MantisBT 2.10.0 and 2.9.1 released

MantisBT 2.10.0

A feature release including functional improvements and bug fixes.

  • 22789: [api rest] Support retrieving user defined filters (vboctor)
  • 22790: [api rest] Support standard filters defined by the system when retrieving issues (vboctor)
  • 23690: [api rest] Support deleting filters (vboctor)
  • 23710: [code cleanup] Remove usage of deprecated function __autoload (vboctor)
  • 09007: [time tracking] Billing summary does not include sub-projects (community)
  • 23722: [time tracking] Don’t print time tracking buttons and export links (community)
  • 23723: [time tracking] Support configurable default billing rate (community)
  •  23724: [time tracking] Removed useless collapse icon with duplicated title in billing report (community)
  • 23679: [administration] Limit change of impersonation threshold to global config (atrol)
  • 23742: [html] Broken url for MantisBT logo in admin section (community)
  • 23753: [ui] UI of Update Product Build page broken (atrol)

MantisBT 2.9.1

Maintenance release for 2.9.x series

  • 23719: [administration] The reporter can not solve or close the issue (vboctor)
  • 21393: [administration] When disable “Update an issue”, then “Assign to” become access deined. (vboctor)
  • 22093: [administration] Reporter can’t change status of a bug (vboctor)
  • 23721: [bugtracker] PHP error in change status page when user doesn’t have access to private notes (vboctor)

Go ahead and download the release from our website.


MantisBT 2.9.0, 2.8.1 and 1.3.13 release

MantisBT 2.9.0

A feature release including functional improvements and bug fixes.

  • 23639[code cleanup] Unneeded code for non supported old PHP versions (atrol)
  • 23578[documentation] Document need for consistency between “normal” and “datepicker” date formats (dregad)
  • 12602[custom fields] Default value for a date don’t work (vboctor)
  • 19482[custom fields] Using custom fields (date) with default value and required on resolve displays an error (vboctor)
  • 23466[db mysql] database is not supported by PHP. Check that it has been compiled into your server. (atrol)
  • 23572[code cleanup] Unneeded code for unsupported database types (atrol)
  • 23573[code cleanup] Unneeded code for option meta_include_file (atrol)
  • 23575[api rest] Category lookup is case sensitive (vboctor)
  • 23577[api rest] REST APIs don’t enforce required custom fields when reporting issues (vboctor)
  • 23579[api rest] Internal Server Error 500 when category doesn’t exist (vboctor)
  • 23594[custom fields] Reporting an issue with default date {now} that is not visible doesn’t work (vboctor)
  • 23616[api rest] Support exporting issue history (vboctor)
  • 23620[api rest] PHP error on getting issues when user doesn’t have access (vboctor)
  • 23625[code cleanup] Function require_lib contains code to search in vendor folder (atrol)
  • 23626[performance] Unneeded code executed when retrieving global settings (atrol)
  • 23630[administration] Some check boxes on Manage Configuration > Workflow Threshold page are not centered (community)
  • 23640[code cleanup] Usage of deprecated each() function (atrol)
  • 23645[other] No preview of ANSI encoded text files that contain German Umlauts (atrol)
  • 23648[api rest] Leverage ETag headers when getting issues (vboctor)
  • 23650[api rest] Leverage If-Match when deleting issues (vboctor)
  • 23653[api rest] Leverage If-Match when updating issues (vboctor)
  • 23654[api rest] Don’t validate handler when updating issues without updating handler (vboctor)
  • 23657[api soap] mc_issue_update returns bug is read only on status update (atrol)
  • 23658[plug-ins] UI for protected plugins broken (atrol)
  • 23576[api rest] Issues created via REST API with date custom fields fail (vboctor)
  • 23692[authentication] Token API does not work with config show show_realname (dregad)
  • 23561[api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

MantisBT 2.8.1

Security and bug fix release for 2.8.x series

  • 23599[bugtracker] Access denied when updating bugs (atrol)
  • 23561[api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

MantisBT 1.3.13

Security fixes release for 1.3.x series

  •  23561[api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

Go ahead and download the release from our website.

MantisBT 2.8.0 and 2.7.1 released

MantisBT 2.8.0

Feature release with fixes and new features including REST API issue updates and DKIM support for email signing. This release is the first to have REST API enabled by default.

