mantisbt - Change Log

0025722: [administration] Wrong access_level settings when updating rights in the project admin page (cproensa) 0025734: [administration] LOGFILE_NOT_WRITABLE error triggered if file does not exist (dregad) 0025742: [other] Summary "By Date (days)" gets wrong number (cproensa) 0025763: [attachments] File upload timeout (atrol) 0025781: [reports] Summary statistics db error message (cproensa) 0025783: [administration] Button label truncated on manage_config_workflow_page (dregad)

0025839: [html] Leading newlines disappear when editing data in textarea elements (dregad) 0025686: [bugtracker] Replace mailto: by link to user profile page in view.php (dregad) 0025848: [code cleanup] Remove get_email_link() API function (dregad) 0025849: [code cleanup] New prepare_mailto_url() API function (dregad) 0025851: [printing] Remove hyperlinks on usernames in Word export (dregad) 0025470: [api soap] SOAP API return value does not match definition in WSDL (dregad) 0025850: [bugtracker] PHP Notices in User API (dregad) 0025815: [bugtracker] Users can't add monitors if access < show_monitor_list_threshold and >= monitor_add_others_bug_threshold (dregad) 0006128: [bugtracker] Ability to add monitors to a bug when the bug is first reported (dregad) 0025826: [administration] Impossible to set add/remove monitors thresholds from manage page (dregad) 0025827: [documentation] Improve documentation for monitors-related configs (dregad) 0025162: [plug-ins] Improve plugin schema upgrade error message (dregad) 0025749: [bugtracker] error_string() does not allow HTML tags inside of error messages (dregad) 0025784: [html] Invalid HTML in manage_config_workflow_page.php (dregad) 0025774: [installation] Reflect PHP requirements in Composer config (dregad)

0025856: [api soap] SOAP API return value does not match definition in WSDL (dregad)

0019642: [administration] If log file is not writable, log_event() fails silently (dregad) 0022096: [timeline] My View page without timeline does not respect the $g_my_view_boxes_fixed_position setting (dregad) 0022104: [ui] My View Page layout misses some boxes (dregad) 0022143: [documentation] Encoding of custom files not documented (dregad) 0022972: [documentation] Upgrade guide does not mention plugins (dregad) 0023333: [filters] sub-project assignments missing from project-specific My View page (cproensa) 0023418: [ui] Plugin tab in Summary section not highlighted when selected (community) 0023550: [customization] Modification to status colors css (dregad) 0025614: [installation] Missing file (api/rest/web.config) in installer (dregad) 0025629: [administration] E_USER_DEPRECATED errors are no longer displayed inline (dregad) 0025631: [administration] PHP Notice or incorrect file+line number when displaying DEPRECATED error (dregad) 0025650: [ui] Show status with a color square instead of background color on Bug Update Page (dregad) 0025651: [performance] Update color when new Status is selected in Bug Update Page (dregad) 0025664: [ldap] LDAP documentation - Remove invalid 'hostname:port' example (dregad) 0025679: [ui] Uneven distribution of boxes on My View page when Timeline is OFF (dregad) 0025682: [ui] Show Invite button for users with manage users access level, not just administrators (community) 0023037: [ui] Focus on project search (cproensa) 0023694: [plug-ins] View Issue page menu links from EVENT MENU_ISSUE event are wrapped with "[", "]" characters (dregad) 0025594: [ui] Projects menu search box should be hidden when having a small number of projects (cproensa) 0025688: [api rest] Inconsistent naming of username field in REST API (community) 0025693: [performance] Improve performance of Summary Page queries (cproensa) 0025695: [bugtracker] Redirect to the new issue's page after reporting it (community) 0025703: [api rest] Update Slim Framework to 3.12.1 (vboctor)

0025675: [security] CVE-2019-10905: Update Parsedown library to 1.7.3 (dregad) 0025661: [bugtracker] Project versions disappear when set "obsolete" (cproensa) 0025697: [html] Viewing Issues > print reports, csv export, excel export - broken links (dregad)

0005151: [administration] Can't update user's project-specific access level (dregad) 0025437: [api rest] Update Slim Framework to 3.12.0 (dregad) 0004624: [feature] Add filtered summary (cproensa) 0014656: [reports] Filter by dates in Summary Graphs (cproensa) 0017304: [documentation] Manual does not describe variable "g_from_name" (atrol) 0020069: [code cleanup] default_email_on_status, misleading comments in config_defaults (atrol) 0023045: [feature] Usability suggestion at Report Issue screen (atrol) 0023904: [performance] Massive queries to user table in edit project (cproensa) 0024347: [security] web.config file is missing in api/rest (community) 0024549: [filters] Permalink - Filter lose information after click on view issues (cproensa) 0024775: [filters] Improve presentation of temporary filters (cproensa) 0024776: [filters] Switching simple/advanced for a temporary filter loses the filter (cproensa) 0025109: [html] Filter widget does not hide botton bar when collapsed (cproensa) 0025130: [administration] "Check Installation" is missing from Admin menu (dregad) 0025164: [reports] MantisGraph, implement filtered summary for graphs (cproensa) 0025168: [reports] MantisGraph. Reporter graph does not fit width of page (dregad) 0025174: [excel] Float custom field saved as String in XML-Excel export (atrol) 0025210: [reports] Script error in graphs (cproensa) 0025213: [rss] RSS feeds broken when using PHP >= 7.0 (atrol) 0025381: [api rest] Get project doesn't return all versions (atrol) 0025385: [ui] Summary page submenu not aligned when screen narrower than buttons (dregad) 0025386: [ui] Incorrect spacing between submenu and main div for some MantisGraph screens (dregad) 0025387: [ui] MantisGraph: redundant subtitle on Issue Trends page (dregad) 0025403: [documentation] $g_notify_new_user_created_threshold_min is ignored on new account creation (atrol) 0025408: [documentation] Minor documentation fixes (atrol) 0025429: [api rest] Undefined variable t_show_detailed_errors in API REST (dregad) 0025442: [db mssql] Wrong/duplicate bugnote_text_id in mantis_bugnote_table (cproensa) 0025466: [reports] SYSTEM NOTICE on graph pages (atrol) 0009757: [reports] View Issues - Select a Filter - Graph are not linked on this choice (cproensa) 0012261: [filters] Cannot filter by versions of parent project when child project selected (cproensa) 0020054: [administration] Cant modify configuration for All projects if only one project exists (cproensa) 0021931: [reports] Filtered Summary (cproensa) 0022099: [reports] Missing pie chart in "By Category Graphs" (cproensa) 0022100: [code cleanup] Take care of released/obsolete flag when accessing version_cache_array_rows() cache (cproensa) 0023245: [performance] project versions are not cached efficiently (cproensa) 0024672: [security] Fix Bootstrap security issues (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042) (atrol) 0024821: [code cleanup] Wrong caching in version API (cproensa) 0025110: [authentication] Token error when login with a newly created user (cproensa) 0025102: [api rest] /api/rest/issues endpoint supposedly returns all issues, but doesn't (community) 0025133: [ui] Project selection is shown even if the user has no accesible projects (cproensa) 0025163: [reports] MantisGraph summary links don't hghlight current graph page (cproensa) 0025165: [reports] Summary doesn't honour issue access (dregad) 0025217: [ui] Enable selection of a range in checkboxes lists. (cproensa) 0025368: [administration] Manage project, copy from/to forms are easy to click accidentally and don't ask for confirmation (cproensa) 0025378: [ui] Provide sortable functionality to simple tables (cproensa) 0025400: [api rest] Allow adding/updating/deleting subprojects via REST API (community) 0025434: [email] check all/ uncheck all checkbox for email notifcation (cproensa) 0025436: [email] Bump phpmailer/phpmailer from 6.0.6 to 6.0.7 (dregad) 0025446: [ui] 'show_queries_count' is a global setting, but 'show_memory_usage', 'show_timer' are not (atrol) 0025454: [ui] Page adm_config_report does not cache users and generate many database queries (cproensa) 0025455: [ui] Page adm_config_report, users in filter list are not correctly ordered (cproensa) 0025456: [sql] Page adm_config_report has queries missing db_param_push() (cproensa) 0025463: [attachments] Dropzone max-filesize option is not correct (cproensa) 0025464: [attachments] Enforce max-filesize in dropzone to alert and drop big files before form submission (cproensa) 0025465: [attachments] Dropzone preview does not work (cproensa) 0025488: [reports] Update Chart.js to 2.7.3 (atrol) 0025515: [api rest] Simple and Advanced filters are not consistent for handling sub-project issues (cproensa) 0025522: [plug-ins] MantisGraph: limit number of slices in By Category pie chart (dregad) 0025523: [plug-ins] MantisGraph: improve handling of colors in Pie charts (dregad) 0025524: [plug-ins] MantisGraph: improve display of By Category Bar chart (dregad) 0025532: [relationships] Error when adding a relationship if bug id contains whitespace as prefix or suffix (dregad) 0025533: [relationships] When adding multiple relationships, ignore source issue and empty issue ids (dregad) 0025572: [attachments] Redesign Dropzone file previews (cproensa) 0025390: [tools] Travis CI builds fail for PHP 7.3 (dregad)

