Skip to content
Snippets Groups Projects
ChangeLog 74.9 KiB
Newer Older
Version 1.2.41 (October 25, 2024)
---------------------------------

* feat: add new plugin hooks in project forms
* feat: add option to add BOM at the beginning of CSV files (required for Microsoft Excel)
* feat: validate app config form values
* feat: add cancel button on 2FA code validation screen
* fix: add CSRF check to the logout endpoint
* fix: add HTML escaping when displaying exception message
* fix: add URL validation for external task links
* fix: correct broken migration logic for Sqlite

Version 1.2.40 (September 25, 2024)
-----------------------------------

* build(deps): bump symfony/finder from 5.4.42 to 5.4.43
* chore: add php83-xmlwriter package to the Docker image
* ci: update GitHub pull-request template
* fix: avoid PHP error if no subtask in progress is found
* fix: avoid potential XSS and HTML injection in comment replies
* fix: prevent duplicated columns when enabling per-swimlane column task limits
* fix(api): check comment visibility in API procedures
* fix(api): verify comment ownership in API procedures
* fix(mssql): escape identifiers in timesheet queries
* fix(mssql): use ANSI OFFSET/FETCH syntax for pagination queries
* fix(test): use explicit ORDER BY for queries returning multiple rows
* test: add unit tests for Subtask Time Tracking query methods
* test: ensure pagination produces correct chunks

Version 1.2.39 (August 18, 2024)
--------------------------------

* fix: remove CSS which caused responsive issues on mobile
* fix: incorrect template condition that set the username field to read only for remote users
* fix: tasks count across swimlanes was incorrect
* fix: avoid warning from libpng when loading PNG image with incorrect iCCP profiles
* feat: improve column header task counts
* feat: add `apple-mobile-web-app-capable` meta tag
* build(deps): bump `symfony/finder` from `5.4.40` to `5.4.42`

Version 1.2.38 (July 20, 2024)
------------------------------

* fix: avoid browser caching issue when showing file attachments
* fix: comments visibility was not taken into consideration on event activities page
* fix: send comment via email was broken due to missing comment visibility logic implemented in v1.2.36
* feat(locale): update Greek translations
* feat(locale): update Italian translations
* build(deps): bump `symfony/console` from `5.4.40` to `5.4.41`
* build(deps): bump `docker/build-push-action` from `5` to `6`

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.37 (June 5, 2024)
-----------------------------

* Add CSRF check and remove `project_id` form value for `addUser` and `addGroup` actions ([CVE-2024-36399](https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv))
* Update `symfony/*` dependencies
* Update Docker image to Alpine 3.20
* Update Russian and Hungarian translation
* Add `color_id` argument to `createCategory` and `updateCategory` API procedures
* Add link to create a comment before the list
* Fix: unable to create comments with "c" shortcut or "Add a comment" menu

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.36 (May 2, 2024)
----------------------------

* Add comments visibility
* Add explicit int casting to avoid PHP 8 TypeError when having empty automatic action parameters
* Add new config option `DASHBOARD_MAX_PROJECTS`
* Add reply feature to comments
* Fix search bar layout when adding more buttons via third-party plugins
* Introduce a Git hook to automatically update `version.txt` during Git checkout
* Performance improvements:
    * Don't count closed tasks when rendering the board
    * Force the use of the cache when there is no custom roles
* Use unique plugin name instead of plugin title for plugin registry logic
* Update dependencies

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.35 (February 2, 2024)
---------------------------------

* Add missing HTML escaping when showing group membership in user profile ([CVE-2024-22720](https://github.com/kanboard/kanboard/security/advisories/GHSA-8p3h-v7fc-xppj))
* Update Dutch translation
* Update Bulgarian translation
* Bump `phpunit/phpunit` from `9.6.15` to `9.6.16`
* Bump `symfony/console` from `5.4.32` to `5.4.34`

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.34 (December 13, 2023)
----------------------------------

* Upgrade Docker image to Alpine 3.19 and PHP 8.3
* API: Avoid PHP notice when searching for a project name that does not exist
* Update Bulgarian translation
* Bump `symfony/console` from `5.4.28` to `5.4.32`
* Bump `phpunit/phpunit` from `9.6.13` to `9.6.15`

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.33 (October 15, 2023)
---------------------------------

* Do not close modals when clicking on the background
* Add Bulgarian translation
* Update Ukrainian and Russian translations
* Show the two factor form in the middle of the screen like the login form does
* Do not override the `creator_id` with the current logged user if the task is imported
* Add basic Dev Container configs
* Add adaptive SVG favicon and more SVG variants:
    * See https://web.dev/building-an-adaptive-favicon/
    * Added more variant of the original Inkscape icon:
        - Text SVG
        - Vectorized text path SVG
        - Optimized SVG icon
* Remove `project_id` from task links (A few were missed in #4892)
* Remove unused and invalid method in `ProjectModel`
* Update `phpunit/phpunit` and `symfony/*` dependencies
* Update vendor folder

