MantisBT 2.3.0, 2.2.3, and 1.3.9 released

MantisBT 2.3.0

Feature release including security fixes and our brand new experimental REST API.  The REST API can be extended by plugins and power web UI ajax features.  In this release the REST API is disabled by default (expect for calls from within the web UI using cookie authentication) – see 22598 for more details.

  • 22445[ui] Manage users page does not show filters ‘0’-‘9’ as selected (atrol)
  • 22474[administration] “Obsolete configuration” warnings when running admin checks (atrol)
  • 22499[documentation] Document reuse of language strings (dregad)
  • 22501[ui] Enhance layout of “View Issue Details” page (atrol)
  • 22505[ui] Enhance layout of “Updating Issue Information” (atrol)
  • 22506[attachments] Error updating project document (atrol)
  • 22507[ui] On Edit Filter page, ‘Filter name’ input field is too narrow (dregad)
  • 08957[custom fields] Date Selector for Custom Fields (syncguru)
  • 22423[html] ID attribute for bugnote_text (community)
  • 22541[localization] Enhance wording in manage_config_email_page.php and manage_config_work_threshold_page.php pages (atrol)
  • 22548[ui] Remove unnecessary ‘center’ class from textarea in bugnote edit page (community)
  • 22571[html] Add ID attribute for bugnote_text textarea (community)
  • 22572[documentation] Wrong default value in documentation of “g_show_version” (atrol)
  • 21552[ui] My account preferences: move project list outside the form (cproensa)
  • 22140[administration] Getting error dialog when reporting issues and file upload is disabled (cproensa)
  • 22543[ui] Open images in the browser rather than download them (vboctor)
  • 22582[relationships] Relationships box layout is not right for reporters (vboctor)
  • 22583[attachments] Open PDFs in the browser rather than downloading them (vboctor)
  • 04454[filters] 31 February ??? (syncguru)
  • 15276[custom fields] Custom field “Date” 31 days every month. (syncguru)
  • 21873[filters] Use datetime picker for date ranges in filter (syncguru)
  • 21874[time tracking] Use datetime picker for date ranges in time tracking (syncguru)
  • 22469[time tracking] Enabling Time Tracking distorts View Issue Details page layout. (syncguru)
  • 22473[plug-ins] Avatars should respect image aspect ratio (community)
  • 22585[timeline] Show timeline for specific user (cproensa)
  • 22590[ui] Broken javascript and missing footer in My View Page (cproensa)
  • 22593[plug-ins] Broken Snippet plugin (vboctor)
  • 22598[api rest] REST API Framework (vboctor)
  • 22599[code cleanup] Use composer to pull in dependencies (vboctor)
  • 22600[api rest] Enable plugins to publish their own REST APIs (vboctor)
  • 22601[api rest] Support using REST API from Web UI Javascript (vboctor)
  • 22602[api rest] Provide a sandbox for interacting with REST API using Swagger UI (vboctor)
  • 22617[code cleanup] Unneeded CSS file calendar-blue.css (atrol)
  • 22291[time tracking] Issue history box is narrower than other boxes above it on View Issue page (syncguru)

MantisBT 2.2.3

Security fixes and maintenance release

  • 22392[filters] Sorting all bugs list using a column header after applying a filter resets the filter (cproensa)
  • 22496[filters] Permalink does not work with “Note By” (cproensa)
  • 22566[filters] Filter error due to “view status” having an array value (cproensa)
  • 22555[filters] Regression in custom field sorting (cproensa)
  • 22613[security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
  • 22615[security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
  • 22333[markdown] Markdown starts heading in the middle of a line (joel)
  • 22545[markdown] Markdown still converting ‘& amp;’ to & and ‘& lt;’ to < (dregad)

MantisBT 1.3.9

Security fixes and maintenance release

  • 22568[security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
  • 22579[security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
  • 22063[db mssql] Installation on MSSQL fails at step 209 (dregad)
  • 22208[db mssql] File upload to MS-SQL not working (dregad)
Posted in MantisBT | Tagged | 2 Comments

MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2

Maintenance releases including security fixes for Cross-Site Scripting (XSS) issues have just been released. We advise all installations to upgrade; releases can be downloaded from our website.

Patched vulnerabilities:

  • 22537: CVE-2017-6973 – XSS in adm_config_report.php (affects 1.3.0-rc.2 and later)

Additionally, version 2.1.1 also includes fixes previously released in 1.3.7 and 2.2.1:

  • 22486: CVE-2017-6797 – XSS in bug_change_status_page.php
  • 22497: CVE-2017-6799 – XSS in view_filters_page.php
Posted in MantisBT | Tagged , , | Comments Off on MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2

MantisBT 2.2.1 and 1.3.7 Released

MantisBT 2.2.1 (changelog)

Maintenance release for 2.2 series including security fixes.  This release includes fixes in 1.3.7 as well.