0025178: [security] Update ADOdb to 5.20.14 (dregad) 0025566: [email] PHPMailer regressions (dregad)

0025180: [security] Update ADOdb from 5.20.9 to 5.20.14 for security and compatibility fixes (dregad)

0024990: [email] Update PHPMailer to 6.0.6 (dregad) 0024987: [api rest] Update Slim Framework to 3.11.0 (dregad) 0024931: [signup] PHP warnings and errors when trying to signup existing user (atrol) 0024989: [bugtracker] Update ADOdb to 5.20.13 (dregad) 0021284: [installation] memory_limit test fails when memory_limit is set to -1 (atrol) 0023712: [authentication] auth_get_current_user_id can return strings while that is not expected (vboctor) 0024877: [bugtracker] IssueNoteAddCommand: reassign_on_feedback doesn't work if reporter is not specified (vboctor) 0024882: [relationships] relationship_can_resolve_bug function problem (atrol) 0024896: [authentication] Password managers don't work with password login page (cproensa) 0024925: [administration] Misleading Message in the creation of user (atrol) 0024932: [preferences] "Manage" menuitem visible even though no access (atrol) 0024976: [ui] Sidebar's collapsed state is not preserved (dregad) 0024986: [api rest] Update Guzzle to 6.3.3 (dregad) 0024988: [email] Update Disposable Email Checker to 3.1.0 (dregad) 0025002: [custom fields] Error when updating content in a custom field of type "Text Area" ("Textbereich"): History cannot be stored (atrol) 0025016: [bugtracker] Default projection is ignored (atrol) 0025033: [installation] Warning with PHP 7.3: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? (atrol) 0025042: [administration] Add some more information to view_user_page (atrol) 0025043: [code cleanup] Code Cleanup (atrol) 0025100: [plug-ins] Display header fails when no user is authentication and anonymous login is off (vboctor) 0025059: [administration] View User Page: hide footer at bottom of User Info table when not needed (dregad) 0025072: [filters] Could not use the FilterBugList filter with "Permalink" (community) 0025061: [authentication] Generic error is triggered when anonymous login is not defined (dregad) 0025099: [authentication] Auth plugins can't control session expiry time and disable perm login (vboctor) 0025116: [roadmap] Manage workflow thresholds does not have the option for "view roadmap" (cproensa) 0025112: [other] Link to create new user is a form and prevents reloading (cproensa)

0024899: [filters] Filter assigned to shows <br /> (atrol) 0024985: [security] Update PHPMailer to 5.2.27 (dregad)

0025129: [code cleanup] Remove usage of deprecated function __autoload (atrol) 0025131: [security] Update PHPMailer to 5.2.27 (dregad)

0024822: [code cleanup] Code Cleanup (atrol) 0024741: [plug-ins] Plugin Columns - Export CSV or Excel - PHP 7.2.7 - crash error 500 - Reason missing 2 argument in call (dregad) 0010411: [bugtracker] Changes to project_view_state and view_state to create only private projects (vboctor) 0024520: [html] Missing fallback for "Open Sans" font (community) 0024774: [tagging] Error Creating Issue with new TAG (vboctor) 0024823: [performance] Performance enhancements of string processing (atrol)

0024814: [security] CVE-2018-17783: XSS in manage_filter_edit_page.php (atrol) 0024813: [security] CVE-2018-17782: XSS in manage_filter_page.php (atrol)

0024731: [security] CVE-2018-16514: Reflected XSS in view_filters_page.php via core/filter_form_api.php (dregad)

0024616: [relationships] relationship visibility in different project permission (atrol) 0024632: [tagging] Tag cannot be selected if a tag containing the text of that tag has already been selected (atrol) 0024633: [bugtracker] Late error message when trying to resolve issues (atrol) 0024635: [authorization] Wrong box visibility on My View page (atrol) 0012677: [administration] Please change a search option to manage users (atrol) 0020101: [api soap] mc_filter_search_issues can't filter by date (community) 0023336: [html] Inline image attachments should have their own container to prevent scrolling (atrol) 0023915: [administration] Search for a part of (Real Name - Username - Email) (atrol) 0024622: [api rest] Add function for creating a new project via REST (community) 0024624: [api rest] Add function for updating a project via REST (community) 0024636: [api rest] Add function to delete a project via REST API (vboctor) 0024643: [ui] bug_actiongroup and custom bug_actiongroup don't provide the same user experience when displaying error message (dregad) 0024644: [ui] Footer displays behind sidebar on bug_actiongroup.php (dregad) 0024696: [authorization] Custom fields can be changed without having update_bug_threshold access rights (atrol) 0024717: [api soap] Add filter for the “last updated“ date in the soap api (community) 0024719: [administration] Impersonate User is offered for disabled users (atrol)

0024647: [security] CVE-2018-14895: XSS in bug_actiongroup.php (atrol)

0024648: [security] CVE-2018-14895: XSS in bug_actiongroup.php (atrol)

0022083: [ui] Local copy of Open Sans font does not include Latin-ext characters (atrol) 0023978: [ui] Fonts are not rendered correctly in Windows clients (atrol) 0024416: [upgrade] Improve handling of unserialize errors when upgrading (dregad) 0023992: [ui] Font = Times News Roman after Upgrade from v2.7.0 (atrol) 0024501: [installation] MantisBT on Windows - Check for php_fileinfo.dll enabled on php.ini (atrol) 0024523: [performance] Unneeded information in Change Log and Roadmap (atrol) 0024552: [code cleanup] Code Cleanup (atrol) 0024553: [performance] Performance enhancement of config_get_global function (atrol) 0024564: [timeline] Missing display of events in Timeline if All Projects is selected (atrol) 0024578: [documentation] Documentation: PHP documentation link: "installation.php" -> "install.php" (dregad) 0024579: [documentation] Documentation: Admin Guide: Installation: Broken Link "Microsoft IIS", is now https://docs.microsoft.com/en-us/iis (dregad) 0021376: [upgrade] Error in upgrade process 1.2.17 --> 1.3.0 (dregad)

0024580: [security] CVE-2018-13055: Reflected XSS in view filters page (dregad) 0024608: [security] CVE-2018-14504: XSS in edit filters page (atrol)

0024437: [filters] Cannot save private filter if not allowed to save shared filter (community) 0024496: [wiki] URL encoding precludes reasonable wiki root_namespace values (community) 0024242: [bugtracker] Incorrect issue status setting when changing status (vboctor) 0024388: [api rest] Support create project versions via REST API (vboctor) 0024398: [tagging] Exception Missing Class (atrol) 0024432: [security] Update-Blocker:User-ID instead of Realname 0024139 as due to security policy requirements which prohibit IDs in mails and masks (atrol) 0024435: [filters] show_user_realname_threshold is not considered when sorting by reporter or handler (atrol) 0024436: [ui] Selecting users is not easy if show_realname is set to ON (atrol) 0024470: [other] System warning if $g_log_destination = 'page' when using PHP 7.2 (atrol) 0024462: [api soap] Error while querying for issue header with PHP 7.2 (atrol) 0024476: [performance] Unneeded <meta> tag in <head> section (atrol) 0024139: [ui] $g_show_realname for making usernames private (atrol)

