This release contains security patches.
Note: security issues are only impacting you if your authenticated users are hackers ;)
Note: the development team wishes to thank all security researchers that reported their findings responsibly.
What's Changed
- ci: improve workflows by @NicolasCARPi in #6831
- build(deps): bump uuid, cypress-html-validate and cypress in /containers/cypress by @dependabot[bot] in #6847
- fix: ui: buttons in tables are not readable by @MoustaphaCamara in #6841
- security doc: add @HuajiHD to the list by @NicolasCARPi in #6852
- bump: composer dependencies by @NicolasCARPi in #6851
- ci: try a node base image with modern version by @NicolasCARPi in #6859
- build(deps): bump tmp from 0.2.5 to 0.2.6 in /containers/cypress by @dependabot[bot] in #6864
- bug/minor: tags: enforce write permission on destroy action by @MoustaphaCamara in #6858
- bug/minor: scheduler: read bound entities subject to rw permissions by @MoustaphaCamara in #6854
- bug/medium: users: patchable field by @MoustaphaCamara in #6857
- chore: change dfn issuing CA and make digicert default by @NicolasCARPi in #6850
- bug/medium: ownership: enforce dedicated action for ownership transfer by @MoustaphaCamara in #6860
- bug/minor: ensure procurement request belongs to current team by @eltouma in #6842
- bug/minor: fix notifications by @eltouma in #6867
- bug/minor: restrict 'valid_until' to admin requesters by @eltouma in #6868
- bug/medium: api: guard user submodels with read permission check by @MoustaphaCamara in #6865
- feat: allow toggling notification acknowledgment status by @MoustaphaCamara in #6863
- bump: some js dependencies by @NicolasCARPi in #6874
- bump: composer dependencies by @NicolasCARPi in #6873
- bug/minor: avoid raw rendering for custom fields by @eltouma in #6875
- ci: circleci: use gen2 by @NicolasCARPi in #6877
- refactor: build table sort controls with DOM APIs by @MoustaphaCamara in #6872
- compounds: fix export csv call by @NicolasCARPi in #6878
- refactor: build dom fragment instead of rendering innerHTML by @MoustaphaCamara in #6879
New Contributors
- @dependabot[bot] made their first contribution in #6847
Full Changelog: 5.6.0-beta7...5.6.0-beta8