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.32 (July 11, 2023)
------------------------------

* Fix unexpected EventDispatcher exception in cronjob and during logout
* Integration Tests: Run `apt update` before installing Apache
* Automatic action `TaskMoveColumnClosed` does not log column movement
* Tweak Sqlite connection settings to reduce database locked errors
* Bump `phpunit/phpunit` from `9.6.9` to `9.6.10`

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.31 (July 3, 2023)
-----------------------------

Security Fixes:

- [CVE-2023-36813: Avoid potential SQL injections without breaking compatibility with plugins](https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx)

Other fixes and updates:

- Run tests with PHP 8 on GitHub Actions
- Bump Symfony dependencies
- Update Composer dependencies to be able to run tests with PHP 8.2
- Add `/usr/bin/php` symlink in the Docker image
- Replace usage of `at()` matcher with alternatives in unit tests
- Adjust plugin directory test case to work on released versions
- Fix incorrect background dynamic property in captcha library
- Update translations

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.30 (June 2, 2023)
-----------------------------

Security Fixes:

- [CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure](https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2)
- [CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software](https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr)
- [CVE-2023-33969: Stored XSS in the Task External Link Functionality](https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9)
- [CVE-2023-33970: Missing access control in internal task links feature](https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286)

Other Fixes:

- Avoid PHP warning caused by `session_regenerate_id()`
- Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.29 (May 23, 2023)
-----------------------------

* Avoid potential clipboard based cross-site scripting ([CVE-2023-32685](https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv))
* Upgrade Docker image to PHP 8.2 and Alpine 3.18
* Add themes support: dark, light and automatic mode
* Fix broken "Hide this Column" feature
* Do not close modals when clicking on the background if the form has changed
* Fix incorrect route for "My Activity Stream"
* Fix incorrect parameter encoding when using URLs rewriting
* Add support for task links in Markdown headings
* Handle 413 responses from Nginx when uploading files too large
* Restore all previously loaded translations when sending user notifications
* Regenerate session ID after successful authentication
* Use `SESSION_DURATION` option to define the session lifetime stored in the database
    - The option `SESSION_DURATION` is used to define the cookie lifetime.
    - With this change, Kanboard will try to use first `SESSION_DURATION` instead of the
    default `session.gc_maxlifetime` value.
* Bump `phpunit/phpunit` from `9.6.6` to `9.6.8`

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.28 (April 8, 2023)
------------------------------

* Trigger `EVENT_MOVE_COLUMN` event when moving task to another swimlane
* Allow moving closed tasks when using the API
* Duplicate external links when duplicating tasks
* Add support for comparison operator to priority filter
* Prevents users to convert subtaks to tasks when custom role does not allow it
* Avoid deprecation messages when sending an email with PHP 8.2
* Declare most common routes to have nice URLs
* Improve wording of bulk action modal to move tasks position
* Allow closing modals by clicking on the background
* Improve wording of the menu to close all tasks in a given column/swimlane
* Fix bug that prevent reordering subtasks after changing the status
* Bump version of `phpunit/phpunit`, `symfony/stopwatch`, and `symfony/finder`
* Use `GITHUB_TOKEN` instead of a personal token to run GitHub Actions
* Duplicate attachments & external links during task duplication & importing
* Move Docker image to run automated tests to GitHub Registry
* Push Docker images to an additional registry Quay.io (RedHat)
* Use the appropriate config for the start column in user iCal export
* Improved translations

Version 1.2.27 (March 5, 2023)
------------------------------

- Fix category filter when the category name is a number
- Better handling of max file upload size according to PHP settings
    - Allow unlimited size
    - Better parsing of PHP size
- Add dropdown menu on the board to reorder tasks by ID
- Separate `font-family` specification for input and textarea. This avoids the use of `!important` in custom CSS
- Change the total number of tasks displayed in the table header to match the description "Total number of tasks in this column across all swimlanes"
- Allow full name to be retrieved by the reverse proxy authentication
- Fix `pull-right` CSS class alignment
- Use a separate dropdown menu for column sorting
- Use `assertEqualsWithDelta()` to test `time_spent`
- Add `color_id` argument to tag API procedures
- Update task time spent/estimated when removing a subtask
- Command `db:migrate` should work even if `DB_RUN_MIGRATIONS` is false
- Always trim the username before saving changes in the database
- Avoid Postgres SQL error when using project filter with a large integer
- Enable Sqlite WAL mode by default:
    - WAL provides more concurrency as readers do not block writers and,
    a writer does not block readers. Reading and writing can proceed concurrently.
    This change might reduce the number of errors related to locked databases.
- Update translations
- Update PHP dependencies: `phpunit/phpunit`, `symfony/stopwatch` and `symfony/finder`

