In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!
All installations are advised to upgrade as soon as possible.
MantisBT 2.25.8
Security and maintenance release addressing an information disclosure issue (CVE-2023-44394) and a security issue in bundled GuzzleHttp library (CVE-2023-29197). This release also resolves several PHP 8.x compatibility and REST API issues.
Go ahead and download the release from our website.
- 0028618: [bugtracker] Category empty but required does not prevent form submission on Firefox Windows and Safari (dregad)
- 0029438: [api rest] Unsupported operand types when an incident with time tracking notes is updated via REST API (dregad)
- 0032390: [plug-ins] Impossible to install a plugin without any dependencies (dregad)
- 0032432: [security] Update guzzlehttp/psr7 to 1.9.1 (dregad)
- 0032612: [bugtracker] DEPRECATED: ‘Creation of dynamic property BugData::$bug_text_id (dregad)
- 0032451: [bugtracker] Email uniqueness is not enforced on case-sensitive databases (dregad)
- 0032459: [bugtracker] Graphics x Apple Safari 16 (atrol)
- 0032703: [bugtracker] Local documentation is not accessible (403) (dregad)
- 0032788: [ui] Incorrect styling of table headers (dregad)
- 0032809: [bugtracker] PHP 8.1 deprecation notice in user_search_cache() (dregad)
- 0032860: [api rest] REST API allows resolving an issue with unresolved children (dregad)
- 0032865: [html] Wrong HTML tags on “Manage Filters” page (atrol)
- 0032889: [plug-ins] EVENT_MENU_DOCS is never triggered (dregad)
- 0026365: [api rest] Missing Authorization header in REST API causing requests to fail (dregad)
- 0032981: [security] CVE-2023-44394: Information Leakage on DokuWiki Integration (dregad)