0024192: [bugtracker] Update ADOdb to 5.20.12 (dregad) 0024236: [code cleanup] IssueAddCommand Prevents API Folder Removal (atrol) 0024174: [code cleanup] E_DEPRECATED error on php7.2: each() function (dregad) 0024196: [api rest] Update Slim Framework from 3.8.1 to 3.9.2 (vboctor) 0024197: [api rest] Update GuzzleHttp from 6.3.0 to 6.3.2 (vboctor) 0024220: [documentation] Wrong documentation of datetime_picker_format in Admin Guide (atrol) 0024325: [code cleanup] Code Cleanup (atrol) 0024326: [documentation] Wrong documentation of my_view_boxes in Admin Guide (atrol) 0024333: [api rest] Support getting a single project via REST API (vboctor) 0024336: [administration] Plugin priority changed without being changed by user interaction (atrol)

0024221: [security] CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality (dregad) 0024233: [markdown] Markdown quoting rendered with broken HTML (atrol) 0024239: [email] Inconsistent realname display (atrol) 0024335: [api rest] Get all filter or specific filter returns incorrect information (vboctor) 0024343: [api rest] REST API returns too much info for default category handler (vboctor) 0024346: [api rest] Don't show category default handler for users that can't manage the project (vboctor) 0024349: [api soap] API method mc_filter_get does not work (vboctor) 0024353: [code cleanup] mb_internal_encoding no longer being set because of removal utf8 library (atrol) 0024355: [bugtracker] SYSTEM WARNING 'count(): Parameter must be an array or an object that implements Countable' in 'IssueNoteAddCommand.php (atrol)

0024365: [security] CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality (dregad)

0024202: [markdown] Broken rendering of @ mentions, # issue and ~ note links (atrol)

0024201: [markdown] Broken rendering of @ mentions, # issue and ~ note links (atrol)

0024056: [custom fields] Custom Fields of type "Textarea" cannot contain more than 255 chars due to bug_history table (atrol) 0024128: [administration] Unable to start system check or installation with wrong PHP version (atrol) 0010853: [filters] In View Issues list, several columns are sorted by Id instead of display value (cproensa) 0021404: [filters] System Error on changing filters (dregad) 0023998: [code cleanup] Implement IssueAddCommand and use it from SOAP, REST and Web UI (vboctor) 0016070: [email] Delay due to Mantis trying sending emails to non existent address (vboctor) 0023498: [filters] Filtering "note by" with "none" does not return any result (cproensa) 0007264: [filters] Not able to filter issues that have no relationship assigned (cproensa) 0008167: [filters] Filter settings saved when using Anonymous account (cproensa) 0008204: [filters] Filters not remembered when clicking through from "My View" (cproensa) 0022785: [api rest] Support adding attachments when reporting issues (vboctor) 0023214: [performance] Remove usage of outdated phputf8 library (atrol) 0023999: [code cleanup] Implement IssueDeleteCommand and use it from SOAP, REST, and Web UI (vboctor) 0024000: [api rest] Add Issue REST API doesn't trigger EVENT_REPORT_BUG_DATA plugin event (vboctor) 0024001: [api soap] Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG_DATA plugin event (vboctor) 0024002: [api rest] Add Issue REST API doesn't trigger issue_create_validate custom function (vboctor) 0024003: [api soap] Add Issue SOAP API doesn't trigger issue_create_validate custom function (vboctor) 0024004: [api rest] Add Issue REST API doesn't trigger issue_create_notify custom function (vboctor) 0024005: [api soap] Add Issue SOAP API doesn't trigger issue_create_notify custom function (vboctor) 0024006: [api rest] Add Issue REST API doesn't trigger EVENT_REPORT_BUG plugin event (vboctor) 0024007: [api soap] Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG plugin event (vboctor) 0024008: [api rest] Add Issue REST API doesn't add the issue to recent list (vboctor) 0024009: [api soap] Add Issue SOAP API doesn't add the issue to recent list (vboctor) 0013177: [filters] On ‘View Issues’ Page the filter does not allow user to select ‘blank’ ('No Category') Category (cproensa) 0021865: [filters] Filter out duplicated issues (cproensa) 0021867: [filters] Filter filed "relationships" resets its value when "duplicate of" is selected (cproensa) 0023476: [bugtracker] Can't login if admin directory has restricted access (atrol) 0023499: [filters] Filtering with "note by" shows results from private notes for unprivileged users (cproensa) 0023500: [filters] Search filter returns matches in private notes for unprivileged users (cproensa) 0023501: [filters] Filter "monitored by" does not have option for "none" (cproensa) 0023502: [filters] Filter "assigned to" does not account for configuration "view_handler_threshold" (cproensa) 0023504: [filters] Filter "monitored by" does not account for configuration "show_monitor_list_threshold" (cproensa) 0023506: [filters] Filter tags inconsitent with OR filter operator (cproensa) 0023538: [filters] Filter field for relationship bug id is set to -1 by default (cproensa) 0023549: [db mysql] Entering Emojis in comments with a user mention crashes with an error (atrol) 0024042: [filters] filter on relationships mistuned by switching sort order (cproensa) 0024089: [authentication] POST request to login_password_page.php return 405 when admin folder is deleted or access restricted (atrol) 0024140: [filters] Application error 401: "ORDER BY clause is not in SELECT list" when sorting by category or project (cproensa) 0022376: [documentation] Wrong documentation of string customization (atrol) 0023161: [timeline] Show File Attachment events in Timeline (dregad) 0024158: [bugtracker] Support providing a default value for issue description (vboctor) 0024159: [documentation] $g_default_bug_steps_to_reproduce not documented (vboctor) 0024160: [documentation] $g_default_bug_additional_info not documented (vboctor)

0024077: [timeline] Hyperlink usernames in timeline to user page (vboctor) 0024090: [ui] Username (Realnames) format not showing on timeline (my_view_page) (vboctor) 0024186: [security] CVE-2018-1000162: XSS vulnerability in Parsedown library (dregad)       0024297: [security] Update Parsedown library to 1.7.1 (dregad) 0024167: [bugtracker] History entries display realname instead of username (atrol) 0024097: [ui] Account page required change password on any field modification (atrol) 0024161: [timeline] Wrong color of username in timeline (atrol)

0023375: [mentions] It is hard to @ mention users when show realnames is enabled (vboctor) 0010493: [code cleanup] Non-existent duplicate_realname column is updated by various functions in user_api.php (vboctor) 0022509: [mentions] users with dashes in their name will not work when @mentioned (example @r-frank) (community) 0023960: [plug-ins] EVENT_AUTH_USER_FLAGS should always be passed username rather than name (vboctor) 0023961: [timeline] Identify Timeline tags operations with a specific icon (dregad) 0023966: [code cleanup] Option session_handler not implemented (atrol) 0023969: [performance] Minor performance and code enhancements of config functions (atrol) 0024020: [localization] Update supported languages (siebrand) 0024043: [ldap] $g_ldap_realname_field generates WARNING: field 'givenName' does not exist. (community)

0023954: [api rest] REST API doesn't work from UI for some users (vboctor) 0023955: [administration] Warning message on login page (atrol)

