MantisBT 2.11.0, 2.10.1, and 1.3.14 released

MantisBT 2.11.0

Feature release

  • 23754: [code cleanup] Code cleanup (atrol)
  • 23876: [installation] Running admin/check fails (dregad)
  • 23900: [administration] Unable to update user access level, due to check on ‘Realname’ returning KO (APPLICATION ERROR #807) (vboctor)
  • 23776: [attachments] Support adding attachments that were not uploaded via the browser (vboctor)
  • 23899: [api rest] Relationship type was localized in GET issue API (vboctor)
  • 23706: [administration] trigger_error() with errors must terminate scripts rather than being config based (vboctor)
  • 23714: [api rest] Failing REST API requests should include Mantis error code and localized message (vboctor)
  • 23762: [api rest] Support adding users to monitor an issue via REST API (vboctor)
  • 23772: [api rest] Support attachments when adding notes via REST API (vboctor)
  • 23773: [api rest] Support time tracking when adding notes via REST API (vboctor)
  • 23780: [api rest] Return status code 429 when hitting spam check limits (vboctor)
  • 23784: [api rest] REST and SOAP API send two email notifications for mentioned users (vboctor)
  • 23785: [api rest] Adding notes via SOAP and REST API with time tracking uses incorrect access check (vboctor)
  • 23786: [code cleanup] Implement IssueNoteDeleteCommand for deleting notes (vboctor)
  • 23787: [administration] Protected admin users can’t be unprotected (atrol)
  • 23830: [security] Update PHPMailer to 5.2.26 (dregad)
  • 11327: [reports] “Developer By Resolution” is the only box in the Summary page not ordered (at least it doesn’t seem to be any logic behind it) (dregad)
  • 12978: [code cleanup] Summary – Time Stats For Resolved Issues (days) (dregad)
  • 22792: [api rest] Support downloading issue attachments (vboctor)
  • 23627: [feature] Summary page enhancement with bugs ratio support (dregad)
  • 23758: [ui] Allow users to select font family that fits them best (syncguru)
  • 23774: [code cleanup] Implement IssueNoteAddCommand to share code for adding notes (vboctor)
  • 23796: [reports] Filter links for resolved/closed custom statuses in Summary By Status report are incorrect (dregad)
  • 23828: [api rest] Support adding attachments to existing issues via REST API (vboctor)
  • 23837: [code cleanup] Implement UserCreateCommand to create users (vboctor)
  • 23838: [api rest] Create user via REST API (vboctor)
  • 23839: [code cleanup] Implement UserDeleteCommand for deleting users (vboctor)
  • 23840: [api rest] Delete user via REST API (vboctor)
  • 23854: [reports] Summary: always show the “By Project” box (dregad)
  • 23855: [code cleanup] Implement TagAttachCommand for attaching tags (vboctor)
  • 23856: [code cleanup] Implement TagDetachCommand to detach tags (vboctor)
  • 23857: [api rest] Add REST API to attach a tag (vboctor)
  • 23858: [api rest] Add REST API to detach a tag (vboctor)
  • 23863: [reports] Summary: Reporter and Developer by Resolution miss a Total column (dregad)
  • 23865: [code cleanup] Implement IssueRelationshipAddCommand to add relationships (vboctor)
  • 23866: [api rest] Support adding relationships via REST API (vboctor)
  • 23867: [code cleanup] Implement IssueRelationshipDeleteCommand (vboctor)
  • 23868: [api rest] Support deleting issue relationships via REST API (vboctor)
  • 23898: [api rest] Some relationships are not formatted correctly in GET issue rest API (vboctor)
  • 23775: [attachments] Remove obsolete code that checks if PHP file info API is defined (vboctor)
  • 23926: [ui] Footer displayed under sidebar on error page when $g_show_detailed_errors = ON (dregad)
  • 23925: [security] Site path leakage in error handler (vboctor)
  • 23930: [installation] Make Fileinfo a mandatory PHP extension (atrol)
  • 23944: [bugtracker] The stack trace on detailed error page should not include the error handler itself (dregad)
  • 23942: [bugtracker] Remove deprecated “errcontext” parameter from standard error handler (dregad)
  • 23943: [bugtracker] Improve detailed error page layout (dregad)

MantisBT 2.10.1

Maintenance release for 2.10.x series

  • 23746: [api soap] unable to create a bug with customfields via SOAP (vboctor)
  • 23765: [api rest] Wrong constructor name in class FilterConverter (atrol)
  • 23924: [relationships] Resolving as duplicate does not add reporter and handler to monitoring list of duplicate issue (atrol)
  • 23906: [security] CVE-2018-6403: XSS in adm_config_report.php ‘value’ parameter (dregad)

MantisBT 1.3.14

Maintenance release for 1.3.x series

  • 23918: [security] CVE-2018-6403: XSS in adm_config_report.php ‘value’ parameter (dregad)

Go ahead and download the release from our website.

