CI Report:
N/A
LinuxServer Changes:
Full Changelog: 2.56.0-ls177...2.57.0-ls178
Remote Changes:
Compatible with PHP 8.2 to 8.5
- New API endpoints for comment (list, create, delete, pin) for projects and customers
- New configuration to define the theme for non-authenticated requests like login page (#5929)
- Export naming: only name the default renderer "default" (#5929)
- Fix: new weekly-hours could not be added in weeks with exported timesheets (#5642)
- Fix: some dashboard widget links were invisible in dark mode (#5940)
- Prevent querying arbitrary user timesheets (#5929)
- Prevent changing favorites of arbitrary users (#5929)
- Prevent regular users from turning their account into a
systemAccount(#5929) - Prevent cross entity rate manipulation (#5929)
- Secure timesheet API patch for disabled projects (#5929)
- Prevent creating child objects of parents without access (#5929)
- Upgrade all dependencies (#5929)
- Fix checking for correct formatter in durationDecimal (#5943)
- Translations update from Hosted Weblate (#5928)
This release contains multiple security fixes both fro Kimai and its dependencies.
You should upgrade as soon as possible.
Involved in this release: @cheriimoya and @kevinpapst and @offset and @Mitchell45 and Abdul-Ramon