Version 1.2.26 (January 14, 2023)
---------------------------------

- Fire events after `TaskMoveColumnOnDueDate` action
- Update date parsing logic to be compatible with PHP 8.2
- Fix potential XSS on the Settings / API page
- Use wildcard operator for tag filter
- Fix broken user mentions in popup comment form
- Test Docker image build on pull-requests
- Bump Alpine Linux Docker image from 3.16 to 3.17
- Update translations
- Fixed a bug about unselecting in the file `list-item-selection.js`
- Add functionality to import tasks from a project
- Add missing jQuery UI CSS dependency

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.25 (November 12, 2022)
----------------------------------

- Add experimental support for Microsoft SQL Server
- Add Open Container labels to Dockerfile
- Update links to the new documentation website
- Update German translation

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.24 (October 9, 2022)
--------------------------------

* Fixed deprecation warnings when a project or a task description is null
* Fixed missing condition in `TaskAssignDueDateOnMoveColumn` action
* Fixed Reopening of dropdown menus
* Fixed internal link creation on subtask to task conversion if language is not English
* Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data
* Set explicitly the time picker control to select instead of slider
* Bump `phpunit/phpunit` from `9.5.24` to `9.5.25`
* Bump `symfony/stopwatch` from `5.4.5` to `5.4.13`
* Moved `version.txt` to `app` folder
* Updated translations

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.23 (September 4, 2022)
----------------------------------

Frédéric Guillot's avatar
Frédéric Guillot committed
* Open SVG, Ogg, and some video file attachments in browser
Frédéric Guillot's avatar
Frédéric Guillot committed
* Added more video, music, code and spreadsheet extensions to show better file attachment icons
Frédéric Guillot's avatar
Frédéric Guillot committed
* Updated jQuery to latest stable version
* Updated Docker image to PHP 8.1 and Alpine Linux 3.16
* Renamed default branch from `master` to `main`
* Bumped `phpunit/phpunit` from `9.5.14` to `9.5.23`
* Bumped `symfony/finder` from `5.4.3` to `5.4.11`
* Fixed subtask translation when using different languages
* Added Project Overview document template hook
Frédéric Guillot's avatar
Frédéric Guillot committed
* Updated translations
Frédéric Guillot's avatar
Frédéric Guillot committed
* Fixed wrong foreign key constraint on table `subtask_time_tracking table`. The constraints references a no-longer-existing table `task_has_subtasks`
* Fixed regression regarding subtask reordering
* Changed minimum requirement to PHP 7.4
    - PHP versions lower than 7.4 are end-of-life: https://www.php.net/supported-versions.php
Frédéric Guillot's avatar
Frédéric Guillot committed
    - Libraries used by Kanboard have dropped support for older versions of PHP

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.22 (February 12, 2022)
----------------------------------

* Add support for PHP 8.x (Minimum requirement is now PHP >= 7.4)
Frédéric Guillot's avatar
Frédéric Guillot committed
* Remove `project_id` from task URLs
* Update `da_DK` translations
* Add automatic action to set the due date when the task is moved away from a specific column
* Condense wording on inferred action and update translations
* Add EVENT_CREATE and EVENT_CREATE_UPDATE events to TaskMoveColumnCategoryChange action

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.21 (December 16, 2021)
----------------------------------

* Fix and update Composer autoload
* Add plugin hook for document attachments
* Improve board column header alignment
* Ignore `project_id` for file attachments download URL (already checked elsewhere)
* Update translations
* Clarify meaning of `LDAP_USER_CREATION` in `config.default.php`
* Fix wrong internal link when converting a subtask to task (MySQL only)
* Use the overridable Markdown parser for previews
* Update `call_user_func_array()` calls to be compatible with PHP 8
* Enable external group synchronization deactivation
* Fix tooltip shifting on long descriptions
* Add `position` argument to API procedure `updateSubtask()`
* Bump Docker image to Alpine 3.15.0
* Bump `symfony/stopwatch` to 5.4.0
* Bump `pimple/pimple` to 3.5.0

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.20 (June 8, 2021)
-----------------------------

* Duplicate tags when moving or duplicating tasks to another project
* Bump symfony/stopwatch to 5.3.0
* Avoid user enumeration by using avatar image URL
* Invalidate captcha after it is used
* Avoid user enumeration using password reset functionality
* Add missing CSRF checks
* Fix bug in search when using the plus sign
* Close dialogs using Escape key even if focus is in input field
* Add a min="0" attribute to task_list form input
* Keep swimlane headers at the top
* Catch error when trying to upload empty or invalid avatar image
* Added new template hooks
* Update translations

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.19 (April 16, 2021)
-------------------------------

