12 Releases 48 Tags

RSS Feed

• v1.26.3 0c2ba9e3bd

  Compare

  Stable

  OVERLORD released this 2025-09-04 14:40:40 +03:00 | 244 commits to master since this release

  Security Release

  • Fixed a vulnerability where maliciously renamed file attachments could execute JavaScript in the gallery UI.
  • The issue originated from an upstream library react-photoswipe-gallery, but PLANKA has patched it locally to prevent the use of dangerous innerHTML when setting gallery captions.
  • Users should update to PLANKA >= 1.26.3 or >= 2.0.0-rc.4 to be protected.
  • More details and credits: Security Advisory
  • Reported by @AmjadAlii via responsible disclosure.

  What's Changed

  • fix: Patch react-photoswipe-gallery to prevent XSS in captions

  Full Changelog: https://github.com/plankanban/planka/compare/v1.26.2...v1.26.3

  Downloads

  • planka-prebuild.zip
    6.4 MiB

    2025-10-09 18:33:34 +03:00
  • Source Code (ZIP)
  • Source Code (TAR.GZ)