MantisBT 1.2.3 is a security update for the stable 1.2.x branch, including another round of XSS fixes to MantisBT, improved excel export, translation updates, and bug fixes to the SOAP API, installation, plugin system, and email notifications.
- 0012230: [security] CVE-2010-2574: XSS vulnerability when deleting maliciously named categories - closed. - 0012304: [filters] If plugins set a params value for plugin filters the values are dropped. (daryn) - closed. - 0012217: [email] Email is not sent when assigning new issue (jreese) - closed. - 0012246: [api soap] API call to mc_enum_get produces soap fault (rombert) - closed. - 0011930: [administration] No display of unused and new users when using non english account settings (dhx) - closed. - 0011364: [installation] on installl.php 1.2.0rc2 SYSTEM WARNING: htmlentities() expects parameter 1 to be string, array given (dhx) - closed. - 0011852: [authentication] Forgotton password feature prevents admin password reset (dhx) - closed. - 0012033: [installation] check.php tests views if they are utf8 like tables (dhx) - closed. - 0012084: [bugtracker] Excel export does not work when Due Date is included in the Columns (dhx) - closed. - 0012231: [security] XSS vulnerability when uninstalling maliciously named plugins (dhx) - closed. - 0012234: [security] XSS issues when using custom field String values (dhx) - closed. - 0012249: [html] g_error_send_page_header condition check always evaluates to true (dhx) - closed. - 0011654: [csv] Excel export does not encode '&' character as entity (atrol) - closed. - 0012312: [security] NuSOAP WSDL XSS (cross-site scripting vulnerability) in Mantis 1.2.2 (dhx) - closed. - 0011919: [administration] Users copy from one project to another doesn't work (dhx) - closed. - 0012232: [security] Multiple XSS issues with custom field enumeration values (dhx) - closed. - 0012238: [security] XSS in print_all_bug_page_word.php when printing project and category names (dhx) - closed. - 0012309: [security] XSS issues when viewing Summary page (dhx) - closed. - 0011913: [api soap] [patch] Update project description, status, name of a specific project using SOAP API (rombert) - closed.