Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Sep 2019 10:15:19 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 240132] www/mattermost-{webapp,server}: Update to 5.15.0
Message-ID:  <bug-240132-7788-S9VzWWIh99@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-240132-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-240132-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240132

--- Comment #14 from Ra=C3=BAl <raul.munoz@custos.es> ---
(In reply to Kubilay Kocak from comment #13)

As per mattermost policy, security issues are disclosed within a month after
fixes are available. Right now, one known:

https://mattermost.com/security-updates/#mattermost-server
[....]
    Security Update #5.14.0.1
        (Denial of Service) Fixed an issue where a specifically constructed=
 SVG
could be uploaded which would cause the web and desktop apps to freeze when
viewing that channel. Thanks to severus for contributing to this improvement
under the Mattermost responsible disclosure policy.=20
[....]

and a ton of fixes / improvements:

https://docs.mattermost.com/administration/changelog.html
[....]

    Fixed an issue where an invalid locale caused a white screen.
    Fixed an issue where rate limited posts failed to load threads.
    Improved the group linking failure error message and logging to make it
clear that the group id attribute is most likely misconfigured.
    Fixed an issue where the right-hand side did not fetch messages on sock=
et
reconnect when a different channel was in center.
    Fixed an issue where posting a message in an empty channel sometimes ca=
used
the channel to display a loading spinner.
    Fixed an issue where deleting the last post in a channel caused the cha=
nnel
to only display a loading spinner.
    Fixed an issue with an absence of unread badges on private channels on
mobile apps.
    Fixed an issue where at-sign was missing in front of usernames in push
notifications.
    Fixed some bugs related to the new keyboard accessibility feature.
    Fixed an issue where the =E2=80=9C@=E2=80=9D sign was replaced with key=
board accessibility
feature on Italian keyboard.
    Fixed an issue where joining a new channel with few posts sometimes did=
 not
take the user to the bottom of the channel.
    Fixed an issue where scroll pop sometimes occured with embedded Youtube
links.
    Fixed an issue with stuttery dropdowns in Safari.
    Fixed an issue where clicking on a post would highlight it after return=
ing
to the tab/window.
    Fixed an issue where SVG attachments bled over into subsequent posts.
    Fixed an issue where long posts were overlapping in compact view.
    Fixed an issue where the expand/collapse button in images were underlin=
ed.
    Fixed an issue where incoming webhook URL was clickable and shown as a =
link
on the desktop app.
    Fixed an issue where the markdown helper text was missing on Edit Chann=
el
Header modal.
    Fixed an issue on mobile view where Edit/Delete/More options were not
displayed on the right-hand side after a message was posted.
    Fixed an issue where the channel mute icon was displayed in the incorre=
ct
position when a channel was muted.
    Fixed an issue where there was an extra menu divider on Town Square cha=
nnel
menu.
    Fixed an issue on Firefox where post and comment boxes were expanding t=
oo
early.
    Fixed an issue where focus was not automatically set on text input box
after selecting an emoji from the emoji picker.
    Fixed an issue where channel changes were not updated for other users u=
ntil
refresh.
    Fixed an issue where changes to Account Settings were being saved even =
when
the user did not click the Save button.
    Fixed an issue where some of the links in System Console opened the pag=
e on
the same tab instead of opening it on a new browser/tab.
    Fixed an issue where installing a plugin via URL failed if the download
took longer then 30 seconds.
    Fixed an issue where plugins did not get disabled when removing them.
    Fixed an issue where plugin translation files were not updated on
web-clients when plugins were upgraded.
    Fixed an issue where bots could not be added to any team if server wide
email domain restriction was enabled.
    Fixed an issue where pagination broke when adding users to a team.
    Fixed an issue where list of users were not paginated on warning modal =
for
LDAP group sync team / channel removal.
    Fixed an issue where enabling LDAP Trace prevented login.
    Fixed an issue where Google User API Endpoint showed an outdated helper
text.
    Fixed an issue where a markdown image with an SVG briefly displayed for
sender with EnableSVGs set to false.
    Fixed an issue with an incorrect error message on Custom URL Schemes fi=
eld.
[....]

plus the 5.14 fixes and enhancementes:

[....]
v5.14.3, release date TBD

    Fixing an issue where edited posts are not included in Compliance Export
(Beta). MM-18522

v5.14.2, released 2019-08-30

    Fixed an issue where Mattermost crashed when date-related search terms =
on:
before: and after: were used in search. MM-18143

v5.14.1, released 2019-08-28

    Fixed issues with keyboard accessibility where post and search textboxes
did not read characters when using the arrow keys to move back and forth
through the text. MM-17964 and MM-17974
[....]

[....]

    Fixed an issue where pagination of group members was broken in LDAP Gro=
ups.
    Fixed an issue where the options to leave a team was disabled for all t=
eams
and not just the primary team when a primary team was set.
    Fixed an issue where bulk import got stuck when importing lines were
missing the =E2=80=9Ctype=E2=80=9D entry.
    Fixed an issue where titles for webhooks, commands and OAuth apps were =
no
longer bolded in the System Console.
    Fixed an issue where disabling email notifications also disabled email
invites.
    Fixed an issue where Admins were shown a warning of a user=E2=80=99s bo=
t being
deactivated even if they already were.
    Fixed an issue where a bot profile image disappeared when saving bot
details.
    Fixed an issue where plus-sign was not visible on mobile browser view f=
or
reacting with a new emoji next to existing reactions.
    Fixed an issue in the System Console where the UserID in User Activity =
Logs
changed from email to UserID.
    Fixed an issue where user got a notification to add a bot to a channel =
when
mentioning it.
    Fixed an issue where permanenently deleting a bot user didn=E2=80=99t r=
emove it
from the bots table.
    Fixed an issue where a scroll pop was caused by large image dimensions =
in
markdown.
[....]

Hope it helps.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240132-7788-S9VzWWIh99>