0023838: [api rest] Create user via REST API (vboctor) 0023925: [security] Site path leakage in error handler (vboctor) 0023837: [code cleanup] Implement UserCreateCommand to create users (vboctor) 0023706: [administration] trigger_error() with errors must terminate scripts rather than being config based (vboctor) 0023754: [code cleanup] Remove unused function print_bracket_link and code cleanup (atrol) 0023758: [ui] Allow users to select font family that fits them best (syncguru) 0023876: [installation] Running admin/check fails (dregad) 0023900: [administration] Unable to update user access level, due to check on 'Realname' returning KO (APPLICATION ERROR #807) (vboctor) 0023776: [attachments] Support adding attachments that were not uploaded via the browser (vboctor) 0023899: [api rest] Relationship type was localized in GET issue API (vboctor) 0023714: [api rest] Failing REST API requests should include Mantis error code and localized message (vboctor) 0023762: [api rest] Support adding users to monitor an issue via REST API (vboctor) 0023772: [api rest] Support attachments when adding notes via REST API (vboctor) 0023773: [api rest] Support time tracking when adding notes via REST API (vboctor) 0023780: [api rest] Return status code 429 when hitting spam check limits (vboctor) 0023784: [api rest] REST and SOAP API send two email notifications for mentioned users (vboctor) 0023785: [api rest] Adding notes via SOAP and REST API with time tracking uses incorrect access check (vboctor) 0023786: [code cleanup] Implement IssueNoteDeleteCommand for deleting notes (vboctor) 0023787: [administration] Protected admin users can't be unprotected (atrol) 0023830: [security] Update PHPMailer to 5.2.26 (dregad) 0011327: [reports] "Developer By Resolution" is the only box in the Summary page not ordered (at least it doesn't seem to be any logic behind it) (dregad) 0012978: [code cleanup] Summary - Time Stats For Resolved Issues (days) (dregad) 0022792: [api rest] Support downloading issue attachments (vboctor) 0023627: [feature] Summary page enhancement with bugs ratio support (dregad) 0023774: [code cleanup] Implement IssueNoteAddCommand to share code for adding notes (vboctor) 0023796: [reports] Filter links for resolved/closed custom statuses in Summary By Status report are incorrect (dregad) 0023828: [api rest] Support adding attachments to existing issues via REST API (vboctor) 0023839: [code cleanup] Implement UserDeleteCommand for deleting users (vboctor) 0023840: [api rest] Delete user via REST API (vboctor) 0023854: [reports] Summary: always show the "By Project" box (dregad) 0023855: [code cleanup] Implement TagAttachCommand for attaching tags (vboctor) 0023856: [code cleanup] Implement TagDetachCommand to detach tags (vboctor) 0023857: [api rest] Add REST API to attach a tag (vboctor) 0023858: [api rest] Add REST API to detach a tag (vboctor) 0023863: [reports] Summary: Reporter and Developer by Resolution miss a Total column (dregad) 0023865: [code cleanup] Implement IssueRelationshipAddCommand to add relationships (vboctor) 0023866: [api rest] Support adding relationships via REST API (vboctor) 0023867: [code cleanup] Implement IssueRelationshipDeleteCommand (vboctor) 0023868: [api rest] Support deleting issue relationships via REST API (vboctor) 0023898: [api rest] Some relationships are not formatted correctly in GET issue rest API (vboctor) 0023775: [attachments] Remove obsolete code that checks if PHP file info API is defined (vboctor) 0023926: [ui] Footer displayed under sidebar on error page when $g_show_detailed_errors = ON (dregad) 0023930: [installation] Make Fileinfo a mandatory PHP extension (atrol) 0023944: [bugtracker] The stack trace on detailed error page should not include the error handler itself (dregad) 0023942: [bugtracker] Remove deprecated "errcontext" parameter from standard error handler (dregad) 0023943: [bugtracker] Improve detailed error page layout (dregad)

0023746: [api soap] unable to create a bug with customfields via SOAP (vboctor) 0023765: [api rest] Wrong constructor name in class FilterConverter (atrol) 0023924: [relationships] Resolving as duplicate does not add reporter and handler to monitoring list of duplicate issue (atrol) 0023906: [security] CVE-2018-6403: XSS in adm_config_report.php 'value' parameter (dregad)

0023918: [security] CVE-2018-6403: XSS in adm_config_report.php 'value' parameter (dregad)

0023710: [code cleanup] Remove usage of deprecated function __autoload (vboctor) 0022789: [api rest] Support retrieving user defined filters (vboctor) 0009007: [time tracking] Billing summary does not include sub-projects (community) 0022790: [api rest] Support standard filters defined by the system when retrieving issues (vboctor) 0023679: [administration] Limit change of impersonation threshold to global config (atrol) 0023690: [api rest] Support deleting filters (vboctor) 0023722: [time tracking] Don't print time tracking buttons and export links (community) 0023723: [time tracking] Support configurable default billing rate (community) 0023724: [time tracking] Removed useless collapse icon with duplicated title in billing report (community) 0023742: [html] Broken url for MantisBT logo in admin section (community) 0023753: [ui] UI of Update Produkt Build page broken (atrol)

0022093: [administration] Reporter can´t change status of a bug (vboctor) 0021393: [administration] When disable "Update an issue", then "Assign to" become access deined. (vboctor) 0023719: [administration] The reporter can not solve or close the issue (vboctor) 0023721: [bugtracker] PHP error in change status page when user doesn't have access to private notes (vboctor)

0023640: [code cleanup] Usage of deprecated each() function (atrol) 0023639: [code cleanup] Unneeded code for non supported old PHP versions (atrol) 0023654: [api rest] Don't validate handler when updating issues without updating handler (vboctor) 0023658: [plug-ins] UI for protected plugins broken (atrol) 0023577: [api rest] REST APIs don't enforce required custom fields when reporting issues (vboctor) 0023578: [documentation] Document need for consistency between "normal" and "datepicker" date formats (dregad) 0012602: [custom fields] Default value for a date don't work (vboctor) 0019482: [custom fields] Using custom fields (date) with default value and required on resolve displays an error (vboctor) 0023466: [db mysql] database is not supported by PHP. Check that it has been compiled into your server. (atrol) 0023572: [code cleanup] Unneeded code for unsupported database types (atrol) 0023573: [code cleanup] Unneeded code for option meta_include_file (atrol) 0023575: [api rest] Category lookup is case sensitive (vboctor) 0023579: [api rest] Internal Server Error 500 when category doesn't exist (vboctor) 0023594: [custom fields] Reporting an issue with default date {now} that is not visible doesn't work (vboctor) 0023616: [api rest] Support exporting issue history (vboctor) 0023620: [api rest] PHP error on getting issues when user doesn't have access (vboctor) 0023625: [code cleanup] Function require_lib contains code to search in vendor folder (atrol) 0023626: [performance] Unneeded code executed when retrieving global settings (atrol) 0023630: [administration] Some check boxes on Manage Configuration > Workflow Threshold page are not centered (community) 0023645: [other] No preview of ANSI encoded text files that contain German Umlauts (atrol) 0023648: [api rest] Leverage ETag headers when getting issues (vboctor) 0023650: [api rest] Leverage If-Match when deleting issues (vboctor) 0023653: [api rest] Leverage If-Match when updating issues (vboctor) 0023657: [api soap] mc_issue_update returns bug is read only on status update (atrol) 0023576: [api rest] Issues created via REST API with date custom fields fail (vboctor) 0023692: [authentication] Token API does not work with config show show_realname (dregad)

0023599: [bugtracker] Access denied when updating bugs (atrol)

0023561: [api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)