* Trim user agent for RememberMe sessions because MySQL use a varchar(255) column
* Update Docker image to Alpine 3.13.4
* Added "Deutsch (du)" language
* Fixed `createLdapUser` API procedure when LDAP groups are not configured
* Write RememberMe cookie only after the two-factor code has been validated
* Avoid warning when removing a plugin zip archive
* Update Hungarian translation
* Add new hook `model:task:duplication:aftersave`
* Bump symfony/stopwatch from 5.2.3 to 5.2.4
* Bump pimple/pimple from 3.3.1 to 3.4.0
* Bump gregwar/captcha from 1.1.8 to 1.1.9
* Added new analytic component: "Estimated vs actual time per column"
* Do not retain any changes between shared plugins variables
* Display number of tasks according to filter
* Add support for LDAP protocol/host/port configuration by URL; make `BASE_DN` optional
    - `ldap_connect($host, $port)` function signature is deprecated
    - Querying an AD Global Catalog across an entire forest requires an empty base DN
* Use an absolute file path in `AssetHelper` class for `css()` & `js()` functions
* Remove whitespace at the end of `APP_VERSION` constant
* Add IP address to authentication error logs
* Add interpolation expressions to e-mail subject in automatic action "Send a task by email to someone"
    - For example: `Email subject = {{column_title}}: {{title}} (#{{id}})`
* Add Hungarian Forint to the list of currencies

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.18 (December 28, 2020)
----------------------------------

* Sqlite migrations should have foreign keys disabled outside the transaction
    => Existing behavior could lead to data loss if schema is changed
    => If you are using Sqlite, skip version 1.2.17, upgrade directly to v1.2.18
* Use more secure default Nginx SSL configuration in Docker image
* Update vendor folder
* Add missing pt_br translations
* Update ja_JP translations

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.17 (December 27, 2020)
----------------------------------

* Fix grammatical errors
* Add autocomplete attribute to HTML forms
* Added "Mexican Peso" to the list of currencies
* Added an option to send a copy of all generated e-mails to a BCC address
* Don't force role of users if no LDAP groups defined
* Keep the tags when converting a subtask to task
* Bump symfony/stopwatch from 5.1.8 to 5.2.0
* Bump pimple/pimple from 3.3.0 to 3.3.1
* Bump symfony/stopwatch from 5.2.0 to 5.2.1
* Publish Docker images to GitHub container registry in addition to Docker Hub
* Use Github Actions to publish Docker images
* Check if the user is assigned to any role in the project
* Fix tasks.swimlane_id foreign key for Sqlite
* Remove unused namespaces
* Add mk_MK (Macedonian) translation
* Update translations

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.16 (October 9, 2020)
--------------------------------

* Update Composer dependencies
* Update translations
* Add link to toggle column scrolling in board view
* Add missing environment variables in php-fpm config
* Add setting that makes possible any new LDAP user to be Manager by default
* Add ARIA label to modal link with title attribute
* Add ARIA label to user mention
* Add ARIA label to letter avatars
* Add ARIA label to project select role without label
Frédéric Guillot's avatar
Frédéric Guillot committed
* Add ARIA label to dropdown autocomplete without label
Frédéric Guillot's avatar
Frédéric Guillot committed
* Add ARIA label to form text editor without label
* Add ARIA label to icons with title attributes
* Add ARIA label for form inputs without labels
* Add ARIA label for elements with titles
* Add hidden accessible form input labels
* Add hidden accessible titles
* Hide user name from screen readers
* Correct table collapsed column titles
* Prevent the original page from being modified by the opened link
* Allow email to be retrieve by SSO ReverseProxy
* Fix grammatically incorrect error message
* Add option to configure SMTP HELO name
* Add new config parameter SESSION_HANDLER
* Fix clearing of all Javascript storage
* Added standard notification footer to comment email template

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.15 (June 19, 2020)
------------------------------

* Update dependencies
* Added PUT method using CURLOPT_CUSTOMREQUEST
* Run integration tests on Github Actions
* Fixed capitalization of sAMAccountName for LDAP_USER_ATTRIBUTE_USERNAME example
* Added missing closing HTML tag in template
* Update Docker image to Alpine 3.12
* Removed paragonie/random_compat (not required for PHP 7)
* Setup Dependabot on GitHub
* Allow use of the user's DN as the group filter substitution
* Add subtask events to ProjectModificationDateSubscriber
* Update Vagrantfile to Ubuntu 20.04
* Open large modal when clicking on edit category link
* Set margin-bottom at 0 only for the last child of a tooltip element
* Prevent last swimlane to be hidden if there is only one
* Execute tooltip listeners only once when the DOM is ready
* Use Ajax request for Markdown preview
* Make tooltip events bubble
* Keep newlines in markdown
* Show the color dropdown when creating a new automatic action
* Update translations
* Correct duration calculation
* Copy subtask assignee when duplicating a task
* Save task list order in user session
* Add action to assign a user when the swimlane change

