Skip to content

Releases: mikitex70/redmine_drawio

Potential XSS security vulnerability

18 Jun 08:52
@mikitex70 mikitex70
v1.4.1
f96c7f8
Compare
Choose a tag to compare
Potential XSS security vulnerability

Fixed a potential XSS security vulnerability on macro dialogs.
The vulnerability is really minimal as the form is never submitted, but can made happy automatic scanning tools.

Other German translations have also been added in this version.

Loading

Fixed working on Redmine 5

20 May 16:39
@mikitex70 mikitex70
v1.4.0
1cbcea0
Compare
Choose a tag to compare
Fixed working on Redmine 5

Thanks to the contribution from @sk-ys the plugin now works fine on Redmine 5.

Contributors

sk-ys
Loading

Fixed viewer for diagrams in XML format

14 May 15:37
@mikitex70 mikitex70
v1.3.1
50f334a
Compare
Choose a tag to compare
Fixed viewer for diagrams in XML format

A recent change to the Drawio script for viewing diagrams in XML format broke the plug-in.
With this release it should be more resilient to change.

Loading

Administrator can now completely disable SVG diagram support

19 Feb 17:23
@mikitex70 mikitex70
v1.3.0
459181d
Compare
Choose a tag to compare
Administrator can now completely disable SVG diagram support

For security reasons now if the administrator disable SVG diagrams, they are fully disabled: existing SVG diagrams are no longer displayed and must be converted to another format.

Loading

Fixed rendering of diagrams in XML format

05 Jan 14:55
@mikitex70 mikitex70
v1.2.1
36f276f
Compare
Choose a tag to compare
Fixed rendering of diagrams in XML format

This is a minor fix, to track changes of an external Javascript from embed.diagrams.net (see #105).
The error is independent from the redmine_drawio plugin version, it also affects past versions, starting from when that file was modified.

Loading

Fixed XSS security with svg diagrams

24 Nov 17:43
@mikitex70 mikitex70
v1.2.0
b4c2e2e
Compare
Choose a tag to compare
Fixed XSS security with svg diagrams

Diagrams in SVG format can introduce XSS security issues, as they can have Javascript inside.

In this version a plugin setting has been added to allow to choose how svg images are displayed:

  • if svg is disabled, they are rendered as a base64 svg (hyperlinks not working)
  • if svg is enabled, they are rendered as inline svg, but they are vulnerable to XSS issues (mitigated, but not eliminated)

See the README.md for more details.
Many thanks to @maudov for pointing me to this important issue.

Contributors

maudov
Loading

Fixed XSS security with svg diagrams

26 Sep 18:38
@mikitex70 mikitex70
v1.1.4
dc561fb
Compare
Choose a tag to compare
Fixed XSS security with svg diagrams

Changes in this release:

  • fixed a XSS security problem with SVG diagrams, which could be used to execute arbitrary Javascript in the browser
  • added comment in wiki page when editing an attached diagram.
Loading

Fixed saving in wiki pages with single quotes

19 Aug 06:03
@mikitex70 mikitex70
v1.1.2
aca6f53
Compare
Choose a tag to compare
Fixed saving in wiki pages with single quotes

Fixed saving diagrams as attachments in wiki pages with single quotes in the page name (fixes #98).

Loading

Fixed view of XML diagrams

16 Jul 16:21
@mikitex70 mikitex70
v1.1.1
c88ff54
Compare
Choose a tag to compare
Fixed view of XML diagrams

The dynamic patch of the viewer-static.min.js was broken due to an
update of the library.
Now the dynamic patch should be more robust.

Loading

Enabled use of custom libraries in the diagram editor

18 Jun 05:58
@mikitex70 mikitex70
v1.1.0
670652e
Compare
Choose a tag to compare
Enabled use of custom libraries in the diagram editor

Only a minor change.
Now is in the diagram editor is possible to create and use custom libraries of shapes.

Loading