MantisBT 1.2.15 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
The following security issues were resolved:
Any malicious user could use the view issues page (search.php) to execute a filter that could bring down the site by overloading the database server (CVE-2013-1883). Affects MantisBT 1.2.12 and later. Refer to issue #15573 for detailed information.
In some cases, the ‘Close’ button would be available to unauthorized users, allowing them to close issues at will, bypassing the workflow settings. Affects MantisBT 1.2.12 and later. Refer to issue #15453 for detailed information.
This release also includes several bug fixes and enhancements to the tracker and the SOAP api, as well as updated translations in many languages.
A full changelog can be found at:
http://www.mantisbt.org/bugs/changelog_ ... ion_id=182
The release can be downloaded from
http://sourceforge.net/projects/mantisb ... le/1.2.15/
Global announcements, rules, administrative notes, etc.
1 post • Page 1 of 1