Not Yet Released
0024416: [migration] need help to migrate the Mantis 1.0.8 that my current company has to the latest version of 2.14.0. (dregad)
0024564: [timeline] Missing display of events in Timeline if All Projects is selected (atrol)
0024578: [documentation] Documentation: PHP documentation link: "installation.php" -> "install.php" (dregad)
0024579: [documentation] Documentation: Admin Guide: Installation: Broken Link "Microsoft IIS", is now (dregad)
0023978: [ui] Fonts are not rendered correctly in Windows clients (atrol)
0023992: [ui] Font = Times News Roman after Upgrade from v2.7.0 (atrol)
0024553: [performance] Performance enhancement of config_get_global function (atrol)
0024552: [code cleanup] Code Cleanup (atrol)
0024501: [installation] MantisBT on Windows - Check for php_fileinfo.dll enabled on php.ini (atrol)
0021376: [db schema] Error in upgrade process 1.2.17 --> 1.3.0 (dregad)
0024523: [performance] Unneeded information in Change Log and Roadmap (atrol)
11 issues View Issues
Released 2018-06-05
0024437: [filters] Cannot save private filter if not allowed to save shared filter (community)
0024496: [wiki] URL encoding precludes reasonable wiki root_namespace values (community)
0024242: [bugtracker] Incorrect issue status setting when changing status (vboctor)
0024388: [api rest] Support create project versions via REST API (vboctor)
0024398: [tagging] Exception Missing Class (atrol)
0024432: [security] Update-Blocker:User-ID instead of Realname 0024139 as due to security policy requirements which prohibit IDs in mails and masks (atrol)
0024435: [filters] show_user_realname_threshold is not considered when sorting by reporter or handler (atrol)
0024436: [ui] Selecting users is not easy if show_realname is set to ON (atrol)
0024470: [other] System warning if $g_log_destination = 'page' when using PHP 7.2 (atrol)
0024462: [api soap] Error while querying for issue header with PHP 7.2 (atrol)
0024476: [performance] Unneeded <meta> tag in <head> section (atrol)
0024139: [ui] $g_show_realname for making usernames private (atrol)
12 issues View Issues
Released 2018-04-30
0024192: [bugtracker] Update ADOdb to 5.20.12 (dregad)
0024236: [code cleanup] IssueAddCommand Prevents API Folder Removal (atrol)
0024174: [code cleanup] E_DEPRECATED error on php7.2: each() function (dregad)
0024196: [api rest] Update Slim Framework from 3.8.1 to 3.9.2 (vboctor)
0024197: [api rest] Update GuzzleHttp from 6.3.0 to 6.3.2 (vboctor)
0024220: [documentation] Wrong documentation of datetime_picker_format in Admin Guide (atrol)
0024325: [code cleanup] Code Cleanup (atrol)
0024326: [documentation] Wrong documentation of my_view_boxes in Admin Guide (atrol)
0024333: [api rest] Support getting a single project via REST API (vboctor)
0024336: [administration] Plugin priority changed without being changed by user interaction (atrol)
10 issues View Issues
Released 2018-04-29
Maintenance release for 2.13.x series.
0024221: [security] CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality (dregad)
0024233: [markdown] Markdown quoting rendered with broken HTML (atrol)
0024239: [email] Inconsistent realname display (atrol)
0024335: [api rest] Get all filter or specific filter returns incorrect information (vboctor)
0024343: [api rest] REST API returns too much info for default category handler (vboctor)
0024346: [api rest] Don't show category default handler for users that can't manage the project (vboctor)
0024349: [api soap] API method mc_filter_get does not work (vboctor)
0024353: [code cleanup] mb_internal_encoding no longer being set because of removal utf8 library (atrol)
0024355: [bugtracker] SYSTEM WARNING 'count(): Parameter must be an array or an object that implements Countable' in 'IssueNoteAddCommand.php (atrol)
9 issues View Issues
Released 2018-04-29
Security fixes release for 1.3.x series.
0024365: [security] CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality (dregad)
1 issue View Issues
Released 2018-04-04
Maintenance release for 2.13.x release series.
0024202: [markdown] Broken rendering of @ mentions, # issue and ~ note links (atrol)
1 issue View Issues
Released 2018-04-04
Maintenance release for 2.12.x release series.
0024201: [markdown] Broken rendering of @ mentions, # issue and ~ note links (atrol)
1 issue View Issues
Released 2018-04-01
Feature release
0024128: [administration] Unable to start system check or installation with wrong PHP version (atrol)
0010853: [filters] In View Issues list, several columns are sorted by Id instead of display value (cproensa)
0021404: [filters] System Error on changing filters (dregad)
0023998: [code cleanup] Implement IssueAddCommand and use it from SOAP, REST and Web UI (vboctor)
0016070: [email] Delay due to Mantis trying sending emails to non existent address (vboctor)
0023498: [filters] Filtering "note by" with "none" does not return any result (cproensa)
0007264: [filters] Not able to filter issues that have no relationship assigned (cproensa)
0008167: [filters] Filter settings saved when using Anonymous account (cproensa)
0008204: [filters] Filters not remembered when clicking through from "My View" (cproensa)
0022785: [api rest] Support adding attachments when reporting issues (vboctor)
0023214: [performance] Remove usage of outdated phputf8 library (atrol)
0023999: [code cleanup] Implement IssueDeleteCommand and use it from SOAP, REST, and Web UI (vboctor)
0024000: [api rest] Add Issue REST API doesn't trigger EVENT_REPORT_BUG_DATA plugin event (vboctor)
0024001: [api soap] Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG_DATA plugin event (vboctor)
0024002: [api rest] Add Issue REST API doesn't trigger issue_create_validate custom function (vboctor)
0024003: [api soap] Add Issue SOAP API doesn't trigger issue_create_validate custom function (vboctor)
0024004: [api rest] Add Issue REST API doesn't trigger issue_create_notify custom function (vboctor)
0024005: [api soap] Add Issue SOAP API doesn't trigger issue_create_notify custom function (vboctor)
0024006: [api rest] Add Issue REST API doesn't trigger EVENT_REPORT_BUG plugin event (vboctor)
0024007: [api soap] Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG plugin event (vboctor)
0024008: [api rest] Add Issue REST API doesn't add the issue to recent list (vboctor)
0024009: [api soap] Add Issue SOAP API doesn't add the issue to recent list (vboctor)
0013177: [filters] On ‘View Issues’ Page the filter does not allow user to select ‘blank’ ('No Category') Category (cproensa)
0021865: [filters] Filter out duplicated issues (cproensa)
0021867: [filters] Filter filed "relationships" resets its value when "duplicate of" is selected (cproensa)
0023476: [bugtracker] Can't login if admin directory has restricted access (atrol)
0023499: [filters] Filtering with "note by" shows results from private notes for unprivileged users (cproensa)
0023500: [filters] Search filter returns matches in private notes for unprivileged users (cproensa)
0023501: [filters] Filter "monitored by" does not have option for "none" (cproensa)
0023502: [filters] Filter "assigned to" does not account for configuration "view_handler_threshold" (cproensa)
0023504: [filters] Filter "monitored by" does not account for configuration "show_monitor_list_threshold" (cproensa)
0023506: [filters] Filter tags inconsitent with OR filter operator (cproensa)
