MantisBT

MantisBT 2.25.2 This security and maintenance release fixes vulnerabilities in Custom Fields management page (CVE-2021-33557) and in the PHPMailer library, as well as a PHP 8 compatibility issue. 0028803: [custom fields] PHP 8: “Bad Request” error on ... [More] custom field filters (dregad) 0028821: [security] Update PHPMailer to 6.5.0 (dregad) 0028552: [security] CVE-2021-33557: XSS in manage_custom_field_edit_page.php (dregad) [Less]

MantisBT 2.25.1 This security and maintenance release fixes a couple of vulnerabilities in PHPMailer and Chart.js libraries, as well as a few other minor issues. All installations are strongly advised to upgrade as soon as possible. 0028084: [ui] ... [More] Labels for email notifications in User Prefs page appear in bold (dregad) 0028082: [ui] Project Edit Page … Continue reading "MantisBT 2.25.1 Released" [Less]

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word! MantisBT 2.25.0 This feature and maintenance release contains over 100 fixes and enhancements; among ... [More] many other things, it improves PHP 8 compatibility, LDAP authentication and invalid plugins management. … Continue reading "MantisBT 2.25.0 Released" [Less]

MantisBT 2.24.5 Security and maintenance release, includes PHP 8.0 compatibility fixes. 0027976: [security] User cookie string is not reset upon logout (dregad) 0027800: [bugtracker] install.php throws SYSTEM WARNINGs (dregad) 0027826: [bugtracker] ... [More] ERROR_CATEGORY_NOT_FOUND_FOR_PROJECT thrown for Category ‘0’ (dregad) 0027928: [custom fields] Unable to edit Issues having Date custom fields on PHP 8.0 (dregad) [Less]

Since MantisBT 2.0.0, we officially support PHP 5.5.9 and later, aligned with Ubuntu 14.04 LTS “Trusty Tahr” release. PHP 5.5 has reached end-of-life on July 21st, 2016 and PHP 5.6 support ended on December 31st, 2018 so the time has finally come for ... [More] us to turn the page and leave 5.x behind, as maintaining compatibility … Continue reading "End of PHP 5 support" [Less]

MantisBT 2.24.4 Security and maintenance release, addressing 6 CVEs: an XSS issue, an SQL injection in the SOAP API and several information disclosure issues including a critical one allowing full access to private issues’ contents. All installations ... [More] are strongly advised to upgrade as soon as possible. This release also includes a few PHP 8.0 compatibility … Continue reading "MantisBT 2.24.4 Released" [Less]

MantisBT 2.24.3 Security release for 2.24.x series. All installations are strongly advised to upgrade as soon as possible. 0027039: [security] CVE-2020-25781: Access to private bug note attachments (dregad) 0027268: [security] Admin can get issues ... [More] assigned to users not allowed to handle them (dregad) 0027275: [security] CVE-2020-25288: HTML Injection on bug_update_page.php (dregad) 0027276: [security] Send reminder … Continue reading "MantisBT 2.24.3 Released" [Less]

MantisBT 2.24.2 Security release for 2.24.x series. All installations are strongly advised to upgrade as soon as possible. 0027003: [security] Update PHPMailer from 6.1.4 to 6.1.6 (dregad) 0027056: [security] CVE-2020-16266: HTML injection (maybe XSS) via custom field on view_all_bug_page.php (dregad)

MantisBT 2.24.1 Note that MantisBT 2.23.0 release included a schema change. If upgrading from version older than 2.23.0, do not forget to upgrade the database as documented in the Admin Guide. Maintenance and security fixes release for 2.24.x series. ... [More] 0026893: [security] APIs expose private attachments to users who has access to issue but not private … Continue reading "MantisBT 2.24.1 Released" [Less]

MantisBT 2.24.0 Note that MantisBT 2.23.0 release included a schema change. If upgrading from version older than 2.23.0, do not forget to upgrade the database as documented in the Admin Guide. 22142: [ui] on mantisbt.org Roadmap progress bar ... [More] ‘data-percent’ class could stand out better (syncguru) 26439: [ui] Issue list throws warning on every issue without … Continue reading "MantisBT 2.24.0 and 2.23.1 Released" [Less]