In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word!
MantisBT 2.24.3
Security release for 2.24.x series. All installations are strongly advised to upgrade as soon as possible.
- 0027039: [security] CVE-2020-25781: Access to private bug note attachments (dregad)
- 0027268: [security] Admin can get issues assigned to users not allowed to handle them (dregad)
- 0027275: [security] CVE-2020-25288: HTML Injection on bug_update_page.php (dregad)
- 0027276: [security] Send reminder to viewer (dregad)
- 0027283: [security] Admin can set viewer as a tag creator (dregad)
- 0027284: [plug-ins] Priority can override to any positive integer (dregad)
- 0027299: [code cleanup] Remove code duplication in File API (dregad)
- 0027303: [code cleanup] When processing categories, it is not necessary to know the project id (dregad)
- 0027304: [security] CVE-2020-25830: HTML Injection in bug_actiongroup_page.php (dregad)
Many thanks to d3vpoo1 who identified most of the security issues fixed in this release.
Go ahead and download the release from our website.