MantisBT 2.9.0, 2.8.1 and 1.3.13 release

MantisBT 2.9.0

A feature release including functional improvements and bug fixes.

  • 23639[code cleanup] Unneeded code for non supported old PHP versions (atrol)
  • 23578[documentation] Document need for consistency between “normal” and “datepicker” date formats (dregad)
  • 12602[custom fields] Default value for a date don’t work (vboctor)
  • 19482[custom fields] Using custom fields (date) with default value and required on resolve displays an error (vboctor)
  • 23466[db mysql] database is not supported by PHP. Check that it has been compiled into your server. (atrol)
  • 23572[code cleanup] Unneeded code for unsupported database types (atrol)
  • 23573[code cleanup] Unneeded code for option meta_include_file (atrol)
  • 23575[api rest] Category lookup is case sensitive (vboctor)
  • 23577[api rest] REST APIs don’t enforce required custom fields when reporting issues (vboctor)
  • 23579[api rest] Internal Server Error 500 when category doesn’t exist (vboctor)
  • 23594[custom fields] Reporting an issue with default date {now} that is not visible doesn’t work (vboctor)
  • 23616[api rest] Support exporting issue history (vboctor)
  • 23620[api rest] PHP error on getting issues when user doesn’t have access (vboctor)
  • 23625[code cleanup] Function require_lib contains code to search in vendor folder (atrol)
  • 23626[performance] Unneeded code executed when retrieving global settings (atrol)
  • 23630[administration] Some check boxes on Manage Configuration > Workflow Threshold page are not centered (community)
  • 23640[code cleanup] Usage of deprecated each() function (atrol)
  • 23645[other] No preview of ANSI encoded text files that contain German Umlauts (atrol)
  • 23648[api rest] Leverage ETag headers when getting issues (vboctor)
  • 23650[api rest] Leverage If-Match when deleting issues (vboctor)
  • 23653[api rest] Leverage If-Match when updating issues (vboctor)
  • 23654[api rest] Don’t validate handler when updating issues without updating handler (vboctor)
  • 23657[api soap] mc_issue_update returns bug is read only on status update (atrol)
  • 23658[plug-ins] UI for protected plugins broken (atrol)
  • 23576[api rest] Issues created via REST API with date custom fields fail (vboctor)
  • 23692[authentication] Token API does not work with config show show_realname (dregad)
  • 23561[api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

MantisBT 2.8.1

Security and bug fix release for 2.8.x series

  • 23599[bugtracker] Access denied when updating bugs (atrol)
  • 23561[api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

MantisBT 1.3.13

Security fixes release for 1.3.x series

  •  23561[api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

Go ahead and download the release from our website.

Posted in MantisBT | Leave a comment

MantisBT 2.8.0 and 2.7.1 released

MantisBT 2.8.0

Feature release with fixes and new features including REST API issue updates and DKIM support for email signing. This release is the first to have REST API enabled by default.

  • 23396[api rest] REST API Issue update support (vboctor)
  • 23446[performance] Unneeded files delivered if Mantis Graphs plugin is enabled (atrol)
  • 23451[performance] Unneeded code delivered to support unsupported IE9 (atrol)
  • 23460[ui] Useless UI element on manage_proj_page (atrol)
  • 23474[custom fields] Empty numeric fields should be display as empty rather than 0 (community)
  • 23475[custom fields] Empty float fields should be displayed as empty rather than 0 (community)
  • 23477[api soap] Updating issues via APIs should trigger email notifications (vboctor)
  • 23483[bugtracker] Auto-refresh shouldn’t update last visited (atrol)
  • 23488[code cleanup] Usage of deprecated constant (atrol)
  • 23494[html] Wrong class name for tags output (atrol)
  • 23517[administration] Remove unused config option inline_file_exts (community)
  • 13126[plug-ins] Add plugin event EVENT_BUG_ACTIONGROUP_FORM (cproensa)
  • 16133[custom fields] Numeric field accepts floats and displays them as numeric (vboctor)
  • 21225[bugtracker] resolving parent issues inconsistency (community)
  • 22441[bugtracker] Notes are not in the correct order after cloning an issue (cproensa)
  • 22842[code cleanup] Remove php_version_at_least() function from PHP API (dregad)
  • 23493[email] DomainKeys Identified Mail (DKIM) Signatures (community)
  • 23503[bugtracker] Handler user is visible even if view_handler_threshold is configured to not allow (cproensa)
  • 23516[api rest] Enable REST API by default (vboctor)
  • 23518[bugtracker] “show_assigned_names” configuration is not applied correctly in view_all_bug_page (cproensa)
  • 23528[filters] Filter “advanced” mode is reset after sorting through column headers (cproensa)
  • 23537[api rest] Facilitate troubleshooting REST API by displaying detailed errors (dregad)
  • 23543[email] Update PHPMailer to v5.2.25 (vboctor)
  • 23542[code cleanup] Force composer to honor PHP compatibility advertised for MantisBT (vboctor)
  • 23555[ui] Bugnote text area not styled correctly when private by default (vboctor)
  • 23560[bugtracker] Notes added via change status / edit always market private when private by default (vboctor)

MantisBT 2.7.1

Maintenance release for 2.7 series.

