379d8a5c19
End-to-end regression test for GHSA-96q5-xm3p-7m84 / CVE-2026-35594: mints a JWT for a link share via the real helper, then deletes the share row and invokes the real ReadAllWeb handler to prove the full request path (not just the unit-tested GetLinkShareFromClaims) surfaces the revocation. Also fixes a pre-existing stale literal in the TestLinkSharing test fixture struct: linkshareRead declared Hash="test1" while the actual fixture row id=1 uses Hash="test". The old code never looked at the DB so the mismatch went unnoticed; after the fix it would cause every link-share webtest that used linkshareRead to fail hash validation.
Vikunja
The Todo-app to organize your life.
If Vikunja is useful to you, please consider buying me a coffee, sponsoring me on GitHub or buying a sticker pack. I'm also offering a hosted version of Vikunja if you want a hassle-free solution for yourself or your team.
Table of contents
Security Reports
If you find any security-related issues you don't want to disclose publicly, please use the contact information on our website.
Features
See the features page on our website for a more exhaustive list or try it on try.vikunja.io!
Docs
All docs can be found on the Vikunja home page.
Roadmap
See the roadmap (hosted on Vikunja!) for more!
Contributing
Please check out the contribution guidelines on the website.
License
Most of this repository is licensed under AGPL‑3.0‑or‑later.
The contents of desktop/ are licensed under
GPL‑3.0‑or‑later.
Unsplash Images
Background images from Unsplash are distributed under the Unsplash License. The license requires giving credit to the photographer and Unsplash. See Unsplash’s terms for more information.