Vikunja (/vɪˈkuːnjə/)1d ago

🔒 Vikunja 2.2.2 is out: nine security fixes including a critical chain that could expose instance-wide data. Also adds centralized SSRF protection and a few nice bug fixes. Please update soon!

(2.2.1 has been released as well but did not fix the issues fully, therefore I went and pushed 2.2.2 right after)

https://vikunja.io/changelog/vikunja-v2.2.2-was-released

Vikunja 2.2.1 and 2.2.2: Nine security fixes, and quality of life improvements

Vikunja 2.2.1 and 2.2.2 fix nine security vulnerabilities including a critical chain allowing unauthenticated instance-wide data access, adds centralized SSRF protection, and includes several bug fixes and improvements.

Show threadŁukasz Mróz
@vikunja That's great. However I have a problem with Vikunja.Cloud which is logging me out every 10 minutes, regardless of "Remember me" option being checked. It's the same with web interface and desktop app, even unstable. I've paid for this service, wanted to help the project... and I haven't got any reply about the issue on the forum since couple of weeks. I'm about to cancel the subscription because right now the app is unusable for me. Pitty...
Mar 24 at 6:11amWeb
Show threadVikunja (/vɪˈkuːnjə/)1d ago

@fr0zi Really sorry to hear this!

There have been fixes to this, please check again now. If you're using the desktop client, you'll need to update that as well.

Show threadŁukasz Mróz1d ago
@vikunja Thanks. Good to know. Unfortunately now it's even more interesting. It seems my account has been disabled...
Show threadVikunja (/vɪˈkuːnjə/)22h ago
@fr0zi that should not be the case. Can you reach out via email so that we can look into this?
Show threadŁukasz Mróz22h ago
@vikunja Sure, will do. Thanks