{"id":301,"date":"2014-12-06T03:26:07","date_gmt":"2014-12-06T03:26:07","guid":{"rendered":"http:\/\/www.mantisbt.org\/blog\/?p=301"},"modified":"2015-01-16T09:14:55","modified_gmt":"2015-01-16T14:14:55","slug":"mantisbt-1-2-18-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/301","title":{"rendered":"MantisBT 1.2.18 Released"},"content":{"rendered":"<p>MantisBT 1.2.18 is an important security update for the stable 1.2.x branch.<br \/>\nAll installations that are currently running any 1.2.x version are strongly<br \/>\nadvised to upgrade to this release. Download it from <a href=\"http:\/\/www.mantisbt.org\/download.php\">here<\/a>.<!--more--><\/p>\n<p>This release resolves a total of 43 issues, including fixes for 23 security-<br \/>\nrelated bugs and vulnerabilities:<\/p>\n<ul>\n<li>7 Cross-Site Scripting (XSS) issues: <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17297\">#17297<\/a>\/CVE-2014-9272,<br \/>\n<a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17583\">#17583<\/a>\/CVE-2014-9270, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17870\">#17870<\/a>\/CVE-2014-8987, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17874\">#17874<\/a>\/CVE-2014-9271,<br \/>\n<a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17876\">#17876<\/a>\/CVE-2014-9281, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17889\">#17889<\/a>\/CVE-2014-8986, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17890\">#17890<\/a>\/CVE-2014-9269<\/li>\n<li>2 Code injection issues: #17725\/CVE-2014-7146, #17875\/CVE-2014-9280<\/li>\n<li>2 SQL injection (XSS) issues: <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17812\">#17812<\/a>\/CVE-2014-8554, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17841\">#17841<\/a>\/CVE-2014-9089<\/li>\n<li>5 Information disclosure issues: <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=9885\">#9885<\/a>, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17744\">#17744<\/a>, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17877\">#17877<\/a>\/CVE-2014-9279,<br \/>\n<a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17742\">#17742<\/a>\/CVE-2014-8988, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17243\">#17243<\/a>\/CVE-2014-8553<\/li>\n<li>7 Other security issues: <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=10966\">#10966<\/a>, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17338\">#17338<\/a>, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17640\">#17640<\/a>\/CVE-2014-6387,<br \/>\n<a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17648\">#17648<\/a>\/CVE-2014-6316, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17780\">#17780<\/a>\/CVE-2014-8598, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17811\">#17811<\/a>\/CVE-2014-9117, <a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17878\">#17878<\/a><\/li>\n<\/ul>\n<p>Please refer to the <a href=\"https:\/\/www.mantisbt.org\/bugs\/changelog_page.php?version_id=191\">changelog<\/a> on the MantisBT web site for complete details<br \/>\non each of these issues.<\/p>\n<p>We would like to thank the following individuals and organizations for their<br \/>\nvalued contribution in discovering and fixing these issues, in no particular<br \/>\norder: Mati Aharoni from Offensive Security and their bug bounty program,<br \/>\nMatthias Karlsson, Matthew Daley, Egidio Romano, Florian Fuchs, Shahee Mirza,<br \/>\nOleg K, Alejo Popovici, Edwin Gozeling, Paul Richards, Roland Becker,<br \/>\nVictor Boctor and Damien Regad.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 1.2.18 is an important security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from here.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-301","post","type-post","status-publish","format-standard","hentry","category-mantisbt"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=301"}],"version-history":[{"count":13,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/301\/revisions"}],"predecessor-version":[{"id":320,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/301\/revisions\/320"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}