  • 23396[api rest] REST API Issue update support (vboctor)
  • 23446[performance] Unneeded files delivered if Mantis Graphs plugin is enabled (atrol)
  • 23451[performance] Unneeded code delivered to support unsupported IE9 (atrol)
  • 23460[ui] Useless UI element on manage_proj_page (atrol)
  • 23474[custom fields] Empty numeric fields should be display as empty rather than 0 (community)
  • 23475[custom fields] Empty float fields should be displayed as empty rather than 0 (community)
  • 23477[api soap] Updating issues via APIs should trigger email notifications (vboctor)
  • 23483[bugtracker] Auto-refresh shouldn’t update last visited (atrol)
  • 23488[code cleanup] Usage of deprecated constant (atrol)
  • 23494[html] Wrong class name for tags output (atrol)
  • 23517[administration] Remove unused config option inline_file_exts (community)
  • 13126[plug-ins] Add plugin event EVENT_BUG_ACTIONGROUP_FORM (cproensa)
  • 16133[custom fields] Numeric field accepts floats and displays them as numeric (vboctor)
  • 21225[bugtracker] resolving parent issues inconsistency (community)
  • 22441[bugtracker] Notes are not in the correct order after cloning an issue (cproensa)
  • 22842[code cleanup] Remove php_version_at_least() function from PHP API (dregad)
  • 23493[email] DomainKeys Identified Mail (DKIM) Signatures (community)
  • 23503[bugtracker] Handler user is visible even if view_handler_threshold is configured to not allow (cproensa)
  • 23516[api rest] Enable REST API by default (vboctor)
  • 23518[bugtracker] “show_assigned_names” configuration is not applied correctly in view_all_bug_page (cproensa)
  • 23528[filters] Filter “advanced” mode is reset after sorting through column headers (cproensa)
  • 23537[api rest] Facilitate troubleshooting REST API by displaying detailed errors (dregad)
  • 23543[email] Update PHPMailer to v5.2.25 (vboctor)
  • 23542[code cleanup] Force composer to honor PHP compatibility advertised for MantisBT (vboctor)
  • 23555[ui] Bugnote text area not styled correctly when private by default (vboctor)
  • 23560[bugtracker] Notes added via change status / edit always market private when private by default (vboctor)

MantisBT 2.7.1

Maintenance release for 2.7 series.

  • 23507[authentication] Users can’t change their password when it is blank (dregad)
  • 23512[html] Custom field type checkbox with required status, force to check all checkboxes to proceed (atrol)
  • 23544[installation] Unattended upgrade is broken after moving to Composer (vboctor)

Go ahead and download the release from our website.

MantisBT 2.7.0 released

A feature release that includes both functional and performance improvements.

  • 21654[code cleanup] Deprecate access_has_any_project() (cproensa)
  • 22310[html] Use HTML5 “required” attribute for required form fields (community)
  • 22870[ui] buttons without separation (cproensa)
  • 22871[ui] print_form_button() does not render inline buttons (cproensa)
  • 22872[ui] Make some buttons visible only when hovering on relevant container (cproensa)
  • 23216[tagging] Make tag view threshold work at project level (cproensa)
  • 23225[authentication] Token API does not work with config show show_realname (dregad)
  • 23242[code cleanup] Function project_get_local_user_access_level() is redundant (cproensa)
  • 23248[ui] Project selection dropdown focus on current selection (cproensa)
  • 23267[ui] Misplaced “Reset Prefs” button in user prefs with narrow screen (dregad)
  • 23301[api rest] Request an issue in the REST API fail without warning if an enumeration is missing. (community)
  • 23310[performance] Unused CSS delivered (atrol)
  • 23323[reports] Wrong filter links on summary page (atrol)
  • 23331[code cleanup] New user_get_username() API function (dregad)
  • 22182[ui] Burger menu is sometimes visible without functionality (cproensa)
  • 22492[ui] Regression: Resolved/Closed issues are not shown with a line-through (strike-through) (community)
  • 23264[api rest] Custom fields not been saved when adding issue through the Rest API (community)
  • 23268[db oracle] Error filtering custom fields of type date (cproensa)
  • 23311[filters] “View issues” on changelog page does not show closed issues (atrol)
  • 23367[plug-ins] Add no-op upgrade step in plugin_upgrade() (dregad)
  • 23378[installation] Installation fails when using old but still allowed PHP version 5.3 (atrol)
  • 23381[code cleanup] Unneeded code for unsupported PHP versions (atrol)
  • 23382[customization] Login logo image not configurable by css (cproensa)
  • 23393[administration] Provide some basic operating environment information on manage_overview_page (atrol)
  • 23395[db oracle] Performance issue reading config table with oracle database (cproensa)
  • 23411[performance] Unneeded string copies in general text processing (atrol)
  • 23420[relationships] Resolving as duplicate adds reporter and handler to monitoring list (atrol)
  • 23425[reports] PHP errors and warnings when running Issue Trend report (atrol)
  • 21913[tagging] Unprivileged user can see related tags from private issues (cproensa)
  • 22053[plug-ins] Implement logging functionality for plugins (cproensa)
  • 22245[ui] Collapsed menu entry no clickable in complete visible area (atrol)
  • 23241[filters] Error when changing sort order in filters, due date field only (cproensa)
  • 23243[ui] Narrow space between checkbox/radio button and label (dregad)
  • 23249[feature] When logging the caller function, also print the class name if it’s a class method (cproensa)
  • 23251[timeline] Timeline in view user page resets the user id after dates navigation (cproensa)
  • 23324[performance] Generated css, js code should be cached by browser (cproensa)
  • 23377[other] Textarea custom field entry missing from email (atrol)
  • 23436[filters] Editing a stored filter can’t update projects property (cproensa)
  • 23443[custom fields] Fixes related to custom fields on filters, columns and visibility (cproensa)
  • 05713[custom fields] Custom fields of subprojects are shown in filter for “All projects” but not in parent project. (cproensa)
  • 06872[custom fields] Sort of custom fields does not use data type (cproensa)
  • 16358[filters] Custom field filter does not recusrively read all items from sub-projects (cproensa)
  • 16359[filters] Custom field filters does not take user access rights into account (cproensa)
  • 19385[filters] Filtering custom field show bugs from projects where this custom field has been removed (cproensa)
  • 23223[filters] Custom fields filter does not account for read access at project level (cproensa)
  • 23232[filters] Custom field is showed in filter when the user has not view access (cproensa)
  • 23233[custom fields] Issues returned by filter has linked custom fields that are not available as columns (cproensa)
  • 23260[custom fields] Custom fields of type date are not sorted correctly (cproensa)
  • 23265[custom fields] Filter selection for numeric custom fields aren’t sorted correctly on distinct values list (cproensa)
  • 23266[custom fields] Filter selection for numeric custom fields show values not coherent with custom field type (cproensa)

