{"id":725,"date":"2023-02-23T00:44:35","date_gmt":"2023-02-23T00:44:35","guid":{"rendered":"https:\/\/mantisbt.org\/blog\/?p=725"},"modified":"2023-02-23T00:44:35","modified_gmt":"2023-02-23T00:44:35","slug":"mantisbt-2-25-6-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/725","title":{"rendered":"MantisBT 2.25.6 released"},"content":{"rendered":"\n<p>In order to stay up to date with the latest MantisBT news, please star our <a href=\"https:\/\/github.com\/mantisbt\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub repository<\/a>, join our <a href=\"https:\/\/app.gitter.im\/#\/room\/#mantisbt_mantisbt:gitter.im\" target=\"_blank\" rel=\"noreferrer noopener\">Gitter channel<\/a>, or <a href=\"https:\/\/twitter.com\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">follow us on X<\/a> or <a href=\"https:\/\/phpc.social\/@mantisbt\">Mastodon<\/a> and retweet to spread the word!<\/p>\n\n\n\n<p>Go ahead and&nbsp;<a href=\"https:\/\/mantisbt.org\/download.php\">download<\/a>&nbsp;the release from our website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MantisBT 2.25.6<\/h2>\n\n\n\n<p>Security and maintenance release addressing an information disclosure issue (CVE-2023-22476), with thanks to&nbsp;<a href=\"https:\/\/github.com\/jrckmcsb\">d3vpoo1<\/a>&nbsp;for identifying and responsibly reporting it, as well as a vulnerability in bundled&nbsp;<em>moment.js<\/em>&nbsp;library (CVE-2022-31129). This release also resolves over 20 issues including several PHP 8.x compatibility fixes.<\/p>\n\n\n\n<p>All installations are strongly advised to upgrade as soon as possible.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31086\">0031086<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;CVE-2023-22476: Private issue summary disclosure (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=24720\">0024720<\/a>:&nbsp;<strong>[ldap]<\/strong>&nbsp;Editing user with use_ldap_email = ON empties email address (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31827\">0031827<\/a>:&nbsp;<strong>[reports]<\/strong>&nbsp;Graphviz logs syntax error in line xx near &#8216;;&#8217; (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=11111\">atrol<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31712\">0031712<\/a>:&nbsp;<strong>[code cleanup]<\/strong>&nbsp;PHP 8.1 deprecated warnings (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31159\">0031159<\/a>:&nbsp;<strong>[tagging]<\/strong>&nbsp;Undefined constants TAG_NOT_ATTACHED + TAG_ALREADY_ATTACHED in tag_api.php (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30922\">0030922<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Browser extensions may trigger automatic bug monitoring (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=36846\">community<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30918\">0030918<\/a>:&nbsp;<strong>[markdown]<\/strong>&nbsp;URLs should only be converted to links when process_url is ON (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30835\">0030835<\/a>:&nbsp;<strong>[ui]<\/strong>&nbsp;unreachable submit button (Update Information) on issue update when using tab key (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30841\">0030841<\/a>:&nbsp;<strong>[api rest]<\/strong>&nbsp;Update Slim Framework to 3.12.4 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30794\">0030794<\/a>:&nbsp;<strong>[signup]<\/strong>&nbsp;Captcha image not showing on PHP 8.1 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30777\">0030777<\/a>:&nbsp;<strong>[upgrade]<\/strong>&nbsp;Scalar typehint is not supported in PHP 5.x (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30793\">0030793<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;config_flush_cache() doesn&#8217;t clean the eval cache for individual options (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30772\">0030772<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;Update moment.js to 2.29.4 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30791\">0030791<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;Allow adding relation type noopener\/noreferrer to outgoing links (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30771\">0030771<\/a>:&nbsp;<strong>[ldap]<\/strong>&nbsp;Poor error handling when $g_login_method = LDAP and PHP extension missing (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30814\">0030814<\/a>:&nbsp;<strong>[signup]<\/strong>&nbsp;Captcha audio not working (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30429\">0030429<\/a>:&nbsp;<strong>[other]<\/strong>&nbsp;Upcoming incompatibility with PHP 8.2, &#8220;Deprecate ${} string interpolation&#8221; RFC (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31876\">0031876<\/a>:&nbsp;<strong>[plug-ins]<\/strong>&nbsp;XML import: Undefined property warning when importing bug notes (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=30790\">0030790<\/a>:&nbsp;<strong>[ldap]<\/strong>&nbsp;Deprecated conversion of false to array in ldap_api.php with PHP 8.1 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=32037\">0032037<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Remove &#8220;sponsorship_total&#8221; from columns default (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31943\">0031943<\/a>:&nbsp;<strong>[installation]<\/strong>&nbsp;Creation of dynamic properies is deprecated in PHP 8.2 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=22238\">0022238<\/a>:&nbsp;<strong>[documentation]<\/strong>&nbsp;Missing columns on $g_view_issues_page_columns documentation (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31829\">0031829<\/a>:&nbsp;<strong>[ui]<\/strong>&nbsp;Status color boxes shown in black on bug_relationship_graph.php (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31836\">0031836<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Date conversion fails when editing a project version using a non-US date format (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=31889\">0031889<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Product Version \/ Target Version &#8211; Date missing (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 2.25.6 Security and maintenance release addressing an information disclosure issue (CVE-2023-22476), with thanks to&nbsp;d3vpoo1&nbsp;for identifying and responsibly reporting it, as well as a vulnerability in bundled&nbsp;moment.js&nbsp;library (CVE-2022-31129). This release also resolves over 20 issues including several PHP 8.x compatibility fixes. All installations are strongly advised to upgrade as soon as possible.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,11],"class_list":["post-725","post","type-post","status-publish","format-standard","hentry","category-mantisbt","tag-release","tag-security"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=725"}],"version-history":[{"count":2,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/725\/revisions"}],"predecessor-version":[{"id":731,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/725\/revisions\/731"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}