github Leantime/leantime v3.9.6
Leantime v3.9.6

latest release: latest
3 hours ago

Version: 3.9.6

Security

  • Security Hardening - Addressed authorization, SSRF, reset-token, LDAP, and stored-XSS vulnerabilities (#3584)
  • Plugin Management - Plugin management now requires the proper permission and install input is validated more strictly (#3583)
  • Avatar Rendering - User IDs are now encoded in avatar image sources to prevent DOM-based XSS (#3582)
  • API Responses - Credentials are now stripped from getUser API responses (#3556, #3576)

New Features

  • Content Templates - Introduced a generic content templates domain (#3493)
  • My Day Schedule API - Added a getMyDaySchedule API endpoint that respects work hours and timezone (#3579)
  • Personal Access Tokens - Added shared AI/MCP support classes and personal access token management (#3560)
  • Domain Events - Added class-based domain events and filters with a legacy-string plugin bridge (#3503)

Bug Fixes

Improvements

  • API Routing - Internal API calls now use canonical domain routes (#3557)
  • Form Components - Migrated buttons, text inputs, and textareas to reusable form component primitives (#3564, #3563, #3562, #3558, #3531)

What's Changed

Other Changes

New Contributors

Full Changelog: v3.9.4...v3.9.6

Don't miss a new leantime release

NewReleases is sending notifications on new releases.