Skip to content
kanboard
Dashboards & Home Pages
Kanboard is an open‑source project management tool that implements the Kanban methodology.
PHP
·
Latest v1.2.52 · 2mo ago
Security brief →
Features
-
Provides a web‑based Kanban board for task tracking
-
Supports customizable columns, subtasks, and activity logs
-
Offers built‑in authentication and permission controls
v1.2.52
Security relevant
·
Security fixes
- Timing-safe comparisons for API token validation
- Parameterized queries for task operations
Full changelog
- Enforce comment visibility rules for public and unauthenticated users:
- Restricted comments are no longer exposed in public task views.
- Users cannot create comments with a visibility level higher than their role.
- Revoke public access tokens for inactive users.
- Use timing-safe comparisons (
hash_equals) for API and webhook token validation to mitigate timing attacks.
- Replace raw SQL interpolation with parameterized queries in:
- Task queries (
TaskFinderModel)
- iCalendar export conditions
- Validate task ownership in bulk operations:
- Ensure tasks belong to the specified project before applying bulk changes.
v1.2.51
Security relevant
·
Security fixes
- SSRF protection for webhook notifications
- Unsafe deserialization prevention
- Parameter injection restrictions
v1.2.50
Security relevant
·
Security fixes
- Authorization checks added in controllers
- Parsedown safe mode enabled
- CSRF protection for roles
v1.2.49
Security relevant
·
Security fixes
- LDAP injection vulnerability
- Protocol-relative URL redirect prevention
Notable features
- TRUSTED_PROXY_NETWORKS configuration option
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
About
Languages
PHP
·
JavaScript
·
CSS
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for ""
⌘K to open
↑↓ navigate
⏎ open
