Kanboard 1.2.29

List of Changes

  • Avoid potential clipboard based cross-site scripting (CVE-2023-32685)
  • Upgrade Docker image to PHP 8.2 and Alpine 3.18
  • Add themes support: dark, light and automatic mode
  • Fix broken “Hide this Column” feature
  • Do not close modals when clicking on the background if the form has changed
  • Fix incorrect route for “My Activity Stream”
  • Fix incorrect parameter encoding when using URLs rewriting
  • Add support for task links in Markdown headings
  • Handle 413 responses from Nginx when uploading files too large
  • Restore all previously loaded translations when sending user notifications
  • Regenerate session ID after successful authentication
  • Use SESSION_DURATION option to define the session lifetime stored in the database
    • The option SESSION_DURATION is used to define the cookie lifetime.
    • With this change, Kanboard will try to use first SESSION_DURATION instead of the
      default session.gc_maxlifetime value.
  • Bump phpunit/phpunit from 9.6.6 to 9.6.8

I upgraded to this version, 1.2.29, from version 1.2.28, and it obliterated all styling. None of the CSS or themes worked properly after the upgrade. It looked like 1990s era web site, and was so unusable I was forced to downgrade again. I went through the usual upgrade process I’ve followed for the last dozen upgrades I’ve done, so I’m not sure what’s going on.

I suspect the themes support changes might conflict with Customizer or something along those lines. Anyway, caveat emptor to anyone considering upgrading–make sure you have a downgrade path.

1 Like

Make sure that the plugins installed are compatible with this version of Kanboard.

After looking at it more closely, this pull-request should fix this issue if you have upgraded without flushing the user sessions: Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions by fguillot · Pull Request #5266 · kanboard/kanboard · GitHub

any information on what plugins need to do? Is this theme/css-only related?

Updated Customizer, it will work functionally, now. That said, none of the themes take the new Dark Mode into account, so if combining a Customizer theme with Dark Mode, you might not like the results.

given time, i might integrate it better with freds new theme model, and provide more fluidity between the 2, as well as add both light and dark versions of each theme within Customizer.

On a side note, if you use with “Application Branding” plugin by aljawiad with Customizer, it will revert to previous layout and not work with 1.2.29, until he updates.


For me, like creecros already linked, it was the Customizer, but also the Nebula theme, if I remember correct.

In any way: this issue made me write a new plugin to modify the new dark theme a bit (some contrasts are bad, imo). I will try to keep you people updated in my plugin thread, if I will be able to finish the plugin at some point hopefully. Some teasing ahead: it has a config area where you are able to enable or disable certain aspects of the new styling. :sunglasses:

User sessions can be deleted through a cleaning job in the ContentCleaner plugin