wekan

v9.09 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 27d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

docker javascript kanban meteor real-time sandstorm

+2 more

snapcraft wekan

Summary

AI summary

Fixed the critical AuthBleed security vulnerability.

Full changelog

This release fixes the following CRITICAL SECURITY ISSUES of AuthBleed:

Fixed AuthBleed.
Thanks to Qiulin Deng and xet7.

and adds the following updates:

Docs: Clarified SECURITY.md.
Part 1,
Part 2.
Thanks to xet7.
Updated GitHub Actions to build release bundles.
Thanks to xet7.

and adds the following tests:

Added Playwright Tests 2026-05-07: 16 specs. 306/306 passing.
Thanks to xet7.

Thanks to above GitHub users for their contributions and translators for their translations.

Security Fixes

Fixed AuthBleed – critical authentication bypass vulnerability

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track wekan

Get notified when new releases ship.

About wekan

The Open Source kanban, built with Meteor. GitHub issues/PRs are only for FLOSS Developers, not for support, support is at https://wekan.fi/commercial-support/ . New English strings for new features at imports/i18n/data/en.i18n.json . Non-English translations at https://app.transifex.com/wekan/wekan only.

All releases →

wekan

Summary

Security Fixes

Related context

Related tools