MantisBT 2.25.8 released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X or Mastodon and retweet to spread the word!

All installations are advised to upgrade as soon as possible.

MantisBT 2.25.8

Security and maintenance release addressing an information disclosure issue (CVE-2023-44394) and a security issue in bundled GuzzleHttp library (CVE-2023-29197). This release also resolves several PHP 8.x compatibility and REST API issues.

Go ahead and download the release from our website.

  •  0028618[bugtracker] Category empty but required does not prevent form submission on Firefox Windows and Safari (dregad)
  •  0029438[api rest] Unsupported operand types when an incident with time tracking notes is updated via REST API (dregad)
  •  0032390[plug-ins] Impossible to install a plugin without any dependencies (dregad)
  •  0032432[security] Update guzzlehttp/psr7 to 1.9.1 (dregad)
  •  0032612[bugtracker] DEPRECATED: ‘Creation of dynamic property BugData::$bug_text_id (dregad)
  •  0032451[bugtracker] Email uniqueness is not enforced on case-sensitive databases (dregad)
  •  0032459[bugtracker] Graphics x Apple Safari 16 (atrol)
  •  0032703[bugtracker] Local documentation is not accessible (403) (dregad)
  •  0032788[ui] Incorrect styling of table headers (dregad)
  •  0032809[bugtracker] PHP 8.1 deprecation notice in user_search_cache() (dregad)
  •  0032860[api rest] REST API allows resolving an issue with unresolved children (dregad)
  •  0032865[html] Wrong HTML tags on “Manage Filters” page (atrol)
  •  0032889[plug-ins] EVENT_MENU_DOCS is never triggered (dregad)
  •  0026365[api rest] Missing Authorization header in REST API causing requests to fail (dregad)
  •  0032981[security] CVE-2023-44394: Information Leakage on DokuWiki Integration (dregad)