From owner-freebsd-ports-bugs@freebsd.org Tue Sep 17 10:15:20 2019 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2A87BFDFE1 for ; Tue, 17 Sep 2019 10:15:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 46XfBJ0QStz3KT1 for ; Tue, 17 Sep 2019 10:15:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 0CA8CFDFE0; Tue, 17 Sep 2019 10:15:20 +0000 (UTC) Delivered-To: ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0C6B4FDFDF for ; Tue, 17 Sep 2019 10:15:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46XfBH6ZYhz3KSy for ; Tue, 17 Sep 2019 10:15:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C0D366F3B for ; Tue, 17 Sep 2019 10:15:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x8HAFJJk066347 for ; Tue, 17 Sep 2019 10:15:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x8HAFJuY066346 for ports-bugs@FreeBSD.org; Tue, 17 Sep 2019 10:15:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 240132] www/mattermost-{webapp,server}: Update to 5.15.0 Date: Tue, 17 Sep 2019 10:15:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: needs-patch, needs-qa, security X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: raul.munoz@custos.es X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 10:15:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240132 --- Comment #14 from Ra=C3=BAl --- (In reply to Kubilay Kocak from comment #13) As per mattermost policy, security issues are disclosed within a month after fixes are available. Right now, one known: https://mattermost.com/security-updates/#mattermost-server [....] Security Update #5.14.0.1 (Denial of Service) Fixed an issue where a specifically constructed= SVG could be uploaded which would cause the web and desktop apps to freeze when viewing that channel. Thanks to severus for contributing to this improvement under the Mattermost responsible disclosure policy.=20 [....] and a ton of fixes / improvements: https://docs.mattermost.com/administration/changelog.html [....] Fixed an issue where an invalid locale caused a white screen. Fixed an issue where rate limited posts failed to load threads. Improved the group linking failure error message and logging to make it clear that the group id attribute is most likely misconfigured. Fixed an issue where the right-hand side did not fetch messages on sock= et reconnect when a different channel was in center. Fixed an issue where posting a message in an empty channel sometimes ca= used the channel to display a loading spinner. Fixed an issue where deleting the last post in a channel caused the cha= nnel to only display a loading spinner. Fixed an issue with an absence of unread badges on private channels on mobile apps. Fixed an issue where at-sign was missing in front of usernames in push notifications. Fixed some bugs related to the new keyboard accessibility feature. Fixed an issue where the =E2=80=9C@=E2=80=9D sign was replaced with key= board accessibility feature on Italian keyboard. Fixed an issue where joining a new channel with few posts sometimes did= not take the user to the bottom of the channel. Fixed an issue where scroll pop sometimes occured with embedded Youtube links. Fixed an issue with stuttery dropdowns in Safari. Fixed an issue where clicking on a post would highlight it after return= ing to the tab/window. Fixed an issue where SVG attachments bled over into subsequent posts. Fixed an issue where long posts were overlapping in compact view. Fixed an issue where the expand/collapse button in images were underlin= ed. Fixed an issue where incoming webhook URL was clickable and shown as a = link on the desktop app. Fixed an issue where the markdown helper text was missing on Edit Chann= el Header modal. Fixed an issue on mobile view where Edit/Delete/More options were not displayed on the right-hand side after a message was posted. Fixed an issue where the channel mute icon was displayed in the incorre= ct position when a channel was muted. Fixed an issue where there was an extra menu divider on Town Square cha= nnel menu. Fixed an issue on Firefox where post and comment boxes were expanding t= oo early. Fixed an issue where focus was not automatically set on text input box after selecting an emoji from the emoji picker. Fixed an issue where channel changes were not updated for other users u= ntil refresh. Fixed an issue where changes to Account Settings were being saved even = when the user did not click the Save button. Fixed an issue where some of the links in System Console opened the pag= e on the same tab instead of opening it on a new browser/tab. Fixed an issue where installing a plugin via URL failed if the download took longer then 30 seconds. Fixed an issue where plugins did not get disabled when removing them. Fixed an issue where plugin translation files were not updated on web-clients when plugins were upgraded. Fixed an issue where bots could not be added to any team if server wide email domain restriction was enabled. Fixed an issue where pagination broke when adding users to a team. Fixed an issue where list of users were not paginated on warning modal = for LDAP group sync team / channel removal. Fixed an issue where enabling LDAP Trace prevented login. Fixed an issue where Google User API Endpoint showed an outdated helper text. Fixed an issue where a markdown image with an SVG briefly displayed for sender with EnableSVGs set to false. Fixed an issue with an incorrect error message on Custom URL Schemes fi= eld. [....] plus the 5.14 fixes and enhancementes: [....] v5.14.3, release date TBD Fixing an issue where edited posts are not included in Compliance Export (Beta). MM-18522 v5.14.2, released 2019-08-30 Fixed an issue where Mattermost crashed when date-related search terms = on: before: and after: were used in search. MM-18143 v5.14.1, released 2019-08-28 Fixed issues with keyboard accessibility where post and search textboxes did not read characters when using the arrow keys to move back and forth through the text. MM-17964 and MM-17974 [....] [....] Fixed an issue where pagination of group members was broken in LDAP Gro= ups. Fixed an issue where the options to leave a team was disabled for all t= eams and not just the primary team when a primary team was set. Fixed an issue where bulk import got stuck when importing lines were missing the =E2=80=9Ctype=E2=80=9D entry. Fixed an issue where titles for webhooks, commands and OAuth apps were = no longer bolded in the System Console. Fixed an issue where disabling email notifications also disabled email invites. Fixed an issue where Admins were shown a warning of a user=E2=80=99s bo= t being deactivated even if they already were. Fixed an issue where a bot profile image disappeared when saving bot details. Fixed an issue where plus-sign was not visible on mobile browser view f= or reacting with a new emoji next to existing reactions. Fixed an issue in the System Console where the UserID in User Activity = Logs changed from email to UserID. Fixed an issue where user got a notification to add a bot to a channel = when mentioning it. Fixed an issue where permanenently deleting a bot user didn=E2=80=99t r= emove it from the bots table. Fixed an issue where a scroll pop was caused by large image dimensions = in markdown. [....] Hope it helps. --=20 You are receiving this mail because: You are the assignee for the bug.=