Kanboard 1.2.8

Changes

• Authorize only API tokens when 2FA is enabled (no user password)
• Disable by default plugin installer for security reasons:
• Limit avatar image size
• Avoid CSRF in users CSV import
• Avoid XSS in pagination sorting
• Do not show projects dropdown when prompting the 2FA code
• Always returns a 404 instead of 403 to avoid people discovering users
• Check if user role has changed while the session is open
• Add missing CSRF check in TwoFactorController::deactivate()
• Hide edit button when user cannot edit task
• Fix permission check before "Assign to me"
• Fix permission check before showing project options
• Fix assignable users on a group with a custom role
• Fix import of automatic actions when parameters are "unassigned" or "no category"
• Update license year
• Update Docker image to Alpine 3.9
• Update translations
• Fix PHP error in task views (tag colors)
• Limit assignee drop-down selector scope

Links

• https://github.com/kanboard/kanboard/tree/v1.2.8
• https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.8.zip
• https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.8.tar.gz

Docker Images

• docker pull docker.io/kanboard/kanboard:v1.2.8
• docker pull ghcr.io/kanboard/kanboard:v1.2.8
• docker pull quay.io/kanboard/kanboard:v1.2.8