MantisBT 1.2.15 released

Global announcements, rules, administrative notes, etc.

Moderators: Developer, Contributor

Post Reply
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

MantisBT 1.2.15 released

Post by atrol »

MantisBT 1.2.15 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.

The following security issues were resolved:

Any malicious user could use the view issues page (search.php) to execute a filter that could bring down the site by overloading the database server (CVE-2013-1883). Affects MantisBT 1.2.12 and later. Refer to issue #15573 for detailed information.
A cross site scripting (XSS) vulnerability allowed execution of arbitrary JavaScript code when deleting a version. Affects MantisBT 1.2.14 and later. Refer to issue #15511 for detailed information.
In some cases, the ‘Close’ button would be available to unauthorized users, allowing them to close issues at will, bypassing the workflow settings. Affects MantisBT 1.2.12 and later. Refer to issue #15453 for detailed information.
This release also includes several bug fixes and enhancements to the tracker and the SOAP api, as well as updated translations in many languages.

A full changelog can be found at:
http://www.mantisbt.org/bugs/changelog_ ... ion_id=182

The release can be downloaded from
http://sourceforge.net/projects/mantisb ... le/1.2.15/
Please use Search before posting and read the Manual
Post Reply