Released 2015-01-24
MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are strongly
advised to upgrade to this release.

This release resolves 5 security issues and fixes 2 regressions introduced in 1.2.18.
0019493: [security] CVE-2014-9701: XSS vulnerability in permalink_page.php (dregad)
0017940: [security] CVE-2014-9573: SQL Injection in manage_user_page.php (dregad)
0017984: [security] CVE-2014-9624: CAPTCHA bypass is way easier than it should be (dregad)
0017997: [security] CVE-2015-1042: URL redirection issue (dregad)
0017938: [security] CVE-2014-9571: XSS in install.php (dregad)
0017939: [security] CVE-2014-9572: Improper Access Control in install.php (dregad)
0017967: [bugtracker] Reporting an issue gives: 'Invalid argument supplied for foreach()' in '/opt/mantisbt-1.2.18/core/gpc_api.php' line 259 (dregad)
0017925: [email] Order of notes in email notifications seem to be based on user who triggered the action (dregad)
0017977: [bugtracker] Fix handling of due dates (dregad)
0018025: [administration] Installer UI tweaks (dregad)
0011742: [bugtracker] Sort bug notes by date, not by ID (dregad)
0017993: [authentication] User creation with captcha broken by fix for issue 0017811 (dregad)
12 issues View Issues