0023474: [custom fields] Empty numeric fields should be display as empty rather than 0 (community) 0023555: [ui] Bugnote text area not styled correctly when private by default (vboctor) 0023560: [bugtracker] Notes added via change status / edit always market private when private by default (vboctor) 0023396: [api rest] REST API Issue update support (vboctor) 0023446: [performance] Unneeded files delivered if Mantis Graphs plugin is enabled (atrol) 0023451: [performance] Unneeded code delivered to support unsupported IE9 (atrol) 0023460: [ui] Useless UI element on manage_proj_page (atrol) 0023475: [custom fields] Empty float fields should be displayed as empty rather than 0 (community) 0023477: [api soap] Updating issues via APIs should trigger email notifications (vboctor) 0023483: [bugtracker] Auto-refresh shouldn't update last visited (atrol) 0023488: [code cleanup] Usage of deprecated constant (atrol) 0023494: [html] Wrong class name for tags output (atrol) 0023517: [administration] Remove unused config option inline_file_exts (community) 0013126: [plug-ins] Add plugin event EVENT_BUG_ACTIONGROUP_FORM (cproensa) 0016133: [custom fields] Numeric field accepts floats and displays them as numeric (vboctor) 0021225: [bugtracker] resolving parent issues inconsistency (community) 0022441: [bugtracker] Notes are not in the correct order after cloning an issue (cproensa) 0022842: [code cleanup] Remove php_version_at_least() function from PHP API (dregad) 0023493: [email] DomainKeys Identified Mail (DKIM) Signatures (community) 0023503: [bugtracker] Handler user is visible even if view_handler_threshold is configured to not allow (cproensa) 0023516: [api rest] Enable REST API by default (vboctor) 0023518: [bugtracker] "show_assigned_names" configuration is not applied correctly in view_all_bug_page (cproensa) 0023528: [filters] Filter "advanced" mode is reset after sorting through column headers (cproensa) 0023537: [api rest] Facilitate troubleshooting REST API by displaying detailed errors (dregad) 0023543: [email] Update PHPMailer to v5.2.25 (vboctor) 0023542: [code cleanup] Force composer to honor PHP compatibility advertised for MantisBT (vboctor)

0023507: [authentication] Users can't change their password when it is blank (dregad) 0023512: [html] Custom field type checkbox with required status, force to check all checkboxes to proceed (atrol) 0023544: [installation] Unattended upgrade is broken after moving to Composer (vboctor)

0023395: [db oracle] Performance issue reading config table with oracle database (cproensa) 0009120: [custom fields] Numeric Custom fields on View All don't sort correctly (atrol) 0023324: [performance] Generated css, js code should be cached by browser (cproensa) 0023323: [reports] Wrong filter links on summary page (atrol) 0023378: [installation] Installation fails when using old but still allowed PHP version 5.3 (atrol) 0022310: [html] Use HTML5 "required" attribute for required form fields (community) 0023381: [code cleanup] Unneeded code for unsupported PHP versions (atrol) 0023420: [relationships] Resolving as duplicate adds reporter and handler to monitoring list (atrol) 0023225: [authentication] Token API does not work with config show show_realname (dregad) 0022872: [ui] Make some buttons visible only when hovering on relevant container (cproensa) 0023251: [timeline] Timeline in view user page resets the user id after dates navigation (cproensa) 0021654: [code cleanup] Deprecate access_has_any_project() (cproensa) 0022870: [ui] buttons without separation (cproensa) 0022871: [ui] print_form_button() does not render inline buttons (cproensa) 0023216: [tagging] Make tag view threshold work at project level (cproensa) 0023242: [code cleanup] Function project_get_local_user_access_level() is redundant (cproensa) 0023248: [ui] Project selection dropdown focus on current selection (cproensa) 0023267: [ui] Misplaced "Reset Prefs" button in user prefs with narrow screen (dregad) 0023301: [api rest] Request an issue in the REST API fail without warning if an enumeration is missing. (community) 0023310: [performance] Unused CSS delivered (atrol) 0023331: [code cleanup] New user_get_username() API function (dregad) 0022182: [ui] Burger menu is sometimes visible without functionality (cproensa) 0022492: [ui] Regression: Resolved/Closed issues are not shown with a line-through (strike-through) (community) 0023264: [api rest] Custom fields not been saved when adding issue through the Rest API (community) 0023268: [db oracle] Error filtering custom fields of type date (cproensa) 0023311: [filters] "View issues" on changelog page does not show closed issues (atrol) 0023367: [plug-ins] Add no-op upgrade step in plugin_upgrade() (dregad) 0023382: [customization] Login logo image not configurable by css (cproensa) 0023393: [administration] Provide some basic operating environment information on manage_overview_page (atrol) 0023411: [performance] Unneeded string copies in general text processing (atrol) 0023425: [reports] PHP errors and warnings when running Issue Trend report (atrol) 0021913: [tagging] Unprivileged user can see related tags from private issues (cproensa) 0022053: [plug-ins] Implement logging functionality for plugins (cproensa) 0022245: [ui] Collapsed menu entry no clickable in complete visible area (atrol) 0023241: [filters] Error when changing sort order in filters, due date field only (cproensa) 0023243: [ui] Narrow space between checkbox/radio button and label (dregad) 0023249: [feature] When logging the caller function, also print the class name if it's a class method (cproensa) 0023377: [other] Textarea custom field entry missing from email (atrol) 0023436: [filters] Editing a stored filter can't update projects property (cproensa) 0023443: [custom fields] Fixes related to custom fields on filters, columns and visibility (cproensa)       0005713: [custom fields] Custom fields of subprojects are shown in filter for "All projects" but not in parent project. (cproensa)       0006872: [custom fields] Sort of custom fields does not use data type (cproensa)       0016358: [filters] Custom field filter does not recusrively read all items from sub-projects (cproensa)       0016359: [filters] Custom field filters does not take user access rights into account (cproensa)       0019385: [filters] Filtering custom field show bugs from projects where this custom field has been removed (cproensa)       0023223: [filters] Custom fields filter does not account for read access at project level (cproensa)       0023232: [filters] Custom field is showed in filter when the user has not view access (cproensa)       0023233: [custom fields] Issues returned by filter has linked custom fields that are not available as columns (cproensa)       0023260: [custom fields] Custom fields of type date are not sorted correctly (cproensa)       0023265: [custom fields] Filter selection for numeric custom fields aren't sorted correctly on distinct values list (cproensa)       0023266: [custom fields] Filter selection for numeric custom fields show values not coherent with custom field type (cproensa)

0023202: [ui] Questionable order and functionality of top buttons on "View Issue" page (atrol) 0022984: [ui] Calendar doesn't show the correct date the first time it opens (dregad) 0022730: [ui] 'Manage Configuration' tab usually does not highlight (dregad) 0022813: [customization] Field is appearing in email notification but not used in UI. (joel) 0022967: [ui] Questionable display of "Access Denied" on view_user_page (atrol) 0022981: [ui] Display of hardcoded string on view_user_page if e-mail address is empty (atrol) 0022987: [code cleanup] Replace hardcoded language strings by translatable ones (dregad) 0023061: [ui] print_manage_menu() does not highlight active plugin pages (dregad) 0023116: [html] Due date field not displayed correctly when editing ticket (community) 0023141: [html] Unused CSS delivered (atrol) 0012313: [attachments] Can't open image attachments in browser windows (dregad) 0022913: [email] Update disposable-email-checker to v3.0.1 using Composer (vboctor) 0022939: [code cleanup] Use Parsedown library v1.6.2 via Composer (vboctor) 0022940: [code cleanup] Update PHPMailer from 5.2.22 to 5.2.24 and use Composer (dregad) 0023087: [filters] Removing "Report an issue" permission removes user from Monitoring filter dropdown (atrol) 0023150: [html] Unused code and unused CSS delivered for obsoleted functionality (atrol) 0023159: [ui] Graph display is too faint and blurred (atrol) 0021807: [ui] The required fields are not explicitly visible when updating, resolving or closing an issue (community) 0023143: [api rest] Support adding notes via REST API (vboctor) 0022158: [time tracking] Time tracking report excludes issues with no category assigned (cproensa) 0022919: [time tracking] Time Tracking "auto count" is giving the wrong elapsed time (dregad) 0023112: [custom fields] Custom fields badly filtered when multi-projects (cproensa) 0023131: [api rest] /api/rest/projects doesn't return child projects (vboctor) 0023139: [api rest] Notes returned by /issues REST API have incorrect timestamps (vboctor) 0023144: [api rest] Support issue id as part of the path for REST API (vboctor) 0023145: [api rest] Support deleting notes via REST API (vboctor) 0023184: [bugtracker] AJAX calls with invalid endpoints fail with syntax error (dregad) 0023187: [email] Update PHPMailer v5.2.23 to v5.2.24 (vboctor) 0023188: [bugtracker] Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor) 0023189: [markdown] Update Parsedown 1.6.2 to 1.6.3 (vboctor) 0023190: [code cleanup] Update PhpUnit from 4.8.35 to 4.8.36 (vboctor) 0023191: [time tracking] Unable to access time tracking reports (atrol) 0023204: [performance] Unused and inefficient code in function layout_print_sidebar (atrol) 0023227: [ui] When specifiying top_buttons display, the button on update screen has no styling. (atrol) 0023237: [performance] Project cache is not efficient with navbar project selection. (cproensa) 0012444: [bugtracker] bug_actiongroup_page, on copy, & move, poject combo lists projects wich the user has no rights (cproensa) 0021695: [ui] "notify user" check should be moved outside the form (cproensa) 0022291: [time tracking] Issue history box is narrower than other boxes above it on View Issue page (cproensa) 0022469: [time tracking] Enabling Time Tracking distorts View Issue Details page layout. (cproensa)

