This is a security release. All installations currently running any 2.x version are strongly advised to upgrade as soon as possible.
- 0024731: [security] CVE-2018-16514: Reflected XSS in view_filters_page.php via core/filter_form_api.php (dregad)
Please download the release from our website.
Today, our good old web server fluffy took a well-deserved retirement, after almost 8 years of service.
The new server has been nicknamed baygon, because – just like Johnny Rico – we like our bugs dead 😉 .
It features much more powerful hardware, with twice the CPU capacity and four times more RAM. The system has been re-installed from scratch with the latest Ubuntu LTS version, recent releases of all the excellent open-source software we rely on to operate the site, and an optimized configuration.
Please let us know if you experience any errors or problems with the new site.
Maintenance releases including security fixes for Cross-Site Scripting (XSS) issues have just been released. We advise all installations to upgrade; releases can be downloaded from our website.
- 22537: CVE-2017-6973 – XSS in adm_config_report.php (affects 1.3.0-rc.2 and later)
Additionally, version 2.1.1 also includes fixes previously released in 1.3.7 and 2.2.1:
- 22486: CVE-2017-6797 – XSS in bug_change_status_page.php
- 22497: CVE-2017-6799 – XSS in view_filters_page.php
MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from here. Continue reading “MantisBT 1.2.19 Released”