Tracks is a GTD™ web application, built with Ruby on Rails
GPL-2.0 License
Bot releases are hidden (Show)
This release fixes a few reflected XSS vulnerabilities which enabled execution
of malicious JavaScript in the context of a user’s browser if that user clicks
on a malicious link, possibly allowing retrieval or modification of the current
user's data. The issue is of moderate severity (score 6.1/10) with the CVSS
rating CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
I want to thank Alec Romano for reporting the issues.
Published by ZeiP 4 months ago
Published by ZeiP about 2 years ago
Published by ZeiP over 2 years ago
Published by ZeiP almost 3 years ago
Published by ZeiP about 4 years ago
See doc/upgrading.md for the upgrade documentation!
Joe Thorpe from Secarma disclosed an XSS issue that was inadvertently
fixed in 2.5.0 by another bug fix. Tracks previously rendered XSS content
in the user's own data. The content is only shown to the user themself,
which mitigates the vulnerability in the normal use case where a single
user account is only used by one person. The CVSS rating for self-XSS is
debatable and thus is not published for this issue.
I want to thank Joe for reporting the issue and for the insightful discussion
regarding the issue. Thanks to the disclosure there is now also a written
security policy for the project.
Published by ZeiP about 4 years ago
See doc/upgrading.md for the upgrade documentation!
Published by mattr- over 4 years ago
Plenty of security fixes.
A small update to the new todo creation sidebar to make use of bootstrap's styles to provide more space for the UI.
Published by ZeiP almost 5 years ago
This is a quick release to fix an issue in the migration to the new release. There are no changes affecting a fresh install compared to version 2.4.0.
Published by ZeiP almost 5 years ago
PLEASE NOTE: Upgrading to 2.4.0 from earlier versions might fail at least with a MySQL database because of a broken migration. We suggest using 2.4.0 only for new installs for now.
Published by dnrce over 9 years ago
Published by dnrce about 10 years ago
We need your help to finalize the release -- please test this new version for both clean installations and upgrades, and report any issues.
Note that there are some slight changes to the installation and upgrading procedures, so please test these documents by following their instructions to the letter, and report any problems.
Published by dnrce about 10 years ago