This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+2 more
ReleasePort's take
Moderate signalWeKan v9.23 ships a critical security fix (BFLABleed) alongside filtering, minicard, and build process improvements. Operators should review release notes to assess applicability and deploy promptly.
Why it matters: Critical security fix for BFLABleed included; review release notes for affected versions and deploy immediately if your deployment is vulnerable.
Summary
AI summaryUpdates https://github.com/wekan/wekan/commit/8baa9124a607e0620ab72d6d16871ed1c08e721a, https://github.com/wekan/wekan/commit/2cc30a85f21742f0f087a9846a52ee28e32830a5, and https://github.com/wekan/wekan/commit/fad217db8a55d95bd62d7d9c431cb60714a54d13 across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Fixes critical security issue BFLABleed. Fixes critical security issue BFLABleed. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Adds local build cache for npm packages and http downloads. Adds local build cache for npm packages and http downloads. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Adds script to revert git add in build process. Adds script to revert git add in build process. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Dependency | Medium |
Bumps brace-expansion from 5.0.5 to 5.0.6. Bumps brace-expansion from 5.0.5 to 5.0.6. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Fixes WeKan version update script issue. Fixes WeKan version update script issue. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Adds Filter test at part 4 and fixes related issues. Adds Filter test at part 4 and fixes related issues. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Fixes missing label and dates on minicards. Fixes missing label and dates on minicards. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Fixes Filter functionality issues. Fixes Filter functionality issues. Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
This release fixes the following CRITICAL SECURITY ISSUES: https://wekan.fi/hall-of-fame/bflableed/ :
- Fix BFLABleed
Thanks to Fredrik Dietrichson and xet7.
and adds the following new features:
- Build scripts: Add local build cache, for npm packages and http downloads.
Thanks to xet7. - Build scripts: Added script to revert git add.
Thanks to xet7.
and adds the following updates:
- Bump brace-expansion from 5.0.5 to 5.0.6.
Thanks to dependabot.
and fixes the following bugs:
- Fix WeKan version update script.
Thanks to xet7. - Fix tests. Added Filter test at part 4.
Part 3,
Part 4.
Thanks to xet7. - Fix No label and dates on any minicard.
Thanks to hmeunier95 and xet7. - Fix Filter.
Thanks to hmeunier95 and xet7.
Thanks to above GitHub users for their contributions and translators for their translations.
Security Fixes
- Fix BFLABleed – critical security issue resolved (Hall of Fame entry)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About wekan
The Open Source kanban, built with Meteor. GitHub issues/PRs are only for FLOSS Developers, not for support, support is at https://wekan.fi/commercial-support/ . New English strings for new features at imports/i18n/data/en.i18n.json . Non-English translations at https://app.transifex.com/wekan/wekan only.
Beta — feedback welcome: [email protected]