MantisBT 1.2.18 released

Global announcements, rules, administrative notes, etc.

Moderators: Contributor, Developer

MantisBT 1.2.18 released

Postby atrol » Dec 09, 2014 5:44 pm

MantisBT 1.2.18 is an important security update for the stable 1.2.x branch.
All installations that are currently running any 1.2.x version are strongly
advised to upgrade to this release. Download it from [2].

This release resolves a total of 43 issues, including fixes for 23 security-
related bugs and vulnerabilities:

- 7 Cross-Site Scripting (XSS) issues: #17297/CVE-2014-9272,
#17583/CVE-2014-9270, #17870/CVE-2014-8987, #17874/CVE-2014-9271,
#17876/CVE-2014-9281, #17889/CVE-2014-8986, #17890/CVE-2014-9269

- 2 Code injection issues: #17725/CVE-2014-7146, #17875/CVE-2014-9280

- 2 SQL injection (XSS) issues: #17812/CVE-2014-8554, #17841/CVE-2014-9089

- 5 Information disclosure issues: #9885, #17744, #17877/CVE-2014-9279,
#17742/CVE-2014-8988, #17243/CVE-2014-8553

- 7 Other security issues: #10966, #17338, #17640/CVE-2014-6387,
#17648/CVE-2014-6316, #17780/CVE-2014-8598, #17811/CVE-2014-9117, #17878

Please refer to the changelog [1] on the MantisBT web site for complete details
on each of these issues.

We would like to thank the following individuals and organizations for their
valued contribution in discovering and fixing these issues, in no particular
order: Mati Aharoni from Offensive Security and their bug bounty program,
Matthias Karlsson, Matthew Daley, Egidio Romano, Florian Fuchs, Shahee Mirza,
Oleg K, Alejo Popovici, Edwin Gozeling, Paul Richards, Roland Becker,
Victor Boctor and Damien Regad.

[1] ... ion_id=191
[2] ... is-stable/

MantisBT Team
Please use Search before posting and read the Manual
Use Mantis2Go to try MantisBT on Windows or to reproduce issues
Site Admin
Posts: 6714
Joined: Mar 26, 2008 4:37 pm
Location: Germany

Return to Announcements

Who is online

Users browsing this forum: No registered users and 2 guests