{"id":408,"date":"2015-01-26T00:26:21","date_gmt":"2015-01-26T00:26:21","guid":{"rendered":"http:\/\/www.mantisbt.org\/blog\/?p=408"},"modified":"2015-01-26T00:26:21","modified_gmt":"2015-01-26T00:26:21","slug":"mantisbt-1-2-19-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/408","title":{"rendered":"MantisBT 1.2.19 Released"},"content":{"rendered":"<p>MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from <a href=\"http:\/\/www.mantisbt.org\/download.php\">here<\/a>.<!--more--><\/p>\n<p>This release resolves 5 security issues:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17938\">#17938<\/a>\/CVE-2014-9571: XSS in install.php<\/li>\n<li><a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17939\">#17939<\/a>\/CVE-2014-9572: Improper Access Control in install.php<\/li>\n<li><a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17940\">#17940<\/a>\/CVE-2014-9573: SQL Injection in manage_user_page.php<\/li>\n<li><a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17984\">#17984<\/a>\/CVE-2014-9624: CAPTCHA bypass<\/li>\n<li><a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17997\">#17997<\/a>\/CVE-2015-1042: URL redirection issue<\/li>\n<\/ul>\n<p>We would like to thank High Tech Bridge Research Lab, Alejo Popovici and Florent Daigni\u00e8re from Matta Consulting for reporting these issues, and their cooperation in resolving them.<\/p>\n<p>This release also addresses 2 regression issues introduced in 1.2.18:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17993\">#17993<\/a> prevents new users from signing up on systems using CAPTCHA.<\/li>\n<li><a href=\"http:\/\/www.mantisbt.org\/bugs\/view.php?id=17967\">#17967<\/a> which causes a PHP error when reporting issues on systems with checkbox custom fields.<\/li>\n<\/ul>\n<p>Please refer to\u00a0the <a href=\"https:\/\/www.mantisbt.org\/bugs\/changelog_page.php?version_id=238\">changelog<\/a> on the MantisBT web site for complete details on each of these issues.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from here.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,7],"class_list":["post-408","post","type-post","status-publish","format-standard","hentry","category-mantisbt","tag-release","tag-stable"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/408","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=408"}],"version-history":[{"count":4,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/408\/revisions"}],"predecessor-version":[{"id":413,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/408\/revisions\/413"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}