0023538: [filters] Filter field for relationship bug id is set to -1 by default (cproensa)
0023549: [db mysql] Entering Emojis in comments with a user mention crashes with an error (atrol)
0024042: [filters] filter on relationships mistuned by switching sort order (cproensa)
0024056: [custom fields] Custom Fields of type "Textarea" cannot contain more than 255 chars due to bug_history table (atrol)
0024089: [authentication] POST request to login_password_page.php return 405 when admin folder is deleted or access restricted (atrol)
0024140: [filters] Application error 401: "ORDER BY clause is not in SELECT list" when sorting by category or project (cproensa)
0022376: [documentation] Wrong documentation of string customization (atrol)
0023161: [timeline] Show File Attachment events in Timeline (dregad)
0024158: [bugtracker] Support providing a default value for issue description (vboctor)
0024159: [documentation] $g_default_bug_steps_to_reproduce not documented (vboctor)
0024160: [documentation] $g_default_bug_additional_info not documented (vboctor)
43 issues View Issues
Released 2018-04-01
Maintenance release for 2.12.x
0024077: [timeline] Hyperlink usernames in timeline to user page (vboctor)
0024090: [ui] Username (Realnames) format not showing on timeline (my_view_page) (vboctor)
0024186: [security] CVE-2018-1000162: XSS vulnerability in Parsedown library (dregad)
       0024297: [security] Update Parsedown library to 1.7.1 (dregad)
0024167: [bugtracker] History entries display realname instead of username (atrol)
0024097: [ui] Account page required change password on any field modification (atrol)
0024161: [timeline] Wrong color of username in timeline (atrol)
7 issues View Issues
Released 2018-03-04
Feature release
0023375: [mentions] It is hard to @ mention users when show realnames is enabled (vboctor)
0010493: [code cleanup] Non-existent duplicate_realname column is updated by various functions in user_api.php (vboctor)
0022509: [mentions] users with dashes in their name will not work when @mentioned (example @r-frank) (community)
0023960: [plug-ins] EVENT_AUTH_USER_FLAGS should always be passed username rather than name (vboctor)
0023961: [timeline] Identify Timeline tags operations with a specific icon (dregad)
0023966: [code cleanup] Option session_handler not implemented (atrol)
0023969: [performance] Minor performance and code enhancements of config functions (atrol)
0024020: [localization] Update supported languages (siebrand)
0024043: [ldap] $g_ldap_realname_field generates WARNING: field 'givenName' does not exist. (community)
9 issues View Issues
Released 2018-02-11
Maintenance release for 2.11.x series.
0023954: [api rest] REST API doesn't work from UI for some users (vboctor)
0023955: [administration] Warning message on login page (atrol)
2 issues View Issues
Released 2018-02-07
Feature release
0023706: [administration] trigger_error() with errors must terminate scripts rather than being config based (vboctor)
0023754: [code cleanup] Remove unused function print_bracket_link and code cleanup (atrol)
0023758: [ui] Allow users to select font family that fits them best (syncguru)
0023876: [installation] Running admin/check fails (dregad)
0023900: [administration] Unable to update user access level, due to check on 'Realname' returning KO (APPLICATION ERROR #807) (vboctor)
0023776: [attachments] Support adding attachments that were not uploaded via the browser (vboctor)
0023899: [api rest] Relationship type was localized in GET issue API (vboctor)
0023714: [api rest] Failing REST API requests should include Mantis error code and localized message (vboctor)
0023762: [api rest] Support adding users to monitor an issue via REST API (vboctor)
0023772: [api rest] Support attachments when adding notes via REST API (vboctor)
0023773: [api rest] Support time tracking when adding notes via REST API (vboctor)
0023780: [api rest] Return status code 429 when hitting spam check limits (vboctor)
0023784: [api rest] REST and SOAP API send two email notifications for mentioned users (vboctor)
0023785: [api rest] Adding notes via SOAP and REST API with time tracking uses incorrect access check (vboctor)
0023786: [code cleanup] Implement IssueNoteDeleteCommand for deleting notes (vboctor)
0023787: [administration] Protected admin users can't be unprotected (atrol)
0023830: [security] Update PHPMailer to 5.2.26 (dregad)
0011327: [reports] "Developer By Resolution" is the only box in the Summary page not ordered (at least it doesn't seem to be any logic behind it) (dregad)
0012978: [code cleanup] Summary - Time Stats For Resolved Issues (days) (dregad)
0022792: [api rest] Support downloading issue attachments (vboctor)
0023627: [feature] Summary page enhancement with bugs ratio support (dregad)
0023774: [code cleanup] Implement IssueNoteAddCommand to share code for adding notes (vboctor)
0023796: [reports] Filter links for resolved/closed custom statuses in Summary By Status report are incorrect (dregad)
0023828: [api rest] Support adding attachments to existing issues via REST API (vboctor)
0023837: [code cleanup] Implement UserCreateCommand to create users (vboctor)
0023838: [api rest] Create user via REST API (vboctor)
0023839: [code cleanup] Implement UserDeleteCommand for deleting users (vboctor)
0023840: [api rest] Delete user via REST API (vboctor)
0023854: [reports] Summary: always show the "By Project" box (dregad)
0023855: [code cleanup] Implement TagAttachCommand for attaching tags (vboctor)
0023856: [code cleanup] Implement TagDetachCommand to detach tags (vboctor)
0023857: [api rest] Add REST API to attach a tag (vboctor)
0023858: [api rest] Add REST API to detach a tag (vboctor)
0023863: [reports] Summary: Reporter and Developer by Resolution miss a Total column (dregad)
0023865: [code cleanup] Implement IssueRelationshipAddCommand to add relationships (vboctor)
0023866: [api rest] Support adding relationships via REST API (vboctor)
0023867: [code cleanup] Implement IssueRelationshipDeleteCommand (vboctor)
0023868: [api rest] Support deleting issue relationships via REST API (vboctor)
0023898: [api rest] Some relationships are not formatted correctly in GET issue rest API (vboctor)
0023775: [attachments] Remove obsolete code that checks if PHP file info API is defined (vboctor)
0023926: [ui] Footer displayed under sidebar on error page when $g_show_detailed_errors = ON (dregad)
0023930: [installation] Make Fileinfo a mandatory PHP extension (atrol)
0023944: [bugtracker] The stack trace on detailed error page should not include the error handler itself (dregad)
0023942: [bugtracker] Remove deprecated "errcontext" parameter from standard error handler (dregad)
0023943: [bugtracker] Improve detailed error page layout (dregad)
45 issues View Issues
Released 2018-02-07
Bug fix and security release for 2.10.x series.
0023746: [api soap] unable to create a bug with customfields via SOAP (vboctor)
0023765: [api rest] Wrong constructor name in class FilterConverter (atrol)
0023924: [relationships] Resolving as duplicate does not add reporter and handler to monitoring list of duplicate issue (atrol)
0023906: [security] CVE-2018-6403: XSS in adm_config_report.php 'value' parameter (dregad)
4 issues View Issues
Released 2018-02-07
Security release for 1.3.x series.