0023146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad) 0023166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol) 0023179: [security] Login page no longer warns about 'admin' directory being present (dregad) 0023181: [administration] Checks on login page are never executed if "admin" dir does not exist (dregad) 0023185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

0023175: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad) 0023186: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)

0022985: [installation] Initial installation does not continue after clicking install (dregad)

0022850: [ui] Installation page layout and style issues (dregad) 0022765: [api rest] Implement a test framework for REST API (vboctor) 0022766: [api rest] Enum name should reflect non-localized enum name and label for localized name (vboctor) 0022767: [api rest] Include status color in status enum value for issues (vboctor) 0022768: [api rest] Support retrieving issues based on filter or a project (vboctor) 0022769: [api rest] Note type should be note instead of timelog if time tracking is not accessible to user (vboctor) 0022770: [api rest] Change version from string to an object (vboctor) 0022771: [api rest] Due date access check should be based on project access level rather than global one (vboctor) 0022772: [api rest] Don't return eta info if feature is disabled (vboctor) 0022773: [api rest] Don't return projection info if feature is disabled (vboctor) 0022774: [api rest] Some access denied errors don't show user info correctly (vboctor) 0022775: [api rest] Rename date_submitted to created_at and last_updated to updated_at (vboctor) 0022776: [api rest] Sticky flag should be a boolean rather than a string (vboctor) 0022777: [api rest] Don't return sponsorship_total (vboctor) 0022778: [api rest] Don't allow setting version to an undefined version (vboctor) 0022779: [api rest] Don't return profile information if feature disabled (vboctor) 0022780: [api rest] Don't return platform, os, and os_build if disabled (vboctor) 0022782: [api rest] Don't return target_version if user doesn't have access to view roadmap (vboctor) 0022783: [api rest] Return 400 instead of server side error if summary, description or project fields are missing (vboctor) 0022788: [api rest] Support retrieving projects accessible to users (vboctor) 0022808: [api rest] Use GuzzleHttp for http requests (vboctor) 0021871: [performance] Improve db_fetch_array performance (cproensa) 0021994: [attachments] issue with attachments cannot be moved between projects with different upload directories (uploads saved in file system) (dregad) 0022809: [api rest] Upgrade Slim Framework from 3.7.0 to latest (3.8.1) (vboctor) 0022851: [installation] Installer should display sample table names based on table prefix/suffix settings (dregad) 0022852: [localization] [de] Incorrect label in German "Change status" form (atrol) 0022865: [code cleanup] Login page displays a PHP system notice when using BASIC_AUTH (dregad) 0022864: [code cleanup] phpdoc for 'print_link_button' has incorrect order of parameters (cproensa) 0022868: [other] PHP variable misspelt in html_api.php (dregad) 0022904: [db mssql] database_api: db_insert_id returns string not int (mssql) (dregad) 0022905: [code cleanup] The URL of the return button in breadcrumbs div has a trailing '?' (dregad) 0022925: [time tracking] Time Tracking - issue (atrol) 0022928: [administration] $g_anonymous_account is case sensitive, preventing normal users from logging in (vboctor) 0022933: [timeline] Confusing entry in timeline when removing other users from monitoring list (atrol)

0022923: [authentication] Logout page on authentication plugins never gets called (community) 0022926: [custom fields] Custom Fields - Date: Field does not show date (view.php), shows other text (vboctor) 0022937: [custom fields] Custom fields of type Email are not properly displayed (vboctor) 0022950: [custom fields] Custom Fields of Type Text showing Link (Url) as Text only (vboctor)

0022428: [markdown] CSV and Excel exports with markdown on (vboctor) 0022906: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad) 0022909: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad) 0022867: [markdown] Markdown formatting is broken for notes column on View Issues page (vboctor)

0022907: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad) 0022908: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad)

0020168: [db schema] Use of 'mantis' as plugin table prefix prevents plugin's installation (dregad) 0022702: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad) 0022816: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)

0022452: [ui] Create new project button (community) 0021558: [ui] log destination for page produces messed output (syncguru) 0022665: [documentation] Wrong documentation of option bug_resolution_fixed_threshold (atrol) 0022689: [bugtracker] HTTP_X_FORWARDED_PROTO is not honored when loading Gravatar (vboctor) 0022744: [signup] Signup is not working on mantisbt.org/bugs (vboctor) 0022740: [performance] Allowed memory size of 268435456 bytes exhausted (vboctor) 0004235: [authentication] Support Generic Authentication through Plug-ins (vboctor) 0022140: [administration] Getting error dialog when reporting issues and file upload is disabled (cproensa) 0022635: [time tracking] Empty notes with time tracking show as empty notes for users that can't view time tracking (vboctor) 0022673: [attachments] Dropzone uploads files when submitting other forms (cproensa) 0022762: [api rest] Bug in error handling when user doesn't have access level to handle issue (vboctor)

0022742: [security] CVE-2017-7897: XSS in timeline_inc.php (affects my_view_page.php and view_user_page.php) (dregad) 0022743: [timeline] Timeline "More Events" button also acts as "Next" button (dregad) 0022746: [authentication] Lost password redirects to login page if email address is empty and anonymous access is disabled (vboctor)

0022700: [localization] Due Date in bug_change_status_page.php (cproensa) 0022653: [filters] Regression: Filter by date broken (cproensa) 0022739: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)

0022738: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)

0022690: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)

0022585: [timeline] Show timeline for specific user (cproensa) 0022507: [ui] On Edit Filter page, 'Filter name' input field is too narrow (dregad) 0022445: [ui] Manage users page does not show filters '0'-'9' as selected (atrol) 0022474: [administration] "Obsolete configuration" warnings when running admin checks (atrol) 0022499: [documentation] Document reuse of language strings (dregad) 0022501: [ui] Enhance layout of "View Issue Details" page (atrol) 0022505: [ui] Enhance layout of "Updating Issue Information" (atrol) 0022506: [attachments] Error updating project document (atrol) 0022423: [html] ID attribute for bugnote_text (community) 0022541: [localization] Enhance wording in manage_config_email_page.php and manage_config_work_threshold_page.php pages (atrol) 0022548: [ui] Remove unnecessary 'center' class from textarea in bugnote edit page (community) 0022571: [html] Add ID attribute for bugnote_text textarea (community) 0022572: [documentation] Wrong default value in documentation of "g_show_version" (atrol) 0021552: [ui] My account preferences: move project list outside the form (cproensa) 0022543: [ui] Open images in the browser rather than download them (vboctor) 0022582: [relationships] Relationships box layout is not right for reporters (vboctor) 0022583: [attachments] Open PDFs in the browser rather than downloading them (vboctor) 0022473: [plug-ins] Avatars should respect image aspect ratio (community) 0022590: [ui] Broken javascript and missing footer in My View Page (cproensa) 0022593: [plug-ins] Broken Snippet plugin (vboctor) 0022598: [api rest] REST API Framework (vboctor)       0022599: [code cleanup] Use composer to pull in dependencies (vboctor)       0022600: [api rest] Enable plugins to publish their own REST APIs (vboctor)       0022601: [api rest] Support using REST API from Web UI Javascript (vboctor)       0022602: [api rest] Provide a sandbox for interacting with REST API using Swagger UI (vboctor) 0022617: [code cleanup] Unneeded CSS file calendar-blue.css (atrol)

