Wekan
Open source kanban board application built with Meteor
Alternative to: trello
About
Versions (100)
v9.65
2026-06-20v9.65 2026-06-20 WeKan ® release
This release adds the following updates:
- Issue triage: closed 13 already-fixed Bug issues (with evidence), relabeled ~25 mislabeled feature requests to
Featurewith a “Feature Request:” title prefix, and prefixed ~35 environment-specific reports “Environment specific:” and gave them theBug:Environment-specificlabel. - Audited labels on all 533 open issues for correctness (type,
Feature:Area,Targets:,Severity:, etc.). - Added 23 missing GitHub labels found by auditing
docs/Loginanddocs/Featuresagainst the issue labels, matching the existing label style and colours (Feature:*=#0052cc,Targets:*=#fbca04), and applied them across open and closed issues:- Login methods (
Feature:User-accounts:*): ADFS, Azure, B2C, Google, Header-Login, Nextcloud, Oracle, Zitadel, Autologin, Accounts-Lockout, Forgot-Password. - Features:
Feature:LaTeX,Feature:Mermaid-Diagram,Feature:Emoji,Feature:Python,Feature:Cards:Cover,Feature:Cards:Location,Feature:Custom-Logo,Feature:RTL,Feature:Members,Feature:Multitenancy,Feature:Allow-private-boards-only. - Platform:
Targets:Apache.
- Login methods (
and adds the following new features:
- Threaded comment replies: card comments gain an optional
parentId; a “Reply” link links a new comment to its parent, rendered with an “in reply to” quote. Initial MVP (single-level visual threading). - Restrict board admins from editing/deleting other users’ comments:
new board setting
restrictCommentEditing(default off). When on, only a comment’s author may edit/delete it; enforced server-side via collection hooks. - Visible status of sub-tasks: each subtask now shows its current list (prefixed with the board title when on a different board) read-only next to its title.
- Drag-and-drop search results into board columns: cards in the
search-results list can be dragged onto board lists, reusing the existing
card.move(). MVP: drops append to the end of the target list (no pixel-precise insertion index yet). - Per-user permanent dismissal of the Announcement banner: a user can permanently close the current announcement so it does not reappear on reload/board-switch, until the admin edits the announcement text (which makes it reappear for everyone).
- Show how many times a card’s due date was changed: the card detail
now displays a “due date changed N times” count (derived from existing
a-dueAtactivities) for deadline accountability. - Restrict adding board members to the same Organization or Team:
new global admin setting
boardMembersFromSameOrgOrTeamOnly(default off). When on, a user can only be added to a board if they share an Organization or Team with the inviter or an active board member; enforced server-side in the invite/search paths. Site admins bypass. - Import Google Calendar
.icsfiles into board cards: MVP, import-only. New dependency-free iCalendar parser (server/lib/icsImport.js) maps eachVEVENTto a card withstartAt/dueAtso events appear on Calendar/Gantt views, plus animportIcsToBoardMeteor method and a REST endpointPOST /api/boards/:boardId/swimlanes/:swimlaneId/lists/:listId/ics(documented in the OpenAPI spec, with animporticsexample inapi.py). Two-way Google Calendar sync is not included (see wekan-ical-server for read-only WeKan→calendar export).
and fixes the following bugs:
- Fixed OIDC/OAuth2 “Log Out” redirecting to the identity provider home page instead of back to Wekan.
With autologin (
OIDC_REDIRECTION_ENABLED=true), clicking Log Out redirected to the OAuth2 server URL (for example the Keycloak base URLhttps://id.company.com), which shows an error page for non-admin users. Added the new optionalOAUTH2_LOGOUT_ENDPOINTsetting: when set to the provider’send_session_endpoint(Keycloak example/realms/<realm>/protocol/openid-connect/logout), Wekan now performs an OIDC RP-initiated logout that ends the identity provider session and returns the user to Wekan (ROOT_URL) viapost_logout_redirect_uri. When unset, logout behaviour is unchanged, so this is backward compatible. For Keycloak 18+, add your WekanROOT_URLto the client’s Valid post logout redirect URIs. See docs/Login/Keycloak/Keycloak.md. Thanks to zambalee and xet7. - Fixed due dates not correctly colour coded: future due dates
more than 48 hours away are now shaded grey (
not-due) instead of amber (due-soon). Root cause was a call todiff(theDate, now, 'days')where'days'is not a valid unit, so the threshold compared raw milliseconds; replaced with a precise hours-based comparison in a single shared helper. - Fixed due date colour mismatch between list and card detail:
an overdue card now shows red in both the minicard/list and the opened card detail. The card-detail status
colours now use
!importantso overdue red overrides the due-date yellow base (matching the minicard), and the colour-decision logic is unified into one shared helper used by both views. - Fixed unable to view all cards by due date: removed the
limit: 100cap in thedueCardspublication so all of a user’s due cards across boards are shown. - Fixed unable to scroll past the first cards in the Due Cards view on mobile: the due-cards list now has a scoped scroll container with a viewport-relative max height.
- Fixed card-detail sub-popups disappearing on mobile: assigning a user or setting the due date on touch devices no longer closes the popup (touch events inside the popup no longer bubble to the click-outside close handler on mobile viewports).
- Fixed mobile board layout and tiny Home button: minicards now render one per row (full width) on narrow screens and the header Home / All Boards button is a proper tap target.
- Fixed enormous icons/menus/text after upgrade: clamped runaway icon/label sizing on mobile.
- Fixed oversized padding/margins and stray ➕ emoji from recent UI changes: trimmed excessive padding/margins on mobile; remaining stray plus emojis are tracked for replacement with a Font Awesome icon.
