Author: dregad

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

MantisBT 2.24.2

Security release for 2.24.x series. All installations are strongly advised to upgrade as soon as possible.

• 0027003: [security] Update PHPMailer from 6.1.4 to 6.1.6 (dregad)
• 0027056: [security] CVE-2020-16266: HTML injection (maybe XSS) via custom field on view_all_bug_page.php (dregad)

Go ahead and download the release from our website.

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

MantisBT 2.22.1

Security release for 2.22.x series. All installations are strongly advised to upgrade as soon as possible.

• 0026091: [security] CVE-2019-15715: [Admin Required – Post Authentication] Command Execution / Injection Vulnerability (atrol)
• 0026110: [administration] [Show content] for Complex Configuration option doesn’t work when mod_rewrite is disabled (dregad)
• 0026160: [security] Update bundled Bootstrap to 3.4.1 (CVE-2019-8331) (dregad)
• 0026168: [security] Enable integrity hashes for CSS ressources from CDNs (dregad)

MantisBT 1.3.20

Security release for 1.3.x series. All installations are strongly advised to upgrade as soon as possible.

• 0026162: [security] CVE-2019-15715: Command Execution / Injection Vulnerability (dregad)

Go ahead and download the release from our website.

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

MantisBT 2.21.2

Security release for 2.21.x series. All installations are strongly advised to upgrade as soon as possible.

• 0025995: [security] CVE-2019-15074: Stored XSS Vulnerability in Timeline (dregad)

Go ahead and download the release from our website.

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

MantisBT 2.21.1

Maintenance release for 2.21.x series.

• 0025722: [administration] Wrong access_level settings when updating rights in the project admin page (cproensa)
• 0025734: [administration] LOGFILE_NOT_WRITABLE error triggered if file does not exist (dregad)
• 0025742: [other] Summary “By Date (days)” gets wrong number (cproensa)
• 0025763: [attachments] File upload timeout (atrol)
• 0025781: [reports] Summary statistics db error message (cproensa)
• 0025783: [administration] Button label truncated on manage_config_workflow_page (dregad)

Go ahead and download the release from our website.

MantisBT 2.17.1

This is a security release. All installations currently running any 2.x version are strongly advised to upgrade as soon as possible.

• 0024731: [security] CVE-2018-16514: Reflected XSS in view_filters_page.php via core/filter_form_api.php (dregad)

Please download the release from our website.