Mantis Bug Tracker - Forums

As part of "national cyber security nonsense", we are required to only use "supported software". This is not a problem for us, v1.13.20 is LTS. However, we also realise that it is unlikely to remain LTS forever.

We're using a reasonably heavily modified v1.13.20 ("nonsense changes" because staff here want things in very particular ways, rather than adjusting working practices even a little bit), but I dread the thought of having to migrate the changes into the new code base, plus all the new changes they'll demand because "this isn't the same as the old version".

So, can any of the high up team members put my mind to rest and give an indication of when the current LTS might stop being the LTS - "end of the year"/"not under five years"/etc - a ball-park figure that I can take to the management team would be more than adequate.

Many thanks and kind regards in advance.

mlcrane wrote: 05 Feb 2025, 15:23v1.13.20 is LTS.

There is no version 1.13.20, suspect you mean 1.3.20.
LTS? I am not aware that someone from the MantisBT core team ever announced a version as Long Term Support.
Version 1.3.0 was released in July 2016.
The last bug fix release 1.3.20 was released in November 2019.
I am pretty sure that this version comes with lot of vulnerabilities, especially as just pretty outdated non-secure PHP versions are supported.
To use MantisBT 1.3.x in combination with latest PHP versions would require a major rewrite.
I don't expect that any of the core developers will invest time in it.

If you are interested in security, there is hardly any other way than to upgrade to latest stable version 2.x.

Many thanks for the reply atrol.

Mea culpa for the many "errors" in my post - yes, v1.3.20 not v.13.20, and I really should have said "Legacy support" rather than "long-term support". Irrespective, you are entirely correct that if we want to use newer PHP versions, we'll need to keep up with v2.x.