0023918: [security] CVE-2018-6403: XSS in adm_config_report.php 'value' parameter (dregad)
1 issue View Issues
Released 2017-12-30
Feature release
0022789: [api rest] Support retrieving user defined filters (vboctor)
0023710: [code cleanup] Remove usage of deprecated function __autoload (vboctor)
0009007: [time tracking] Billing summary does not include sub-projects (community)
0022790: [api rest] Support standard filters defined by the system when retrieving issues (vboctor)
0023679: [administration] Limit change of impersonation threshold to global config (atrol)
0023690: [api rest] Support deleting filters (vboctor)
0023722: [time tracking] Don't print time tracking buttons and export links (community)
0023723: [time tracking] Support configurable default billing rate (community)
0023724: [time tracking] Removed useless collapse icon with duplicated title in billing report (community)
0023742: [html] Broken url for MantisBT logo in admin section (community)
0023753: [ui] UI of Update Produkt Build page broken (atrol)
11 issues View Issues
Released 2017-12-30
Bug fix release for 2.9.x series
0022093: [administration] Reporter can´t change status of a bug (vboctor)
0021393: [administration] When disable "Update an issue", then "Assign to" become access deined. (vboctor)
0023719: [administration] The reporter can not solve or close the issue (vboctor)
0023721: [bugtracker] PHP error in change status page when user doesn't have access to private notes (vboctor)
4 issues View Issues
Released 2017-12-04
Feature release
0023640: [code cleanup] Usage of deprecated each() function (atrol)
0023639: [code cleanup] Unneeded code for non supported old PHP versions (atrol)
0023654: [api rest] Don't validate handler when updating issues without updating handler (vboctor)
0023658: [plug-ins] UI for protected plugins broken (atrol)
0023577: [api rest] REST APIs don't enforce required custom fields when reporting issues (vboctor)
0023578: [documentation] Document need for consistency between "normal" and "datepicker" date formats (dregad)
0012602: [custom fields] Default value for a date don't work (vboctor)
0019482: [custom fields] Using custom fields (date) with default value and required on resolve displays an error (vboctor)
0023466: [db mysql] database is not supported by PHP. Check that it has been compiled into your server. (atrol)
0023572: [code cleanup] Unneeded code for unsupported database types (atrol)
0023573: [code cleanup] Unneeded code for option meta_include_file (atrol)
0023575: [api rest] Category lookup is case sensitive (vboctor)
0023579: [api rest] Internal Server Error 500 when category doesn't exist (vboctor)
0023594: [custom fields] Reporting an issue with default date {now} that is not visible doesn't work (vboctor)
0023616: [api rest] Support exporting issue history (vboctor)
0023620: [api rest] PHP error on getting issues when user doesn't have access (vboctor)
0023625: [code cleanup] Function require_lib contains code to search in vendor folder (atrol)
0023626: [performance] Unneeded code executed when retrieving global settings (atrol)
0023630: [administration] Some check boxes on Manage Configuration > Workflow Threshold page are not centered (community)
0023645: [other] No preview of ANSI encoded text files that contain German Umlauts (atrol)
0023648: [api rest] Leverage ETag headers when getting issues (vboctor)
0023650: [api rest] Leverage If-Match when deleting issues (vboctor)
0023653: [api rest] Leverage If-Match when updating issues (vboctor)
0023657: [api soap] mc_issue_update returns bug is read only on status update (atrol)
0023576: [api rest] Issues created via REST API with date custom fields fail (vboctor)
0023692: [authentication] Token API does not work with config show show_realname (dregad)
26 issues View Issues
Released 2017-12-04
Bug fix and security release for 2.8.x series.
0023599: [bugtracker] Access denied when updating bugs (atrol)
1 issue View Issues
Released 2017-12-04
Security release for 1.3.x series.
0023561: [api soap] mc_project_get_issues_for_user() is retrieving issues in the authorization context of target user (vboctor)
1 issue View Issues
Released 2017-10-29
Feature release including fixes and new features including REST API issue updates and DKIM support for email signing. This release is the first to have REST API enabled by default.
0023474: [custom fields] Empty numeric fields should be display as empty rather than 0 (community)
0023555: [ui] Bugnote text area not styled correctly when private by default (vboctor)
0023560: [bugtracker] Notes added via change status / edit always market private when private by default (vboctor)
0023396: [api rest] REST API Issue update support (vboctor)
0023446: [performance] Unneeded files delivered if Mantis Graphs plugin is enabled (atrol)
0023451: [performance] Unneeded code delivered to support unsupported IE9 (atrol)
0023460: [ui] Useless UI element on manage_proj_page (atrol)
0023475: [custom fields] Empty float fields should be displayed as empty rather than 0 (community)
0023477: [api soap] Updating issues via APIs should trigger email notifications (vboctor)
0023483: [bugtracker] Auto-refresh shouldn't update last visited (atrol)
0023488: [code cleanup] Usage of deprecated constant (atrol)
0023494: [html] Wrong class name for tags output (atrol)
0023517: [administration] Remove unused config option inline_file_exts (community)
0013126: [plug-ins] Add plugin event EVENT_BUG_ACTIONGROUP_FORM (cproensa)
0016133: [custom fields] Numeric field accepts floats and displays them as numeric (vboctor)
0021225: [bugtracker] resolving parent issues inconsistency (community)
0022441: [bugtracker] Notes are not in the correct order after cloning an issue (cproensa)
0022842: [code cleanup] Remove php_version_at_least() function from PHP API (dregad)
0023493: [email] DomainKeys Identified Mail (DKIM) Signatures (community)
0023503: [bugtracker] Handler user is visible even if view_handler_threshold is configured to not allow (cproensa)
0023516: [api rest] Enable REST API by default (vboctor)
0023518: [bugtracker] "show_assigned_names" configuration is not applied correctly in view_all_bug_page (cproensa)
0023528: [filters] Filter "advanced" mode is reset after sorting through column headers (cproensa)
0023537: [api rest] Facilitate troubleshooting REST API by displaying detailed errors (dregad)
0023543: [email] Update PHPMailer to v5.2.25 (vboctor)
0023542: [code cleanup] Force composer to honor PHP compatibility advertised for MantisBT (vboctor)
26 issues View Issues
Released 2017-10-28
Maintenance release for 2.7 series.
0023507: [authentication] Users can't change their password when it is blank (dregad)
0023512: [html] Custom field type checkbox with required status, force to check all checkboxes to proceed (atrol)
0023544: [installation] Unattended upgrade is broken after moving to Composer (vboctor)
3 issues View Issues
Released 2017-10-08
A feature release that includes both functional and performance improvements.
