MantisBT 2.24.0 and 2.23.1 Released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.24.0

Note that MantisBT 2.23.0 release included a schema change. If upgrading from version older than 2.23.0, do not forget to upgrade the database as documented in the Admin Guide.

  • 22142: [ui] on Roadmap progress bar ‘data-percent’ class could stand out better (syncguru)
  • 26439: [ui] Issue list throws warning on every issue without bug notes. (dregad)
  • 26441: [api rest] Update GuzzleHttp from 6.4.1 to 6.5.2 (dregad)
  • 26473: [ui] Incorrect CSS rules get applied if a word in custom field name matches an existing CSS class (atrol)
  • 26475: [email] Update phpmailer/phpmailer from 6.1.3 to 6.1.4 (dregad)
  • 26567: [code cleanup] Code Cleanup (atrol)
  • 26555: [reports] Wrong number of displayed rows on summary page (atrol)
  • 26572: [code cleanup] Remove $g_log_destination ‘firebug’ option, as the project is dead since 2017 (dregad)
  • 26589: [documentation] Admin Guide: remove doc for long-deprecated $g_ldap_port config (dregad)
  • 26598: [db mssql] Update ADOdb to 5.20.16 (dregad)
  • 09534: [feature] Limit reporter’s access to their own issues (cproensa)
  • 11365: [plug-ins] New Event: EVENT_MENU_ISSUE_RELATIONSHIP (dregad)
  • 11381: [relationships] Dependency Graph crash on circular parent child relationships (dregad)
  • 17594: [reports] Display issue Summary inside relation graph nodes (dregad)
  • 21133: [rss] Access of non existent image in RSS feeds (dregad)
  • 24600: [filters] BugFilterQuery – issue? – trying to add join & where conditions (cproensa)
  • 26163: [relationships] Relationship Graph page UI lacks MantisBT 2.x layout (dregad)
  • 26164: [relationships] Relationship Graph page is missing legend (dregad)
  • 26165: [relationships] Relationship Graph – inconsistency between button label and title (dregad)
  • 26612: [plug-ins] Improve MantisColumn sort capability to allow sorting by more complex expressions (cproensa)
  • 26621: [filters] Wrong filtering by none-relationship (cproensa)
  • 26623: [ui] Generate token with empty name and APPLICATION ERROR #11 (dregad)
  • 26632: [api rest] Support user password reset via REST API (community)
  • 26636: [installation] Apostrophe in custom_field_string table causes upgrade from < 1.2.0 to fail (dregad)
  • 09155: [time tracking] Cell coloring for due date indicates “overdue” when not overdue yet. (dregad)
  • 09155: [time tracking] Cell coloring for due date indicates “overdue” when not overdue yet. (dregad)
  • 10831: [administration] how can I allow user to view only the issue that assigned to them (cproensa)
  • 15466: [bugtracker] Reporter can’t see an issue they have been made a monitor of (cproensa)
  • 16869: [bugtracker] Change of due date background color (dregad)
  • 21201: [localization] lang_get_defaulted does not search for fallback language (dregad)
  • 23570: [bugtracker] Implement limit_reporters as a threshold (cproensa)
  • 25097: [authentication] login username is not trimmed (dregad)
  • 25115: [roadmap] User can’t see in roadmap a private issue that they reported (cproensa)
  • 26438: [bugtracker] Allow multiple, customizable due date levels (dregad)
  • 09155: [time tracking] Cell coloring for due date indicates “overdue” when not overdue yet. (dregad)
  • 16869: [bugtracker] Change of due date background color (dregad)
  • 26568: [installation] Use appropriate statement to update DB schema when generating SQL (dregad)
  • 26542: [api rest] Passing out of range custom field id causes multiple PHP warnings / incorrect response (dregad)
  • 26540: [api rest] Passing unsanitized data to type hinted function causes program crash (dregad)
  • 26541: [api rest] Passing invalid id to rest api custom field update causes program crash (dregad)
  • 26662: [installation] Final statement to set database version not logged in SQL script (dregad)
  • 26661: [installation] Add informational comments to SQL script generated by installer (dregad)
  • 26663: [installation] improve installer messages when generating SQL script (dregad)
  • 26664: [installation] Allow admin to reset table pre/suffix to their default values (dregad)
  • 26686: [bugtracker] Make category on bug_report_page a required field when $g_allow_no_category = OFF; (dregad)
  • 26687: [bugtracker] Required fields when reporting an issue, should also be when updating it (dregad)
  • 26690: [bugtracker] Mass update does not allow setting an empty category (dregad)
  • 26712: [ui] Provide a way to ‘show content’ for all complex items on Manage Configuration Report page (dregad)
  • 26747: [plug-ins] No equivalent to lang_get_defaulted() in plugin_api() (dregad)
  • 26765: [bugtracker] Inheritance of sub project not read correctly from database (dregad)
  • 26778: [customization] Retire bug_change_status_page_fields config option (vboctor)

