Security release addressing:
- A critical vulnerability affecting the SOAP API on MySQL (CVE-2026-30849); details will be disclosed at a later time;
- Two HTML injection / XSS issues with tag names (CVE not yet assigned).
Many thanks to Alexander Philiotis of SynerComm and Vishal Shukla for discovering and responsibly reporting the issues.
A few regression issues introduced in 2.28.0 have been fixed as well. Please refer to the Change Log for complete details.
All installations are advised to upgrade as soon as possible.
Go ahead and download the release from our website.
In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!