  • 23507[authentication] Users can’t change their password when it is blank (dregad)
  • 23512[html] Custom field type checkbox with required status, force to check all checkboxes to proceed (atrol)
  • 23544[installation] Unattended upgrade is broken after moving to Composer (vboctor)

Go ahead and download the release from our website.

Posted in MantisBT | Tagged | Leave a comment

MantisBT 2.7.0 released

A feature release that includes both functional and performance improvements.

  • 21654[code cleanup] Deprecate access_has_any_project() (cproensa)
  • 22310[html] Use HTML5 “required” attribute for required form fields (community)
  • 22870[ui] buttons without separation (cproensa)
  • 22871[ui] print_form_button() does not render inline buttons (cproensa)
  • 22872[ui] Make some buttons visible only when hovering on relevant container (cproensa)
  • 23216[tagging] Make tag view threshold work at project level (cproensa)
  • 23225[authentication] Token API does not work with config show show_realname (dregad)
  • 23242[code cleanup] Function project_get_local_user_access_level() is redundant (cproensa)
  • 23248[ui] Project selection dropdown focus on current selection (cproensa)
  • 23267[ui] Misplaced “Reset Prefs” button in user prefs with narrow screen (dregad)
  • 23301[api rest] Request an issue in the REST API fail without warning if an enumeration is missing. (community)
  • 23310[performance] Unused CSS delivered (atrol)
  • 23323[reports] Wrong filter links on summary page (atrol)
  • 23331[code cleanup] New user_get_username() API function (dregad)
  • 22182[ui] Burger menu is sometimes visible without functionality (cproensa)
  • 22492[ui] Regression: Resolved/Closed issues are not shown with a line-through (strike-through) (community)
  • 23264[api rest] Custom fields not been saved when adding issue through the Rest API (community)
  • 23268[db oracle] Error filtering custom fields of type date (cproensa)
  • 23311[filters] “View issues” on changelog page does not show closed issues (atrol)
  • 23367[plug-ins] Add no-op upgrade step in plugin_upgrade() (dregad)
  • 23378[installation] Installation fails when using old but still allowed PHP version 5.3 (atrol)
  • 23381[code cleanup] Unneeded code for unsupported PHP versions (atrol)
  • 23382[customization] Login logo image not configurable by css (cproensa)
  • 23393[administration] Provide some basic operating environment information on manage_overview_page (atrol)
  • 23395[db oracle] Performance issue reading config table with oracle database (cproensa)
  • 23411[performance] Unneeded string copies in general text processing (atrol)
  • 23420[relationships] Resolving as duplicate adds reporter and handler to monitoring list (atrol)
  • 23425[reports] PHP errors and warnings when running Issue Trend report (atrol)
  • 21913[tagging] Unprivileged user can see related tags from private issues (cproensa)
  • 22053[plug-ins] Implement logging functionality for plugins (cproensa)
  • 22245[ui] Collapsed menu entry no clickable in complete visible area (atrol)
  • 23241[filters] Error when changing sort order in filters, due date field only (cproensa)
  • 23243[ui] Narrow space between checkbox/radio button and label (dregad)
  • 23249[feature] When logging the caller function, also print the class name if it’s a class method (cproensa)
  • 23251[timeline] Timeline in view user page resets the user id after dates navigation (cproensa)
  • 23324[performance] Generated css, js code should be cached by browser (cproensa)
  • 23377[other] Textarea custom field entry missing from email (atrol)
  • 23436[filters] Editing a stored filter can’t update projects property (cproensa)
  • 23443[custom fields] Fixes related to custom fields on filters, columns and visibility (cproensa)
  • 05713[custom fields] Custom fields of subprojects are shown in filter for “All projects” but not in parent project. (cproensa)
  • 06872[custom fields] Sort of custom fields does not use data type (cproensa)
  • 16358[filters] Custom field filter does not recusrively read all items from sub-projects (cproensa)
  • 16359[filters] Custom field filters does not take user access rights into account (cproensa)
  • 19385[filters] Filtering custom field show bugs from projects where this custom field has been removed (cproensa)
  • 23223[filters] Custom fields filter does not account for read access at project level (cproensa)
  • 23232[filters] Custom field is showed in filter when the user has not view access (cproensa)
  • 23233[custom fields] Issues returned by filter has linked custom fields that are not available as columns (cproensa)
  • 23260[custom fields] Custom fields of type date are not sorted correctly (cproensa)
  • 23265[custom fields] Filter selection for numeric custom fields aren’t sorted correctly on distinct values list (cproensa)
  • 23266[custom fields] Filter selection for numeric custom fields show values not coherent with custom field type (cproensa)

