MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2

Maintenance releases including security fixes for Cross-Site Scripting (XSS) issues have just been released. We advise all installations to upgrade; releases can be downloaded from our website.

Patched vulnerabilities:

• 22537: CVE-2017-6973 – XSS in adm_config_report.php (affects 1.3.0-rc.2 and later)

Additionally, version 2.1.1 also includes fixes previously released in 1.3.7 and 2.2.1:

• 22486: CVE-2017-6797 – XSS in bug_change_status_page.php
• 22497: CVE-2017-6799 – XSS in view_filters_page.php