github plankanban/planka v2.0.0-rc.4
on GitHub

latest releases: planka-1.0.4, planka-0.2.26
one day ago

Security Release

  • Fixed a vulnerability where maliciously renamed file attachments could execute JavaScript in the gallery UI.
  • The issue originated from an upstream library react-photoswipe-gallery, but PLANKA has patched it locally to prevent the use of dangerous innerHTML when setting gallery captions.
  • Users should update to PLANKA >= 1.26.3 or >= 2.0.0-rc.4 to be protected.
  • More details and credits: Security Advisory
  • Reported by @AmjadAlii via responsible disclosure.

What's Changed

  • fix: Patch react-photoswipe-gallery to prevent XSS in captions

Full Changelog: v2.0.0-rc.3...v2.0.0-rc.4

Check out latest releases or
releases around plankanban/planka v2.0.0-rc.4

Don't miss a new planka release

NewReleases is sending notifications on new releases.

Get notifications