MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from here.
This release resolves 5 security issues:
- #17938/CVE-2014-9571: XSS in install.php
- #17939/CVE-2014-9572: Improper Access Control in install.php
- #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
- #17984/CVE-2014-9624: CAPTCHA bypass
- #17997/CVE-2015-1042: URL redirection issue
We would like to thank High Tech Bridge Research Lab, Alejo Popovici and Florent Daignière from Matta Consulting for reporting these issues, and their cooperation in resolving them.
This release also addresses 2 regression issues introduced in 1.2.18:
- #17993 prevents new users from signing up on systems using CAPTCHA.
- #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields.
Please refer to the changelog on the MantisBT web site for complete details on each of these issues.
5 thoughts on “MantisBT 1.2.19 Released”
We are using 1.2.18 version and running on production. Please let us know how can we upgrade with this version.
Can you please let me know how “Issue Relationship Graphs” works ?
Does the system automatically identifies the relationship or Someone has to link the defects to create relationship or dependency ?
HI i have download mantis 1.2.19. It is downloaded in rar format. I am notable to understand how to istall it . Where setup file is stored>
I have no idea where you got your RAR from… Official releases are only available in ZIP and TAR.GZ formats from https://www.mantisbt.org/download.php, I suggest you download one of these.
With regards to installation instructions, please read the manual https://www.mantisbt.org/docs/master-1.2.x/en/administration_guide/admin.install.html
Comments are closed.