MantisBT 2.6.0, 2.5.2 and 1.3.12 released

MantisBT 2.6.0

A feature release that includes both functional and performance improvements.

  • 22730: [ui] ‘Manage Configuration’ tab usually does not highlight (dregad)
  • 22813: [customization] Field is appearing in email notification but not used in UI. (joel)
  • 22967: [ui] Questionable display of “Access Denied” on view_user_page (atrol)
  • 22984: [ui] Calendar doesn’t show the correct date the first time it opens (dregad)
  • 22981: [ui] Display of hardcoded string on view_user_page if e-mail address is empty (atrol)
  • 22987: [code cleanup] Replace hardcoded language strings by translatable ones (dregad)
  • 23061: [ui] print_manage_menu() does not highlight active plugin pages (dregad)
  • 23116: [html] Due date field not displayed correctly when editing ticket (community)
  • 23141: [html] Unused CSS delivered (atrol)
  • 12313: [attachments] Can’t open image attachments in browser windows (dregad)
  • 22913: [email] Update disposable-email-checker to v3.0.1 using Composer (vboctor)
  • 22939: [code cleanup] Use Parsedown library v1.6.2 via Composer (vboctor)
  • 22940: [code cleanup] Update PHPMailer from 5.2.22 to 5.2.24 and use Composer (dregad)
  • 23087: [filters] Removing “Report an issue” permission removes user from Monitoring filter dropdown (atrol)
  • 23150: [html] Unused code and unused CSS delivered for obsoleted functionality (atrol)
  • 23159: [ui] Graph display is too faint and blurred (atrol)
  • 21807: [ui] The required fields are not explicitly visible when updating, resolving or closing an issue (community)
  • 23143: [api rest] Support adding notes via REST API (vboctor)
  • 22158: [time tracking] Time tracking report excludes issues with no category assigned (cproensa)
  • 22919: [time tracking] Time Tracking “auto count” is giving the wrong elapsed time (dregad)
  • 23112: [custom fields] Custom fields badly filtered when multi-projects (cproensa)
  • 23131: [api rest] /api/rest/projects doesn’t return child projects (vboctor)
  • 23139: [api rest] Notes returned by /issues REST API have incorrect timestamps (vboctor)
  • 23144: [api rest] Support issue id as part of the path for REST API (vboctor)
  • 23145: [api rest] Support deleting notes via REST API (vboctor)
  • 23184: [bugtracker] AJAX calls with invalid endpoints fail with syntax error (dregad)
  • 23187: [email] Update PHPMailer v5.2.23 to v5.2.24 (vboctor)
  • 23188: [bugtracker] Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor)
  • 23189: [markdown] Update Parsedown 1.6.2 to 1.6.3 (vboctor)
  • 23190: [code cleanup] Update PhpUnit from 4.8.35 to 4.8.36 (vboctor)
  • 23191: [time tracking] Unable to access time tracking reports (atrol)
  • 23202: [ui] Questionable order and functionality of top buttons on “View Issue” page (atrol)
  • 23204: [performance] Unused and inefficient code in function layout_print_sidebar (atrol)
  • 23227: [ui] When specifiying top_buttons display, the button on update screen has no styling. (atrol)
  • 23237: [performance] Project cache is not efficient with navbar project selection. (cproensa)
  • 12444: [bugtracker] bug_actiongroup_page, on copy, & move, poject combo lists projects wich the user has no rights (cproensa)
  • 21695: [ui] “notify user” check should be moved outside the form (cproensa)
  • 22291: [time tracking] Issue history box is narrower than other boxes above it on View Issue page (cproensa)
  • 22469: [time tracking] Enabling Time Tracking distorts View Issue Details page layout. (cproensa)

MantisBT 2.5.2

Security fixes for 2.5.x release.

  • 23146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
  • 23166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
  • 23179: [security] Login page no longer warns about ‘admin’ directory being present (dregad)
  • 23181: [administration] Checks on login page are never executed if “admin” dir does not exist (dregad)
  • 23185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

MantisBT 1.3.12

Security fixes for 1.3.x release.

  • 23175: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
  • 23186: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

Go ahead and download the release from our website.