22246: [markdown] Markdown is converting ‘&’ signs to (ampersand[amp;]) inside code block or backtick as well (joel)
22442: [printing] System error when opening Print reports (dregad)
22479: [administration] Can’t edit a project’s name changing only accents a on MySQL (dregad)
22497: [security] CVE-2017-6799 – XSS in view_filters_page.php (dregad)
22510: [installation] Attempting to connect to database as admin BAD despite valid userid and password (dregad)

MantisBT 1.3.7 (changelog)

Maintenance release for 1.3 series including security fixes.

22309: [documentation] Example of Regular expression on documentation not work on MantisBT (atrol)
22335: [documentation] Wrong documentation of $g_limit_email_domains in Admin Guide (atrol)
22355: [documentation] typo error for the email_receive_own parameter (atrol)
22486: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)
22503: [tools] Travis CI builds fail for PHP > 5.5 (dregad)

Go ahead and download the release from our website.

Posted in MantisBT | Tagged | Comments Off on MantisBT 2.2.1 and 1.3.7 Released

MantisBT 2.2.0 and 2.1.1 Released

MantisBT 2.1.1 (changelog)

A maintenance release for 2.1.x series including the fixes below:

22266: [security] Sanitize window title (vboctor)
22288: [bugtracker] Due date current value doesn’t show in change status form (syncguru)
22302: [filters] Permalink does not work with tags (cproensa)
22326: [time tracking] g_time_tracking_without_note has no effect (vboctor)
22347: [filters] Filter allows to sort on non sortable fields (cproensa)
22359: [ui] Enhance filter box UI (syncguru)
22369: [filters] Recently Modified box on View Issues page does not display closed issues (cproensa)
22355: [documentation] typo error for the email_receive_own parameter (atrol)
22335: [documentation] Wrong documentation of $g_limit_email_domains in Admin Guide (atrol)
22309: [documentation] Example of Regular expression on documentation not work on MantisBT (atrol)

MantisBT 2.2.0 (changelog)

A feature release that includes all fixes from 2.1.1 release listed above, some setup fixes, status colors visibility improvements, shed some unnecessary js/css and multiple improvements for relationships feature.

21724: [ui] Improve visibility of status colors (syncguru)
08313: [relationships] More work needs to move to Relationship APIs (vboctor)
16933: [relationships] Deleting relationship should set target bug’s last updated (vboctor)
21619: [code cleanup] Use constants instead of hardcoded values for filter view types (dregad)
21796: [ui] inline attachments should be directly visible (dregad)
21881: [javascript] Remove jquery-ui is not longer used in Modern UI (syncguru)
21897: [ui] Unaligned color coding of status (syncguru)
22256: [javascript] Unbundle JS libraris from Ace theme files (syncguru)
22273: [javascript] Enable CDN support for dropzone.js (syncguru)
22296: [code cleanup] Options in $g_public_config_names are not sorted (atrol)
22316: [code cleanup] Duplicate code to display the filter view type toggle menu item (dregad)
22360: [relationships] relationship_add() doesn’t return bug relationship information (vboctor)
22361: [relationships] Trigger notifications on related issues when an issue is deleted (vboctor)
22362: [relationships] Use bin icon instead of ‘delete’ button to delete relationships (vboctor)
22363: [relationships] Setting a duplicate id should update relationship with target issue if already exists (vboctor)
22400: [installation] Installer does not show “GOOD” status for DB connections (dregad)
22401: [installation] Installer displays horizontal blue line under “Checking installation” section header (dregad)

Go ahead and download the release from our website.

Posted in MantisBT | Tagged | 6 Comments

MantisBT 2.1.0 Released

MantisBT 2.1.0 has about 6o features and fixes including those merged from 2.0.1 and 1.3.6.

There are two main highlights for this release:

  • Markdown Support – MantisBT now provides markdown support similar to other tools that developers use like GitHub, Bitbucket, and others.  We are starting off with rolling this out as an experimental feature that is disabled by default.  Users are encouraged to try it out and provide us with feedback.  To enable Markdown go to Manage – Manage Plugins – MantisBT Formatting 2.1.0, click ON next to “Markdown Processing” and click “Update Configuration”.  See examples for supported markdown.
  • Lots of Filtering Improvements – There has been major refactoring for the filtering code, lots of bug fixes, and addition of ability to edit saved filters, filter by last update timestamp, and others.

For more details see changelog.

Go ahead and download the release from our website.

Posted in MantisBT | Tagged | 2 Comments