MantisBT 1.2.18 released

Global announcements, rules, administrative notes, etc.

Moderators: Contributor, Developer

Post Reply
atrol
Site Admin
Posts: 7171
Joined: Mar 26, 2008 4:37 pm
Location: Germany

MantisBT 1.2.18 released

Post by atrol » Dec 09, 2014 5:44 pm

MantisBT 1.2.18 is an important security update for the stable 1.2.x branch.
All installations that are currently running any 1.2.x version are strongly
advised to upgrade to this release. Download it from [2].

This release resolves a total of 43 issues, including fixes for 23 security-
related bugs and vulnerabilities:

- 7 Cross-Site Scripting (XSS) issues: #17297/CVE-2014-9272,
#17583/CVE-2014-9270, #17870/CVE-2014-8987, #17874/CVE-2014-9271,
#17876/CVE-2014-9281, #17889/CVE-2014-8986, #17890/CVE-2014-9269

- 2 Code injection issues: #17725/CVE-2014-7146, #17875/CVE-2014-9280

- 2 SQL injection (XSS) issues: #17812/CVE-2014-8554, #17841/CVE-2014-9089

- 5 Information disclosure issues: #9885, #17744, #17877/CVE-2014-9279,
#17742/CVE-2014-8988, #17243/CVE-2014-8553

- 7 Other security issues: #10966, #17338, #17640/CVE-2014-6387,
#17648/CVE-2014-6316, #17780/CVE-2014-8598, #17811/CVE-2014-9117, #17878

Please refer to the changelog [1] on the MantisBT web site for complete details
on each of these issues.

We would like to thank the following individuals and organizations for their
valued contribution in discovering and fixing these issues, in no particular
order: Mati Aharoni from Offensive Security and their bug bounty program,
Matthias Karlsson, Matthew Daley, Egidio Romano, Florian Fuchs, Shahee Mirza,
Oleg K, Alejo Popovici, Edwin Gozeling, Paul Richards, Roland Becker,
Victor Boctor and Damien Regad.


[1] http://www.mantisbt.org/bugs/changelog_ ... ion_id=191
[2] http://sourceforge.net/projects/mantisb ... is-stable/

Thanks,
MantisBT Team
Please use Search before posting and read the Manual

Post Reply