Implemented enhancements:
- Extend orderNumber string to 50 characters (#2824) #2828 - thanks @iusgit
- Extend length of project orderNumber string #2824
- default team for new users #2802
- Update "Preview"/ "Save" buttons after invoice template (re)selection #2749
- Reporting - choose which type of times #2575
- improve error handling during invoice generation #2932 (kevinpapst)
- submit invoice search after changing the template #2931 (kevinpapst)
- added new invoice status: canceled #2922 (kevinpapst)
- Translations update from Weblate #2915 #2850 (weblate)
- added resname for tool compatibility #2912 (kevinpapst)
- change data filter on project month report #2911 (kevinpapst)
- Fetch user preferences via API #2905 (kevinpapst)
- optimizations #2904 (kevinpapst)
- prevent empty migration warning #2901 (kevinpapst)
- composer upgrade #2900 (kevinpapst)
- added invoice replacer for currently logged-in user #2899 (kevinpapst)
- activate bleeding edge rules for phpstan and fix problems #2898 (kevinpapst)
- fix weekly view day format #2893 (kevinpapst)
- simplify building theme independent plugins #2888 (kevinpapst)
- include roles and teams in user create form #2849 (kevinpapst)
- Weekly "quick-entry" form #2793 (kevinpapst)
- allow to set 24 hour format as user preference #2789 (kevinpapst)
- added ProjectConstraint to add dynamic project validation #2747 thanks @pkaltenboeck
- PDF memory optimizations #2736 (kevinpapst)
- workflow to trigger event for docker build #2882 (kevinpapst) thanks @Apfelwurm
Fixed bugs:
- Time records marked as exported even when invoice is not saved due to duplicate invoice numbers #2917
- Error on Install: "Call to undefined method Doctrine\DBAL\Statement::fetchAll()" #2885
- Request via API with X-AUTH-USER invalidates all other sessions for the (LDAP) user #2873 thanks @handcode
- improve csrf handling #2936 (kevinpapst)
- link to doctor #2930 (kevinpapst)
- do not reset password for LDAP and SAML users unless needed #2916 (kevinpapst)
- use token in invoice delete route #2889 (kevinpapst)
- fixes for new quick-entry week form #2887 (kevinpapst)
Multiple possible CSRF attacks were found and patched. Thanks to @Asura-N and @Haxatron for the disclosure.
If you use Kimai in a multi-user environment, you are urged to update as soon as possible.