0009120: [custom fields] Numeric Custom fields on View All don't sort correctly (atrol)
0023324: [performance] Generated css, js code should be cached by browser (cproensa)
0023323: [reports] Wrong filter links on summary page (atrol)
0023378: [installation] Installation fails when using old but still allowed PHP version 5.3 (atrol)
0022310: [html] Use HTML5 "required" attribute for required form fields (community)
0023381: [code cleanup] Unneeded code for unsupported PHP versions (atrol)
0023420: [relationships] Resolving as duplicate adds reporter and handler to monitoring list (atrol)
0023225: [authentication] Token API does not work with config show show_realname (dregad)
0022872: [ui] Make some buttons visible only when hovering on relevant container (cproensa)
0023251: [timeline] Timeline in view user page resets the user id after dates navigation (cproensa)
0021654: [code cleanup] Deprecate access_has_any_project() (cproensa)
0022870: [ui] buttons without separation (cproensa)
0022871: [ui] print_form_button() does not render inline buttons (cproensa)
0023216: [tagging] Make tag view threshold work at project level (cproensa)
0023242: [code cleanup] Function project_get_local_user_access_level() is redundant (cproensa)
0023248: [ui] Project selection dropdown focus on current selection (cproensa)
0023267: [ui] Misplaced "Reset Prefs" button in user prefs with narrow screen (dregad)
0023301: [api rest] Request an issue in the REST API fail without warning if an enumeration is missing. (community)
0023310: [performance] Unused CSS delivered (atrol)
0023331: [code cleanup] New user_get_username() API function (dregad)
0022182: [ui] Burger menu is sometimes visible without functionality (cproensa)
0022492: [ui] Regression: Resolved/Closed issues are not shown with a line-through (strike-through) (community)
0023264: [api rest] Custom fields not been saved when adding issue through the Rest API (community)
0023268: [db oracle] Error filtering custom fields of type date (cproensa)
0023311: [filters] "View issues" on changelog page does not show closed issues (atrol)
0023367: [plug-ins] Add no-op upgrade step in plugin_upgrade() (dregad)
0023382: [customization] Login logo image not configurable by css (cproensa)
0023393: [administration] Provide some basic operating environment information on manage_overview_page (atrol)
0023395: [db oracle] Performance issue reading config table with oracle database (cproensa)
0023411: [performance] Unneeded string copies in general text processing (atrol)
0023425: [reports] PHP errors and warnings when running Issue Trend report (atrol)
0021913: [tagging] Unprivileged user can see related tags from private issues (cproensa)
0022053: [plug-ins] Implement logging functionality for plugins (cproensa)
0022245: [ui] Collapsed menu entry no clickable in complete visible area (atrol)
0023241: [filters] Error when changing sort order in filters, due date field only (cproensa)
0023243: [ui] Narrow space between checkbox/radio button and label (dregad)
0023249: [feature] When logging the caller function, also print the class name if it's a class method (cproensa)
0023377: [other] Textarea custom field entry missing from email (atrol)
0023436: [filters] Editing a stored filter can't update projects property (cproensa)
0023443: [custom fields] Fixes related to custom fields on filters, columns and visibility (cproensa)
       0005713: [custom fields] Custom fields of subprojects are shown in filter for "All projects" but not in parent project. (cproensa)
       0006872: [custom fields] Sort of custom fields does not use data type (cproensa)
       0016358: [filters] Custom field filter does not recusrively read all items from sub-projects (cproensa)
       0016359: [filters] Custom field filters does not take user access rights into account (cproensa)
       0019385: [filters] Filtering custom field show bugs from projects where this custom field has been removed (cproensa)
       0023223: [filters] Custom fields filter does not account for read access at project level (cproensa)
       0023232: [filters] Custom field is showed in filter when the user has not view access (cproensa)
       0023233: [custom fields] Issues returned by filter has linked custom fields that are not available as columns (cproensa)
       0023260: [custom fields] Custom fields of type date are not sorted correctly (cproensa)
       0023265: [custom fields] Filter selection for numeric custom fields aren't sorted correctly on distinct values list (cproensa)
       0023266: [custom fields] Filter selection for numeric custom fields show values not coherent with custom field type (cproensa)
51 issues View Issues
Released 2017-09-03
A feature release that includes both functional and performance improvements.
0023202: [ui] Questionable order and functionality of top buttons on "View Issue" page (atrol)
0022984: [ui] Calendar doesn't show the correct date the first time it opens (dregad)
0022730: [ui] 'Manage Configuration' tab usually does not highlight (dregad)
0022813: [customization] Field is appearing in email notification but not used in UI. (joel)
0022967: [ui] Questionable display of "Access Denied" on view_user_page (atrol)
0022981: [ui] Display of hardcoded string on view_user_page if e-mail address is empty (atrol)
0022987: [code cleanup] Replace hardcoded language strings by translatable ones (dregad)
0023061: [ui] print_manage_menu() does not highlight active plugin pages (dregad)
0023116: [html] Due date field not displayed correctly when editing ticket (community)
0023141: [html] Unused CSS delivered (atrol)
0012313: [attachments] Can't open image attachments in browser windows (dregad)
0022913: [email] Update disposable-email-checker to v3.0.1 using Composer (vboctor)
0022939: [code cleanup] Use Parsedown library v1.6.2 via Composer (vboctor)
0022940: [code cleanup] Update PHPMailer from 5.2.22 to 5.2.24 and use Composer (dregad)
0023087: [filters] Removing "Report an issue" permission removes user from Monitoring filter dropdown (atrol)
0023150: [html] Unused code and unused CSS delivered for obsoleted functionality (atrol)
0023159: [ui] Graph display is too faint and blurred (atrol)
0021807: [ui] The required fields are not explicitly visible when updating, resolving or closing an issue (community)
0023143: [api rest] Support adding notes via REST API (vboctor)
0022158: [time tracking] Time tracking report excludes issues with no category assigned (cproensa)
0022919: [time tracking] Time Tracking "auto count" is giving the wrong elapsed time (dregad)
0023112: [custom fields] Custom fields badly filtered when multi-projects (cproensa)
0023131: [api rest] /api/rest/projects doesn't return child projects (vboctor)
0023139: [api rest] Notes returned by /issues REST API have incorrect timestamps (vboctor)
0023144: [api rest] Support issue id as part of the path for REST API (vboctor)
0023145: [api rest] Support deleting notes via REST API (vboctor)
0023184: [bugtracker] AJAX calls with invalid endpoints fail with syntax error (dregad)
0023187: [email] Update PHPMailer v5.2.23 to v5.2.24 (vboctor)
0023188: [bugtracker] Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor)
0023189: [markdown] Update Parsedown 1.6.2 to 1.6.3 (vboctor)
0023190: [code cleanup] Update PhpUnit from 4.8.35 to 4.8.36 (vboctor)
0023191: [time tracking] Unable to access time tracking reports (atrol)
0023204: [performance] Unused and inefficient code in function layout_print_sidebar (atrol)
0023227: [ui] When specifiying top_buttons display, the button on update screen has no styling. (atrol)
0023237: [performance] Project cache is not efficient with navbar project selection. (cproensa)
0012444: [bugtracker] bug_actiongroup_page, on copy, & move, poject combo lists projects wich the user has no rights (cproensa)
0021695: [ui] "notify user" check should be moved outside the form (cproensa)
0022291: [time tracking] Issue history box is narrower than other boxes above it on View Issue page (cproensa)
0022469: [time tracking] Enabling Time Tracking distorts View Issue Details page layout. (cproensa)
39 issues View Issues
Released 2017-09-03
Security fixes release for 2.5.x series.
0023146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
0023166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
0023179: [security] Login page no longer warns about 'admin' directory being present (dregad)
0023181: [administration] Checks on login page are never executed if "admin" dir does not exist (dregad)
0023185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
5 issues View Issues
Released 2017-09-03
Security fixes release for 1.3.x series.
0023175: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
0023186: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
2 issues View Issues
Released 2017-06-17
Maintenance release that fixes installation failure.
0022985: [installation] Initial installation does not continue after clicking install (dregad)
1 issue View Issues
Released 2017-06-04
Feature release with main focus on REST API improvements, some of the fixes also applies to the SOAP API.
