MantisBT 2.22.1 and 1.3.20 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.22.1

Security release for 2.22.x series. All installations are strongly advised to upgrade as soon as possible.

  • 0026091: [security] CVE-2019-15715: [Admin Required – Post Authentication] Command Execution / Injection Vulnerability (atrol)
  • 0026110: [administration] [Show content] for Complex Configuration option doesn’t work when mod_rewrite is disabled (dregad)
  • 0026160: [security] Update bundled Bootstrap to 3.4.1 (CVE-2019-8331) (dregad)
  • 0026168: [security] Enable integrity hashes for CSS ressources from CDNs (dregad)

MantisBT 1.3.20

Security release for 1.3.x series. All installations are strongly advised to upgrade as soon as possible.

  • 0026162: [security] CVE-2019-15715: Command Execution / Injection Vulnerability (dregad)

Go ahead and download the release from our website.

MantisBT 2.22.0 Released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.22.0

A feature release including functional improvements and bug fixes

  • 0026078: [security] CVE-2019-15539: Stored XSS on Project Documentation (atrol)
  • 0006128: [bugtracker] Ability to add monitors to a bug when the bug is first reported (dregad)
  • 0025162: [plug-ins] Improve plugin schema upgrade error message (dregad)
  • 0025470: [api soap] SOAP API return value does not match definition in WSDL (dregad)
  • 0025749: [bugtracker] error_string() does not allow HTML tags inside of error messages (dregad)
  • 0025774: [installation] Reflect PHP requirements in Composer config (dregad)
  • 0025784: [html] Invalid HTML in manage_config_workflow_page.php (dregad)
  • 0025815: [bugtracker] Users can’t add monitors if access < show_monitor_list_threshold and >= monitor_add_others_bug_threshold (dregad)
  • 0025826: [administration] Impossible to set add/remove monitors thresholds from manage page (dregad)
  • 0025827: [documentation] Improve documentation for monitors-related configs (dregad)
  • 0025848: [code cleanup] Remove get_email_link() API function (dregad)
  • 0025849: [code cleanup] New prepare_mailto_url() API function (dregad)
  • 0025850: [bugtracker] PHP Notices in User API (dregad)
  • 0025851: [printing] Remove hyperlinks on usernames in Word export (dregad)
  • 0021797: [attachments] Add support for pasting images as attachments (syncguru)
  • 0022898: [security] Email for a new private bugnote was send to a non authorized reporter (dregad)
  • 0023725: [time tracking] Time tracking box rendering is broken (syncguru)
  • 0024189: [bugtracker] Status color squares become black (cproensa)
  • 0024441: [tagging] Report issue doesn’t support multiple new tags (dregad)
  • 0024590: [plug-ins] Add EVENT_MENU_MAIN_FILTER to allow complete customisation of main menu (dregad)
  • 0025362: [api rest] REST API support for multiple authorization headers (community)
  • 0025686: [bugtracker] Replace mailto: by link to user profile page in view.php (dregad)
  • 0025839: [html] Leading newlines disappear when editing data in textarea elements (dregad)
  • 0025894: [code cleanup] Remove unused $p_can_report_only parameter in layout_navbar_projects_list() (dregad)
  • 0025904: [documentation] Admin guide: remove reference to unmaintained Firefox add-on (dregad)
  • 0025910: [administration] Simplify displaying of complex values in adm_config_report page (cproensa)
  • 0025911: [javascript] Improve client-side sortable tables script (cproensa)
  • 0025914: [plug-ins]EVENT_BUGNOTE_DATA event not documented in developer manual (dregad)
  • 0025951: [plug-ins] MantisGraph: update Chart.js library to v2.8.0 (dregad)
  • 0025952: [code cleanup] MantisGraph: define Chart.js-related constants in the plugin (dregad)
  • 0025953: [plug-ins] Missing an API function to check if a plugin event has been declared (dregad)
  • 0025961: [tools] PHPUnit tests as run by Travis CI builds do not execute all defined suites (dregad)
  • 0025962: [bugtracker] IssueAddCommand does not create history entries identical to the code it replaced (vboctor)
  • 0025963: [ui] Gravatar plugin should always use https (vboctor)
  • 0025969: [other] bug_report_page is forced to be cached (cproensa)
  • 0025996: [api rest] Missing tag name in error message when creating issue via REST API (dregad)
  • 0025997: [api rest] Invalid JSON response when creating issue with tag by name via REST API (dregad)
  • 0026063: [code cleanup] Glue after String Array is being Deprecated (dregad)
  • 0026066: [plug-ins] Gravatar Plugin Description (atrol)
  • 0026074: [tagging] Creating an invalid tag should fail with an error (dregad)
  • 0026075: [tagging] Tag-related error messages should reference the tag’s name (dregad)
  • 0026076: [api rest] Adding issue via REST API should fail if requested tags can’t be attached (dregad)
  • 0026077: [api rest] IssueAddCommand should create tag specified by name if they do not exist (dregad)

