Monthly Archives: April 2017

Critical Security Fix Releases: 2.3.1, 2.2.4, and 1.3.10

This is the release announcement for releases including the fixes for a critical security issue (#22690 for CVE-2017-7615), allowing a remote attacker to reset any user’s password, on all MantisBT instances where user signup or password reset are enabled, via a vulnerability … Continue reading

Posted in MantisBT | Tagged | Leave a comment

MantisBT 2.3.0, 2.2.3, and 1.3.9 released

MantisBT 2.3.0 Feature release including security fixes and our brand new experimental REST API.  The REST API can be extended by plugins and power web UI ajax features.  In this release the REST API is disabled by default (expect for … Continue reading

Posted in MantisBT | Tagged | 1 Comment

MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2

Maintenance releases including security fixes for Cross-Site Scripting (XSS) issues have just been released. We advise all installations to upgrade; releases can be downloaded from our website. Patched vulnerabilities: 22537: CVE-2017-6973 – XSS in adm_config_report.php (affects 1.3.0-rc.2 and later) Additionally, … Continue reading

Posted in MantisBT | Tagged , , | Leave a comment