Year: 2018

MantisBT 2.14.0, 2.13.2, and 1.13.15 Released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter and retweet to spread the word!

MantisBT 2.14.0

A feature release including functional improvements and bug fixes.

  • 0024192: [bugtracker] Update ADOdb to 5.20.12 (dregad)
  • 0024174: [code cleanup] E_DEPRECATED error on php7.2: each() function (dregad)
  • 0024196: [api rest] Update Slim Framework from 3.8.1 to 3.9.2 (vboctor)
  •  0024197: [api rest] Update GuzzleHttp from 6.3.0 to 6.3.2 (vboctor)
  • 0024220: [documentation] Wrong documentation of datetime_picker_format in Admin Guide (atrol)
  • 0024236: [code cleanup] IssueAddCommand Prevents API Folder Removal (atrol)
  • 0024325: [code cleanup] Code Cleanup (atrol)
  • 0024326: [documentation] Wrong documentation of my_view_boxes in Admin Guide (atrol)
  • 0024333: [api rest] Support getting a single project via REST API (vboctor)
  • 0024336: [administration] Plugin priority changed without being changed by user interaction (atrol)

MantisBT 2.13.2

Maintenance release for 2.13.x series.

  • 0024221: [security] CVE-2018-9839: Private issues accessible to unauthorized users using the “Clone” functionality (dregad)
  • 0024233: [markdown] Markdown quoting rendered with broken HTML (atrol)
  • 0024239: [email] Inconsistent realname display (atrol)
  • 0024335: [api rest] Get all filter or specific filter returns incorrect information (vboctor)
  • 0024343: [api rest] REST API returns too much info for default category handler (vboctor)
  • 0024346: [api rest] Don’t show category default handler for users that can’t manage the project (vboctor)
  • 0024349: [api soap] API method mc_filter_get does not work (vboctor)
  • 0024353: [code cleanup] mb_internal_encoding no longer being set because of removal utf8 library (atrol)
  • 0024355: [bugtracker] SYSTEM WARNING ‘count(): Parameter must be an array or an object that implements Countable’ in ‘IssueNoteAddCommand.php (atrol)

MantisBT 1.13.15

Security fixes for 1.3.x release series.

  • 0024365: [security] CVE-2018-9839: Private issues accessible to unauthorized users using the “Clone” functionality (dregad)

Go ahead and download the release from our website.

MantisBT 2.13.1 and 2.12.2 released

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter and retweet to spread the word!

Starting with MantisBT 2.13.0 the PHP mbstring extension is mandatory. Ensure that it is enabled on your server, or ask your provider if you are not the administrator of the server.

MantisBT 2.13.1

Maintenance release for 2.13.x series.

  • 0024202[markdown] Broken rendering of @ mentions, # issue and ~ note links (atrol)

MantisBT 2.12.2

Maintenance release for 2.12.x series.

  • 0024201[markdown] Broken rendering of @ mentions, # issue and ~ note links (atrol)

MantisBT 2.13.0

A feature release including functional improvements and bug fixes.