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.14 (April 15, 2020)
-------------------------------

* Update translations
* Add new event subtask.create_update
* Replace Travis CI by GitHub Actions
* Add option to enable or disable global tags per projects
* Show group membership(s) in user summary and user list
* Docker: use real hostname instead of "localhost"
* Add new task/project image hooks
* Fix invalid RSS feed encoding
* Add new plugin hooks
* Rename "private" projects to "personal"
* Add per-project and per-swimlane task limits
* Use parent task color when converting a subtask to task
* Add environment variables support to configure the application
* Add the possibility to make project tags global from project settings
* Fix regex to detect external links with attachments
* Use KANBOARD_URL to build URIs if specified
* Make time_spent and time_estimated fields editable for updateTask and createTask API calls
* Kanboard now requires PHP >= 7.2 since other versions are deprecated
* Avoid page shrinking when drag and drop cards on iOS devices
* Added a hover color to i elements inside the "dropdown-submenu-open" class
* Avoid duplicating Dockerfiles for each architecture

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.13 (December 15, 2019)
----------------------------------

* Adjust width of time tracking column
* Make subtasks not wrap under icons
* Make column scrollable in Kanban view
* Add composer dependency roave/security-advisories
* Add colors to tag and category lists
* Update Parsedown to v1.7.3 (security update)
* Make sure the elements behind the alert notification are clickable after animation
* Make sure incompatible plugins can be uninstalled from the web ui
* Move "data-js-lang" attribute to HTML "lang" attribute
* Update language codes for time picker so the calendars are translated correctly
* Dropdown in project managers view covers heading
* Fix date picker datetime parsing when using pre-defined localized versions of am/pm
* Show ISO date format in application settings
* Datepicker stores its Spanish locales as "es", not "es-ES" or "es-VE"
* Increase width of color picker to avoid text overlap in Polish
* Close open menu when clicking again on the button
* Fix width of filter bar in mobile
* In PHP-7.4, nested ternary operators are to be bracketed
* Change string indexing from {0} to [0] (deprecated in PHP 7.4)
* Update translations

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.12 (Oct 26, 2019)
-----------------------------

* Update Docker image to Alpine Linux 3.10.3
* Add new template hook: "template:project-permission:after-adduser"
* Upgrade jQuery to version 3.4.1
* Add Spanish (Venezuela) translation
* Removed color_id requirement for tag API calls
* Fix subtask restriction modal when clicking on the icon instead of link
* Use PHPUnit 5 for Vagrant
* Prevent last project manager role from being removed
* Check API token before LDAP authentication
* Make sure task limit consider all open tasks (not only filtered tasks)
* Update translations
* Change user filter and category icon
* Add "anybody" filter
* Disable user scaling to avoid page shrinking when drag&drop on mobile
* Fix condition for action "Automatically update the start date when task move away from certain column"
* Add tests for task link and subtask assignee filters
* Changes filters from in array to subqueries
* Add hash to image URL to force browser to update avatar image when changed

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.11 (Aug 24, 2019)
-----------------------------

Breaking Changes:

Frédéric Guillot's avatar
Frédéric Guillot committed
* Internet Explorer support is now deprecated
* Add project ID to ExternalTaskProviderInterface::fetch()
Frédéric Guillot's avatar
Frédéric Guillot committed

Fixes and Improvements:

* Fixed issue of tooltip not disapearing
* Update Docker image to Alpine Linux 3.10.2
* Hide due date time on the card if time is 00:00
* Add new plugin hooks in view switcher
* Ignore Dockerfiles from git archive
* Remove dependency on nodejs and gulp
* Remove dependency on Sass
    - Convert *.sass files to vanilla CSS
    - Start using CSS variables
    - Add PHP minifier
* Add link button to text editor
* Implements check for duplicate default categories
* Implements check for duplicate default columns
* Fix HTML parsing in Markdown editor
* Change checkboxes alignment in task creation form
* Add support for reference:none
* Fix tabindexes on task creation and modification forms
* Add option to clone filters on project duplication
    - Fixed missing metadata option from project "create from"
    - Added option to clone project custom filters
    - Added append option to custom field tests
    - Added a test that uses the "append" option
    - Fixed disabled swimlane duplication error with Postgresql
* Update translations
* Save thumbnails as PNG to have transparency
* New action to update the start date when a task move away from a column
* Add the possibility to sort columns by due date
* Add "identifier" beside "name" while creating a new project

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.10 (June 21, 2019)
------------------------------

