MantisBT

MantisBT 1.2.1 introduced anti-clickjacking features in the form of both X-Content-Security Policy and X-Frame-Options HTTP headers. SHODAN is a search engine that allows the searching of HTTP server fingerprints obtained from internet facing hosts. ... [More] If we search for X-Frame-Options in SHODAN’s database, just over 7000 results are returned. Performing the same check for the X-Content-Security-Policy [...] [Less]

Howdy folks, MantisBT 1.2.3 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release. Issue #12312 covers an XSS vulnerability in the upstream NuSOAP ... [More] library. The fix has been applied to the library included in MantisBT releases, and a patch has been [...] [Less]

Howdy all, MantisBT 1.2.2 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release. Issue #11952 covers a security fix to the display of inline ... [More] attachments, where “Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks”. See [...] [Less]

The results of the Eclipse Community Survey 2010 have recently been released. A summary of the findings is available in the Open Source Developer Report 2010. This survey of the Eclipse community is an interesting insight into software development ... [More] and the trends which are taking place. Most relevant to the MantisBT project is the question concerning [...] [Less]

Mantis Bug Tracker 1.2.1 includes initial support for X-Frame-Options and X-Content-Security-Policy. These two browser security features aim to protect users against clickjacking attacks. If you’re unfamiliar with clickjacking, this presentation by ... [More] Paul Stone at Black Hat EU 2010 provides an introduction to the topic. Essentially these options prevent a MantisBT site from being embedded within [...] [Less]

Hi all, MantisBT 1.2.1 is a maintenance update for the stable 1.2.x branch. All installations that are currently running any 1.1.x or 1.2.0 version are advised to upgrade to this release. Included with 1.2.1 are a range of bug fixes, translation ... [More] updates, and general improvements over the initial 1.2.0 release. Highlights include an improved installation, a fixed upgrade path from [...] [Less]

The “Change status to” dropdown on the view issue page used to select the first option in the list as the default. Choosing the default value in this way isn’t particularly useful because workflow states usually progress than regress. The dropdown default value used to look something like this: Recently this behaviour was improved so that [...]

The built-in source code repository integration feature from the days of MantisBT 1.1.x has been removed in MantisBT 1.3.x. This feature is superseded by the SourceIntegration plugin available for use with MantisBT 1.2.0 and later versions.

MantisBT has been named SourceForge Project of the Month for April 2010.

MantisBT Release Notes 1.2.0 Stable Release ------------------------------------------------- This release marks the first official release in the 1.2.x series of MantisBT. 1.2.0 is a major feature release for MantisBT, and includes many bugfixes ... [More] and enhancements over the 1.1.x stable branch. All users of 1.1.x are highly encouraged to upgrade as soon as possible. A full changelog for the 1.2.x series can be [...] [Less]