0022850: [ui] Installation page layout and style issues (dregad)
0022765: [api rest] Implement a test framework for REST API (vboctor)
0022766: [api rest] Enum name should reflect non-localized enum name and label for localized name (vboctor)
0022767: [api rest] Include status color in status enum value for issues (vboctor)
0022768: [api rest] Support retrieving issues based on filter or a project (vboctor)
0022769: [api rest] Note type should be note instead of timelog if time tracking is not accessible to user (vboctor)
0022770: [api rest] Change version from string to an object (vboctor)
0022771: [api rest] Due date access check should be based on project access level rather than global one (vboctor)
0022772: [api rest] Don't return eta info if feature is disabled (vboctor)
0022773: [api rest] Don't return projection info if feature is disabled (vboctor)
0022774: [api rest] Some access denied errors don't show user info correctly (vboctor)
0022775: [api rest] Rename date_submitted to created_at and last_updated to updated_at (vboctor)
0022776: [api rest] Sticky flag should be a boolean rather than a string (vboctor)
0022777: [api rest] Don't return sponsorship_total (vboctor)
0022778: [api rest] Don't allow setting version to an undefined version (vboctor)
0022779: [api rest] Don't return profile information if feature disabled (vboctor)
0022780: [api rest] Don't return platform, os, and os_build if disabled (vboctor)
0022782: [api rest] Don't return target_version if user doesn't have access to view roadmap (vboctor)
0022783: [api rest] Return 400 instead of server side error if summary, description or project fields are missing (vboctor)
0022788: [api rest] Support retrieving projects accessible to users (vboctor)
0022808: [api rest] Use GuzzleHttp for http requests (vboctor)
0021871: [performance] Improve db_fetch_array performance (cproensa)
0021994: [attachments] issue with attachments cannot be moved between projects with different upload directories (uploads saved in file system) (dregad)
0022809: [api rest] Upgrade Slim Framework from 3.7.0 to latest (3.8.1) (vboctor)
0022851: [installation] Installer should display sample table names based on table prefix/suffix settings (dregad)
0022852: [localization] [de] Incorrect label in German "Change status" form (atrol)
0022865: [code cleanup] Login page displays a PHP system notice when using BASIC_AUTH (dregad)
0022864: [code cleanup] phpdoc for 'print_link_button' has incorrect order of parameters (cproensa)
0022868: [other] PHP variable misspelt in html_api.php (dregad)
0022904: [db mssql] database_api: db_insert_id returns string not int (mssql) (dregad)
0022905: [code cleanup] The URL of the return button in breadcrumbs div has a trailing '?' (dregad)
0022925: [time tracking] Time Tracking - issue (atrol)
0022928: [administration] $g_anonymous_account is case sensitive, preventing normal users from logging in (vboctor)
0022933: [timeline] Confusing entry in timeline when removing other users from monitoring list (atrol)
34 issues View Issues
Released 2017-06-04
0022923: [authentication] Logout page on authentication plugins never gets called (community)
0022926: [custom fields] Custom Fields - Date: Field does not show date (view.php), shows other text (vboctor)
0022937: [custom fields] Custom fields of type Email are not properly displayed (vboctor)
0022950: [custom fields] Custom Fields of Type Text showing Link (Url) as Text only (vboctor)
4 issues View Issues
Released 2017-05-20
MantisBT maintenance release for 2.4.x.
0022428: [markdown] CSV and Excel exports with markdown on (vboctor)
0022906: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
0022909: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad)
0022867: [markdown] Markdown formatting is broken for notes column on View Issues page (vboctor)
4 issues View Issues
Released 2017-05-20
MantisBT maintenance release for 2.3.x
0022907: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
0022908: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad)
2 issues View Issues
Released 2017-05-20
MantisBT maintenance and security release for 1.3.x.
0020168: [db schema] Use of 'mantis' as plugin table prefix prevents plugin's installation (dregad)
0022702: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad)
0022816: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
3 issues View Issues
Released 2017-04-30
0022452: [ui] Create new project button (community)
0021558: [ui] log destination for page produces messed output (syncguru)
0022665: [documentation] Wrong documentation of option bug_resolution_fixed_threshold (atrol)
0022689: [bugtracker] HTTP_X_FORWARDED_PROTO is not honored when loading Gravatar (vboctor)
0022744: [signup] Signup is not working on (vboctor)
0022740: [performance] Allowed memory size of 268435456 bytes exhausted (vboctor)
0004235: [authentication] Support Generic Authentication through Plug-ins (vboctor)
0022140: [administration] Getting error dialog when reporting issues and file upload is disabled (cproensa)
0022635: [time tracking] Empty notes with time tracking show as empty notes for users that can't view time tracking (vboctor)
0022673: [attachments] Dropzone uploads files when submitting other forms (cproensa)
0022762: [api rest] Bug in error handling when user doesn't have access level to handle issue (vboctor)
11 issues View Issues
Released 2017-04-29
0022742: [security] CVE-2017-7897: XSS in timeline_inc.php (affects my_view_page.php and view_user_page.php) (dregad)
0022743: [timeline] Timeline "More Events" button also acts as "Next" button (dregad)
0022746: [authentication] Lost password redirects to login page if email address is empty and anonymous access is disabled (vboctor)
3 issues View Issues
Released 2017-04-16
Security and maintenance release
0022700: [localization] Due Date in bug_change_status_page.php (cproensa)
0022653: [filters] Regression: Filter by date broken (cproensa)
0022739: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)
3 issues View Issues
Released 2017-04-16
Security release
0022738: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)
1 issue View Issues
Released 2017-04-16
Security release
0022690: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)
1 issue View Issues
Released 2017-03-31
Feature release including security fixes and our brand new experimental REST API. The REST API can be extended by plugins and power web UI ajax features. In this release the REST API is disabled by default (expect for calls from within the web UI using cookie authentication) – see #22598 for more details.
0022585: [timeline] Show timeline for specific user (cproensa)
0022507: [ui] On Edit Filter page, 'Filter name' input field is too narrow (dregad)
0022445: [ui] Manage users page does not show filters '0'-'9' as selected (atrol)
0022474: [administration] "Obsolete configuration" warnings when running admin checks (atrol)
0022499: [documentation] Document reuse of language strings (dregad)
0022501: [ui] Enhance layout of "View Issue Details" page (atrol)
0022505: [ui] Enhance layout of "Updating Issue Information" (atrol)
0022506: [attachments] Error updating project document (atrol)
0022423: [html] ID attribute for bugnote_text (community)
0022541: [localization] Enhance wording in manage_config_email_page.php and manage_config_work_threshold_page.php pages (atrol)
0022548: [ui] Remove unnecessary 'center' class from textarea in bugnote edit page (community)
0022571: [html] Add ID attribute for bugnote_text textarea (community)
0022572: [documentation] Wrong default value in documentation of "g_show_version" (atrol)
0021552: [ui] My account preferences: move project list outside the form (cproensa)
0022543: [ui] Open images in the browser rather than download them (vboctor)
0022582: [relationships] Relationships box layout is not right for reporters (vboctor)
0022583: [attachments] Open PDFs in the browser rather than downloading them (vboctor)
0022473: [plug-ins] Avatars should respect image aspect ratio (community)
0022590: [ui] Broken javascript and missing footer in My View Page (cproensa)
0022593: [plug-ins] Broken Snippet plugin (vboctor)
0022598: [api rest] REST API Framework (vboctor)
       0022599: [code cleanup] Use composer to pull in dependencies (vboctor)
       0022600: [api rest] Enable plugins to publish their own REST APIs (vboctor)
       0022601: [api rest] Support using REST API from Web UI Javascript (vboctor)
       0022602: [api rest] Provide a sandbox for interacting with REST API using Swagger UI (vboctor)
0022617: [code cleanup] Unneeded CSS file calendar-blue.css (atrol)
26 issues View Issues
Released 2017-03-31
Security fixes and maintenance release
0022392: [filters] Sorting all bugs list using a column header after applying a filter resets the filter (cproensa)
0022496: [filters] Permalink does not work with "Note By" (cproensa)
0022566: [filters] Filter error due to "view status" having an array value (cproensa)
0022555: [filters] Regression in custom field sorting (cproensa)
0022613: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
0022615: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
0022333: [markdown] Markdown starts heading in the middle of a line (joel)
0022545: [markdown] Markdown still converting '& amp;' to & and '& lt;' to < (dregad)
8 issues View Issues
Released 2017-03-31
Security fixes release
0022063: [db mssql] Installation on MSSQL fails at step 209 (dregad)
0022568: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
0022579: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
0022208: [db mssql] File upload to MS-SQL not working (dregad)
4 issues View Issues
Released 2017-03-30
Security release
0022612: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
0022614: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
2 issues View Issues
Released 2017-03-21
Maintenance and Security release for 2.2 series
0022562: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad)
1 issue View Issues
Released 2017-03-21
Maintenance and Security release for 2.1 series
0022564: [security] CVE-2017-6799: XSS in view_filters_page.php (dregad)
0022565: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad)
0022563: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)
3 issues View Issues
Released 2017-03-21
Maintenance and Security release for 1.3 series
0022537: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad)
0022468: [other] Resolution changes in some cases when closing issues (atrol)
2 issues View Issues
Released 2017-03-11
Maintenance release for 2.2 series including security fixes.
