Tags: kimai/kimai
Tags
Release 2.58 (#5952) * bump version * fix formatting locale reset after embedded controller sub-requests (#5944) * fix GHSA-c6w6-57jj-62vh * fix GHSA-m492-gv72-xvxj * fix GHSA-jr9p-4h4j-6c58 * make sure to only use JS logic to call API endpoints * fixes GHSA-r8vr-m544-qh4h * make sure to only use JS logic to call API endpoints * fix GHSA-rw46-qg69-vg6h * fix GHSA-pj8j-p4g4-4vw8 - prevent kimai from rendering images via markdown * fix GHSA-pj8j-p4g4-4vw8 - use a safe network client to prevent SSRF via images * fix GHSA-xv4r-4885-gwpg * fix GHSA-pgcc-vfmc-7cw5 - move GET routes to API with POST method to prevent CSRF * fix tooltip survives page reload * updated wizard images * split wizard and password reset subscriber into two classes * relax upper php limit * added zizmor workflow scans and apply findings * user permissions <name>_other_profile now respect teams * move all linting steps to new job * updated docker image version names * use .env.local for storing APP_SECRET * improve build order and use given tag as ref for checkout, not default main branch * improved APP_SECRET handling, see entrypoint.sh * use local code for building the image for more flexibility, added dockerignore
Translated using Weblate (#5928) Co-authored-by: Christopher Picón <ntrpc.tech@users.noreply.hosted.weblate.org> Co-authored-by: Gabriel <bloxgabriel18@gmail.com> Co-authored-by: Kevin Papst <kevin@kevinpapst.de> Co-authored-by: Massimo Pissarello <mapi68@gmail.com> Co-authored-by: Milo Ivir <mail@milotype.de> Co-authored-by: Posemartonis <weblate.drainage895@passmail.net> Co-authored-by: Preben Rather Sørensen <preben@rather.dk>
Translated using Weblate (#5911) Co-authored-by: Christopher Picón <ntrpc.tech@users.noreply.hosted.weblate.org> Co-authored-by: Massimo Pissarello <mapi68@gmail.com> Co-authored-by: Posemartonis <weblate.drainage895@passmail.net> Co-authored-by: Preben Rather Sørensen <preben@rather.dk>
PreviousNext