In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!
Go ahead and download the release from our website.
MantisBT 2.25.3
This security and maintenance release fixes vulnerabilities in CSV Export (CVE-2021-43257) and Plugins management pages (CVE-2022-26144), as well as in bundled libraries guzzlehttp/psr7 (CVE-2022-24775) and moment.js (CVE-2022-24785). It also addresses several PHP 8.1 compatibility issues.
There are 2 known issues with this release, which have been fixed in 2.25.4: accessing scripts in sub-directories with PHP 5.6 and a technical problem with CDNJS that prevents loading of the moment.js library when using CDN (as a workaround, set $g_cdn_enabled = OFF; in config_inc.php).
- 0029848: [security] Update guzzlehttp/psr7 to 1.8.5 (dregad)
- 0029034: [api soap] SOAP call mc_project_get_id_from_name fails when there is no matching project in PHP 7.2 (community)
- 0029846: [bugtracker] Passing null to parameter of type XXX is deprecated (dregad)
- 0028927: [api rest] Slim Application Error when RestFault generated (community)
- 0029845: [bugtracker] Constant FILTER_SANITIZE_STRING is deprecated (dregad)
- 0029130: [security] CVE-2021-43257: CSV Injection with CSV Export Feature (dregad)
- 0029144: [attachments] Adding an attachment with a long filename causes “Data too long for column ‘filename'” application error (dregad)
- 0029181: [bugtracker] ‘format_issue_summary’ custom function not called from View Issue Details page (dregad)
- 0029416: [ui] Missing closing div tag causes incorrect page footer display (dregad)
- 0029462: [installation] Unable to install (dregad) 0029413: [custom fields] APPLICATION ERROR 1300 Custom field not found with case-sensitive database (dregad)
- 0029485: [security] Update ADOdb to 5.20.21 (dregad)
- 0029849: [security] Update moment.js to 2.29.2 (dregad)
- 0029688: [security] CVE-2022-26144: XSS in manage_plugin_page.php and manage_plugin_uninstall.php (dregad)