Go ahead and download the release from our website.

Posted in MantisBT | Tagged | Comments Off on MantisBT 2.7.0 released

MantisBT 2.6.0, 2.5.2 and 1.3.12 released

MantisBT 2.6.0

A feature release that includes both functional and performance improvements.

  • 22730: [ui] ‘Manage Configuration’ tab usually does not highlight (dregad)
  • 22813: [customization] Field is appearing in email notification but not used in UI. (joel)
  • 22967: [ui] Questionable display of “Access Denied” on view_user_page (atrol)
  • 22984: [ui] Calendar doesn’t show the correct date the first time it opens (dregad)
  • 22981: [ui] Display of hardcoded string on view_user_page if e-mail address is empty (atrol)
  • 22987: [code cleanup] Replace hardcoded language strings by translatable ones (dregad)
  • 23061: [ui] print_manage_menu() does not highlight active plugin pages (dregad)
  • 23116: [html] Due date field not displayed correctly when editing ticket (community)
  • 23141: [html] Unused CSS delivered (atrol)
  • 12313: [attachments] Can’t open image attachments in browser windows (dregad)
  • 22913: [email] Update disposable-email-checker to v3.0.1 using Composer (vboctor)
  • 22939: [code cleanup] Use Parsedown library v1.6.2 via Composer (vboctor)
  • 22940: [code cleanup] Update PHPMailer from 5.2.22 to 5.2.24 and use Composer (dregad)
  • 23087: [filters] Removing “Report an issue” permission removes user from Monitoring filter dropdown (atrol)
  • 23150: [html] Unused code and unused CSS delivered for obsoleted functionality (atrol)
  • 23159: [ui] Graph display is too faint and blurred (atrol)
  • 21807: [ui] The required fields are not explicitly visible when updating, resolving or closing an issue (community)
  • 23143: [api rest] Support adding notes via REST API (vboctor)
  • 22158: [time tracking] Time tracking report excludes issues with no category assigned (cproensa)
  • 22919: [time tracking] Time Tracking “auto count” is giving the wrong elapsed time (dregad)
  • 23112: [custom fields] Custom fields badly filtered when multi-projects (cproensa)
  • 23131: [api rest] /api/rest/projects doesn’t return child projects (vboctor)
  • 23139: [api rest] Notes returned by /issues REST API have incorrect timestamps (vboctor)
  • 23144: [api rest] Support issue id as part of the path for REST API (vboctor)
  • 23145: [api rest] Support deleting notes via REST API (vboctor)
  • 23184: [bugtracker] AJAX calls with invalid endpoints fail with syntax error (dregad)
  • 23187: [email] Update PHPMailer v5.2.23 to v5.2.24 (vboctor)
  • 23188: [bugtracker] Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor)
  • 23189: [markdown] Update Parsedown 1.6.2 to 1.6.3 (vboctor)
  • 23190: [code cleanup] Update PhpUnit from 4.8.35 to 4.8.36 (vboctor)
  • 23191: [time tracking] Unable to access time tracking reports (atrol)
  • 23202: [ui] Questionable order and functionality of top buttons on “View Issue” page (atrol)
  • 23204: [performance] Unused and inefficient code in function layout_print_sidebar (atrol)
  • 23227: [ui] When specifiying top_buttons display, the button on update screen has no styling. (atrol)
  • 23237: [performance] Project cache is not efficient with navbar project selection. (cproensa)
  • 12444: [bugtracker] bug_actiongroup_page, on copy, & move, poject combo lists projects wich the user has no rights (cproensa)
  • 21695: [ui] “notify user” check should be moved outside the form (cproensa)
  • 22291: [time tracking] Issue history box is narrower than other boxes above it on View Issue page (cproensa)
  • 22469: [time tracking] Enabling Time Tracking distorts View Issue Details page layout. (cproensa)

MantisBT 2.5.2

Security fixes for 2.5.x release.

