Changesets: MantisBT
|
master 7a512868 2026-05-14 11:56 Details Diff |
Getting user info from LDAP without authentication Removed unneeded LDAP authentication checks to enable independent retrieval of LDAP real name and email. Updated documentation. Merge PR https://github.com/mantisbt/mantisbt/pull/1308 |
||
| mod - account_page.php | Diff File | ||
| mod - account_update.php | Diff File | ||
| mod - core/commands/UserUpdateCommand.php | Diff File | ||
| mod - core/user_api.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Authentication.xml | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Configuration.xml | Diff File | ||
| mod - docbook/Admin_Guide/en-US/config/auth.xml | Diff File | ||
| mod - docbook/Admin_Guide/en-US/config/email.xml | Diff File | ||
| add - docbook/Admin_Guide/en-US/config/ldap.xml | Diff File | ||
| mod - manage_user_create_page.php | Diff File | ||
| mod - manage_user_edit_page.php | Diff File | ||
|
master 4aa241a5 2026-05-14 11:47 Details Diff |
Fix minimum PHP version in requirements Typo introduced in commit bdb712f057b3d37741cf0122d99b2a4b31e2408a: 7.1 instead of 8.1. Fixes 0036914 |
Affected Issues 0036914 |
|
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
|
master 5cba9ec6 2026-05-14 11:43 Details Diff |
Remove note about PHP 7.1 requirement We now require 8.1 or later. |
||
| mod - docbook/Admin_Guide/en-US/config/ldap.xml | Diff File | ||
|
master fcbc2747 2026-05-14 10:25 Details Diff |
Merge tag 'release-2.28.3' Stable release 2.28.3 # Conflicts: # api/rest/mantisbt_openapi.yaml # core/constant_inc.php |
||
| mod - doc/CREDITS | Diff File | ||
| mod - login_password_page.php | Diff File | ||
|
master-2.28 c96c8795 2026-05-14 10:22 Details Diff |
Bump version to 2.28.3 | ||
| mod - api/rest/mantisbt_openapi.yaml | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - doc/CREDITS | Diff File | ||
|
master 9c18ac63 2026-05-14 09:40 Details Diff |
Fix wrong rendering of strings Fixes 0034465, PR https://github.com/mantisbt/mantisbt/pull/2218 |
Affected Issues 0034465 |
|
| mod - account_page.php | Diff File | ||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - account_sponsor_page.php | Diff File | ||
| mod - adm_config_page.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
| mod - adm_permissions_report.php | Diff File | ||
| mod - admin/check/check_email_inc.php | Diff File | ||
| mod - api_token_create.php | Diff File | ||
| mod - api_token_revoke.php | Diff File | ||
| mod - api_tokens_page.php | Diff File | ||
| mod - bug_revision_view_page.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - changelog_page.php | Diff File | ||
| mod - core/bug_group_action_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/custom_function_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/mention_api.php | Diff File | ||
| mod - core/prepare_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/summary_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - manage_config_workflow_graph_page.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - manage_custom_field_page.php | Diff File | ||
| mod - manage_filter_edit_page.php | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - manage_plugin_page.php | Diff File | ||
| mod - manage_proj_cat_delete.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
| mod - manage_proj_user_update.php | Diff File | ||
| mod - manage_proj_ver_delete.php | Diff File | ||
| mod - manage_tags_page.php | Diff File | ||
| mod - manage_user_edit_page.php | Diff File | ||
| mod - manage_user_page.php | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
| mod - news_list_page.php | Diff File | ||
| mod - plugins/XmlImportExport/pages/import.php | Diff File | ||
| mod - print_all_bug_page.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
| mod - proj_doc_delete.php | Diff File | ||
| mod - proj_doc_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
| mod - tag_update_page.php | Diff File | ||
| mod - tag_view_page.php | Diff File | ||
| mod - verify.php | Diff File | ||
| mod - verify_email.php | Diff File | ||
| mod - view_user_page.php | Diff File | ||
|
master-2.28 b6faebd5 2026-05-14 08:20 Committer: dregad Details Diff |
Fix CSRF validation failure in reauthenticate flow auth_reauthenticate() redirects to login_password_page.php via GET, bypassing login_page.php which normally generates the CSRF token. The form_security_validate() call therefore always fails with ERROR #2800, making re-authentication impossible. Fix: read $f_reauthenticate before the CSRF check and skip validation for that path. The token rendered in the form still protects the subsequent password submission via login.php. Fixes 0037130, PR https://github.com/mantisbt/mantisbt/pull/2220 |
Affected Issues 0037130 |
|
| mod - login_password_page.php | Diff File | ||
|
master 49cfdaaa 2026-05-14 08:08 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_dutch.txt | Diff File | ||
|
master a24c89ef 2026-05-11 08:08 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| add - plugins/Gravatar/lang/strings_az.txt | Diff File | ||