MantisBT 2.23.1

Maintenance release for 2.23.x series.

  • 26482: [ui] ‘View Issue’ page fails to populate some fields (ex ‘ID’) for some projects (but not others) (atrol)
  • 26470: [localization] Issue values on bug view page are not localized. (atrol)
  • 26596: [installation] Wrong defaults for db (plugin) table prefix/suffix (dregad)
  • 26610: [ui] Option history_default_visible does not work (atrol)
  • 26622: [ldap] LDAP API does not cache realname information (dregad)
  • 26600: [performance] Performance loss after update from 2.20.0 to 2.23.0 (dregad)
  • 26570: [bugtracker] Assigning bug from group action creates empty bugnote (atrol)
  • 26575: [plug-ins] When calling bug_assign function it auto creates empty note (atrol)
  • 26629: [ldap] LDAP API throws PHP warning when ldap_connect() fails (dregad)
  • 26757: [bugtracker] Bugnote from reminder is always public – ignoring private checkbox state (community)

Go ahead and download the release from our website.

MantisBT 2.23.0 and 2.22.2 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.23.0

Note that this release includes a schema change. Do not forget to upgrade the database as documented in the Admin Guide.

  • 26139: [reports] Move MantisGraph pages to their own tab (dregad)
  • 26374: [api rest] Update GuzzleHttp from 6.3.3 to 6.4.1 (dregad)
  • 22817: [attachments] “private bugnotes” as default setting prevents uploading further attachments (vboctor)
  • 24113: [attachments] Attaching files to a note creates a second note with only the attachments (vboctor)
  • 24577: [attachments] Deleting a note, should delete associated attachments (vboctor)
  • 25935: [attachments] Warning for users when making public notes with attachments private (vboctor)
  • 25960: [attachments] Add files information to EVENT_BUGNOTE_ADD event (vboctor)
  • 25972: [custom fields] Use custom field regular expression in the html input (cproensa)
  • 25975: [custom fields] Manage custom fields page does not show fields in order (cproensa)
  • 26081: [attachments] Switching note to private/public, should impact associated attachments (vboctor)
  • 26083: [auditing] Link attachments issue history events to attachments to determine visibility (vboctor)
  • 10107: [feature] Allow setting reminder bugnotes’ view status (dregad)
  • 21712: [filters] No way to filter “negative” for checkbox custom fields (cproensa)
  • 21733: [attachments] Attachments should be linkable to notes in db (vboctor)
  • 21799: [documentation] Wrong data types in ERD (dregad)
  • 25902: [api rest] Implement IssueViewPageCommand to separate logic from rendering of issue view page (vboctor)
  • 25905: [ui] Inline actions user experience is inconsistent between different features (syncguru)
  • 26062: [filters] Filter for a date custom field fails when no values for this field exists (cproensa)
  • 26092: [documentation] Invalid URL for GraphViz home page (dregad)
  • 26093: [plug-ins] Content Security Policy directive ‘frame-ancestors’ contains an invalid source when http_csp_add is called for it (dregad)
  • 26094: [bugtracker] PHP notice in bug view page when viewing issue without category (dregad)