* Add Auto-Submitted E-mail header as per RFC 8384
* Add HTML tag in email notifications
* Add new hook template:export:header
* Do not show duplicated results when multiple comments match
* Add Docker manifest with multiple architectures (arm32v6, arm32v7, arm64v8, amd64)
* Update Docker image to Alpine 3.10.0
* Add View File on popover to tooltip
* Fix text file preview
* Set "start date" and "end date" on projects from API
* Add cURL support to HTTP Client
    - Add HTTP_PROXY_EXCLUDE option when cURL is used
    - Show HTTP client backend in about page
    - Fallback to legacy Stream Contexts if cURL extension is not available
* Add Bitcoin to the currency list
* Add automatic action to move task between columns based on due date
* Fixes icon opacity when hovered
* Hide one task count when there is only one swimlane
* Update translations

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.9 (April 5, 2019)
-----------------------------

* Add Slovak translation
* Update translations
* Changes search by reference to case insentive
* Fix postgres explicit schema name usage
* Simplify local Docker image build
* Show a 404 when accessing data folder from URL (Docker Image)
* Clarify the comment about MAIL_SMTP_ENCRYPTION
* Remove dependency on Bower
* Replaces accordion Javascript component by <details> HTML element
* Fix MySQL migration when using increment values different from 1
* Add missing webhook event: task.move.project
* Add new actions to reorder tasks by column

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.8 (February 2, 2019)
--------------------------------

Breaking Changes:

* Authorize only API tokens when 2FA is enabled (no user password)
* Disable by default plugin installer for security reasons:
    - There is no code review or any approval process to submit a plugin.
    - This is up to the Kanboard instance owner to validate if a plugin is legit.

Fixes and Improvements:

* Limit avatar image size
* Avoid CSRF in users CSV import
* Avoid XSS in pagination sorting
* Do not show projects dropdown when prompting the 2FA code
* Always returns a 404 instead of 403 to avoid people discovering users
* Check if user role has changed while the session is open
* Add missing CSRF check in TwoFactorController::deactivate()
* Hide edit button when user cannot edit task
* Fix permission check before "Assign to me"
* Fix permission check before showing project options
* Fix assignable users on a group with a custom role
* Fix import of automatic actions when parameters are "unassigned" or "no category"
* Update license year
* Update Docker image to Alpine 3.9
* Update translations
* Fix PHP error in task views (tag colors)
* Limit assignee drop-down selector scope

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.7 (December 19, 2018)
---------------------------------

* Write log entry on file removal
* Auto link duplicated tasks
* Auto link tasks duplicated to another project
* Auto link tasks created from a subtask
* Redirect to board view of the current task after duplication
* Fix broken link to contributor page
* Add automatic action for moving a task to a swimlane based on category change
* Add automatic action to assign a category based on swimlane change
* Add ordering comments by id along with creation date
* Fix custom roles duplication (source and destination column_id)
* Add locale en_GB
* New automatic action: move the task to another swimlane when assigned
* Disable php_uname() warning for restrictive environments
* Add hook to board settings
* Add method remove() to settings model
* Add php7-bcmath to Docker image
* Add sorting by reference in list view
* Added priority, swimlane, and column values from parent task to task converted from subtask
* Update translations

Version 1.2.6 (October 10, 2018)
--------------------------------

* Escape table name 'groups' because groups is a reserved word as of MySql 8.0.2
* Reduce number of SQL queries when doing groups sync
* Make swimlane filter compatible with numeric title
* Duplicate reference fields when duplicating a task
* Do not try to redirect to login page when offline
* Define fixed width for auto-complete dropdown
* Fix task drag and drop slowdown when a column is hidden
* Make PLUGINS_DIR absolute in config.default.php
* Add custom roles project duplication
* Allow 'No assignee' for external task on single user public boards
* Add tag and category colors
* Exclude task links and user mentions from nesting (Markdown parser)
* When forcing HTTPS, handle subfolder URLs properly
* Add search within a range of dates for completion, modification, creation, and moved fields
* Update Docker image to Alpine Linux 3.8
* Make sure the presense of mod_env is checked in .htaccess
* Make HTTP client timeout configurable
* Use SET NAMES instead of charset for MySQL connection
* Vendoring deprecated Composer libs
* Update translations and fix typos

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.5 (June 15, 2018)
-----------------------------
Frédéric Guillot's avatar
Frédéric Guillot committed
* Update jQuery to latest version
* Defer javascript files loading by default
* Add quick link "assign me" in different views
* Add bulk task operations in list view
* Add checkboxes in list view to move tasks to another column at once
* Make sure automatic actions are applied to all tasks when using bulk operations
* Add ability to run cron jobs by calling URL
* Add basic print stylesheet
* Add dashboard and search task footer hooks
* Reword project settings label
* Improve Docker image config overrides
* Fix cronjob in Docker image
* Increase Nginx fastcgi buffers for Docker image
* Increase size of the "users.language" column
* Update translations and improve English texts
Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.4 (May 16, 2018)
----------------------------