0022497: [security] CVE-2017-6799: XSS in view_filters_page.php (dregad)
0022561: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)
0022246: [markdown] Markdown is converting '&' signs to (ampersand[amp;]) inside code block or backtick as well (joel)
0022442: [printing] System error when opening Print reports (dregad)
0022479: [administration] Can't edit a project's name changing only accents a on MySQL (dregad)
0022510: [installation] Attempting to connect to database as admin BAD despite valid userid and password (dregad)
6 issues View Issues
Released 2017-03-11
Maintenance release for 1.3 series including security fixes.
0022486: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)
0022503: [tools] Travis CI builds fail for PHP > 5.5 (dregad)
0022309: [documentation] Example of Regular expression on documentation not work on MantisBT (atrol)
0022335: [documentation] Wrong documentation of $g_limit_email_domains in Admin Guide (atrol)
0022355: [documentation] typo error for the email_receive_own parameter (atrol)
5 issues View Issues
Released 2017-02-26
A feature release that includes all fixes from 2.1.1 release listed above, some setup fixes, status colors visibility improvements, shed some unnecessary js/css and multiple improvements for relationships feature.
0022401: [installation] Installer displays horizontal blue line under "Checking installation" section header (dregad)
0022361: [relationships] Trigger notifications on related issues when an issue is deleted (vboctor)
0022400: [installation] Installer does not show "GOOD" status for DB connections (dregad)
0021796: [ui] inline attachments should be directly visible (dregad)
0021724: [ui] Improve visibility of status colors (syncguru)
0008313: [relationships] More work needs to move to Relationship APIs (vboctor)
0016933: [relationships] Deleting relationship should set target bug's last updated (vboctor)
0021619: [code cleanup] Use constants instead of hardcoded values for filter view types (dregad)
0021881: [javascript] Remove jquery-ui is not longer used in Modern UI (syncguru)
0021897: [ui] Unaligned color coding of status (syncguru)
0022256: [javascript] Unbundle JS libraris from Ace theme files (syncguru)
0022273: [javascript] Enable CDN support for dropzone.js (syncguru)
0022296: [code cleanup] Options in $g_public_config_names are not sorted (atrol)
0022316: [code cleanup] Duplicate code to display the filter view type toggle menu item (dregad)
0022360: [relationships] relationship_add() doesn't return bug relationship information (vboctor)
0022362: [relationships] Use bin icon instead of 'delete' button to delete relationships (vboctor)
0022363: [relationships] Setting a duplicate id should update relationship with target issue if already exists (vboctor)
17 issues View Issues
Released 2017-02-26
A maintenance release for 2.1.x series
0022302: [filters] Permalink does not work with tags (cproensa)
0022266: [security] CVE-2017-7222: Sanitize window title (vboctor)
0022288: [bugtracker] Due date current value doesn't show in change status form (syncguru)
0022326: [time tracking] g_time_tracking_without_note has no effect (vboctor)
0022347: [filters] Filter allows to sort on non sortable fields (cproensa)
0022359: [ui] Enhance filter box UI (syncguru)
0022369: [filters] Recently Modified box on View Issues page does not display closed issues (cproensa)
7 issues View Issues
Released 2017-02-01
Maintenance release for 1.3.x series.
0022207: [security] Update PHPMailer to 5.2.22 (dregad)
0021798: [printing] Print reports failed : special characters are not formatted (atrol)
0017336: [installation] Hide non-mysql experimental DB's for new installation whilst we get proven DB Layer into Mantis (dregad)
0021588: [security] Update .htaccess files to support Apache 2.4 new authz syntax (dregad)
0022005: [sql] Database log for postgres/oracle not showing parameter substitution (cproensa)
0022018: [sql] Database log does not show boolean parameters correctly (cproensa)
0022194: [bugtracker] Update securimage to 3.6.5 (dregad)
0022235: [documentation] Setting preference "$g_register_globals" appears in documentation but not in "config_defaults_inc.php" (dregad)
0022240: [webpage] NOTICE: 'Undefined variable' with LDAP (atrol)
9 issues View Issues
Released 2017-02-01
Maintenance release for 2.0.x series.