  • 26098: [documentation] Update ERD diagram to reflect new field in bug_file table (dregad)
  • 26132: [time tracking] Application Error 401 when clicking Time Tracking at the bottom of a bug notes page (dregad)
  • 26134: [time tracking] Bugnotes time spent info is always shown even if time tracking is disabled (dregad)
  • 9802: [attachments] Support attachments associated with private notes (vboctor)
  • 26128: [ui] Attachments displayed with empty user (dregad)
  • 9363: [attachments] Comments on attachments (vboctor)
  • 26195: [api rest] Error requesting issues using saved filter (cproensa)
  • 26082: [attachments] Create a place holder note when submitting attachments without text (vboctor)
  • 26002: [email] “Email on monitoring” not configurable in manage_config_email_page (cproensa)
  • 26095: [attachments] Support inline playing of audio attachments (vboctor)
  • 26096: [documentation]preview_*_extensions config options not documented (vboctor)
  • 26102: [attachments] Support inline playing of video attachments (vboctor)
  • 26109: [db postgresql] check_pgsql_bool_columns: check wrongly suggests that the redirect_delay should be in boolean format (dregad)
  • 26123: [ui] Both “monitor” and “end monitoring” buttons are displayed (dregad)
  • 26125: [ui] “Users monitoring this issue” section not shown if nobody is monitoring the issue (dregad)
  • 26141: [custom fields] Use max length property of custom field in inputs (cproensa)
  • 26166: [performance] Issue view api uses many custom field database queries (cproensa)
  • 26167: [performance] Issue view history api repeated calls to bug_get_attachments database query (cproensa)
  • 26295: [ui] Clone button is not displayed correctly (cproensa)
  • 26326: [bugtracker] Tags are not copied from master issue when cloning (community)
  • 26265: [email] Bump phpmailer/phpmailer from 6.0.7 to 6.1.3 (dregad)
  • 26353: [tagging] Tag attachments list includes tags already attached to the bug (dregad)
  • 26368: [administration] Custom fields selector in manage project page are not ordered by name (cproensa)
  • 26030: [custom fields] Filter value “none” is not available for multiselection list custom fields (cproensa)
  • 26086: [api rest] Update Slim Framework to 3.12.3 (dregad)
  • 26119: [tagging] Add $g_tag_create_threshold to Workflow Thresholds in the GUI (dregad)
  • 26150: [bugtracker] Closing issues via group action with empty note creates a bugnote record (vboctor)
  • 26294: [ui] Attachments without note text are not displayed (cproensa)
  • 26358: [security] Vulnerability from library Moment.js 2.15.2 (dregad)
  • 26367: [administration] Use empty value as default project in “manage project” subproject section (cproensa)
  • 26382: [javascript] Update corejs-typeahead.js library to 1.3.0 (dregad)
  • 26388: [security] Update ADOdb to 5.20.15 (dregad)

MantisBT 2.22.2

Maintenance release for 2.22.x series.

  • 26351: [preferences] Field “EXCEL columns” has space or tabulation (dregad)

Go ahead and download the release from our website.

MantisBT 2.22.0 Released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.22.0

