Clickjacking protection in MantisBT 1.2.1

Mantis Bug Tracker 1.2.1 includes initial support for X-Frame-Options and X-Content-Security-Policy. These two browser security features aim to protect users against clickjacking attacks. If you’re unfamiliar with clickjacking, this presentation by Paul Stone at Black Hat EU 2010 provides an introduction to the topic. Essentially these options prevent a MantisBT site from being embedded within an IFrame on another website. Continue reading “Clickjacking protection in MantisBT 1.2.1”

Preselection of next highest value in "Change status to" dropdown

The “Change status to” dropdown on the view issue page used to select the first option in the list as the default. Choosing the default value in this way isn’t particularly useful because workflow states usually progress than regress. Continue reading “Preselection of next highest value in "Change status to" dropdown”