0022107: [plug-ins] EVENT_MENU_MAIN does not support relative paths (dregad)
0022114: [tools] Travis builds should reflect supported PHP versions (dregad)
0022157: [installation] Incorrect Error Message on MSSQL installation (atrol)
0022168: [webpage] HTTPS for powered by-link (atrol)
0022230: [news] PHP system notice on News page (vboctor)
5 issues View Issues
Released 2017-01-30
MantisBT 2.1.0 feature release
0005731: [feature] search function for projects (vboctor)
0021551: [administration] Manage Users pagination loses filter letter (community)
0021935: [filters] Filter api refactoring, manage stored filters (cproensa)
       0006823: [filters] Date filter should work with "last update", too (community)
       0021618: [code cleanup] Duplicate code to determine the default view type (cproensa)
       0006732: [administration] Sorting issue lists isn't stable (each sort scrambles previous sort) (cproensa)
       0008626: [filters] Filter forgets custom date filtering (cproensa)
       0017852: [filters] Tags is showing on its own row in filter box (cproensa)
       0021031: [filters] Rewrite the filter box form (cproensa)
       0021032: [filters] Setting $g_filter_custom_fields_per_row to other than default can cause empty cells in filter box (cproensa)
       0021592: [filters] Unknown column 'mantis_bug_table.tags' (cproensa)
       0021827: [filters] Displaying date filter values : month always displayed in text (english) (community)
       0003803: [filters] Provide a way to update a saved filter (cproensa)
       0006042: [filters] Switching to "Advanced Filters" hides "Hide Status" and ignores setting (cproensa)
       0006551: [customization] Manage custom filters (cproensa)
       0007708: [feature] Feature: multiple sorting of problem informations (cproensa)
       0011007: [filters] After setting $g_view_filters = ADVANCED_ONLY in config_inc.php can still end up in simple filter mode. (cproensa)
       0020493: [filters] Wrong hide_status value on column sorting (cproensa)
       0020624: [filters] Filter shown inconsistent after changing from advanced to simple (cproensa)
       0020882: [filters] Filter by date inputs are shown disabled (cproensa)
       0021029: [bugtracker] Trigering a DEPRECATED error from the page body fails (cproensa)
       0021044: [performance] my view page, $t_hide_status_default consitency (cproensa)
       0021811: [filters] Advanced filter shows icorrect fields (cproensa)
       0009213: [filters] manage filter (cproensa)
       0009301: [filters] Add support for updating a current filter (cproensa)
       0018045: [ui] Changed ordering of fields on View Issues page (cproensa)
       0019700: [filters] Filters table on the view_all_bug_page.php shows empty lines when $g_enable_profiles is set to OFF (cproensa)
       0021814: [filters] plugin filter fields dont work with dynamic input (cproensa)
0022209: [bugtracker] Adding a custom field to a project makes the filter for this project unusable (atrol)
0011604: [change log] Versions marked as obsolete appear on change log page (vboctor)
0022164: [markdown] Font for quoted string in markdown is too large (joel)
0022172: [markdown] Markdown not displaying single line breaks (joel)
0022113: [localization] integration updates (dregad)
0022169: [attachments] File upload not working when $g_allowed_files is set (atrol)
0022171: [plug-ins] Redefine plugin version requirements (dregad)
0022175: [markdown] Markdown converting '<' within backticks to & lt; (joel)
0022179: [markdown] Markdown is eating apostrophe / single quote (joel)
0022204: [markdown] News headlines are parsed with markdown, though they should not be (vboctor)
0022205: [plug-ins] Specifying plugin authors as array triggers 'Array to string conversion' (dregad)
0022206: [plug-ins] Improve documentation for plugins (dregad)
0022221: [documentation] Documentation: update 'Database tables' section (dregad)
0022232: [email] Email verbose notifications should be OFF by default (vboctor)
0022237: [code cleanup] Remove references to 'register_globals' (dregad)
0022239: [ui] checkbox for personal setting "E-mail Full Issue Details" still using old style (dregad)
0017920: [markdown] Native markdown support (joel)
0022131: [timeline] Remove yellow background in timeline date range (dregad)
46 issues View Issues
Released 2016-12-30
0022059: [ui] Missing leading zeroes in due date display (dregad)
0021841: [installation] Minimum requirements for 2.x releases (dregad)
0020040: [security] Replace jscalendar by a newer widget (syncguru)
0021927: [administration] System utilities page for moving attachments should support move all attachments (joel)
0021925: [ui] Incorrect text for the remove file button in the file upload dropzone (dregad)
0021965: [documentation] Section Admin Guide: Misaligned row in Table (dregad)
0022064: [javascript] datetime picker does not work if 'cdn_enabled' is ON (community)
0021962: [ui] Due Date calendar icon wraps below the field (syncguru)
8 issues View Issues
Released 2016-12-30
0021966: [bugtracker] View Issues Page Throwing MySQL Error Due to Hard Coded SQL Query (cproensa)
0021959: [installation] Installer fails if mbstring extension is not installed (dregad)
0022031: [rss] RSS throws a system notice (cproensa)
0022073: [security] Potentially serious RCE vulnerability in bundled PHPMailer before 5.2.18 (CVE-2016-10033) (dregad)
0021964: [custom fields] Editing issues with custom fields throws system notice (cproensa)
0019586: [timeline] Support disabling timeline feature based on access level (dregad)
0022011: [bugtracker] LOG_ALL causes error (dregad)
0020004: [custom fields] Wrong custom fields are shown on bug closing (community)
0021883: [db mssql] MSSQL installation fails with BAD ALTER TABLE error (dregad)
0021930: [administration] Administrator - Manage Users Error - SQL SERVER VERSION GREATER THAN 2012 NOT SUPPORTED (dregad)
0021963: [feature] Setting version fields on View Issues page broken (cproensa)
0021998: [performance] My View page timeline history query performance (cproensa)
0022004: [documentation] Outdated information concerning Time Tracking (atrol)
0022013: [other] EVENT_BUG_DELETED event is not called consistently (community)
0022028: [performance] Time out caused by URL processing (cproensa)
0022074: [tagging] System notice when detaching tags (cproensa)
0022095: [timeline] Inconsistent number of "My View boxes" columns (dregad)
17 issues View Issues
Released 2016-11-26
The second release candidate for 2.0.0 release. This release includes all the fixes in 1.3.4 release.
0021758: [administration] System utilities page for moving attachments not styled correctly in modern ui (joel)
0021840: [html] Add missing closing <div> in layout_api.php (syncguru)
0021854: [authentication] Re-authenticating when visiting manage page should re-use login page (vboctor)
0021861: [ui] Remove black bar from login page when it is empty (vboctor)
0021815: [code cleanup] print_button() has changed definition from v1.3 (cproensa)
5 issues View Issues
Released 2016-11-26
0021914: [performance] tags column in view-all page issues one query for each bug row (cproensa)
0021878: [performance] Improve issue note caching (vboctor)
0020916: [bugtracker] Fix "Request-URI too long" for bug action group page (cproensa)
0017367: [custom fields] Custom Field - On The Manage Columns - Mantis changed value to lower case (cproensa)
0021876: [email] Email notifications for notes shouldn't include full issue information (vboctor)
0021900: [performance] Custom fields produce a large number of db queries (cproensa)
0017923: [customization] Add more parameters to event signals on Bug Change Status Page (cproensa)
0020140: [customization] EVENT_FILTER_COLUMNS should accept objects along/instead classes (cproensa)
0021709: [bugtracker] on error after verification page, user still can browse the site (cproensa)
0021830: [email] Remove $g_mail_priority configuration option to reduce spam risk (vboctor)
0021838: [documentation] Wrong documentation of bug_reopen_resolution and bug_duplicate_resolution in Admin Guide (atrol)
0021844: [html] Ampersands in Gravatar urls are double-escaped on bug pages (dregad)
0021847: [ui] Submit Report annotation (atrol)
0021875: [email] Include note attachments information in issue note added notification (vboctor)
0021877: [email] Mentioned users in a new note shouldn't receive double notifications (vboctor)