A feature release including functional improvements and bug fixes

  • 0026078: [security] CVE-2019-15539: Stored XSS on Project Documentation (atrol)
  • 0006128: [bugtracker] Ability to add monitors to a bug when the bug is first reported (dregad)
  • 0025162: [plug-ins] Improve plugin schema upgrade error message (dregad)
  • 0025470: [api soap] SOAP API return value does not match definition in WSDL (dregad)
  • 0025749: [bugtracker] error_string() does not allow HTML tags inside of error messages (dregad)
  • 0025774: [installation] Reflect PHP requirements in Composer config (dregad)
  • 0025784: [html] Invalid HTML in manage_config_workflow_page.php (dregad)
  • 0025815: [bugtracker] Users can’t add monitors if access < show_monitor_list_threshold and >= monitor_add_others_bug_threshold (dregad)
  • 0025826: [administration] Impossible to set add/remove monitors thresholds from manage page (dregad)
  • 0025827: [documentation] Improve documentation for monitors-related configs (dregad)
  • 0025848: [code cleanup] Remove get_email_link() API function (dregad)
  • 0025849: [code cleanup] New prepare_mailto_url() API function (dregad)
  • 0025850: [bugtracker] PHP Notices in User API (dregad)
  • 0025851: [printing] Remove hyperlinks on usernames in Word export (dregad)
  • 0021797: [attachments] Add support for pasting images as attachments (syncguru)
  • 0022898: [security] Email for a new private bugnote was send to a non authorized reporter (dregad)
  • 0023725: [time tracking] Time tracking box rendering is broken (syncguru)
  • 0024189: [bugtracker] Status color squares become black (cproensa)
  • 0024441: [tagging] Report issue doesn’t support multiple new tags (dregad)
  • 0024590: [plug-ins] Add EVENT_MENU_MAIN_FILTER to allow complete customisation of main menu (dregad)
  • 0025362: [api rest] REST API support for multiple authorization headers (community)
  • 0025686: [bugtracker] Replace mailto: by link to user profile page in view.php (dregad)
  • 0025839: [html] Leading newlines disappear when editing data in textarea elements (dregad)
  • 0025894: [code cleanup] Remove unused $p_can_report_only parameter in layout_navbar_projects_list() (dregad)
  • 0025904: [documentation] Admin guide: remove reference to unmaintained Firefox add-on (dregad)
  • 0025910: [administration] Simplify displaying of complex values in adm_config_report page (cproensa)
  • 0025911: [javascript] Improve client-side sortable tables script (cproensa)
  • 0025914: [plug-ins]EVENT_BUGNOTE_DATA event not documented in developer manual (dregad)
  • 0025951: [plug-ins] MantisGraph: update Chart.js library to v2.8.0 (dregad)
  • 0025952: [code cleanup] MantisGraph: define Chart.js-related constants in the plugin (dregad)
  • 0025953: [plug-ins] Missing an API function to check if a plugin event has been declared (dregad)
  • 0025961: [tools] PHPUnit tests as run by Travis CI builds do not execute all defined suites (dregad)
  • 0025962: [bugtracker] IssueAddCommand does not create history entries identical to the code it replaced (vboctor)
  • 0025963: [ui] Gravatar plugin should always use https (vboctor)
  • 0025969: [other] bug_report_page is forced to be cached (cproensa)
  • 0025996: [api rest] Missing tag name in error message when creating issue via REST API (dregad)
  • 0025997: [api rest] Invalid JSON response when creating issue with tag by name via REST API (dregad)
  • 0026063: [code cleanup] Glue after String Array is being Deprecated (dregad)
  • 0026066: [plug-ins] Gravatar Plugin Description (atrol)
  • 0026074: [tagging] Creating an invalid tag should fail with an error (dregad)
  • 0026075: [tagging] Tag-related error messages should reference the tag’s name (dregad)
  • 0026076: [api rest] Adding issue via REST API should fail if requested tags can’t be attached (dregad)
  • 0026077: [api rest] IssueAddCommand should create tag specified by name if they do not exist (dregad)

Go ahead and download the release from our website.

MantisBT 2.21.0 and 2.20.1 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.21.0

