MantisBT 1.2.19 Released

MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from here.

This release resolves 5 security issues:

  • #17938/CVE-2014-9571: XSS in install.php
  • #17939/CVE-2014-9572: Improper Access Control in install.php
  • #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
  • #17984/CVE-2014-9624: CAPTCHA bypass
  • #17997/CVE-2015-1042: URL redirection issue

We would like to thank High Tech Bridge Research Lab, Alejo Popovici and Florent Daignière from Matta Consulting for reporting these issues, and their cooperation in resolving them.

This release also addresses 2 regression issues introduced in 1.2.18:

  • #17993 prevents new users from signing up on systems using CAPTCHA.
  • #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields.

Please refer to the changelog on the MantisBT web site for complete details on each of these issues.

This entry was posted in MantisBT and tagged , . Bookmark the permalink.

5 Responses to MantisBT 1.2.19 Released

  1. Ashok says:

    We are using 1.2.18 version and running on production. Please let us know how can we upgrade with this version.

    Thanks

  2. Sai Anirudh Karre says:

    Hi Team,
    Can you please let me know how “Issue Relationship Graphs” works ?
    Does the system automatically identifies the relationship or Someone has to link the defects to create relationship or dependency ?

    Regards,
    Sai Anirudh

  3. sujay says:

    HI i have download mantis 1.2.19. It is downloaded in rar format. I am notable to understand how to istall it . Where setup file is stored>
    Regards
    Sujay

Comments are closed.