Month: September 2024

MantisBT 2.27.0 Released

Go ahead and download the release from our website.

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

MantisBT 2.27.0

This release includes over 50 enhancements and bug fixes, and sees the end of support for older PHP versions as we increase our minimum requirement to 7.4. Here are a few highlights among the many changes.

Thanks to community member Grummbeer‘s contributions, there have been many improvements to Markdown processing. This includes syntax highlighting for code blocks (0034124), improved rendering and a fix for the infamous and long-standing double quotes " and lesser than sign < rendered as HTML entities bug (0024628).

Categories can now be disabled (0031017); graphs generation has been refactored for better performance (0034042) and enhanced display (0034608); improved error handling facilitates troubleshooting when something goes wrong.

There is more of course, so for full details please refer to theĀ Change Log.

MantisBT 2.26.4 Released

Go ahead and download the release from our website.

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

MantisBT 2.26.4

Maintenance and security release addressing an information disclosure vulnerability (CVE-2024-45792) and a regression introduced by 2.26.3 on Manage Projects Page, as well as several bug fixes.

All installations are advised to upgrade as soon as possible.

  •  0034640[security] CVE-2024-45792: Insecure Direct Object References vulnerability with user profiles (dregad)
  •  0034634[other] Non-existing issue number does not throw a 404 in the UI (dregad)
  •  0034768[sub-projects] ‘INTERNAL APPLICATION ERROR’ editing some projects from manage_proj_page.php (atrol)
  •  0026672[api soap] mc_issue_add fails with “Object of class SoapFault could not be converted to int” (dregad)
  •  0032557[bugtracker] Can not set full URL to $g_manual_url in config_inc.php (dregad)
  •  0034618[administration] Disabled projects are not listed on page manage_proj_page.php (dregad)
  •  0034682[bugtracker] Incorrect usage of lang_get_defaulted() for an URL (dregad)
  •  0034683[api rest] REST POST /issues allows creation of Issue when invalid Category is specified (dregad)
  •  0034684[api soap] SOAP API throwing deprecation warning on PHP 8.1 (dregad)