A feature release including functional improvements and bug fixes

  • 0019642: [administration] If log file is not writable, log_event() fails silently (dregad)
  • 0022096: [timeline] My View page without timeline does not respect the $g_my_view_boxes_fixed_position setting (dregad)
  • 0022104: [ui] My View Page layout misses some boxes (dregad)
  • 0022143: [documentation] Encoding of custom files not documented (dregad)
  • 0022972: [documentation] Upgrade guide does not mention plugins (dregad)
  • 0023333: [filters] sub-project assignments missing from project-specific My View page (cproensa)
  • 0023418: [ui] Plugin tab in Summary section not highlighted when selected (community)
  • 0023550: [customization] Modification to status colors css (dregad)
  • 0025614: [installation] Missing file (api/rest/web.config) in installer (dregad)
  • 0025629: [administration] E_USER_DEPRECATED errors are no longer displayed inline (dregad)
  • 0025631: [administration] PHP Notice or incorrect file+line number when displaying DEPRECATED error (dregad)
  • 0025650: [ui] Show status with a color square instead of background color on Bug Update Page (dregad)
  • 0025651: [performance] Update color when new Status is selected in Bug Update Page (dregad)
  • 0025664: [ldap] LDAP documentation – Remove invalid ‘hostname:port’ example (dregad)
  • 0025679: [ui] Uneven distribution of boxes on My View page when Timeline is OFF (dregad)
  • 0025682: [ui] Show Invite button for users with manage users access level, not just administrators (community)
  • 0023037: [ui] Focus on project search (cproensa)
  • 0023694: [plug-ins] View Issue page menu links from EVENT MENU_ISSUE event are wrapped with “[“, “]” characters (dregad)
  • 0025594: [ui] Projects menu search box should be hidden when having a small number of projects (cproensa)
  • 0025688: [api rest] Inconsistent naming of username field in REST API (community)
  • 0025693: [performance] Improve performance of Summary Page queries (cproensa)
  • 0025695: [bugtracker] Redirect to the new issue’s page after reporting it (community)
  • 0025703: [api rest] Update Slim Framework to 3.12.1 (vboctor)

MantisBT 2.20.1

Maintenance release for 2.20.x series.

  • 0025675: [security] CVE-2019-10905: Update Parsedown library to 1.7.3 (dregad)
  • 0025621: [security]vendor folder is not protected (vboctor)
  • 0025661: [bugtracker] Project versions disappear when set “obsolete” (cproensa)
  • 0025697: [html] Viewing Issues > print reports, csv export, excel export – broken links (dregad)

Go ahead and download the release from our website.

MantisBT 2.20.0, 2.19.1 and 1.3.18 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.20.0

