MantisBT 2.26.1 Released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, join our Gitter channel, or follow us on X and retweet to spread the word!

Go ahead and download the release from our website.

MantisBT 2.26.1

Security and maintenance release addressing a host header injection vulnerability (CVE-2024-23830).

It also resolves several regression issues introduced in 2.26.0 release, and includes fixes for PHP 8.x compatibility as well as other issues.

All installations are strongly advised to upgrade as soon as possible.

  •  0033171[db schema] Update ADOdb to 5.22.7 (dregad)
  •  0033481[ui] Missing space between “*” and label for required fields on bug report page (dregad)
  •  0033426[authentication] User not authenticated when following link from notification email (dregad)
  •  0033422[api rest] Updating an issue with bugnote having empty text causes PHP errors (dregad)
  •  0033418[documentation] Document PHP ctype extension as required (dregad)
  •  0033402[api rest] Updating an Issue through the API sets all comments last edit timestamp (community)
  •  0033374[other] Erratic behavior of RestProjectVersionTest::testProjectUpdateVersion PHPUnit test case (dregad)
  •  0033372[db mssql] SQL error opening Manage Users page with MSSQL (dregad)
  •  0033248[custom fields] APPLICATION ERROR 2800 Invalid form security token when trying to delete custom field (dregad)
  •  0033358[custom fields] Custom fields are showing when resolving issues form despite not checking the option (atrol)
  •  0033375[tools] Enable PHP 8.3 on Travis CI builds (dregad)
  •  0033404[authorization] Unable to grant user access to private issue by adding them as a monitoring user (atrol)
  •  0033480[bugtracker] Blank page when redirecting with print_successful_redirect() (dregad)
  •  0019381[security] CVE-2024-23830: Host header attack vulnerability (dregad)
  •  0033519[installation] MySQL Native Driver (mysqlnd) is required (dregad)
  •  0033588[administration] Creating an Configuration Option with complex array fails when number is negative (dregad)
  •  0033631[code cleanup] Uncaught exception in installer (dregad)
  •  0033634[rss] Error in creating RSS when there are no issues to publish (dregad)
  •  0033651[ui] Overflowing text issue on sidebar menu (dregad)
  •  0033756[installation] Errors on browser console when installing (dregad)
  •  0033773[installation] Install: reset buttons for table prefix/suffix not working at stage 2 (dregad)