| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| use_system_css_and_js.patch | use system css and js instead of using vendored versions for css & javascript libs, use the ones provided by the appropriate Debian packages instead. |
Joseph Nahmias <joe@nahmias.net> | not-needed | vendor | 2022-09-11 | |
| use_system_php_libs.patch | use PHP libraries installed in the system instead of the vendored ones | Joseph Nahmias <joe@nahmias.net> | not-needed | vendor | 2022-07-24 | |
| adapt_to_newer_symfony.patch | adapt to newer symfony console API upstream has symfony console pinned to v4.4.37; however Debian bookworm has 5.4 updates the cli code for the changes in the API |
Joseph Nahmias <joe@nahmias.net> | no | vendor | 2022-07-24 | |
| do_not_stop_tests_after_first_error.patch | continue tests even after there's a failure/error | Joseph Nahmias <joe@nahmias.net> | not-needed | vendor | 2022-07-24 | |
| loosen_php_module_version_requirements.patch | unpin versions of various PHP modules used allows better handling of auto-generated package dependencies | Joseph Nahmias <joe@nahmias.net> | not-needed | vendor | 2022-09-11 | |
| fix_version_testing.patch | strip extra Debian part of version for comparisons | Joseph Nahmias <joe@nahmias.net> | not-needed | vendor | 2022-07-24 | |
| fix_plugin_dir_test.patch | fix unittest which assumes that git master is being tested | Joseph Nahmias <joe@nahmias.net> | no | vendor | 2022-07-24 | |
| CVE-2023-32685.patch | fix for CVE-2023-32685 Clipboard based cross-site scripting (blocked with default CSP) https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv |
Frdric Guillot <fred@kanboard.net> | no | upstream | 2023-05-24 | |
| CVE-2023-33969.patch | [PATCH] Avoid stored XSS in task external link | =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net> | no | 2023-05-28 | ||
| CVE-2023-33956.patch | [PATCH] Fix Parameter based Indirect Object Referencing leading to private file exposure | =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net> | no | 2023-05-24 | ||
| CVE-2023-33970.patch | [PATCH] Add missing permission check when creating/updating internal links | =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net> | no | 2023-05-29 | ||
| CVE-2023-33968.patch | [PATCH] Add missing project permission check for Move/Duplicate task to another project | =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net> | no | 2023-05-29 | ||
| CVE-2023-36813.patch | [PATCH] Avoid potential SQL injections without breaking compatibility with plugins | =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net> | no | 2023-06-30 |