  • 0016070[email] Delay due to Mantis trying sending emails to non existent address (vboctor)
  • 0023498[filters] Filtering “note by” with “none” does not return any result (cproensa)
  • 0007264[filters] Not able to filter issues that have no relationship assigned (cproensa)
  •  0008167[filters] Filter settings saved when using Anonymous account (cproensa)
  •  0008204[filters] Filters not remembered when clicking through from “My View” (cproensa)
  • 0022785[api rest] Support adding attachments when reporting issues (vboctor)
  • 0023214[performance] Remove usage of outdated phputf8 library (atrol)
  • 0023998[code cleanup] Implement IssueAddCommand and use it from SOAP, REST and Web UI (vboctor)
  • 0023999[code cleanup] Implement IssueDeleteCommand and use it from SOAP, REST, and Web UI (vboctor)
  • 0024000[api rest] Add Issue REST API doesn’t trigger EVENT_REPORT_BUG_DATA plugin event (vboctor)
  • 0024001[api soap] Add Issue SOAP API doesn’t trigger EVENT_REPORT_BUG_DATA plugin event (vboctor)
  • 0024002[api rest] Add Issue REST API doesn’t trigger issue_create_validate custom function (vboctor)
  • 0024003[api soap] Add Issue SOAP API doesn’t trigger issue_create_validate custom function (vboctor)
  • 0024004[api rest] Add Issue REST API doesn’t trigger issue_create_notify custom function (vboctor)
  • 0024005[api soap] Add Issue SOAP API doesn’t trigger issue_create_notify custom function (vboctor)
  • 0024006[api rest] Add Issue REST API doesn’t trigger EVENT_REPORT_BUG plugin event (vboctor)
  • 0024007[api soap] Add Issue SOAP API doesn’t trigger EVENT_REPORT_BUG plugin event (vboctor)
  • 0024008[api rest] Add Issue REST API doesn’t add the issue to recent list (vboctor)
  • 0024009[api soap] Add Issue SOAP API doesn’t add the issue to recent list (vboctor)
  • 0010853[filters] In View Issues list, several columns are sorted by Id instead of display value (cproensa)
  • 0013177[filters] On ‘View Issues’ Page the filter does not allow user to select ‘blank’ (‘No Category’) Category (cproensa)
  • 0021865[filters] Filter out duplicated issues (cproensa)
  • 0021867[filters] Filter filed “relationships” resets its value when “duplicate of” is selected (cproensa)
  • 0023476[bugtracker] Can’t login if admin directory has restricted access (atrol)
  • 0023499[filters] Filtering with “note by” shows results from private notes for unprivileged users (cproensa)
  • 0023500[filters] Search filter returns matches in private notes for unprivileged users (cproensa)
  • 0023501[filters] Filter “monitored by” does not have option for “none” (cproensa)
  • 0023502[filters] Filter “assigned to” does not account for configuration “view_handler_threshold” (cproensa)
  • 0023504[filters] Filter “monitored by” does not account for configuration “show_monitor_list_threshold” (cproensa)
  • 0023506[filters] Filter tags inconsitent with OR filter operator (cproensa)
  • 0023538[filters] Filter field for relationship bug id is set to -1 by default (cproensa)
  • 0023549[db mysql] Entering Emojis in comments with a user mention crashes with an error (atrol)
  • 0024042[filters] filter on relationships mistuned by switching sort order (cproensa)
  • 0024056[custom fields] Custom Fields of type “Textarea” cannot contain more than 255 chars due to bug_history table (atrol)
  • 0024089[authentication] POST request to login_password_page.php return 405 when admin folder is deleted or access restricted (atrol)
  • 0024128[administration] Unable to start system check or installation with wrong PHP version (atrol)
  • 0024140[filters] Application error 401: “ORDER BY clause is not in SELECT list” when sorting by category or project (cproensa)
  • 0022376[documentation] Wrong documentation of string customization (atrol)
  • 0023161[timeline] Show File Attachment events in Timeline (dregad)
  • 0024158[bugtracker] Support providing a default value for issue description (vboctor)
  • 0024159[documentation] $g_default_bug_steps_to_reproduce not documented (vboctor)
  • 0024160[documentation] $g_default_bug_additional_info not documented (vboctor)

MantisBT 2.12.1

Maintenance release for 2.12.x series.

  • 0024186[security] Update Parsedown library to 1.7.1 (dregad)
  • 0024097[ui] Account page required change password on any field modification (atrol)
  • 0024090[ui] Username (Realnames) format not showing on timeline (my_view_page) (vboctor)
  • 0024161[timeline] Wrong color of username in timeline (atrol)
  • 0024167[bugtracker] History entries display realname instead of username (atrol)

Go ahead and download the release from our website.

MantisBT 2.12.0 released

A feature release including functional improvements and bug fixes.

  • 0010493: [code cleanup] Non-existent duplicate_realname column is updated by various functions in user_api.php (vboctor)
  • 0022509: [mentions] users with dashes in their name will not work when @mentioned (example @r-frank) (community)
  • 0023375: [mentions] It is hard to @ mention users when show realnames is enabled (vboctor)
  • 0023960: [plug-ins] EVENT_AUTH_USER_FLAGS should always be passed username rather than name (vboctor)
  • 0023961: [timeline] Identify Timeline tags operations with a specific icon (dregad)
  • 0023966: [code cleanup] Option session_handler not implemented (atrol)
  • 0023969: [performance] Minor performance and code enhancements of config functions (atrol)
  • 0024020: [localization] Update supported languages (siebrand)
  • 0024043: [ldap] $g_ldap_realname_field generates WARNING: field ‘givenName’ does not exist. (community)
  • 0023909: [administration] User realname uniqueness check doesn’t work (vboctor)

Starting with MantisBT 2.13.0 the PHP mbstring extension is mandatory. Ensure that it is enabled on your server, or ask your provider if you are not the administrator of the server.

In order to stay up to date with the latest MantisBT news and participate in our polls, please follow us on twitter and retweet to spread the word!

Go ahead and download the release from our website.

