their role.
- Revoke public access tokens for inactive users.
- Use timing-safe comparisons (
hash_equals) for API and webhook token validation to mitigate timing attacks. - Replace raw SQL interpolation with parameterized queries in:
- Task queries (
TaskFinderModel) - iCalendar export conditions
- Task queries (
- Validate task ownership in bulk operations:
- Ensure tasks belong to the specified project before applying bulk changes.
Links
- https://github.com/kanboard/kanboard/tree/v1.2.52
- https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.52.zip
- https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.52.tar.gz
Docker Images
docker pull docker.io/kanboard/kanboard:v1.2.52docker pull ghcr.io/kanboard/kanboard:v1.2.52docker pull quay.io/kanboard/kanboard:v1.2.52