Allegra Release Notes

Release Notes for Allegra Release 8.1.7

by Administrator

Small Improvements and Bug Fixes

The Allegra Development Sprint 8.1.7 includes improvements, bug fixes, and security corrections completed during this sprint.

Important: After the update, please clear your browser cache to ensure that all changes are loaded correctly.

Improvements

  • [29445] Sprint-specific creation of recurring tasks
  • [29338] Links to wiki documents now open directly in the wiki, where possible
  • [29351] Script management: administrators can now see which scripts are being used
  • [29424] GitLab integration: improved handling of deleted repositories
  • [29435] Adjustment of label text for observer message selection
  • [29439] [Webhook] Support exclusively for POST requests
  • [29441] Improved download speed for Allegra WAR from allegra.com
  • [29568] Revision and optimization of GitLab synchronization
  • [29584] Added comment parameter for the REST endpoint /executeQueryByID/{queryID}
  • [29620] Global search added to the Scrum application
  • [29681] Inline links to attachments are now always saved in documents
  • [29339] Selection of organizational units in LDAP connections (a user can belong to only one unit)

Bug Fixes

  • [29178] Issue browser occasionally lost column styling for status
  • [29337] Missing German translation for “Request raised on behalf of”
  • [29416] Corrected default avatar for client users in dark mode
  • [29582] Prevented multiple simultaneous auto-scrolls in the card view
  • [29595] Fixed error when importing custom lists
  • [29604] Privacy policy and imprint URL on the login page can now be hidden
  • [29628] Fixed lost attachment references after changes to the document structure
  • [29639] Updating dependencies for the rich text editor in the issue form now works correctly
  • [29675] Fixed crash when exporting from the issue navigator
  • [29432] Restored automatic vertical scrolling in the issue navigator’s filter view
  • [29691] User creation no longer fails due to a JavaScript error

Security Fixes

CVE/ZDI CAN Affected Products CVSS Score + Vector Description
[29621], No CVE assigned Allegra versions 8: less than 8.1.7
Allegra versions 7: less than 7.5.2.84
7.2 – High:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
An authenticated administrator is able to upload specially crafted ZIP files that include path-traversal entries. This way an attacker can execute arbitrary code remotely and gain access to sensitive information.

Credits: Swagat Kumar Mishra (ZDayLabs)

Back to overview