Yearly Archives: 2017

Critical Security Fix Releases: 2.3.1, 2.2.4, and 1.3.10

This is the release announcement for releases including the fixes for a critical security issue (#22690 for CVE-2017-7615), allowing a remote attacker to reset any user’s password, on all MantisBT instances where user signup or password reset are enabled, via a vulnerability … Continue reading

Posted in MantisBT | Tagged | Leave a comment

MantisBT 2.3.0, 2.2.3, and 1.3.9 released

MantisBT 2.3.0 Feature release including security fixes and our brand new experimental REST API.  The REST API can be extended by plugins and power web UI ajax features.  In this release the REST API is disabled by default (expect for … Continue reading

Posted in MantisBT | Tagged | 1 Comment

MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2

Maintenance releases including security fixes for Cross-Site Scripting (XSS) issues have just been released. We advise all installations to upgrade; releases can be downloaded from our website. Patched vulnerabilities: 22537: CVE-2017-6973 – XSS in adm_config_report.php (affects 1.3.0-rc.2 and later) Additionally, … Continue reading

Posted in MantisBT | Tagged , , | Leave a comment

MantisBT 2.2.1 and 1.3.7 Released

MantisBT 2.2.1 (changelog) Maintenance release for 2.2 series including security fixes.  This release includes fixes in 1.3.7 as well. 22246: [markdown] Markdown is converting ‘&’ signs to (ampersand[amp;]) inside code block or backtick as well (joel) 22442: [printing] System error … Continue reading

Posted in MantisBT | Tagged | Leave a comment

MantisBT 2.2.0 and 2.1.1 Released

MantisBT 2.1.1 (changelog) A maintenance release for 2.1.x series including the fixes below: 22266: [security] Sanitize window title (vboctor) 22288: [bugtracker] Due date current value doesn’t show in change status form (syncguru) 22302: [filters] Permalink does not work with tags … Continue reading

Posted in MantisBT | Tagged | 6 Comments