* Rewrite tooltip code without jQuery
* Update Parsedown library
* Remove all attachments when removing a project
* Improve whitespace handling in "cli locale:compare" command
* Don't markdown project owner's name in header tooltip
* Add SSL to Docker image
* Avoid people to remove themselves from project permissions
* Fix escaping issue in Markdown editor
* Add data/config.php to .gitignore
* Clarified text label for notification settings
* Add Ukrainian translation
* Do not show inactive users in group members dropdown
* Improve dashboard pagination
* Make list view more compact
* Hide private projects checkbox if the feature is disabled
* Make cli locale commands working outside of source tree
* Make subtask title text field wider when editing subtasks
* Add link to open images in a new tab
* Make hardcoded hours string translatable
* Translation updates

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.3 (April 18, 2018)
------------------------------

New features:

* Add Project MetaData API calls
* Add default filter per user

Improvements:

* Use utf8mb4 encoding for MySQL instead of utf8 (Emoji support)
* Increase text fields length in several tables
* Move documentation to https://docs.kanboard.org/
* Make sure no empty group is submitted on project permissions page
* Translate subtasks status and internal links labels in notifications
* Add link to tasks and projects in overdue notifications
* Add missing translations
* Move custom libs to the source tree

Bug fixes:

* Fix margin for task recurrence tooltip

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.2 (March 30, 2018)
------------------------------

Improvements:

* Add thumbnail quality parameter (default to 95)
* Always display SQL errors
* Move SimpleLogger lib into app source tree
* Add system log driver and use it by default
* Display exceptions from plugins while refreshing board
* Redirect to original URL after OAuth login
* Add author name and email arguments to mail client
* Improve HTTP client to raise exceptions
* Update translations

Bug fixes:

* Fix broken daily summary export
* Fix role precedence in LDAP integration

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.1 (February 28, 2018)
---------------------------------

New features:

* Add automatic action to change column once a start date is reached
* Add automatic action to change color once start date is reached
* Add CSS class to categories to allow custom styling
* Add option to disable Mysql SSL server verification
* Add timeout parameter for database connection
* Add error log for authentication failure to allow fail2ban integration

Improvements:

* Set the correct swimlane/column ID when moving a task via its internal dialog
* Allow filtering for tasks without due date
* Add plugin hook 'aftersave' after creating Task
* Run SessionHandler::write() into a transaction
* Remove dependency on PicoFeed
* Add CSRF check for task and project files upload
* Add missing CSRF check on avatar upload form
* Add missing CSRF check in saveUploadDB() method
* Update Vagrantfile to use Ubuntu Xenial
* Send event author in webhook notification
* Update translations
* Update documentation

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.2.0 (December 27, 2017)
---------------------------------

Breaking changes:

* Kanboard supports only PHP >= 5.6 (PHP 5.3, 5.4 and 5.5 are not supported anymore)

New features:

* PHP sessions are now stored into the database,
  In this way, it's easier to run Kanboard behind a load-balancer

Improvements:

* Copy category from parent task when creating a task from a subtask
* Translation updates and improvements

Frédéric Guillot's avatar
Frédéric Guillot committed
Version 1.1.1 (December 9, 2017)
--------------------------------

Breaking changes:

* The Docker tag "stable" is not used anymore, instead use a specific version tag
* Task limit apply across all swimlanes
* Kanboard is now using the domain kanboard.org

New features:

* New automatic action to create a subtask assigned to the creator and start the timer
* New automatic action to stop the timer of subtasks
* Add command line tool to remove project activities after one year
* Add command line tool to disable projects not touched during one year
* Add config option to exclude fields from auth providers sync
* Add new plugin hooks

Improvements:

* Open audio files in a new tab
* Upgrade Docker image to Alpine Linux 3.7
* Improve Docker build to use Docker Hub hooks
* The application version is now included into the Docker image
* Disable private projects when disabling a user
* Allow administrators to update username of remote users
* Improve layout on mobile/tablet devices
* Changed board column headings to show swimlane-column total in bold
* Enable dragging to collapsed columns
* Add missing checks for requirements

Bug fixes:

* Add class "js-modal-replace" to icons to make it clickable
* Improve permission checks on custom filters page to avoid forbidden access

Frederic Guillot's avatar
Frederic Guillot committed
Version 1.1.0 (November 20, 2017)
---------------------------------
Frederic Guillot's avatar
Frederic Guillot committed
* Remove feature "Allow everybody to access to this project" (You must define project members and groups)
* Composer dependencies are now included in the repository to be able to use git-archive (except development dependencies)
New features:

