MantisBT 2.4.1, 2.3.3, and 1.3.11 released

We have just pushed out 3 maintenance and security releases.  All users are encouraged to upgrade to MantisBT 2.4.1.  Go ahead and download the release.

The 3 releases below are still db schema compatible.

MantisBT 2.4.1

  • 0022428: [markdown] CSV and Excel exports with markdown on (vboctor)
  • 0022906: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
  • 0022909: [security] CVE-2017-7620: CSRF – Arbitrary Permalink Injection (dregad)
  • 0022867: [markdown] Markdown formatting is broken for notes column on View Issues page (vboctor)

MantisBT 2.3.3

  • 0022907: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
  • 0022908: [security] CVE-2017-7620: CSRF – Arbitrary Permalink Injection (dregad)

MantisBT 1.3.11

  • 0020168: [db schema] Use of ‘mantis’ as plugin table prefix prevents plugin’s installation (dregad)
  • 0022702: [security] CVE-2017-7620: CSRF – Arbitrary Permalink Injection (dregad)
  • 0022816: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
This entry was posted in MantisBT and tagged . Bookmark the permalink.