MantisBT 2.11.0, 2.10.1, and 1.3.14 released

MantisBT 2.11.0

Feature release

  • 23754: [code cleanup] Code cleanup (atrol)
  • 23876: [installation] Running admin/check fails (dregad)
  • 23900: [administration] Unable to update user access level, due to check on ‘Realname’ returning KO (APPLICATION ERROR #807) (vboctor)
  • 23776: [attachments] Support adding attachments that were not uploaded via the browser (vboctor)
  • 23899: [api rest] Relationship type was localized in GET issue API (vboctor)
  • 23706: [administration] trigger_error() with errors must terminate scripts rather than being config based (vboctor)
  • 23714: [api rest] Failing REST API requests should include Mantis error code and localized message (vboctor)
  • 23762: [api rest] Support adding users to monitor an issue via REST API (vboctor)
  • 23772: [api rest] Support attachments when adding notes via REST API (vboctor)
  • 23773: [api rest] Support time tracking when adding notes via REST API (vboctor)
  • 23780: [api rest] Return status code 429 when hitting spam check limits (vboctor)
  • 23784: [api rest] REST and SOAP API send two email notifications for mentioned users (vboctor)
  • 23785: [api rest] Adding notes via SOAP and REST API with time tracking uses incorrect access check (vboctor)
  • 23786: [code cleanup] Implement IssueNoteDeleteCommand for deleting notes (vboctor)
  • 23787: [administration] Protected admin users can’t be unprotected (atrol)
  • 23830: [security] Update PHPMailer to 5.2.26 (dregad)
  • 11327: [reports] “Developer By Resolution” is the only box in the Summary page not ordered (at least it doesn’t seem to be any logic behind it) (dregad)
  • 12978: [code cleanup] Summary – Time Stats For Resolved Issues (days) (dregad)
  • 22792: [api rest] Support downloading issue attachments (vboctor)
  • 23627: [feature] Summary page enhancement with bugs ratio support (dregad)
  • 23758: [ui] Allow users to select font family that fits them best (syncguru)
  • 23774: [code cleanup] Implement IssueNoteAddCommand to share code for adding notes (vboctor)
  • 23796: [reports] Filter links for resolved/closed custom statuses in Summary By Status report are incorrect (dregad)
  • 23828: [api rest] Support adding attachments to existing issues via REST API (vboctor)
  • 23837: [code cleanup] Implement UserCreateCommand to create users (vboctor)
  • 23838: [api rest] Create user via REST API (vboctor)
  • 23839: [code cleanup] Implement UserDeleteCommand for deleting users (vboctor)
  • 23840: [api rest] Delete user via REST API (vboctor)
  • 23854: [reports] Summary: always show the “By Project” box (dregad)
  • 23855: [code cleanup] Implement TagAttachCommand for attaching tags (vboctor)
  • 23856: [code cleanup] Implement TagDetachCommand to detach tags (vboctor)
  • 23857: [api rest] Add REST API to attach a tag (vboctor)
  • 23858: [api rest] Add REST API to detach a tag (vboctor)
  • 23863: [reports] Summary: Reporter and Developer by Resolution miss a Total column (dregad)
  • 23865: [code cleanup] Implement IssueRelationshipAddCommand to add relationships (vboctor)
  • 23866: [api rest] Support adding relationships via REST API (vboctor)
  • 23867: [code cleanup] Implement IssueRelationshipDeleteCommand (vboctor)
  • 23868: [api rest] Support deleting issue relationships via REST API (vboctor)
  • 23898: [api rest] Some relationships are not formatted correctly in GET issue rest API (vboctor)
  • 23775: [attachments] Remove obsolete code that checks if PHP file info API is defined (vboctor)
  • 23926: [ui] Footer displayed under sidebar on error page when $g_show_detailed_errors = ON (dregad)
  • 23925: [security] Site path leakage in error handler (vboctor)
  • 23930: [installation] Make Fileinfo a mandatory PHP extension (atrol)
  • 23944: [bugtracker] The stack trace on detailed error page should not include the error handler itself (dregad)
  • 23942: [bugtracker] Remove deprecated “errcontext” parameter from standard error handler (dregad)
  • 23943: [bugtracker] Improve detailed error page layout (dregad)

MantisBT 2.10.1

Maintenance release for 2.10.x series

  • 23746: [api soap] unable to create a bug with customfields via SOAP (vboctor)
  • 23765: [api rest] Wrong constructor name in class FilterConverter (atrol)
  • 23924: [relationships] Resolving as duplicate does not add reporter and handler to monitoring list of duplicate issue (atrol)
  • 23906: [security] CVE-2018-6403: XSS in adm_config_report.php ‘value’ parameter (dregad)

MantisBT 1.3.14

Maintenance release for 1.3.x series

  • 23918: [security] CVE-2018-6403: XSS in adm_config_report.php ‘value’ parameter (dregad)

Go ahead and download the release from our website.