  • 23146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
  • 23166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
  • 23179: [security] Login page no longer warns about ‘admin’ directory being present (dregad)
  • 23181: [administration] Checks on login page are never executed if “admin” dir does not exist (dregad)
  • 23185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

MantisBT 1.3.12

Security fixes for 1.3.x release.

  • 23175: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
  • 23186: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

Go ahead and download the release from our website.

Posted in MantisBT | Tagged | Comments Off on MantisBT 2.6.0, 2.5.2 and 1.3.12 released

MantisBT 2.5.1, 2.5.0 and 2.4.2 released

MantisBT 2.5.1

Maintenance release that fixes installation failure.

  • 0022985: [installation] Initial installation does not continue after clicking install (dregad)

MantisBT 2.5.0

Feature release with main focus on REST API improvements, some of the fixes also applies to the SOAP API.

  • 0022850: [ui] Installation page layout and style issues (dregad)
  • 0022765: [api rest] Implement a test framework for REST API (vboctor)
  • 0022766: [api rest] Enum name should reflect non-localized enum name and label for localized name (vboctor)
  • 0022767: [api rest] Include status color in status enum value for issues (vboctor)
  • 0022768: [api rest] Support retrieving issues based on filter or a project (vboctor)
  • 0022769: [api rest] Note type should be note instead of timelog if time tracking is not accessible to user (vboctor)
  • 0022770: [api rest] Change version from string to an object (vboctor)
  • 0022771: [api rest] Due date access check should be based on project access level rather than global one (vboctor)
  • 0022772: [api rest] Don’t return eta info if feature is disabled (vboctor)
  • 0022773: [api rest] Don’t return projection info if feature is disabled (vboctor)
  • 0022774: [api rest] Some access denied errors don’t show user info correctly (vboctor)
  • 0022775: [api rest] Rename date_submitted to created_at and last_updated to updated_at (vboctor)
  • 0022776: [api rest] Sticky flag should be a boolean rather than a string (vboctor)
  • 0022777: [api rest] Don’t return sponsorship_total (vboctor)
  • 0022778: [api rest] Don’t allow setting version to an undefined version (vboctor)
  • 0022779: [api rest] Don’t return profile information if feature disabled (vboctor)
  • 0022780: [api rest] Don’t return platform, os, and os_build if disabled (vboctor)
  • 0022782: [api rest] Don’t return target_version if user doesn’t have access to view roadmap (vboctor)
  • 0022783: [api rest] Return 400 instead of server side error if summary, description or project fields are missing (vboctor)
  • 0022788: [api rest] Support retrieving projects accessible to users (vboctor)
  • 0022808: [api rest] Use GuzzleHttp for http requests (vboctor)
  • 0021871: [performance] Improve db_fetch_array performance (cproensa)
  • 0021994: [attachments] issue with attachments cannot be moved between projects with different upload directories (uploads saved in file system) (dregad)
  • 0022809: [api rest] Upgrade Slim Framework from 3.7.0 to latest (3.8.1) (vboctor)
  • 0022851: [installation] Installer should display sample table names based on table prefix/suffix settings (dregad)
  • 0022852: [localization] [de] Incorrect label in German “Change status” form (atrol)
  • 0022865: [code cleanup] Login page displays a PHP system notice when using BASIC_AUTH (dregad)
  • 0022864: [code cleanup] phpdoc for ‘print_link_button’ has incorrect order of parameters (cproensa)
  • 0022868: [other] PHP variable misspelt in html_api.php (dregad)
  • 0022904: [db mssql] database_api: db_insert_id returns string not int (mssql) (dregad)
  • 0022905: [code cleanup] The URL of the return button in breadcrumbs div has a trailing ‘?’ (dregad)
  • 0022925: [time tracking] Time Tracking – issue (atrol)
  • 0022928: [administration] $g_anonymous_account is case sensitive, preventing normal users from logging in (vboctor)
  • 0022933: [timeline] Confusing entry in timeline when removing other users from monitoring list (atrol)

MantisBT 2.4.2

Maintenance release for 2.4.x

  • 0022923: [authentication] Logout page on authentication plugins never gets called (community)
  • 0022926: [custom fields] Custom Fields – Date: Field does not show date (view.php), shows other text (vboctor)
  • 0022937: [custom fields] Custom fields of type Email are not properly displayed (vboctor)
  • 0022950: [custom fields] Custom Fields of Type Text showing Link (Url) as Text only (vboctor)

Go ahead and download the release from our website.

Posted in MantisBT | Tagged | Comments Off on MantisBT 2.5.1, 2.5.0 and 2.4.2 released