HomeFreeBSD

www/kanboard: Update to 1.2.8

Description

www/kanboard: Update to 1.2.8

While I'm here:

  • Convert PORTVERSION to DISTVERSION
  • Move related variables to USES block
  • Update requirements for the MYSQL option since PHP 5.x has gone from the ports tree
  • Add MYSQL_USES as USE_MYSQL is deprecated

Changelog:

Breaking Changes:

  • Authorize only API tokens when 2FA is enabled (no user password)
  • Disable by default plugin installer for security reasons:
    • There is no code review or any approval process to submit a plugin.
    • This is up to the Kanboard instance owner to validate if a plugin is legit.

Fixes and Improvements:

  • Limit avatar image size
  • Avoid CSRF in users CSV import
  • Avoid XSS in pagination sorting
  • Do not show projects dropdown when prompting the 2FA code
  • Always returns a 404 instead of 403 to avoid people discovering users
  • Check if user role has changed while the session is open
  • Add missing CSRF check in TwoFactorController::deactivate()
  • Hide edit button when user cannot edit task
  • Fix permission check before "Assign to me"
  • Fix permission check before showing project options
  • Fix assignable users on a group with a custom role
  • Fix import of automatic actions when parameters are "unassigned" or "no category"
  • Update license year
  • Update Docker image to Alpine 3.9
  • Update translations
  • Fix PHP error in task views (tag colors)
  • Limit assignee drop-down selector scope

PR: 235712
Submitted by: Alexander <sa.inbox@gmail.com>
Approved by: tcberner (mentor), maintainer timeout
Differential Revision: https://reviews.freebsd.org/D19217

Details

Committed
kaiFeb 27 2019, 4:07 PM
Differential Revision
D19217: www/kanboard: Update to 1.2.8
Parents
rP494065: graphics/gpxsee: update to 7.3
Branches
Unknown
Tags
Unknown