Month: October 2023

MantisBT 2.26.0 Released

Go ahead and download the release from our website.

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

MantisBT 2.26.0

This long-overdue feature and maintenance release contains nearly 150 fixes and enhancements !

Among many other things, it finally brings support for PHP 8.2, and generally improves PHP 8 compatibility. The earliest supported PHP version is now 7.2.5.

There are also numerous improvements to the REST API.

New configuration options were added to control access to Export and Print Report features (see 0022224). The default value for the latter was set to UPDATER for security reasons (see 0025492); to restore earlier behavior, administrators should set $g_print_reports_threshold = VIEWER;.

It would be somewhat pointless to copy the whole list of fixed issues here; please refer to the Change Log for complete details.

MantisBT 2.25.8 released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

All installations are advised to upgrade as soon as possible.

MantisBT 2.25.8

Security and maintenance release addressing an information disclosure issue (CVE-2023-44394) and a security issue in bundled GuzzleHttp library (CVE-2023-29197). This release also resolves several PHP 8.x compatibility and REST API issues.

Go ahead and download the release from our website.

  •  0028618[bugtracker] Category empty but required does not prevent form submission on Firefox Windows and Safari (dregad)
  •  0029438[api rest] Unsupported operand types when an incident with time tracking notes is updated via REST API (dregad)
  •  0032390[plug-ins] Impossible to install a plugin without any dependencies (dregad)
  •  0032432[security] Update guzzlehttp/psr7 to 1.9.1 (dregad)
  •  0032612[bugtracker] DEPRECATED: ‘Creation of dynamic property BugData::$bug_text_id (dregad)
  •  0032451[bugtracker] Email uniqueness is not enforced on case-sensitive databases (dregad)
  •  0032459[bugtracker] Graphics x Apple Safari 16 (atrol)
  •  0032703[bugtracker] Local documentation is not accessible (403) (dregad)
  •  0032788[ui] Incorrect styling of table headers (dregad)
  •  0032809[bugtracker] PHP 8.1 deprecation notice in user_search_cache() (dregad)
  •  0032860[api rest] REST API allows resolving an issue with unresolved children (dregad)
  •  0032865[html] Wrong HTML tags on “Manage Filters” page (atrol)
  •  0032889[plug-ins] EVENT_MENU_DOCS is never triggered (dregad)
  •  0026365[api rest] Missing Authorization header in REST API causing requests to fail (dregad)
  •  0032981[security] CVE-2023-44394: Information Leakage on DokuWiki Integration (dregad)