CeSGOstats

Release date: 2026-01-07

Fixed an LDAP injection issue by properly escaping placeholders in LDAP queries.
Prevented protocol-relative URLs (//example.com) from being used as login redirect targets.
Added a new TRUSTED_PROXY_NETWORKS configuration option to explicitly define trusted reverse proxy networks.
Introduced an optional security feature to block private network access when fetching external web links (configurable).

Restored Ctrl + Enter keyboard shortcut for submitting the task creation form.
Updated translations for multiple languages.

Updated Alpine Linux base image from 3.22 to 3.23.
Updated GitHub Actions dependencies:
- actions/checkout from v5 to v6
- actions/upload-artifact from v4 → v5 → v6

Release date: 2025-10-18

Release date: 2025-08-11

refactor: add namespace to test files
fix: the $escape parameter must be provided in PHP 8.4 for CSV functions
fix: sanitize and validate uploaded files path
fix: do not load RememberMeAuth provider when REMEMBER_ME_AUTH is false
fix: avoid PHP warning when external user creation is disabled
feat!: remove file cache driver to avoid using unserialize()
feat!: ignore legacy events serialized with PHP due to potential security issues
feat: add new actions: TaskAssignCurrentUserColumnIfNoUserAlreadySet and TaskAssignToUserOnCreationInColumn
feat: Add new pdf() method in Core\Http\Response
ci: run php-cs-fixer on GitHub Actions
ci: remove unnecessary labels from issue templates
chore: replace deprecated gh-cli feature source in devcontainer configuration

Release date: 2025-06-22

refactor: update return type in filter apply methods
fix(security): prevent potential Host header injection via SERVER_NAME
- You must specify the Kanboard application URL explicitly to generate correct URLs from email notifications. The default is http://localhost/.
fix: make various PHP 8.x compatibility changes
fix: avoid Implicitly nullable parameter declarations errors in PHP 8.4
feat: validate plugin archive URL before downloading
feat: use PHP 8.4 in the official Docker image
feat: show CAPTCHA on login form regardless of user existence
feat: add new option to enable notifications by default for new users
feat: add healthcheck endpoint healthcheck.php, and new Docker Compose files for MariaDB, Postgres, and SQLite
feat: add TRUSTED_PROXY_HEADERS config option
- If you use a reverse proxy, you can now specify which headers to trust for the client IP address. Nothing is trusted by default.
docs: add CONTRIBUTING.md file
ci(docker): avoid using set-output deprecated command
chore!: PHP 8.1 is now the minimum version supported
- !! PHP 7.4 is no longer supported !!
chore: update docker-compose.yml sample file to the latest specs
chore: remove obsolete Vagrantfile
build(deps): bump Alpine Docker image from 3.21 to 3.22

Release date: 2025-05-23

refactor: reuse existing helpers in tasks import form
fix(filter): handle null input in the Lexer class
fix(docker): legacy key/value format with whitespace separator should not be used
fix(api): allow and validate creator ID assignment in task creation
feat(routes): add view routes for project and task file browsing
feat(locale): update all language files using machine translation
feat(api): add priority fields to createProject and updateProject procedures
feat: allow attaching screenshots and files when creating a task
feat: add task title to overdue notification title
ci: replace GitHub Issue Markdown templates with YAML forms
ci: remove broken SQL Server unit tests pipeline
ci: improve pull request template
ci: add commit linter to validate conventional commit messages in pull requests

CeSGO Dashboard 2.1.0