- Download: https://github.com/kanboard/kanboard/releases/tag/v1.2.30
- Upgrade instructions: https://docs.kanboard.org/v1/admin/upgrade/
- Documentation: https://docs.kanboard.org/
- Docker images:
- Docker Hub:
docker.io/kanboard/kanboard:v1.2.30
- GitHub Container Registry:
ghcr.io/kanboard/kanboard:v1.2.30
-
Quay.io Container Registry:
quay.io/kanboard/kanboard:v1.2.30
- Docker Hub:
List of Changes
Security Fixes:
- CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure
- CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software
- CVE-2023-33969: Stored XSS in the Task External Link Functionality
- CVE-2023-33970: Missing access control in internal task links feature
Other Fixes:
- Avoid PHP warning caused by
session_regenerate_id()
- Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions