From 9cec52f76b280a7009e8477eb4c01b3d1be25c05 Mon Sep 17 00:00:00 2001 From: Frédéric Guillot Date: Tue, 26 Dec 2017 18:00:19 -0800 Subject: Update ChangeLog --- ChangeLog | 19 ++++++++++++++++++- app/Schema/Sql/mysql.sql | 14 ++++++++++++-- app/Schema/Sql/postgres.sql | 25 ++++++++++++++++++++++--- 3 files changed, 52 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 949a2f2b..fd615876 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +Version 1.2.0 (December 27, 2017) +--------------------------------- + +Breaking changes: + +* Kanboard supports only PHP >= 5.6 (PHP 5.3, 5.4 and 5.5 are not supported anymore) + +New features: + +* PHP sessions are now stored into the database, + In this way, it's easier to run Kanboard behind a load-balancer + +Improvements: + +* Copy category from parent task when creating a task from a subtask +* Translation updates and improvements + Version 1.1.1 (December 9, 2017) -------------------------------- @@ -110,7 +127,7 @@ Version 1.0.46 (August 13, 2017) Security Issues: -* Fix two privilege escalation issues: a standard user could reset the password +* Fix two privilege escalation issues: a standard user could reset the password of another user (including admin) by altering form data. (CVE-2017-12850 and CVE-2017-12851, discovered by "chbi"). diff --git a/app/Schema/Sql/mysql.sql b/app/Schema/Sql/mysql.sql index ca2b6d09..37da98cc 100644 --- a/app/Schema/Sql/mysql.sql +++ b/app/Schema/Sql/mysql.sql @@ -443,6 +443,16 @@ CREATE TABLE `schema_version` ( `version` int(11) DEFAULT '0' ) ENGINE=InnoDB DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; +DROP TABLE IF EXISTS `sessions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `sessions` ( + `id` varchar(255) NOT NULL, + `expire_at` int(11) NOT NULL, + `data` longtext, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; DROP TABLE IF EXISTS `settings`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -765,7 +775,7 @@ CREATE TABLE `users` ( LOCK TABLES `settings` WRITE; /*!40000 ALTER TABLE `settings` DISABLE KEYS */; -INSERT INTO `settings` VALUES ('api_token','ce57483b40f4b618e5c7e5fcb9cf7727ef1c95ad58858780be9a7636e0f4',0,0),('application_currency','USD',0,0),('application_date_format','m/d/Y',0,0),('application_language','en_US',0,0),('application_stylesheet','',0,0),('application_timezone','UTC',0,0),('application_url','',0,0),('board_columns','',0,0),('board_highlight_period','172800',0,0),('board_private_refresh_interval','10',0,0),('board_public_refresh_interval','60',0,0),('calendar_project_tasks','date_started',0,0),('calendar_user_subtasks_time_tracking','0',0,0),('calendar_user_tasks','date_started',0,0),('cfd_include_closed_tasks','1',0,0),('default_color','yellow',0,0),('integration_gravatar','0',0,0),('password_reset','1',0,0),('project_categories','',0,0),('subtask_restriction','0',0,0),('subtask_time_tracking','1',0,0),('webhook_token','dc12854fc4c1526078a806aa7f7b7e802d3ccb45d90e8d5fe1bc98fa402e',0,0),('webhook_url','',0,0); +INSERT INTO `settings` VALUES ('api_token','36e88ee4ad58bc71a7879d8cadac15142fdd25550f4910b8ec8c7525730c',0,0),('application_currency','USD',0,0),('application_date_format','m/d/Y',0,0),('application_language','en_US',0,0),('application_stylesheet','',0,0),('application_timezone','UTC',0,0),('application_url','',0,0),('board_columns','',0,0),('board_highlight_period','172800',0,0),('board_private_refresh_interval','10',0,0),('board_public_refresh_interval','60',0,0),('calendar_project_tasks','date_started',0,0),('calendar_user_subtasks_time_tracking','0',0,0),('calendar_user_tasks','date_started',0,0),('cfd_include_closed_tasks','1',0,0),('default_color','yellow',0,0),('integration_gravatar','0',0,0),('password_reset','1',0,0),('project_categories','',0,0),('subtask_restriction','0',0,0),('subtask_time_tracking','1',0,0),('webhook_token','99225408c1094eead14b25dbe9f7254ec233bd54aea02b8dff7e7d25ae50',0,0),('webhook_url','',0,0); /*!40000 ALTER TABLE `settings` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -794,4 +804,4 @@ UNLOCK TABLES; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; -INSERT INTO users (username, password, role) VALUES ('admin', '$2y$10$6sRRMAp4Iu4UQiH.4aIAC.ExaWKfF0192hke5JheV.4hLIhhrbW1C', 'app-admin');INSERT INTO schema_version VALUES ('126'); +INSERT INTO users (username, password, role) VALUES ('admin', '$2y$10$j/bvk6WblIHAyAJEBXLgBeoOjJ1oHsuA0VTUf85lRYOJ4czssCuI6', 'app-admin');INSERT INTO schema_version VALUES ('127'); diff --git a/app/Schema/Sql/postgres.sql b/app/Schema/Sql/postgres.sql index cb152d28..1d45870a 100644 --- a/app/Schema/Sql/postgres.sql +++ b/app/Schema/Sql/postgres.sql @@ -814,6 +814,17 @@ CREATE TABLE "schema_version" ( ); +-- +-- Name: sessions; Type: TABLE; Schema: public; Owner: - +-- + +CREATE TABLE "sessions" ( + "id" "text" NOT NULL, + "expire_at" integer NOT NULL, + "data" "text" DEFAULT ''::"text" +); + + -- -- Name: settings; Type: TABLE; Schema: public; Owner: - -- @@ -1846,6 +1857,14 @@ ALTER TABLE ONLY "remember_me" ADD CONSTRAINT "remember_me_pkey" PRIMARY KEY ("id"); +-- +-- Name: sessions sessions_pkey; Type: CONSTRAINT; Schema: public; Owner: - +-- + +ALTER TABLE ONLY "sessions" + ADD CONSTRAINT "sessions_pkey" PRIMARY KEY ("id"); + + -- -- Name: settings settings_pkey; Type: CONSTRAINT; Schema: public; Owner: - -- @@ -2625,8 +2644,8 @@ INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('board_high INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('board_public_refresh_interval', '60', 0, 0); INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('board_private_refresh_interval', '10', 0, 0); INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('board_columns', '', 0, 0); -INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('webhook_token', '4068b2e47aafbe0d16602d53b1a9f02466b4f9ff89a94858af9e9f959b92', 0, 0); -INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('api_token', '0f9e776201c7e58f8b3c3867af69e91548e4eb887563c053e76162b9464e', 0, 0); +INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('webhook_token', '1ff45d3f47d1dc00a9bd51a335d2fe705714e4c4073d486c2c8e6e161c28', 0, 0); +INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('api_token', '261e6e871a415183978e3a25f65ddb63c93e680931bef4c6b1728ed1a07c', 0, 0); INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('application_language', 'en_US', 0, 0); INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('application_timezone', 'UTC', 0, 0); INSERT INTO settings (option, value, changed_by, changed_on) VALUES ('application_url', '', 0, 0); @@ -2695,4 +2714,4 @@ SELECT pg_catalog.setval('links_id_seq', 11, true); -- PostgreSQL database dump complete -- -INSERT INTO users (username, password, role) VALUES ('admin', '$2y$10$6sRRMAp4Iu4UQiH.4aIAC.ExaWKfF0192hke5JheV.4hLIhhrbW1C', 'app-admin');INSERT INTO schema_version VALUES ('105'); +INSERT INTO users (username, password, role) VALUES ('admin', '$2y$10$j/bvk6WblIHAyAJEBXLgBeoOjJ1oHsuA0VTUf85lRYOJ4czssCuI6', 'app-admin');INSERT INTO schema_version VALUES ('106'); -- cgit v1.2.3