{"id":705,"date":"2022-04-13T16:30:07","date_gmt":"2022-04-13T16:30:07","guid":{"rendered":"https:\/\/mantisbt.org\/blog\/?p=705"},"modified":"2022-05-10T14:19:23","modified_gmt":"2022-05-10T14:19:23","slug":"mantisbt-2-25-3-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/705","title":{"rendered":"MantisBT 2.25.3 Released"},"content":{"rendered":"\n<p>In order to stay up to date with the latest MantisBT news, please star our <a href=\"https:\/\/github.com\/mantisbt\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub repository<\/a>, join our <a href=\"https:\/\/app.gitter.im\/#\/room\/#mantisbt_mantisbt:gitter.im\" target=\"_blank\" rel=\"noreferrer noopener\">Gitter channel<\/a>, or <a href=\"https:\/\/twitter.com\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">follow us on X<\/a> or <a href=\"https:\/\/phpc.social\/@mantisbt\">Mastodon<\/a> and retweet to spread the word!<\/p>\n\n\n\n<p>Go ahead and&nbsp;<a href=\"https:\/\/mantisbt.org\/download.php\">download<\/a>&nbsp;the release from our website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MantisBT 2.25.3<\/h2>\n\n\n\n<p>This security and maintenance release fixes vulnerabilities in CSV Export (CVE-2021-43257) and Plugins management pages (CVE-2022-26144), as well as in bundled libraries guzzlehttp\/psr7 (CVE-2022-24775) and moment.js (CVE-2022-24785). It also addresses several PHP 8.1 compatibility issues.<\/p>\n\n\n\n<p class=\"has-yellow-background-color has-background\">There are 2 known issues with this release, which have been fixed in <a href=\"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/712\">2.25.4<\/a>: <a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29853\">accessing scripts in sub-directories with PHP 5.6<\/a> and a <a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29857\">technical problem with CDNJS<\/a> that prevents loading of the moment.js library when using CDN (as a workaround, set <code>$g_cdn_enabled = OFF;<\/code> in config_inc.php).<\/p>\n\n\n\n<!--more-->\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29848\">0029848<\/a>: <strong>[security]<\/strong> Update guzzlehttp\/psr7 to 1.8.5 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29034\">0029034<\/a>: <strong>[api soap]<\/strong> SOAP call mc_project_get_id_from_name fails when there is no matching project in PHP 7.2 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=36846\">community<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29846\">0029846<\/a>: <strong>[bugtracker]<\/strong> Passing null to parameter of type XXX is deprecated (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=28927\">0028927<\/a>: <strong>[api rest]<\/strong> Slim Application Error when RestFault generated (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=36846\">community<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29845\">0029845<\/a>: <strong>[bugtracker]<\/strong> Constant FILTER_SANITIZE_STRING is deprecated (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29130\">0029130<\/a>: <strong>[security]<\/strong> CVE-2021-43257: CSV Injection with CSV Export Feature (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29144\">0029144<\/a>: <strong>[attachments]<\/strong> Adding an attachment with a long filename causes &#8220;Data too long for column &#8216;filename'&#8221; application error (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29181\">0029181<\/a>: <strong>[bugtracker]<\/strong> &#8216;format_issue_summary&#8217; custom function not called from View Issue Details page (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29416\">0029416<\/a>: <strong>[ui]<\/strong> Missing closing div tag causes incorrect page footer display (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29462\">0029462<\/a>: <strong>[installation]<\/strong> Unable to install (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29413\">0029413<\/a>: <strong>[custom fields]<\/strong> APPLICATION ERROR 1300 Custom field not found with case-sensitive database (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29485\">0029485<\/a>: <strong>[security]<\/strong> Update ADOdb to 5.20.21 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29849\">0029849<\/a>: <strong>[security]<\/strong> Update moment.js to 2.29.2 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=29688\">0029688<\/a>: <strong>[security]<\/strong> CVE-2022-26144: XSS in manage_plugin_page.php and manage_plugin_uninstall.php (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 2.25.3 This security and maintenance release fixes vulnerabilities in CSV Export (CVE-2021-43257) and Plugins management pages (CVE-2022-26144), as well as in bundled libraries guzzlehttp\/psr7 (CVE-2022-24775) and moment.js (CVE-2022-24785). It also addresses several PHP 8.1 compatibility issues. There are 2 known issues with this release, which have been fixed in 2.25.4: accessing scripts in sub-directories &hellip; <a href=\"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/705\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;MantisBT 2.25.3 Released&#8221;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,11],"class_list":["post-705","post","type-post","status-publish","format-standard","hentry","category-mantisbt","tag-release","tag-security"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=705"}],"version-history":[{"count":5,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/705\/revisions"}],"predecessor-version":[{"id":715,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/705\/revisions\/715"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}