|
master 18f3f05f 2026-05-10 16:45 Details Diff |
Stop using string_display_line to output bug id Issue 0034465 |
Affected Issues 0034465 |
|
| mod - bug_view_inc.php | Diff File | ||
|
master 5a68f64a 2026-05-10 16:20 Details Diff |
Use string_attribute to display enum values Issue 0034465 |
Affected Issues 0034465 |
|
| mod - adm_config_report.php | Diff File | ||
| mod - adm_permissions_report.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
| mod - manage_proj_user_update.php | Diff File | ||
| mod - view_user_page.php | Diff File | ||
|
master e4debe38 2026-05-10 15:10 Details Diff |
Use string_attribute to display user name Issue 0034465 |
Affected Issues 0034465 |
|
| mod - manage_proj_user_update.php | Diff File | ||
|
master 84ec91c4 2026-05-10 13:04 Details Diff |
PHPDoc | ||
| mod - core/relationship_graph_api.php | Diff File | ||
|
master 255cd957 2026-05-10 10:00 Committer: community Details Diff |
Added openssl requirement to installation documentation Fixes 0037112, https://github.com/mantisbt/mantisbt/pull/2214 |
Affected Issues 0037112 |
|
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
|
master 6fce5960 2026-05-09 20:50 Committer: community Details Diff |
Remove the issue update when watchers change Calls to the bug_update_date() function have been removed from the bug_monitor() and bug_unmonitor() functions. Fixes 0010857, PR https://github.com/mantisbt/mantisbt/pull/2213 |
Affected Issues 0010857 |
|
| mod - core/bug_api.php | Diff File | ||
|
master dcbcf9eb 2026-05-09 20:46 Committer: community Details Diff |
Add 'Date Created' and 'Last Visit' info to Manage User Edit page Fixes 0037111, PR https://github.com/mantisbt/mantisbt/pull/2216 |
Affected Issues 0037111 |
|
| mod - manage_user_edit_page.php | Diff File | ||
|
master 5625214a 2026-05-09 06:53 Details Diff |
Merge tag 'release-2.28.2' Stable release 2.28.2 # Conflicts: # api/rest/mantisbt_openapi.yaml # core/constant_inc.php |
||
| mod - account_prefs_update.php | Diff File | ||
| mod - account_prof_update.php | Diff File | ||
| mod - admin/move_attachments_page.php | Diff File | ||
| mod - api/soap/mc_file_api.php | Diff File | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
| mod - bug_report_page.php | Diff File | ||
| mod - core/access_api.php | Diff File | ||
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
| mod - core/commands/IssueFileGetCommand.php | Diff File | ||
| mod - core/commands/MonitorAddCommand.php | Diff File | ||
| mod - core/commands/ProjectUsersAddCommand.php | Diff File | ||
| mod - core/date_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - file_download.php | Diff File | ||
| mod - login.php | Diff File | ||
| mod - login_page.php | Diff File | ||
| mod - login_password_page.php | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - return_dynamic_filters.php | Diff File | ||
| mod - tag_update_page.php | Diff File | ||
|
master-2.28 399605af 2026-05-09 06:44 Details Diff |
Bump version to 2.28.2 | ||
| mod - api/rest/mantisbt_openapi.yaml | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
master-2.28 9e3bee2e 2026-05-09 05:53 Details Diff |
Merge branch 'sec-37016-csp-bypass' into release/2.28.2 | ||
| mod - file_download.php | Diff File | ||
|
master-2.28 71df1f67 2026-05-09 05:49 Committer: community Details Diff |
Fix bugnote revisions access check access_can_view_bugnote_revisions() now checks that the user can view the bugnote's parent issue. Fixes 0036978, GHSA-crmx-4p49-46m2 / CVE-2026-34970 |
Affected Issues 0036978 |
|
| mod - core/access_api.php | Diff File | ||
|
master-2.28 b1c3430b 2026-05-08 04:05 Details Diff |
Revert "Cannot grant an access level higher than one's own" This reverts commit 86accbca671a6a2bfe2204e58739b58d4f06b63d. The vulnerability, identified in Issue 0037002, had in fact already been reported (and fixed) in Issue 0036995, see commit 69e0180f180ed5acf48a8d281a73683a7bf32461. |
Affected Issues 0036995, 0037002 |
|
| mod - core/commands/ProjectUsersAddCommand.php | Diff File | ||
|
master-2.28 9e43cd80 2026-05-07 11:30 Details Diff |
Purge file_show_inline security token after use This ensures that the token cannot be reused after displaying the attachment inline. Issue 0037020 |
Affected Issues 0037020 |
|
| mod - file_download.php | Diff File | ||
|
master 3b45a8a2 2026-05-07 08:07 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_belarusian_tarask.txt | Diff File | ||
|
master-2.28 6e58fae4 2026-05-06 19:33 Committer: community Details Diff |
Fix Bugnote udpate auth bypass via REST/SOAP API Add a note-level permission check in mc_issue_update() to ensure the user is authorized to update each bugnote individually. Fixes 0037089, GHSA-pq86-j2c2-47f6 / CVE-2026-42070 |
Affected Issues 0037089 |
|
| mod - api/soap/mc_issue_api.php | Diff File | ||
|
master-2.28 029d9d20 2026-05-06 19:32 Details Diff |
Merge branch 'sec-36985-private-attachment-leak' into release/2.28.2 | ||
| mod - api/soap/mc_file_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - file_download.php | Diff File | ||
