MantisBT 1.2.7 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release.
Net.Edit0r from BlACK Hat Group posted a vulnerability report for an XSS issue in search.php. All MantisBT users (including anonymous users that are not logged in to public bug trackers) could be impacted by this vulnerability. Refer to issue #13245 for full details.
This release also contains numerous minor bug fixes to MantisBT and improved translations in many languages.
A full changelog for 1.2.7 can be found on the official site:
The release can be downloaded from: