MantisBT 2.25.0 Released

In order to stay up to date with the latest MantisBT news, please star our GitHub repository, follow us on Twitter and retweet to spread the word!

Go ahead and download the release from our website.

MantisBT 2.25.0

This feature and maintenance release contains over 100 fixes and enhancements; among many other things, it improves PHP 8 compatibility, LDAP authentication and invalid plugins management. It also includes a schema change, so do not forget to upgrade the database as documented in the Admin Guide.

Please note that this will be the last release supporting PHP 5; starting with MantisBT 2.26.0, the minimum PHP version will be 7.0 – read the official announcement for details.

Continue reading “MantisBT 2.25.0 Released”

MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2

Maintenance releases including security fixes for Cross-Site Scripting (XSS) issues have just been released. We advise all installations to upgrade; releases can be downloaded from our website.

Patched vulnerabilities:

  • 22537: CVE-2017-6973 – XSS in adm_config_report.php (affects 1.3.0-rc.2 and later)

Additionally, version 2.1.1 also includes fixes previously released in 1.3.7 and 2.2.1:

  • 22486: CVE-2017-6797 – XSS in bug_change_status_page.php
  • 22497: CVE-2017-6799 – XSS in view_filters_page.php