mantisbt - Change Log
Released 2024-09-28
Maintenance and security release addressing an information disclosure vulnerability (CVE-2024-45792) and a regression introduced by 2.26.3 on Manage Projects Page, as well as several bug fixes.
- 0034683: [api rest] REST POST /issues allows creation of Issue when invalid Category is specified (dregad)
- 0032557: [bugtracker] Can not set full URL to $g_manual_url in config_inc.php (dregad)
- 0034634: [other] Non-existing issue number does not throw a 404 in the UI (dregad)
- 0034640: [security] CVE-2024-45792: Insecure Direct Object References vulnerability with user profiles (dregad)
- 0034768: [sub-projects] 'INTERNAL APPLICATION ERROR' editing some projects from manage_proj_page.php (atrol)
- 0026672: [api soap] mc_issue_add fails with "Object of class SoapFault could not be converted to int" (dregad)
- 0034618: [administration] Disabled projects are not listed on page manage_proj_page.php (dregad)
- 0034682: [bugtracker] Incorrect usage of lang_get_defaulted() for an URL (dregad)
- 0034684: [api soap] SOAP API throwing deprecation warning on PHP 8.1 (dregad)
9 issues View Issues
