[Bug 271702] www/kanboard: Update to 1.2.29

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271702] www/kanboard: Update to 1.2.29"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 29 May 2023 09:52:21 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271702

            Bug ID: 271702
           Summary: www/kanboard: Update to 1.2.29
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: linus.sundqvist@loopia.se
                CC: daniel.tihanyi@tetragir.com
                CC: daniel.tihanyi@tetragir.com
             Flags: maintainer-feedback?(daniel.tihanyi@tetragir.com)

Created attachment 242474
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=242474&action=edit
Kanboard update to 1.2.29

Changes: https://github.com/kanboard/kanboard/releases/tag/v1.2.29

This is also includes a security patch: A low-privileged attacker with
permission to attach a document on a vulnerable Kanboard instance can trick the
victim into pasting malicious screenshot data and achieve cross-site scripting
if CSP is improperly configured.

https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv

-- 
You are receiving this mail because:
You are the assignee for the bug.