MantisBT 1.2.15 released

Global announcements, rules, administrative notes, etc.

Moderators: Contributor, Developer

MantisBT 1.2.15 released

Postby atrol » Apr 14, 2013 1:09 am

MantisBT 1.2.15 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.

The following security issues were resolved:

Any malicious user could use the view issues page (search.php) to execute a filter that could bring down the site by overloading the database server (CVE-2013-1883). Affects MantisBT 1.2.12 and later. Refer to issue #15573 for detailed information.
A cross site scripting (XSS) vulnerability allowed execution of arbitrary JavaScript code when deleting a version. Affects MantisBT 1.2.14 and later. Refer to issue #15511 for detailed information.
In some cases, the ‘Close’ button would be available to unauthorized users, allowing them to close issues at will, bypassing the workflow settings. Affects MantisBT 1.2.12 and later. Refer to issue #15453 for detailed information.
This release also includes several bug fixes and enhancements to the tracker and the SOAP api, as well as updated translations in many languages.

A full changelog can be found at:
http://www.mantisbt.org/bugs/changelog_ ... ion_id=182

The release can be downloaded from
http://sourceforge.net/projects/mantisb ... le/1.2.15/
Please use Search before posting and read the Manual
Use Mantis2Go to try MantisBT on Windows or to reproduce issues
atrol
Site Admin
 
Posts: 6716
Joined: Mar 26, 2008 4:37 pm
Location: Germany

Return to Announcements

Who is online

Users browsing this forum: No registered users and 2 guests