MantisBT 2.6.0
A feature release that includes both functional and performance improvements.
- 22730: [ui] ‘Manage Configuration’ tab usually does not highlight (dregad)
- 22813: [customization] Field is appearing in email notification but not used in UI. (joel)
- 22967: [ui] Questionable display of “Access Denied” on view_user_page (atrol)
- 22984: [ui] Calendar doesn’t show the correct date the first time it opens (dregad)
- 22981: [ui] Display of hardcoded string on view_user_page if e-mail address is empty (atrol)
- 22987: [code cleanup] Replace hardcoded language strings by translatable ones (dregad)
- 23061: [ui] print_manage_menu() does not highlight active plugin pages (dregad)
- 23116: [html] Due date field not displayed correctly when editing ticket (community)
- 23141: [html] Unused CSS delivered (atrol)
- 12313: [attachments] Can’t open image attachments in browser windows (dregad)
- 22913: [email] Update disposable-email-checker to v3.0.1 using Composer (vboctor)
- 22939: [code cleanup] Use Parsedown library v1.6.2 via Composer (vboctor)
- 22940: [code cleanup] Update PHPMailer from 5.2.22 to 5.2.24 and use Composer (dregad)
- 23087: [filters] Removing “Report an issue” permission removes user from Monitoring filter dropdown (atrol)
- 23150: [html] Unused code and unused CSS delivered for obsoleted functionality (atrol)
- 23159: [ui] Graph display is too faint and blurred (atrol)
- 21807: [ui] The required fields are not explicitly visible when updating, resolving or closing an issue (community)
- 23143: [api rest] Support adding notes via REST API (vboctor)
- 22158: [time tracking] Time tracking report excludes issues with no category assigned (cproensa)
- 22919: [time tracking] Time Tracking “auto count” is giving the wrong elapsed time (dregad)
- 23112: [custom fields] Custom fields badly filtered when multi-projects (cproensa)
- 23131: [api rest] /api/rest/projects doesn’t return child projects (vboctor)
- 23139: [api rest] Notes returned by /issues REST API have incorrect timestamps (vboctor)
- 23144: [api rest] Support issue id as part of the path for REST API (vboctor)
- 23145: [api rest] Support deleting notes via REST API (vboctor)
- 23184: [bugtracker] AJAX calls with invalid endpoints fail with syntax error (dregad)
- 23187: [email] Update PHPMailer v5.2.23 to v5.2.24 (vboctor)
- 23188: [bugtracker] Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor)
- 23189: [markdown] Update Parsedown 1.6.2 to 1.6.3 (vboctor)
- 23190: [code cleanup] Update PhpUnit from 4.8.35 to 4.8.36 (vboctor)
- 23191: [time tracking] Unable to access time tracking reports (atrol)
- 23202: [ui] Questionable order and functionality of top buttons on “View Issue” page (atrol)
- 23204: [performance] Unused and inefficient code in function layout_print_sidebar (atrol)
- 23227: [ui] When specifiying top_buttons display, the button on update screen has no styling. (atrol)
- 23237: [performance] Project cache is not efficient with navbar project selection. (cproensa)
- 12444: [bugtracker] bug_actiongroup_page, on copy, & move, poject combo lists projects wich the user has no rights (cproensa)
- 21695: [ui] “notify user” check should be moved outside the form (cproensa)
- 22291: [time tracking] Issue history box is narrower than other boxes above it on View Issue page (cproensa)
- 22469: [time tracking] Enabling Time Tracking distorts View Issue Details page layout. (cproensa)
MantisBT 2.5.2
Security fixes for 2.5.x release.
- 23146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
- 23166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
- 23179: [security] Login page no longer warns about ‘admin’ directory being present (dregad)
- 23181: [administration] Checks on login page are never executed if “admin” dir does not exist (dregad)
- 23185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
MantisBT 1.3.12
Security fixes for 1.3.x release.
- 23175: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
- 23186: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
Go ahead and download the release from our website.