Released 2016-08-14
MantisBT 1.2.20 is the final maintenance and security release for the 1.2.x series.
All installations that are currently running any 1.2.x version are strongly advised to upgrade.

This release resolves 3 security and a couple of PHP 7 compatibility issues.
0016629: [email] Behaviour change for SMTP server without authentication. Bug? (dregad)
0017795: [documentation] Bug in the processing code for email settings (dregad)
0018049: [api soap] Getting errors when accessing SOAP documentation page (dregad)
0019344: [api soap] Cannot use object of type stdClass as array (dregad)
0019345: [api soap] Error when custom field is specified only by its name (no id provided) (dregad)
0019378: [documentation] Reflect announcements mailing list changes in the documentation (vboctor)
0019399: [bugtracker] Problem when moving issues with category between projects (dregad)
0019400: [other] core/bug_api.php, function create(): this_due_date (rombert)
0019588: [time tracking] Access to "billing_page.php" (dregad)
0019606: [email] Numeric References Should Not Transpose Into URL Unless Number = Valid Issue Number (dregad)
0019609: [administration] function timezone_identifiers_list used before checked for existance. Lead to Fatal error (dregad)
0019873: [security] CVE-2015-5059: documentation in private projects can be seen by every user (dregad)
0019879: [attachments] Download page triggers errors when file does not exist (dregad)
0020018: [attachments] Copied bug attachments have wrong ownership (dregad)
0020041: [bugtracker] APPLICATION ERROR 0002200 - Could not find a tag with that name (atrol)
0020116: [documentation] Documentation contains description for obsolete configuration option allow_bug_delete_access_level (dregad)
0020183: [documentation] EVENT_MENU_ISSUE should pass bug_id as parameter (dregad)
0019270: [documentation] Missing documentation from 1.2.19 download (vboctor)
0019301: [security] CVE-2015-2046 : XSS in adm_config_report.php (FG-VD-15-008) (dregad)
0020340: [attachments] Attachment is saved to disk and database at the same time (dregad)
0020350: [other] json_url() may break non-ASCII strings. (dregad)
0020364: [authentication] access_denied() should proceed to default page defined in system config (dregad)
0020500: [installation] Installation fails in PHP 7 environment (atrol)
0020501: [code cleanup] Installer throws warning in PHP 7 environment (dregad)
0020513: [code cleanup] Double fetch of same database column (dregad)
0020746: [html] HTML status legend bar does not show dead-end status (dregad)
0020743: [documentation] Wrong event names in the documentation (atrol)
0020824: [bugtracker] collapse_cache_token() always update token ID # 5 (dregad)
0020822: [bugtracker] Collapsing/Expanding sections triggers error 2300 (dregad)
0020864: [administration] "user_pref_get_language()" not defined (dregad)
0020915: [webpage] Incorrect variable name in Email Setup Guide: $g_phpmailer_method (atrol)
0020956: [security] CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php (dregad)
32 issues View Issues