MantisBT: master-2.28 de2f71fd
| Author | Committer | Branch | Timestamp | Parent |
|---|---|---|---|---|
| dregad | dregad | master-2.28 | 2026-05-30 13:09 | master-2.28 c6ccd554 |
| Affected Issues | 0037200: CVE-2026-52883: Injection of TIME_TRACKING and REMINDER Notes via REST and SOAP APIs | |||
| Changeset | Use IssueNoteAddCommand from mc_issue_update() Using the Command to add notes instead of calling bugnote_add() ensures It also prevents unauthorized, low-privilege users from submitting Fixes 0037200, GHSA-4vpf-w7qv-5h3q |
|||
| mod - api/soap/mc_issue_api.php | Diff File | |||