0022545: [markdown] Markdown still converting '& amp;' to & and '& lt;' to < (dregad) 0022392: [filters] Sorting all bugs list using a column header after applying a filter resets the filter (cproensa) 0022496: [filters] Permalink does not work with "Note By" (cproensa) 0022566: [filters] Filter error due to "view status" having an array value (cproensa) 0022555: [filters] Regression in custom field sorting (cproensa) 0022613: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad) 0022615: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad) 0022333: [markdown] Markdown starts heading in the middle of a line (joel)

0022063: [db mssql] Installation on MSSQL fails at step 209 (dregad) 0022568: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad) 0022579: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad) 0022208: [db mssql] File upload to MS-SQL not working (dregad)

0022612: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad) 0022614: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)

0022562: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad)

0022564: [security] CVE-2017-6799: XSS in view_filters_page.php (dregad) 0022565: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad) 0022563: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)

0022537: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad) 0022468: [other] Resolution changes in some cases when closing issues (atrol)

0022246: [markdown] Markdown is converting '&' signs to (ampersand[amp;]) inside code block or backtick as well (joel) 0022497: [security] CVE-2017-6799: XSS in view_filters_page.php (dregad) 0022561: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad) 0022442: [printing] System error when opening Print reports (dregad) 0022479: [administration] Can't edit a project's name changing only accents a on MySQL (dregad) 0022510: [installation] Attempting to connect to database as admin BAD despite valid userid and password (dregad)

0021881: [javascript] Remove jquery-ui is not longer used in Modern UI (syncguru) 0022256: [javascript] Unbundle JS libraris from Ace theme files (syncguru) 0022401: [installation] Installer displays horizontal blue line under "Checking installation" section header (dregad) 0022361: [relationships] Trigger notifications on related issues when an issue is deleted (vboctor) 0022400: [installation] Installer does not show "GOOD" status for DB connections (dregad) 0021796: [ui] inline attachments should be directly visible (dregad) 0021724: [ui] Improve visibility of status colors (syncguru) 0008313: [relationships] More work needs to move to Relationship APIs (vboctor) 0016933: [relationships] Deleting relationship should set target bug's last updated (vboctor) 0021619: [code cleanup] Use constants instead of hardcoded values for filter view types (dregad) 0021897: [ui] Unaligned color coding of status (syncguru) 0022273: [javascript] Enable CDN support for dropzone.js (syncguru) 0022296: [code cleanup] Options in $g_public_config_names are not sorted (atrol) 0022316: [code cleanup] Duplicate code to display the filter view type toggle menu item (dregad) 0022360: [relationships] relationship_add() doesn't return bug relationship information (vboctor) 0022362: [relationships] Use bin icon instead of 'delete' button to delete relationships (vboctor) 0022363: [relationships] Setting a duplicate id should update relationship with target issue if already exists (vboctor)

0022302: [filters] Permalink does not work with tags (cproensa) 0022266: [security] CVE-2017-7222: Sanitize window title (vboctor) 0022288: [bugtracker] Due date current value doesn't show in change status form (syncguru) 0022326: [time tracking] g_time_tracking_without_note has no effect (vboctor) 0022347: [filters] Filter allows to sort on non sortable fields (cproensa) 0022359: [ui] Enhance filter box UI (syncguru) 0022369: [filters] Recently Modified box on View Issues page does not display closed issues (cproensa)

0022107: [plug-ins] EVENT_MENU_MAIN does not support relative paths (dregad) 0022114: [tools] Travis builds should reflect supported PHP versions (dregad) 0022157: [installation] Incorrect Error Message on MSSQL installation (atrol) 0022168: [webpage] HTTPS for powered by-link (atrol) 0022230: [news] PHP system notice on News page (vboctor)

0022175: [markdown] Markdown converting '<' within backticks to & lt; (joel) 0005731: [feature] search function for projects (vboctor) 0021551: [administration] Manage Users pagination loses filter letter (community) 0021935: [filters] Filter api refactoring, manage stored filters (cproensa)       0006823: [filters] Date filter should work with "last update", too (community)       0021618: [code cleanup] Duplicate code to determine the default view type (cproensa)       0006732: [administration] Sorting issue lists isn't stable (each sort scrambles previous sort) (cproensa)       0008626: [filters] Filter forgets custom date filtering (cproensa)       0017852: [filters] Tags is showing on its own row in filter box (cproensa)       0021031: [filters] Rewrite the filter box form (cproensa)       0021032: [filters] Setting $g_filter_custom_fields_per_row to other than default can cause empty cells in filter box (cproensa)       0021592: [filters] Unknown column 'mantis_bug_table.tags' (cproensa)       0021827: [filters] Displaying date filter values : month always displayed in text (english) (community)       0003803: [filters] Provide a way to update a saved filter (cproensa)       0006042: [filters] Switching to "Advanced Filters" hides "Hide Status" and ignores setting (cproensa)       0006551: [customization] Manage custom filters (cproensa)       0007708: [feature] Feature: multiple sorting of problem informations (cproensa)       0011007: [filters] After setting $g_view_filters = ADVANCED_ONLY in config_inc.php can still end up in simple filter mode. (cproensa)       0020493: [filters] Wrong hide_status value on column sorting (cproensa)       0020624: [filters] Filter shown inconsistent after changing from advanced to simple (cproensa)       0020882: [filters] Filter by date inputs are shown disabled (cproensa)       0021029: [bugtracker] Trigering a DEPRECATED error from the page body fails (cproensa)       0021044: [performance] my view page, $t_hide_status_default consitency (cproensa)       0021811: [filters] Advanced filter shows icorrect fields (cproensa)       0009213: [filters] manage filter (cproensa)       0009301: [filters] Add support for updating a current filter (cproensa)       0018045: [ui] Changed ordering of fields on View Issues page (cproensa)       0019700: [filters] Filters table on the view_all_bug_page.php shows empty lines when $g_enable_profiles is set to OFF (cproensa)       0021814: [filters] plugin filter fields dont work with dynamic input (cproensa) 0022209: [bugtracker] Adding a custom field to a project makes the filter for this project unusable (atrol) 0011604: [change log] Versions marked as obsolete appear on change log page (vboctor) 0022164: [markdown] Font for quoted string in markdown is too large (joel) 0022172: [markdown] Markdown not displaying single line breaks (joel) 0022113: [localization] translatewiki.net integration updates (dregad) 0022169: [attachments] File upload not working when $g_allowed_files is set (atrol) 0022171: [plug-ins] Redefine plugin version requirements (dregad) 0022179: [markdown] Markdown is eating apostrophe / single quote (joel) 0022204: [markdown] News headlines are parsed with markdown, though they should not be (vboctor) 0022205: [plug-ins] Specifying plugin authors as array triggers 'Array to string conversion' (dregad) 0022206: [plug-ins] Improve documentation for plugins (dregad) 0022221: [documentation] Documentation: update 'Database tables' section (dregad) 0022232: [email] Email verbose notifications should be OFF by default (vboctor) 0022237: [code cleanup] Remove references to 'register_globals' (dregad) 0022239: [ui] checkbox for personal setting "E-mail Full Issue Details" still using old style (dregad) 0017920: [markdown] Native markdown support (joel) 0022131: [timeline] Remove yellow background in timeline date range (dregad)