Go ahead and download the release from our website.

MantisBT 2.21.2 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.21.2

Security release for 2.21.x series. All installations are strongly advised to upgrade as soon as possible.

  • 0025995: [security] CVE-2019-15074: Stored XSS Vulnerability in Timeline (dregad)

Go ahead and download the release from our website.

MantisBT 2.21.1 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.21.1

Maintenance release for 2.21.x series.

  • 0025722: [administration] Wrong access_level settings when updating rights in the project admin page (cproensa)
  • 0025734: [administration] LOGFILE_NOT_WRITABLE error triggered if file does not exist (dregad)
  • 0025742: [other] Summary “By Date (days)” gets wrong number (cproensa)
  • 0025763: [attachments] File upload timeout (atrol)
  • 0025781: [reports] Summary statistics db error message (cproensa)
  • 0025783: [administration] Button label truncated on manage_config_workflow_page (dregad)

Go ahead and download the release from our website.

MantisBT 2.21.0 and 2.20.1 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter, star our github repository, and retweet to spread the word!

MantisBT 2.21.0

A feature release including functional improvements and bug fixes

  • 0019642: [administration] If log file is not writable, log_event() fails silently (dregad)
  • 0022096: [timeline] My View page without timeline does not respect the $g_my_view_boxes_fixed_position setting (dregad)
  • 0022104: [ui] My View Page layout misses some boxes (dregad)
  • 0022143: [documentation] Encoding of custom files not documented (dregad)
  • 0022972: [documentation] Upgrade guide does not mention plugins (dregad)
  • 0023333: [filters] sub-project assignments missing from project-specific My View page (cproensa)
  • 0023418: [ui] Plugin tab in Summary section not highlighted when selected (community)
  • 0023550: [customization] Modification to status colors css (dregad)
  • 0025614: [installation] Missing file (api/rest/web.config) in installer (dregad)
  • 0025629: [administration] E_USER_DEPRECATED errors are no longer displayed inline (dregad)
  • 0025631: [administration] PHP Notice or incorrect file+line number when displaying DEPRECATED error (dregad)
  • 0025650: [ui] Show status with a color square instead of background color on Bug Update Page (dregad)
  • 0025651: [performance] Update color when new Status is selected in Bug Update Page (dregad)
  • 0025664: [ldap] LDAP documentation – Remove invalid ‘hostname:port’ example (dregad)
  • 0025679: [ui] Uneven distribution of boxes on My View page when Timeline is OFF (dregad)
  • 0025682: [ui] Show Invite button for users with manage users access level, not just administrators (community)
  • 0023037: [ui] Focus on project search (cproensa)
  • 0023694: [plug-ins] View Issue page menu links from EVENT MENU_ISSUE event are wrapped with “[“, “]” characters (dregad)
  • 0025594: [ui] Projects menu search box should be hidden when having a small number of projects (cproensa)
  • 0025688: [api rest] Inconsistent naming of username field in REST API (community)
  • 0025693: [performance] Improve performance of Summary Page queries (cproensa)
  • 0025695: [bugtracker] Redirect to the new issue’s page after reporting it (community)
  • 0025703: [api rest] Update Slim Framework to 3.12.1 (vboctor)

MantisBT 2.20.1

Maintenance release for 2.20.x series.

  • 0025675: [security] CVE-2019-10905: Update Parsedown library to 1.7.3 (dregad)
  • 0025621: [security]vendor folder is not protected (vboctor)
  • 0025661: [bugtracker] Project versions disappear when set “obsolete” (cproensa)
  • 0025697: [html] Viewing Issues > print reports, csv export, excel export – broken links (dregad)

Go ahead and download the release from our website.