A new home for

Today, our good old web server fluffy took a well-deserved retirement, after almost 8 years of service.

The new server has been nicknamed baygon, because – just like Johnny Rico – we like our bugs dead ūüėČ .

It features much more powerful hardware, with twice the CPU capacity and four times more RAM. The system has been re-installed from scratch with the latest Ubuntu LTS version, recent releases of all the excellent open-source software we rely on to operate the site, and an optimized configuration.

Please let us know if you experience any errors or problems with the new site.

MantisBT 2.10.0 and 2.9.1 released

MantisBT 2.10.0

A feature release including functional improvements and bug fixes.

  • 22789: [api rest] Support retrieving user defined filters (vboctor)
  • 22790: [api rest] Support standard filters defined by the system when retrieving issues (vboctor)
  • 23690: [api rest] Support deleting filters (vboctor)
  • 23710: [code cleanup] Remove usage of deprecated function __autoload (vboctor)
  • 09007: [time tracking] Billing summary does not include sub-projects (community)
  • 23722: [time tracking] Don’t print time tracking buttons and export links (community)
  • 23723: [time tracking] Support configurable default billing rate (community)
  • ¬†23724: [time tracking] Removed useless collapse icon with duplicated title in billing report (community)
  • 23679: [administration] Limit change of impersonation threshold to global config (atrol)
  • 23742: [html] Broken url for MantisBT logo in admin section (community)
  • 23753: [ui] UI of Update Product Build page broken (atrol)

MantisBT 2.9.1

Maintenance release for 2.9.x series

  • 23719: [administration] The reporter can not solve or close the issue (vboctor)
  • 21393: [administration] When disable “Update an issue”, then “Assign to” become access deined. (vboctor)
  • 22093: [administration] Reporter can’t change status of a bug (vboctor)
  • 23721: [bugtracker] PHP error in change status page when user doesn’t have access to private notes (vboctor)

Go ahead and download the release from our website.


MantisBT 2.9.0, 2.8.1 and 1.3.13 release

MantisBT 2.9.0

A feature release including functional improvements and bug fixes.

  • 23639:¬†[code cleanup]¬†Unneeded code for non supported old PHP versions (atrol)
  • 23578:¬†[documentation]¬†Document need for consistency between “normal” and “datepicker” date formats (dregad)
  • 12602:¬†[custom fields]¬†Default value for a date don’t work (vboctor)
  • 19482:¬†[custom fields]¬†Using custom fields (date) with default value and required on resolve displays an error (vboctor)
  • 23466:¬†[db mysql]¬†database is not supported by PHP. Check that it has been compiled into your server. (atrol)
  • 23572:¬†[code cleanup]¬†Unneeded code for unsupported database types (atrol)
  • 23573:¬†[code cleanup]¬†Unneeded code for option meta_include_file (atrol)
  • 23575:¬†[api rest]¬†Category lookup is case sensitive (vboctor)
  • 23577:¬†[api rest]¬†REST APIs don’t enforce required custom fields when reporting issues (vboctor)
  • 23579:¬†[api rest]¬†Internal Server Error 500 when category doesn’t exist (vboctor)
  • 23594:¬†[custom fields]¬†Reporting an issue with default date¬†{now}¬†that is not visible doesn’t work (vboctor)
  • 23616:¬†[api rest]¬†Support exporting issue history (vboctor)
  • 23620:¬†[api rest]¬†PHP error on getting issues when user doesn’t have access (vboctor)
  • 23625:¬†[code cleanup]¬†Function require_lib contains code to search in vendor folder (atrol)
  • 23626:¬†[performance]¬†Unneeded code executed when retrieving global settings (atrol)
  • 23630:¬†[administration]¬†Some check boxes on Manage Configuration > Workflow Threshold page are not centered (community)
  • 23640:¬†[code cleanup]¬†Usage of deprecated each() function (atrol)
  • 23645:¬†[other]¬†No preview of ANSI encoded text files that contain German Umlauts (atrol)
  • 23648:¬†[api rest]¬†Leverage¬†ETag¬†headers when getting issues (vboctor)
  • 23650:¬†[api rest]¬†Leverage¬†If-Match¬†when deleting issues (vboctor)
  • 23653:¬†[api rest]¬†Leverage¬†If-Match¬†when updating issues (vboctor)
  • 23654:¬†[api rest]¬†Don’t validate¬†handler¬†when updating issues without updating¬†handler¬†(vboctor)
  • 23657:¬†[api soap]¬†mc_issue_update returns bug is read only on status update (atrol)
  • 23658:¬†[plug-ins]¬†UI for protected plugins broken (atrol)
  • 23576:¬†[api rest]¬†Issues created via REST API with date custom fields fail (vboctor)
  • 23692:¬†[authentication]¬†Token API does not work with config show show_realname (dregad)
  • 23561:¬†[api soap]¬†mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

