{"id":753,"date":"2024-02-20T22:31:19","date_gmt":"2024-02-20T22:31:19","guid":{"rendered":"https:\/\/mantisbt.org\/blog\/?p=753"},"modified":"2024-09-29T21:46:18","modified_gmt":"2024-09-29T21:46:18","slug":"mantisbt-2-26-1-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/753","title":{"rendered":"MantisBT 2.26.1 Released"},"content":{"rendered":"\n<p>Go ahead and&nbsp;<a href=\"https:\/\/mantisbt.org\/download.php\">download<\/a>&nbsp;the release from our website.<\/p>\n\n\n\n<p>In order to stay up to date with the latest MantisBT news, please star our <a href=\"https:\/\/github.com\/mantisbt\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub repository<\/a>, join our <a href=\"https:\/\/app.gitter.im\/#\/room\/#mantisbt_mantisbt:gitter.im\" target=\"_blank\" rel=\"noreferrer noopener\">Gitter channel<\/a>, or <a href=\"https:\/\/twitter.com\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">follow us on X<\/a> or <a href=\"https:\/\/phpc.social\/@mantisbt\">Mastodon<\/a> and retweet to spread the word!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MantisBT 2.26.1<\/h2>\n\n\n\n<p>Security and maintenance release addressing a&nbsp;<a href=\"https:\/\/github.com\/mantisbt\/mantisbt\/security\/advisories\/GHSA-mcqj-7p29-9528\">host header injection vulnerability<\/a>&nbsp;(CVE-2024-23830). <\/p>\n\n\n\n<p>It also resolves several regression issues introduced in 2.26.0 release, and includes fixes for PHP 8.x compatibility as well as other issues.<\/p>\n\n\n\n<p>All installations are advised to upgrade as soon as possible.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33171\">0033171<\/a>:&nbsp;<strong>[db schema]<\/strong>&nbsp;Update ADOdb to 5.22.7 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33481\">0033481<\/a>:&nbsp;<strong>[ui]<\/strong>&nbsp;Missing space between &#8220;*&#8221; and label for required fields on bug report page (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33426\">0033426<\/a>:&nbsp;<strong>[authentication]<\/strong>&nbsp;User not authenticated when following link from notification email (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33422\">0033422<\/a>:&nbsp;<strong>[api rest]<\/strong>&nbsp;Updating an issue with bugnote having empty text causes PHP errors (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33418\">0033418<\/a>:&nbsp;<strong>[documentation]<\/strong>&nbsp;Document PHP ctype extension as required (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33402\">0033402<\/a>:&nbsp;<strong>[api rest]<\/strong>&nbsp;Updating an Issue through the API sets all comments last edit timestamp (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=36846\">community<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33374\">0033374<\/a>:&nbsp;<strong>[other]<\/strong>&nbsp;Erratic behavior of RestProjectVersionTest::testProjectUpdateVersion PHPUnit test case (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33372\">0033372<\/a>:&nbsp;<strong>[db mssql]<\/strong>&nbsp;SQL error opening Manage Users page with MSSQL (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33248\">0033248<\/a>:&nbsp;<strong>[custom fields]<\/strong>&nbsp;APPLICATION ERROR 2800 Invalid form security token when trying to delete custom field (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33358\">0033358<\/a>:&nbsp;<strong>[custom fields]<\/strong>&nbsp;Custom fields are showing when resolving issues form despite not checking the option (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=11111\">atrol<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33375\">0033375<\/a>:&nbsp;<strong>[tools]<\/strong>&nbsp;Enable PHP 8.3 on Travis CI builds (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33404\">0033404<\/a>:&nbsp;<strong>[authorization]<\/strong>&nbsp;Unable to grant user access to private issue by adding them as a monitoring user (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=11111\">atrol<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33480\">0033480<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Blank page when redirecting with print_successful_redirect() (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=19381\">0019381<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;CVE-2024-23830: Host header attack vulnerability (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33519\">0033519<\/a>:&nbsp;<strong>[installation]<\/strong>&nbsp;MySQL Native Driver (mysqlnd) is required (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33588\">0033588<\/a>:&nbsp;<strong>[administration]<\/strong>&nbsp;Creating an Configuration Option with complex array fails when number is negative (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33631\">0033631<\/a>:&nbsp;<strong>[code cleanup]<\/strong>&nbsp;Uncaught exception in installer (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33634\">0033634<\/a>:&nbsp;<strong>[rss]<\/strong>&nbsp;Error in creating RSS when there are no issues to publish (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33651\">0033651<\/a>:&nbsp;<strong>[ui]<\/strong>&nbsp;Overflowing text issue on sidebar menu (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33756\">0033756<\/a>:&nbsp;<strong>[installation]<\/strong>&nbsp;Errors on browser console when installing (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33773\">0033773<\/a>:&nbsp;<strong>[installation]<\/strong>&nbsp;Install: reset buttons for table prefix\/suffix not working at stage 2 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 2.26.1 Security and maintenance release addressing a&nbsp;host header injection vulnerability&nbsp;(CVE-2024-23830). It also resolves several regression issues introduced in 2.26.0 release, and includes fixes for PHP 8.x compatibility as well as other issues.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,11],"class_list":["post-753","post","type-post","status-publish","format-standard","hentry","category-mantisbt","tag-release","tag-security"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=753"}],"version-history":[{"count":2,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/753\/revisions"}],"predecessor-version":[{"id":785,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/753\/revisions\/785"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}