planka - 7F Project

starred/planka

mirror of https://github.com/plankanban/planka.git synced 2025-12-06 09:13:16 +03:00

v2.0.0-rc.4 cec09b2db2

Compare
Stable

OVERLORD released this 2025-09-04 14:53:03 +03:00 | 206 commits to master since this release
Security Release
- Fixed a vulnerability where maliciously renamed file attachments could execute JavaScript in the gallery UI.
- The issue originated from an upstream library react-photoswipe-gallery, but PLANKA has patched it locally to prevent the use of dangerous innerHTML when setting gallery captions.
- Users should update to PLANKA >= 1.26.3 or >= 2.0.0-rc.4 to be protected.
- More details and credits: Security Advisory
- Reported by @AmjadAlii via responsible disclosure.
What's Changed
- fix: Patch react-photoswipe-gallery to prevent XSS in captions
Full Changelog: https://github.com/plankanban/planka/compare/v2.0.0-rc.3...v2.0.0-rc.4
Downloads
- planka-prebuild.zip
  4.4 MiB
  2025-10-09 18:33:31 +03:00
- Source Code (ZIP)
- Source Code (TAR.GZ)