{"id":759,"date":"2024-05-12T16:51:35","date_gmt":"2024-05-12T16:51:35","guid":{"rendered":"https:\/\/mantisbt.org\/blog\/?p=759"},"modified":"2024-09-29T21:45:46","modified_gmt":"2024-09-29T21:45:46","slug":"mantisbt-2-26-2-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/759","title":{"rendered":"MantisBT 2.26.2 Released"},"content":{"rendered":"\n<p>Go ahead and&nbsp;<a href=\"https:\/\/mantisbt.org\/download.php\">download<\/a>&nbsp;the release from our website.<\/p>\n\n\n\n<p>In order to stay up to date with the latest MantisBT news, please star our <a href=\"https:\/\/github.com\/mantisbt\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub repository<\/a>, join our <a href=\"https:\/\/app.gitter.im\/#\/room\/#mantisbt_mantisbt:gitter.im\" target=\"_blank\" rel=\"noreferrer noopener\">Gitter channel<\/a>, or <a href=\"https:\/\/twitter.com\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">follow us on X<\/a> or <a href=\"https:\/\/phpc.social\/@mantisbt\">Mastodon<\/a> and retweet to spread the word!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MantisBT 2.26.2<\/h2>\n\n\n\n<p>Security and maintenance release addressing several vulnerabilities (CVE-2024-34077, CVE-2024-34080 and CVE-2024-34081; refer to the corresponding Issues below for details). <\/p>\n\n\n\n<p>It also resolves a few PHP 8.x compatibility issues, as well as a few other bugs.<\/p>\n\n\n\n<p>All installations are strongly advised to upgrade as soon as possible.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=33906\">0033906<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Failed opening core.php in timeline_inc.php on PHP 8.2 \/ IIS (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34008\">0034008<\/a>:&nbsp;<strong>[documentation]<\/strong>&nbsp;MantisGraph: document usage of EVENT_MANTISGRAPH_SUBMENU (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34006\">0034006<\/a>:&nbsp;<strong>[code cleanup]<\/strong>&nbsp;MantisGraph: fix deprecated warnings in javascript (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34393\">0034393<\/a>:&nbsp;<strong>[html]<\/strong>&nbsp;Incorrect handling of HTML hexadecimal character references&nbsp;<code>&amp;#xNNN;<\/code>&nbsp;(<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34439\">0034439<\/a>:&nbsp;<strong>[code cleanup]<\/strong>&nbsp;Deprecated warning when updating Issue with null checkbox Custom Field (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34441\">0034441<\/a>:&nbsp;<strong>[excel]<\/strong>&nbsp;Excel error when opening exported issues with custom field with special characters (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34435\">0034435<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Issue note links don&#8217;t reflect if issue is resolved (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=3081\">vboctor<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34434\">0034434<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;CVE-2024-34080: Don&#8217;t hyperlink references to notes whose issues are not accessible to user (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=3081\">vboctor<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34433\">0034433<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;CVE-2024-34077: Account Takeover in Password Reset and Account Registration Feature (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34432\">0034432<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;CVE-2024-34081: Unsanitised custom field names printed (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34417\">0034417<\/a>:&nbsp;<strong>[security]<\/strong>&nbsp;Update corejs-typeahead.js library to 1.3.4 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34410\">0034410<\/a>:&nbsp;<strong>[api rest]<\/strong>&nbsp;REST API error reports incorrect field &#8220;version&#8221; when updating fixed in \/ target version with invalid value (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34399\">0034399<\/a>:&nbsp;<strong>[other]<\/strong>&nbsp;Internal server error on view_user_page (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=11111\">atrol<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=12956\">0012956<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Target Version does not respect GET or POST value when reporting issue (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34404\">0034404<\/a>:&nbsp;<strong>[bugtracker]<\/strong>&nbsp;Proceed button is shown twice when redirecting with pending errors (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34359\">0034359<\/a>:&nbsp;<strong>[api rest]<\/strong>&nbsp;REST API: &#8220;String not found&#8221; warning when adding note with invalid view_state (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34348\">0034348<\/a>:&nbsp;<strong>[api rest]<\/strong>&nbsp;Adding issue note with REST API returns HTTP 500 when given view_state is invalid (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34018\">0034018<\/a>:&nbsp;<strong>[filters]<\/strong>&nbsp;Filter &#8220;assigned to&#8221; and &#8220;monitor by&#8221; shows&nbsp;<code>&lt;br \/&gt;<\/code>&nbsp;between the users when selecting multiple (advanced filtering) (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n\n\n\n<li>&nbsp;<a href=\"\/bugs\/view.php?id=34106\">0034106<\/a>:&nbsp;<strong>[code cleanup]<\/strong>&nbsp;Deprecated creation of dynamic properties in BugData class (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 2.26.2 Security and maintenance release addressing several vulnerabilities (CVE-2024-34077, CVE-2024-34080 and CVE-2024-34081; refer to the corresponding Issues below for details). It also resolves a few PHP 8.x compatibility issues, as well as a few other bugs. All installations are strongly advised to upgrade as soon as possible.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,11],"class_list":["post-759","post","type-post","status-publish","format-standard","hentry","category-mantisbt","tag-release","tag-security"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=759"}],"version-history":[{"count":3,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/759\/revisions"}],"predecessor-version":[{"id":784,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/759\/revisions\/784"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}