- Fixed board-level search not including comments: in-board search now matches text inside card comments, consistent with global search.
- Fixed “create list” not available in Lists board-view mode: the “Add list” composer now appears in Lists mode (using the board’s default swimlane), not only in Swimlanes mode.
- Fixed board/list/swimlane numbering breaking first-letter keyboard navigation: the move/copy card popups no longer prefix a number to each option, so options start with their name again and digit-named boards are readable.
- Fixed missing notification and card-history entry when a new attachment is uploaded:
uploading an attachment now creates an
addAttachmentactivity, so card members and subscribers are notified (consistent with attachment removal); previously the activity was never created because the store-strategy upload hook was dead code. - Fixed copying a card selecting all/unnamed labels on the destination board:
Cards.copy()now applies the same unnamed-label guard asCards.move()and persists the remapped labels onto the inserted card. - Fixed copied card losing its cover (“show as thumb”):
coverIdis now remapped to the newly copied attachment instead of pointing at the original (now-unresolvable) attachment id. - Fixed deleting a date on a linked card not taking effect:
unsetReceived/unsetStart/unsetDue/unsetEndnow resolve the real card id viagetRealId()(consistent with theset*methods) so they update the underlying linked card, not the link placeholder. - Fixed comment-only members being able to archive cards from the UI: the archive action now respects
Utils.canModifyCard()like every other mutating card action (the server allow-rule already rejected the write; this closes the client-side UX gap). - Fixed sub-task board being inaccessible until a reload: the “view subtask” navigation now guards against a not-yet-loaded board, mirroring the sibling handler.
- Fixed the “When a card is moved to Archive” rule trigger not being activatable: a CSS class-name mismatch (
js-add-arc-triggervsjs-add-arch-trigger) between the board-triggers template and its click handler is fixed, with a regression test. - Fixed “select all in list” crossing swimlanes: list select-all is now scoped to the current
swimlane in swimlanes view (
allCards()gained an optional swimlane scope); list-wide behaviour is preserved where there is no swimlane context. - Fixed copying a swimlane to another board losing card labels: missing board-level labels are now recreated on the destination board (preserving colour) before the per-card copy so label assignments survive.
- Fixed Calendar View ignoring the start-day-of-week setting: FullCalendar’s
firstDayis now derived fromgetStartDayOfWeek()instead of the locale default. - Fixed deleted-attachment notification crediting the uploader instead of the deleter: the
deleteAttachmentactivity now records the acting user (falling back to the uploader for server/system removals). - Fixed updating a card title not firing the outgoing webhook: a title change now logs an
a-changedTitleactivity (rendered in the activity feed) so the existing outgoing-webhook hook fires, consistent with description/date changes. - Fixed @mention: pressing Enter to pick a user closed the card / submitted the comment, also #4172 and #5457: when the @mention autocomplete dropdown is open, Enter now selects the highlighted user instead of submitting/closing (shared textcomplete keydown guard hardened).
- Fixed REST card API move/sort/date/archive bugs: consolidated duplicated board-move variable names
(#5398); moving a card to another list via the API now puts it on top of the destination list like the Move Card
dialog (#5399); due/received/start/end dates set via the API now
persist instead of being stripped (#5537); and archived cards can be
inspected via the single-card GET and de-archived without needing a
list_id(#5546). - Fixed the per-checklist “Hide checked items” toggle being inverted and affecting all checklists: it is now read per checklist and hides an item exactly when it is checked and that checklist’s toggle is on.
- Fixed setting a list/swimlane colour to
silversaving it as None: list/swimlane colours are normalized through a shared canonical allowed-colour helper, sosilver(and every offered colour) is accepted and rendered. - Fixed internal caret
^board^helper boards appearing in board lists and the REST API: caret-wrapped titles and non-boardtypes are now filtered from/api/users/:userId/boards,/api/boardsand theBoards.userBoardshelper, consistent with the UI. - Fixed being unable to remove a deleted (non-existent) user from a board’s members: orphaned member entries are now hard-removed by userId even when the user account no longer exists.
- Fixed a custom number field displaying as
NaNwhen cleared after being set: an empty number value is stored as''and rendered as empty via a sharedformatNumberValuehelper. - Fixed subtask creation producing extra swimlanes/columns and only allowing one subtask, also #5788,
#2256 and #4782: subtask
creation is now server-authoritative (
addSubtaskCardMeteor method) and client-side auto-creation of the default subtasks board/list is guarded to the server, so the client can no longer create duplicate subtasks boards/swimlanes and multiple subtasks can be created reliably. - Fixed board “always on card” custom fields not being applied to new subtask cards, also #3562: the destination board’s automatic custom fields are now added to a new subtask.
- Fixed a circular subtask/parent reference hanging the whole board: the parent-chain guard compared array indices instead of
ids; it now compares by value and
setParentIdrefuses a cyclic re-parent. - Fixed the board Subtasks “Landing list for subtasks deposited here” setting not saving / showing the wrong list, also #3876,
#4849 and #4947: the
settings popup now reads the deposit board’s lists and matches the stored
subtasksDefaultListId. - Fixed the subtask “View it” button opening the parent card instead of the subtask: navigation now targets the subtask’s own board/card.
- Fixed deleting a card not firing the outgoing webhook: card deletion now creates a
deleteCardactivity (in the before-remove hook and the REST delete endpoints) so the outgoing webhook fires; board/list/swimlane deletion already emitted their delete activities (#2950). - Fixed a configured outgoing webhook making it impossible to set card members: outgoing webhook delivery is now fire-and-forget and error-isolated, so a slow/unreachable/failing webhook endpoint can no longer abort the member update.
Thanks to above GitHub users for their contributions and translators for their translations.