This release fixes the following CRITICAL SECURITY VULNERABILITIES:
- Fix XSS bug reported 2020-05-24 by swsjona:
Part 1,
Part 2,
Part 3,
Part 4.
Logged in users could run javascript in input fields. This was partially fixed at v3.85,
but at some fields XSS was still possible. This affects at least Wekan versions v3.12-v4.12.
After this fix, Javascript in input fields is not executed.
Thanks to swsjona, marc1006 and xet7.
and adds the following new features:
- Change default view to Swimlanes:
Part 1,
Part 2,
Part 3 Change dropdown order to Swimlanes/Lists/Calendar,
Part 4.1. Public board default view to Swimlane. Part 4.2. When changing Public board
view (sets view cookie), also reload page so view is changed
immediately.
Thanks to xet7. - Use markdown in Swimlane titles.
Thanks to xet7.
and adds the following updates:
- Update minifier-css.
Thanks to xet7.
and fixes the following bugs:
Thanks to above GitHub users for their contributions and translators for their translations.