Kanboard v1.2.30

• Download: https://github.com/kanboard/kanboard/releases/tag/v1.2.30
• Upgrade instructions: https://docs.kanboard.org/v1/admin/upgrade/
• Documentation: https://docs.kanboard.org/
• Docker images:
  • Docker Hub: docker.io/kanboard/kanboard:v1.2.30
  • GitHub Container Registry: ghcr.io/kanboard/kanboard:v1.2.30
  • Quay.io Container Registry: quay.io/kanboard/kanboard:v1.2.30

List of Changes

Security Fixes:

• CVE-2023-33956: Parameter based Indirect Object Referencing leading to private file exposure
• CVE-2023-33968: Missing access control allows user to move and duplicate tasks to any project in the software
• CVE-2023-33969: Stored XSS in the Task External Link Functionality
• CVE-2023-33970: Missing access control in internal task links feature

Other Fixes:

• Avoid PHP warning caused by session_regenerate_id()
• Avoid CSS issue when upgrading to v1.2.29 without flushing user sessions

This is a nice release. Went smoothly for me, and all my plugins seem to work fine. Thanks!