MantisBT 2.25.3 Released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word!

Go ahead and download the release from our website.

MantisBT 2.25.3

This security and maintenance release fixes vulnerabilities in CSV Export (CVE-2021-43257) and Plugins management pages (CVE-2022-26144), as well as in bundled libraries guzzlehttp/psr7 (CVE-2022-24775) and moment.js (CVE-2022-24785). It also addresses several PHP 8.1 compatibility issues.

There are 2 known issues with this release, which have been fixed in 2.25.4: accessing scripts in sub-directories with PHP 5.6 and a technical problem with CDNJS that prevents loading of the moment.js library when using CDN (as a workaround, set $g_cdn_enabled = OFF; in config_inc.php).

Continue reading “MantisBT 2.25.3 Released”

MantisBT 2.25.2 Released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word!

Go ahead and download the release from our website.

MantisBT 2.25.2

This security and maintenance release fixes vulnerabilities in Custom Fields management page (CVE-2021-33557) and in the PHPMailer library, as well as a PHP 8 compatibility issue.

  • 0028803: [custom fields] PHP 8: “Bad Request” error on custom field filters (dregad)
  • 0028821: [security] Update PHPMailer to 6.5.0 (dregad)
  • 0028552: [security] CVE-2021-33557: XSS in manage_custom_field_edit_page.php (dregad)

MantisBT 2.25.1 Released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word!

Go ahead and download the release from our website.

MantisBT 2.25.1

This security and maintenance release fixes a couple of vulnerabilities in PHPMailer and Chart.js libraries, as well as a few other minor issues. All installations are strongly advised to upgrade as soon as possible.

  • 0028084: [ui] Labels for email notifications in User Prefs page appear in bold (dregad)
  • 0028082: [ui] Project Edit Page does not display check boxes (dregad)
  • 0028076: [plug-ins] Bundled plugins 2.25.0: incorrect Mantis requirement (dregad)
  • 0028080: [ui] Unsightly vertical offset of the “Update Prefs” and “Reset Prefs” buttons. (dregad)
  • 0028106: [administration] Error removing project (dregad)
  • 0028112: [ui] Incorrect spacing between icon and text on manage_user_edit_page.php (dregad)
  • 0028529: [plug-ins] CVE-2020-7746: Vulnerability in the Chart.js library used by Graph Plugin (dregad)
  • 0028530: [security] Update PHPMailer to 6.4.1 (fixes CVE-2020-36326) (dregad)

MantisBT 2.25.0 Released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word!

Go ahead and download the release from our website.

MantisBT 2.25.0

This feature and maintenance release contains over 100 fixes and enhancements; among many other things, it improves PHP 8 compatibility, LDAP authentication and invalid plugins management. It also includes a schema change, so do not forget to upgrade the database as documented in the Admin Guide.

Please note that this will be the last release supporting PHP 5; starting with MantisBT 2.26.0, the minimum PHP version will be 7.0 – read the official announcement for details.

Continue reading “MantisBT 2.25.0 Released”

MantisBT 2.24.5 Released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word!

MantisBT 2.24.5

Security and maintenance release, includes PHP 8.0 compatibility fixes.

  • 0027976: [security] User cookie string is not reset upon logout (dregad)
  • 0027800: [bugtracker] install.php throws SYSTEM WARNINGs (dregad)
  • 0027826: [bugtracker] ERROR_CATEGORY_NOT_FOUND_FOR_PROJECT thrown for Category ‘0’ (dregad)
  • 0027928: [custom fields] Unable to edit Issues having Date custom fields on PHP 8.0 (dregad)

Go ahead and download the release from our website.