A new home for mantisbt.org

Today, our good old web server fluffy took a well-deserved retirement, after almost 8 years of service.

The new server has been nicknamed baygon, because – just like Johnny Rico – we like our bugs dead 😉 .

It features much more powerful hardware, with twice the CPU capacity and four times more RAM. The system has been re-installed from scratch with the latest Ubuntu LTS version, recent releases of all the excellent open-source software we rely on to operate the site, and an optimized configuration.

Please let us know if you experience any errors or problems with the new site.

MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2

Maintenance releases including security fixes for Cross-Site Scripting (XSS) issues have just been released. We advise all installations to upgrade; releases can be downloaded from our website.

Patched vulnerabilities:

  • 22537: CVE-2017-6973 – XSS in adm_config_report.php (affects 1.3.0-rc.2 and later)

Additionally, version 2.1.1 also includes fixes previously released in 1.3.7 and 2.2.1:

  • 22486: CVE-2017-6797 – XSS in bug_change_status_page.php
  • 22497: CVE-2017-6799 – XSS in view_filters_page.php