MantisBT 2.8.1

Security and bug fix release for 2.8.x series

  • 23599:¬†[bugtracker]¬†Access denied when updating bugs (atrol)
  • 23561:¬†[api soap]¬†mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

MantisBT 1.3.13

Security fixes release for 1.3.x series

  • ¬†23561:¬†[api soap]¬†mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

Go ahead and download the release from our website.

MantisBT 2.8.0 and 2.7.1 released

MantisBT 2.8.0

Feature release with fixes and new features including REST API issue updates and DKIM support for email signing. This release is the first to have REST API enabled by default.

  • 23396:¬†[api rest]¬†REST API Issue update support (vboctor)
  • 23446:¬†[performance]¬†Unneeded files delivered if Mantis Graphs plugin is enabled (atrol)
  • 23451:¬†[performance]¬†Unneeded code delivered to support unsupported IE9 (atrol)
  • 23460:¬†[ui]¬†Useless UI element on manage_proj_page (atrol)
  • 23474:¬†[custom fields]¬†Empty numeric fields should be display as empty rather than 0 (community)
  • 23475:¬†[custom fields]¬†Empty float fields should be displayed as empty rather than 0 (community)
  • 23477:¬†[api soap]¬†Updating issues via APIs should trigger email notifications (vboctor)
  • 23483:¬†[bugtracker]¬†Auto-refresh shouldn’t update last visited (atrol)
  • 23488:¬†[code cleanup]¬†Usage of deprecated constant (atrol)
  • 23494:¬†[html]¬†Wrong class name for tags output (atrol)
  • 23517:¬†[administration]¬†Remove unused config option¬†inline_file_exts¬†(community)
  • 13126:¬†[plug-ins]¬†Add plugin event¬†EVENT_BUG_ACTIONGROUP_FORM¬†(cproensa)
  • 16133:¬†[custom fields]¬†Numeric field accepts floats and displays them as numeric (vboctor)
  • 21225:¬†[bugtracker]¬†resolving parent issues inconsistency (community)
  • 22441:¬†[bugtracker]¬†Notes are not in the correct order after cloning an issue (cproensa)
  • 22842:¬†[code cleanup]¬†Remove php_version_at_least() function from PHP API (dregad)
  • 23493:¬†[email]¬†DomainKeys Identified Mail (DKIM) Signatures (community)
  • 23503:¬†[bugtracker]¬†Handler user is visible even if view_handler_threshold is configured to not allow (cproensa)
  • 23516:¬†[api rest]¬†Enable REST API by default (vboctor)
  • 23518:¬†[bugtracker]¬†“show_assigned_names” configuration is not applied correctly in view_all_bug_page (cproensa)
  • 23528:¬†[filters]¬†Filter “advanced” mode is reset after sorting through column headers (cproensa)
  • 23537:¬†[api rest]¬†Facilitate troubleshooting REST API by displaying detailed errors (dregad)
  • 23543:¬†[email]¬†Update PHPMailer to v5.2.25 (vboctor)
  • 23542:¬†[code cleanup]¬†Force composer to honor PHP compatibility advertised for MantisBT (vboctor)
  • 23555:¬†[ui]¬†Bugnote text area not styled correctly when private by default (vboctor)
  • 23560:¬†[bugtracker]¬†Notes added via change status / edit always market private when private by default (vboctor)

MantisBT 2.7.1

Maintenance release for 2.7 series.

  • 23507:¬†[authentication]¬†Users can’t change their password when it is blank (dregad)
  • 23512:¬†[html]¬†Custom field type checkbox with required status, force to check all checkboxes to proceed (atrol)
  • 23544:¬†[installation]¬†Unattended upgrade is broken after moving to Composer (vboctor)

Go ahead and download the release from our website.