{"id":249,"date":"2013-04-14T00:54:14","date_gmt":"2013-04-14T00:54:14","guid":{"rendered":"http:\/\/www.mantisbt.org\/blog\/?p=249"},"modified":"2015-01-16T09:34:10","modified_gmt":"2015-01-16T14:34:10","slug":"mantisbt-1-2-15-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/249","title":{"rendered":"MantisBT 1.2.15 Released"},"content":{"rendered":"<p>MantisBT 1.2.15 is a security update for the stable 1.2.x branch. All\u00a0installations that are currently running any 1.2.x version are strongly advised\u00a0to upgrade to this release.<!--more--><\/p>\n<p>The following security issues were resolved:<\/p>\n<ul>\n<li><span style=\"font-size: 16px;\">Any malicious user could use the view issues page (search.php) to execute a\u00a0<\/span><span style=\"font-size: 16px;\">filter that could bring down the site by overloading the database server\u00a0<\/span><span style=\"font-size: 16px;\">(CVE-2013-1883). Affects MantisBT 1.2.12 and later. \u00a0<\/span><span style=\"font-size: 16px;\">Refer to issue #<a title=\"Issue 15573\" href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=15573\" target=\"_blank\">15573<\/a> for detailed information.<\/span><\/li>\n<li><span style=\"font-size: 16px;\">A cross site scripting (XSS) vulnerability allowed execution of arbitrary\u00a0<\/span><span style=\"font-size: 16px;\">JavaScript code when deleting a version. Affects MantisBT 1.2.14 and later.\u00a0<\/span><span style=\"font-size: 16px;\">Refer to issue #<a title=\"Issue 15511\" href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=15511\" target=\"_blank\">15511<\/a> for detailed information.<\/span><\/li>\n<li><span style=\"font-size: 16px;\">In some cases, the &#8216;Close&#8217; button would be available to unauthorized users,\u00a0<\/span><span style=\"font-size: 16px;\">allowing them to close issues at will, bypassing the workflow settings.\u00a0<\/span><span style=\"font-size: 16px;\">Affects MantisBT 1.2.12 and later.\u00a0<\/span><span style=\"font-size: 16px;\">Refer to issue #<a title=\"Issue 15453\" href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=15453\" target=\"_blank\">15453<\/a> for detailed information.<\/span><\/li>\n<\/ul>\n<p>This release also includes several bug fixes and enhancements to the tracker\u00a0and the SOAP api, as well as updated translations in many languages.<\/p>\n<p>A full changelog for 1.2.15 can be found at\u00a0<a title=\"ChangeLog for MantisBT v1.2.15\" href=\"http:\/\/www.mantisbt.org\/bugs\/changelog_page.php?version_id=182\" target=\"_blank\">here<\/a>. \u00a0Go ahead and\u00a0<a title=\"Download MantisBT\" href=\"http:\/\/www.mantisbt.org\/download.php\" target=\"_blank\">download<\/a>\u00a0it now.<\/p>\n<p>Checkout\u00a0<a title=\"Hosted MantisBT\" href=\"http:\/\/www.mantisbt.org\/hosting.php\" target=\"_blank\">Hosted MantisBT<\/a>\u00a0to be up and running in minutes. \u00a0For optimized access to MantisBT from iPhone, Android and Windows Phone checkout\u00a0<a title=\"MantisTouch\" href=\"http:\/\/www.mantistouch.org\" target=\"_blank\">MantisTouch<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 1.2.15 is a security update for the stable 1.2.x branch. All\u00a0installations that are currently running any 1.2.x version are strongly advised\u00a0to upgrade to this release.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-249","post","type-post","status-publish","format-standard","hentry","category-mantisbt"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=249"}],"version-history":[{"count":4,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/249\/revisions"}],"predecessor-version":[{"id":326,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/249\/revisions\/326"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}