* Add predefined templates for task descriptions
* Add the possibility to send tasks and comments to multiple recipients
Frederic Guillot's avatar
Frederic Guillot committed
* Add users, groups and projects search
Frederic Guillot's avatar
Frederic Guillot committed
* Add command line argument to display Kanboard version
* Add user backend provider system (to be used by external plugins)
Frederic Guillot's avatar
Frederic Guillot committed
* Add Romanian and Chinese (Taiwan) translation
Frederic Guillot's avatar
Frederic Guillot committed
* Minor CSS improvements
* Add help message on project sharing page
* Task CSV import is now able to handle the priority, start date, tags and one external link
* Improve iCalendar feed to include tasks with start/end date and due date with a time
* Check if the start date is before due date
* You can get an archive of Kanboard by using the download button in Github or the command git archive
Frederic Guillot's avatar
Frederic Guillot committed
* Translation updates

Bug fixes:

* Fix project dropdown visibility when page is scrolled down
* Task move events must be executed synchronously
* Handle CSV files with only "\r" line endings
Frederic Guillot's avatar
Frederic Guillot committed
Version 1.0.48 (October 23, 2017)
---------------------------------

Improvements:

* Add bulk subtasks creation
* Add filter by score/complexity
* Improved display of the header bar
* Displays bullets from lists in tooltips
* Updated translations
* Add tags and priority to task export
* Make the number of events stored in project activities configurable
* Do not use jQuery tooltip for task title in collapsed mode
* Remove dependency on Yarn
* Improve external task integration
* Add support for array parameters in automatic actions
* Add tooltip to subtask icons
* Add attribute title to external links
* Render a link if the reference is a URL
* Add icon to edit a task quickly on the board
* Improve .htaccess when using HTTP Basic Authentication for Apache/FastCGI
* Add note to specify incompatibility with mod_security

Frederic Guillot's avatar
Frederic Guillot committed
Version 1.0.47 (October 3, 2017)
--------------------------------

New features:

* Vietnamese translation

Frederic Guillot's avatar
Frederic Guillot committed
Improvements:

* Updated translations

Security Issues:

* Avoid people to alter other project resources by changing form data

Frederic Guillot's avatar
Frederic Guillot committed
Version 1.0.46 (August 13, 2017)
--------------------------------

Security Issues:

Frédéric Guillot's avatar
Frédéric Guillot committed
* Fix two privilege escalation issues: a standard user could reset the password
of another user (including admin) by altering form data.
(CVE-2017-12850 and CVE-2017-12851, discovered by "chbi").
Frederic Guillot's avatar
Frederic Guillot committed

Improvements:

* Add "Create another link" checkbox for internal link as in sub-task creation
* Updated translations

Bug fixes:

* Fix parsing issue in phpToBytes() method

Version 1.0.45 (June 23, 2017)
------------------------------

New features:

* Automatic action to assign tasks to its creator
* Add the possibility to create a comment when a task is sent by email
* Add dropdown menu to autocomplete email field from project members
* Add configurable list of predefined subjects when sending a task or a a comment by email
* Add command line argument to filter overdue notification for a given project
Improvements:

* Improve SQL migrations when old default swimlanes have the same name as a normal swimlanes

Bug fixes:

* Add missing subtask permissions for project viewer role
* Fix Javascript language mapping
Frederic Guillot's avatar
Frederic Guillot committed
Version 1.0.44 (May 28, 2017)
-----------------------------
Frederic Guillot's avatar
Frederic Guillot committed
* Use datetime field for due date
* Update Docker image to Alpine Linux 3.6
* Add the possibility to pass API token as environment variable for Docker container
* Add wildcard search for task reference field
* Improve automated action TaskAssignColorOnDueDate to update task only when necessary
* Add task and project API formatters
Frederic Guillot's avatar
Frederic Guillot committed
* Update translations
* Fix broken user mentions in comment form at the bottom of the task view page
* Ensure project tags are removed when the project is removed
* Avoid PHP notice when regenerating API token for a user
* Fix wrong dropdown menu in group members list
* Show only active users in auto-complete forms (project permissions)
* Check owner existence before to create project
Frederic Guillot's avatar
Frederic Guillot committed
Version 1.0.43 (April 30, 2017)
-------------------------------
Improvements:

* Add "[DUPLICATE]" prefix to duplicated tasks title
* Add sorting by position and start date in task list view
Frederic Guillot's avatar
Frederic Guillot committed
* Update translations
Bug fixes:

* Add missing plugin parameter for search box (Gantt and calendar plugin)
* Fix broken start date button

Frederic Guillot's avatar
Frederic Guillot committed
Version 1.0.42 (April 8, 2017)
------------------------------

New features:

* New restrictions for custom project roles

Improvements:

* Improved dashboard

Breaking Changes:

* Move calendar to external plugin: https://github.com/kanboard/plugin-calendar
* Move Gantt charts to external plugin: https://github.com/kanboard/plugin-gantt
* Move Gravatar to external plugin: https://github.com/kanboard/plugin-gravatar
Frederic Guillot's avatar
Frederic Guillot committed
Bug fixes:

* Fix typo in Sqlite schema

Version 1.0.41 (March 19, 2017)