0020040: [security] Replace jscalendar by a newer widget (syncguru) 0022059: [ui] Missing leading zeroes in due date display (dregad) 0021841: [installation] Minimum requirements for 2.x releases (dregad) 0021927: [administration] System utilities page for moving attachments should support move all attachments (joel) 0021925: [ui] Incorrect text for the remove file button in the file upload dropzone (dregad) 0021965: [documentation] Section 2.2.2.1 Admin Guide: Misaligned row in Table (dregad) 0022064: [javascript] datetime picker does not work if 'cdn_enabled' is ON (community) 0021962: [ui] Due Date calendar icon wraps below the field (syncguru)

0021758: [administration] System utilities page for moving attachments not styled correctly in modern ui (joel) 0021840: [html] Add missing closing <div> in layout_api.php (syncguru) 0021854: [authentication] Re-authenticating when visiting manage page should re-use login page (vboctor) 0021861: [ui] Remove black bar from login page when it is empty (vboctor) 0021815: [code cleanup] print_button() has changed definition from v1.3 (cproensa)

0021727: [attachments] Show attachments inline with notes (vboctor) 0021651: [security] Dropzone has inline scripts in View Issue page (syncguru) 0021806: [attachments] Attachment dropzone missing from notes when user doesn't have access to set view state (vboctor) 0021829: [email] Fix $g_mail_priority disabling and default to disabled (vboctor) 0021669: [security] Charts have inline scripts (syncguru) 0021715: [mobile] Menu and buttons missing for mid size browser window (syncguru) 0021722: [attachments] Issues with '+' button to view attachments inline (dregad) 0021736: [ui] Display real name in breadcrumb div (atrol) 0021743: [attachments] Attach files dropzone is not working (vboctor) 0021754: [mobile] Main navigation has no action / does not expand when clicked on (syncguru) 0021794: [mobile] Hide 'View Issues' buttons on small screens (syncguru) 0021805: [javascript] Javascript errors on login page (community)

0020102: [ui] Support switching saved filters and free text search when filter box is collapsed (syncguru) 0021697: [ui] Clearer distinction between private and public notes (joel) 0021684: [ui] Account verify page layout broken (joel) 0021121: [ui] Project selection not usable with large number of projects (syncguru) 0021681: [ui] Breadcrumbs bar does not respect $g_show_realname (dregad) 0021603: [code cleanup] Publish full source code of ACE template (syncguru) 0021653: [reports] Graphs broken (vboctor) 0021682: [ui] "Operation successful" confirmation message partially hidden (dregad) 0021683: [ui] Standardize "operation successful" messages (dregad) 0021689: [code cleanup] Obsolete icon_path configuration (atrol) 0021710: [ui] Incorrect display on Bug report confirmation page (dregad) 0021704: [ui] Report Stay checkbox shows broken layout on action page (dregad) 0021721: [ui] Missing tooltips on issue id (dregad) 0021723: [bugtracker] Redirect to report page when creating a new issue with "report stay" checked (dregad) 0021726: [ui] Page bottom displayed behind Sidebar in API Tokens page (community) 0021728: [performance] Unneeded tooltip information on Summary page (dregad)

0021112: [performance] Unneeded tooltip information on "My View" page (syncguru) 0021650: [security] Content-Security-Policy is disabled in 2.0.0-beta.1 (vboctor) 0021111: [localization] Language strings contain double quotes (syncguru) 0021114: [ui] Manage users page action buttons appears on 2 rows when showing 'Unused' (syncguru) 0021117: [ui] Plugin dependencies are no longer color-coded (syncguru) 0021119: [ui] Wrong alignment of field on "Summary" page (syncguru) 0021123: [ui] Waste of vertical space on "My View" page (syncguru) 0021137: [ui] Questionable display of sub-projects in project menu bar (syncguru) 0021139: [ui] Display of file type icon broken on print_bug_page (syncguru) 0021223: [ui] "Report Issue" button on top toolbar should be hidden for VIEWER/anonymous users (vboctor) 0021224: [ui] Login and Signup buttons in top header don't work for anonymous users (vboctor) 0021397: [plug-ins] Plugin menu options don't show in main menu (vboctor) 0021398: [ui] My Account - Manage Columns actions page broken (syncguru) 0021400: [ui] Collapse settings are not saved by modern UI (syncguru) 0021405: [wiki] Wiki integration broken (vboctor) 0021414: [customization] Config menu options don't show in main menu (vboctor) 0021575: [reports] Graphs for enums (e.g. status) can break when an enum has 0 occurences (vboctor) 0021599: [ui] The test results in Admin Check results are no longer colored (dregad) 0021602: [administration] Admin: "Upgrade your installation" shown even when schema is up-to-date (syncguru) 0021609: [news] Page broken after updating news (atrol) 0021622: [administration] Alert messages are not styled correctly (syncguru) 0021638: [ui] Tables in Workflow Transitions page seems deformed (syncguru) 0021642: [ui] Highlight due date when the date has passed (syncguru) 0021644: [ui] Don't offer "My Account" in menu when being logged in as protected user (dregad) 0021647: [filters] New to restyle 'filter deleted' page (vboctor)

0020240: [ui] Footer issue: problem + solution (syncguru) 0008503: [feature] Have "send reminder" as a button rather than a not so visible link at the top of the issue (atrol) 0021115: [ui] Manage users page always shows filter '0' as selected (dregad) 0021140: [db schema] Remove DB2 support (atrol) 0020907: [ui] Report stay doesn't work in modern UI (vboctor) 0005851: [reports] X-Labels truncated in by Category Graph (vboctor) 0006663: [reports] I'm seeing three JPGraph-related problems (vboctor) 0007342: [reports] synthesis graphs by category: many "big" categories hide pie by legend (vboctor) 0007343: [reports] synthesis graphs by category: page not long enough for legend with a lot of categories (vboctor) 0007991: [reports] Graphs not centered (vboctor) 0010403: [reports] The legend on JPGraph graphs overlays the graph (vboctor) 0012159: [reports] By Developer, By Reporter and By date graph problems (vboctor) 0012384: [reports] Graph text being truncated (vboctor) 0012483: [reports] Jp graph not dispalying (vboctor) 0012725: [reports] Solution to "font file not readable/does not exist" seems not to work for JPGraph (vboctor) 0012825: [reports] Modern graphs using javascript graphing library (vboctor) 0012967: [reports] Category jpGraph not displayed (vboctor) 0013097: [reports] Graphs not working (vboctor) 0013160: [reports] Labels on x-axis in summary graphs too small and cropped (ezcLibrary) (vboctor) 0013879: [reports] Graph plugin uses hard coded font list; ignores any other (vboctor) 0014232: [reports] Advanced summary bad display (vboctor) 0015246: [reports] JPGraph 3.5.x anti aliasing error in Ubuntu (vboctor) 0017493: [reports] Graphs are not working out of the box (vboctor) 0021134: [relationships] Use of undefined constant when displaying relationship graphics (atrol) 0021177: [reports] Jpgraph doesn't work (vboctor) 0011671: [reports] 3 graphs couldnot display in the page of 'summary_jpgraph_page.php' (vboctor) 0017919: [ui] Modernize Mantis UI (syncguru) 0020286: [javascript] Missing JavaScript libraries (syncguru) 0020118: [ui] pen icon ancient (syncguru) 0020182: [custom fields] wrong field name for custom field parameter (syncguru) 0021130: [tagging] Usage of undefined function html_page_bottom (syncguru) 0021131: [signup] Usage of undefined functions in verify.php (vboctor) 0021214: [bugtracker] Update jQuery to 2.2.4 (community) 0021215: [bugtracker] Update FontAwesome to 4.6.3 (community) 0021216: [bugtracker] Upgrade Bootstrap to 3.3.6 (community) 0021217: [bugtracker] Use cross origin anonymous and check integrity when loading form CDN (community) 0021221: [ui] Fully localize drag and drop to attach (community) 0021220: [ui] Lost password form doesn't have labels or placeholder text (vboctor) 0021222: [ui] Drag and drop should honor 'allowed_files' config option (community) 0019590: [attachments] Attach via drag-and-drop (syncguru) 0021279: [administration] Fix error when going to Manage - Workflow Transitions and clicking update (vboctor)