Small Improvements and Bug Fixes
The Allegra Development Sprint 8.1.7 includes improvements, bug fixes, and security corrections completed during this sprint.
Important: After the update, please clear your browser cache to ensure that all changes are loaded correctly.
Improvements
- [29445] Sprint-specific creation of recurring tasks
- [29338] Links to wiki documents now open directly in the wiki, where possible
- [29351] Script management: administrators can now see which scripts are being used
- [29424] GitLab integration: improved handling of deleted repositories
- [29435] Adjustment of label text for observer message selection
- [29439] [Webhook] Support exclusively for POST requests
- [29441] Improved download speed for Allegra WAR from allegra.com
- [29568] Revision and optimization of GitLab synchronization
- [29584] Added comment parameter for the REST endpoint
/executeQueryByID/{queryID} - [29620] Global search added to the Scrum application
- [29681] Inline links to attachments are now always saved in documents
- [29339] Selection of organizational units in LDAP connections (a user can belong to only one unit)
Bug Fixes
- [29178] Issue browser occasionally lost column styling for status
- [29337] Missing German translation for “Request raised on behalf of”
- [29416] Corrected default avatar for client users in dark mode
- [29582] Prevented multiple simultaneous auto-scrolls in the card view
- [29595] Fixed error when importing custom lists
- [29604] Privacy policy and imprint URL on the login page can now be hidden
- [29628] Fixed lost attachment references after changes to the document structure
- [29639] Updating dependencies for the rich text editor in the issue form now works correctly
- [29675] Fixed crash when exporting from the issue navigator
- [29432] Restored automatic vertical scrolling in the issue navigator’s filter view
- [29691] User creation no longer fails due to a JavaScript error
Security Fixes
| CVE/ZDI CAN | Affected Products | CVSS Score + Vector | Description |
|---|---|---|---|
| [29621], No CVE assigned | Allegra versions 8: less than 8.1.7 Allegra versions 7: less than 7.5.2.84 | 7.2 – High: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | An authenticated administrator is able to upload specially crafted ZIP files that include path-traversal entries. This way an attacker can execute arbitrary code remotely and gain access to sensitive information. Credits: Swagat Kumar Mishra (ZDayLabs) |
Christoph Friedrich
CEO Alltena GmbH
Christoph Friedrich is a computer scientist and certified Project Management Professional. He has extensive experience in the introduction and integration of project management tools as well as the analysis and definition of processes in project and service management.