Go ahead and download the release from our website.

MantisBT 2.6.0, 2.5.2 and 1.3.12 released

MantisBT 2.6.0

A feature release that includes both functional and performance improvements.

  • 22730: [ui] ‘Manage Configuration’ tab usually does not highlight (dregad)
  • 22813: [customization] Field is appearing in email notification but not used in UI. (joel)
  • 22967: [ui] Questionable display of “Access Denied” on view_user_page (atrol)
  • 22984: [ui] Calendar doesn’t show the correct date the first time it opens (dregad)
  • 22981: [ui] Display of hardcoded string on view_user_page if e-mail address is empty (atrol)
  • 22987: [code cleanup] Replace hardcoded language strings by translatable ones (dregad)
  • 23061: [ui] print_manage_menu() does not highlight active plugin pages (dregad)
  • 23116: [html] Due date field not displayed correctly when editing ticket (community)
  • 23141: [html] Unused CSS delivered (atrol)
  • 12313: [attachments] Can’t open image attachments in browser windows (dregad)
  • 22913: [email] Update disposable-email-checker to v3.0.1 using Composer (vboctor)
  • 22939: [code cleanup] Use Parsedown library v1.6.2 via Composer (vboctor)
  • 22940: [code cleanup] Update PHPMailer from 5.2.22 to 5.2.24 and use Composer (dregad)
  • 23087: [filters] Removing “Report an issue” permission removes user from Monitoring filter dropdown (atrol)
  • 23150: [html] Unused code and unused CSS delivered for obsoleted functionality (atrol)
  • 23159: [ui] Graph display is too faint and blurred (atrol)
  • 21807: [ui] The required fields are not explicitly visible when updating, resolving or closing an issue (community)
  • 23143: [api rest] Support adding notes via REST API (vboctor)
  • 22158: [time tracking] Time tracking report excludes issues with no category assigned (cproensa)
  • 22919: [time tracking] Time Tracking “auto count” is giving the wrong elapsed time (dregad)
  • 23112: [custom fields] Custom fields badly filtered when multi-projects (cproensa)
  • 23131: [api rest] /api/rest/projects doesn’t return child projects (vboctor)
  • 23139: [api rest] Notes returned by /issues REST API have incorrect timestamps (vboctor)
  • 23144: [api rest] Support issue id as part of the path for REST API (vboctor)
  • 23145: [api rest] Support deleting notes via REST API (vboctor)
  • 23184: [bugtracker] AJAX calls with invalid endpoints fail with syntax error (dregad)
  • 23187: [email] Update PHPMailer v5.2.23 to v5.2.24 (vboctor)
  • 23188: [bugtracker] Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor)
  • 23189: [markdown] Update Parsedown 1.6.2 to 1.6.3 (vboctor)
  • 23190: [code cleanup] Update PhpUnit from 4.8.35 to 4.8.36 (vboctor)
  • 23191: [time tracking] Unable to access time tracking reports (atrol)
  • 23202: [ui] Questionable order and functionality of top buttons on “View Issue” page (atrol)
  • 23204: [performance] Unused and inefficient code in function layout_print_sidebar (atrol)
  • 23227: [ui] When specifiying top_buttons display, the button on update screen has no styling. (atrol)
  • 23237: [performance] Project cache is not efficient with navbar project selection. (cproensa)
  • 12444: [bugtracker] bug_actiongroup_page, on copy, & move, poject combo lists projects wich the user has no rights (cproensa)
  • 21695: [ui] “notify user” check should be moved outside the form (cproensa)
  • 22291: [time tracking] Issue history box is narrower than other boxes above it on View Issue page (cproensa)
  • 22469: [time tracking] Enabling Time Tracking distorts View Issue Details page layout. (cproensa)

MantisBT 2.5.2

Security fixes for 2.5.x release.

  • 23146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
  • 23166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
  • 23179: [security] Login page no longer warns about ‘admin’ directory being present (dregad)
  • 23181: [administration] Checks on login page are never executed if “admin” dir does not exist (dregad)
  • 23185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

MantisBT 1.3.12

Security fixes for 1.3.x release.

  • 23175: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
  • 23186: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

Go ahead and download the release from our website.