A feature release including functional improvements and bug fixes

  • 0004624: [feature] Add filtered summary (cproensa)
  • 0014656: [reports] Filter by dates in Summary Graphs (cproensa)
  • 0017304: [documentation] Manual does not describe variable “g_from_name” (atrol)
  • 0020069: [code cleanup] default_email_on_status, misleading comments in config_defaults (atrol)
  • 0023045: [feature] Usability suggestion at Report Issue screen (atrol)
  • 0023904: [performance] Massive queries to user table in edit project (cproensa)
  • 0024347: [security] web.config file is missing in api/rest (community)
  • 0024549: [filters] Permalink – Filter lose information after click on view issues (cproensa)
  • 0024775: [filters] Improve presentation of temporary filters (cproensa)
  • 0024776: [filters] Switching simple/advanced for a temporary filter loses the filter (cproensa)
  • 0025109: [html] Filter widget does not hide botton bar when collapsed (cproensa)
  • 0025130: [administration] “Check Installation” is missing from Admin menu (dregad)
  • 0025164: [reports] MantisGraph, implement filtered summary for graphs (cproensa)
  • 0025168: [reports] MantisGraph. Reporter graph does not fit width of page (dregad)
  • 0025174: [excel] Float custom field saved as String in XML-Excel export (atrol)
  • 0025210: [reports] Script error in graphs (cproensa)
  • 0025213: [rss] RSS feeds broken when using PHP >= 7.0 (atrol)
  • 0025381: [api rest] Get project doesn’t return all versions (atrol)
  • 0025385: [ui] Summary page submenu not aligned when screen narrower than buttons (dregad)
  • 0025386: [ui] Incorrect spacing between submenu and main div for some MantisGraph screens (dregad)
  • 0025387: [ui] MantisGraph: redundant subtitle on Issue Trends page (dregad)
  • 0025403: [documentation] $g_notify_new_user_created_threshold_min is ignored on new account creation (atrol)
  • 0025408: [documentation] Minor documentation fixes (atrol)
  • 0025429: [api rest] Undefined variable t_show_detailed_errors in API REST (dregad)
  • 0025437: [api rest] Update Slim Framework to 3.12.0 (dregad)
  • 0025442: [db mssql] Wrong/duplicate bugnote_text_id in mantis_bugnote_table (cproensa)
  • 0025466: [reports] SYSTEM NOTICE on graph pages (atrol)
  • 0005151: [administration] inconvenience while handling user’s accounts (dregad)
  • 0009757: [reports] View Issues – Select a Filter – Graph are not linked on this choice (cproensa)
  • 0012261: [filters] Cannot filter by versions of parent project when child project selected (cproensa)
  • 0020054: [administration] Cant modify configuration for All projects if only one project exists (cproensa)
  • 0021931: [reports] Filtered Summary (cproensa)
  • 0022099: [reports] Missing pie chart in “By Category Graphs” (cproensa)
  • 0022100: [code cleanup] Take care of released/obsolete flag when accessing version_cache_array_rows() cache (cproensa)
  • 0023245: [performance] project versions are not cached efficiently (cproensa)
  • 0024672: [security] Fix Bootstrap security issues (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042) (atrol)
  • 0024821: [code cleanup] Wrong caching in version API (cproensa)
  • 0025110: [authentication] Token error when login with a newly created user (cproensa)
  • 0025102: [api rest] /api/rest/issues endpoint supposedly returns all issues, but doesn’t (community)
  • 0025133: [ui] Project selection is shown even if the user has no accesible projects (cproensa)
  • 0025163: [reports] MantisGraph summary links don’t hghlight current graph page (cproensa)
  • 0025165: [reports] Summary doesn’t honour issue access (dregad)
  • 0025217: [ui] Enable selection of a range in checkboxes lists. (cproensa)
  • 0025368: [administration] Manage project, copy from/to forms are easy to click accidentally and don’t ask for confirmation (cproensa)
  • 0025378: [ui] Provide sortable functionality to simple tables (cproensa)
  • 0025400: [api rest] Allow adding/updating/deleting subprojects via REST API (community)
  • 0025434: [email] check all/ uncheck all checkbox for email notifcation (cproensa)
  • 0025436: [email] Bump phpmailer/phpmailer from 6.0.6 to 6.0.7 (dregad)
  • 0025446: [ui] ‘show_queries_count’ is a global setting, but ‘show_memory_usage’, ‘show_timer’ are not (atrol)
  • 0025454: [ui] Page adm_config_report does not cache users and generate many database queries (cproensa)
  • 0025455: [ui] Page adm_config_report, users in filter list are not correctly ordered (cproensa)
  • 0025456: [sql] Page adm_config_report has queries missing db_param_push() (cproensa)
  • 0025463: [attachments] Dropzone max-filesize option is not correct (cproensa)
  • 0025464: [attachments] Enforce max-filesize in dropzone to alert and drop big files before form submission (cproensa)
  • 0025465: [attachments] Dropzone preview does not work (cproensa)
  • 0025488: [reports] Update Chart.js to 2.7.3 (atrol)
  • 0025515: [api rest] Simple and Advanced filters are not consistent for handling sub-project issues (cproensa)
  • 0025522: [plug-ins] MantisGraph: limit number of slices in By Category pie chart (dregad)
  • 0025523: [plug-ins] MantisGraph: improve handling of colors in Pie charts (dregad)
  • 0025524: [plug-ins] MantisGraph: improve display of By Category Bar chart (dregad)
  • 0025532: [relationships] Error when adding a relationship if bug id contains whitespace as prefix or suffix (dregad)
  • 0025533: [relationships] When adding multiple relationships, ignore source issue and empty issue ids (dregad)
  • 0025572: [attachments] Redesign Dropzone file previews (cproensa)
  • 0025390: [tools] Travis CI builds fail for PHP 7.3 (dregad)

MantisBT 2.19.1

Maintenance release for 2.19.x series.

MantisBT 1.3.18

Maintenance release for 1.3.x series.

  • 0025180: [security] Update ADOdb from 5.20.9 to 5.20.14 for security and compatibility fixes (dregad)

Go ahead and download the release from our website.