0021879: [code cleanup] Explicitly pass issue note id to email notifications rather than getting latest note id (vboctor)
0021884: [code cleanup] Use meaningful names for bugnote cache global variables (cproensa)
0021912: [tagging] Related tags are not showed correctly (cproensa)
0021915: [reports] Undefined offset warining in summary page (cproensa)
0014268: [bugtracker] "Report Issue" is missing if the user has access to only private projects, but has not selected a project from the dropdown. (cproensa)
0020138: [performance] file_bug_attachment_count fetch data for all bugs (cproensa)
0020248: [custom fields] Custom field named with capital letters like "Component" doesn't display on views (cproensa)
0021673: [administration] Extend activation URL validity period from 1 to 7 days (vboctor)
0021894: [security] Handlers(Assignees) are visible when editing an issue even if they are not visible when viewing it (atrol)
0021896: [email] Fix Outlook preview for email notifications by removing empty line at top (dregad)
0021957: [installation] Missing default timezone blocks the installation (dregad)
26 issues View Issues
Released 2016-10-30
We are excited to share with you a milestone for the 2.0.0 release by releasing the first release candidate. We encourage users to try out and give us feedback. Since 2.0.0-rc.1 and 1.3.3 share the same database schema, it should be easy to try them out side by side. Download it now or check it out at
0021727: [attachments] Show attachments inline with notes (vboctor)
0021651: [security] Dropzone has inline scripts in View Issue page (syncguru)
0021806: [attachments] Attachment dropzone missing from notes when user doesn't have access to set view state (vboctor)
0021829: [email] Fix $g_mail_priority disabling and default to disabled (vboctor)
0021669: [security] Charts have inline scripts (syncguru)
0021715: [mobile] Menu and buttons missing for mid size browser window (syncguru)
0021722: [attachments] Issues with '+' button to view attachments inline (dregad)
0021736: [ui] Display real name in breadcrumb div (atrol)
0021743: [attachments] Attach files dropzone is not working (vboctor)
0021754: [mobile] Main navigation has no action / does not expand when clicked on (syncguru)
0021794: [mobile] Hide 'View Issues' buttons on small screens (syncguru)
0021805: [javascript] Javascript errors on login page (community)
12 issues View Issues
Released 2016-10-30
0021804: [html] Ampersands in Gravatar urls are not escaped properly (dregad)
0021802: [sql] Attempting to auto-link very long numbers can cause database errors (cproensa)
0006448: [filters] The "Changed(hrs):" filter label is confusing: change to "Hilite Changed(hrs):" (cproensa)
0021197: [filters] Hide status show"@0@ (And Above)" when press any "total" link from Summary page (cproensa)
0021737: [other] Users can't remove their real name from their account (atrol)
0021757: [documentation] Config folder is not documented at all related places in documentation (atrol)
0021793: [administration] Password reset email is sent to disabled users (cproensa)
0021795: [bugtracker] E_USER_DEPRECATED is not detected if error_reporting=0 (dregad)
0021808: [documentation] Inconsistency between Admin Guide and config_defaultsinc.php - g[show|enable]_product_build (atrol)
0021812: [filters] My view "resolved" filter has incorrect parameters (cproensa)
0021816: [other] Option reporter_summary_limit is wrongly considered on summary page (atrol)
11 issues View Issues
0020102: [ui] Support switching saved filters and free text search when filter box is collapsed (syncguru)
0021697: [ui] Clearer distinction between private and public notes (joel)
0021684: [ui] Account verify page layout broken (joel)
0021121: [ui] Project selection not usable with large number of projects (syncguru)
0021681: [ui] Breadcrumbs bar does not respect $g_show_realname (dregad)
0021603: [code cleanup] Publish full source code of ACE template (syncguru)
0021653: [reports] Graphs broken (vboctor)
0021682: [ui] "Operation successful" confirmation message partially hidden (dregad)
0021683: [ui] Standardize "operation successful" messages (dregad)
0021689: [code cleanup] Obsolete icon_path configuration (atrol)
0021710: [ui] Incorrect display on Bug report confirmation page (dregad)
0021704: [ui] Report Stay checkbox shows broken layout on action page (dregad)
0021721: [ui] Missing tooltips on issue id (dregad)
0021723: [bugtracker] Redirect to report page when creating a new issue with "report stay" checked (dregad)
0021726: [ui] Page bottom displayed behind Sidebar in API Tokens page (community)
0021728: [performance] Unneeded tooltip information on Summary page (dregad)
16 issues View Issues
Released 2016-10-02
0021730: [documentation] config_default_inc.php refers to 1.2.x rather than 1.3.x (vboctor)
0008358: [email] Indicate whether notes are private or public in email notifications (vboctor)
0010242: [feature] Copy Versions From / To should (optionally) update existing versions (dregad)
0019284: [csv] Export of the "bugnotes_count" column doesn't work (cproensa)
0021157: [bugtracker] Redirect loop when default project is disabled (community)
0021262: [security] Invalid Strict-Transport-Security header when server would already send it anyway (dregad)
0021280: [ui] Text boxes overlap on screens with high resolution (dregad)
0021652: [timeline] "closed issue" events are no longer shown in timeline (cproensa)
0021655: [customization] Workflow config page can corrupt set_status_threshold with array thresholds (cproensa)
0021656: [customization] set_status_threshold config is not deleted if is same as parent (cproensa)
0021659: [code cleanup] Syntax error in browser_search_plugin.php (community)
0021679: [tagging] Tagging UI visible without having rights to attach tags (atrol)
0021680: [email] Missing seperator in email notification for @ mentions (atrol)
0021707: [plug-ins] plugin_get() fails to use the default argument (community)
0017325: [code cleanup] helper_array_transpose should always return an array (dregad)
0021573: [upgrade] Error update from 1.2.19 to 1.3.0 / step 194 (vboctor)
0021696: [tools] Allow PHPUnit to capture Mantis-specific errors (dregad)
0021711: [bugtracker] Duplicate id field should show up when closing an issue (vboctor)
0021725: [code cleanup] cleanup description of db_now() (community)
19 issues View Issues
0021112: [performance] Unneeded tooltip information on "My View" page (syncguru)
0021650: [security] Content-Security-Policy is disabled in 2.0.0-beta.1 (vboctor)
0021111: [localization] Language strings contain double quotes (syncguru)
0021114: [ui] Manage users page action buttons appears on 2 rows when showing 'Unused' (syncguru)
0021117: [ui] Plugin dependencies are no longer color-coded (syncguru)
0021119: [ui] Wrong alignment of field on "Summary" page (syncguru)
0021123: [ui] Waste of vertical space on "My View" page (syncguru)
0021137: [ui] Questionable display of sub-projects in project menu bar (syncguru)
0021139: [ui] Display of file type icon broken on print_bug_page (syncguru)
0021223: [ui] "Report Issue" button on top toolbar should be hidden for VIEWER/anonymous users (vboctor)
0021224: [ui] Login and Signup buttons in top header don't work for anonymous users (vboctor)
0021397: [plug-ins] Plugin menu options don't show in main menu (vboctor)
0021398: [ui] My Account - Manage Columns actions page broken (syncguru)
0021400: [ui] Collapse settings are not saved by modern UI (syncguru)
0021405: [wiki] Wiki integration broken (vboctor)
0021414: [customization] Config menu options don't show in main menu (vboctor)
0021575: [reports] Graphs for enums (e.g. status) can break when an enum has 0 occurences (vboctor)
0021599: [ui] The test results in Admin Check results are no longer colored (dregad)
0021602: [administration] Admin: "Upgrade your installation" shown even when schema is up-to-date (syncguru)
0021609: [news] Page broken after updating news (atrol)
0021622: [administration] Alert messages are not styled correctly (syncguru)
0021638: [ui] Tables in Workflow Transitions page seems deformed (syncguru)
0021642: [ui] Highlight due date when the date has passed (syncguru)
0021644: [ui] Don't offer "My Account" in menu when being logged in as protected user (dregad)
0021647: [filters] New to restyle 'filter deleted' page (vboctor)
25 issues View Issues
Released 2016-08-27
0021203: [bugtracker] option auto_set_status_to_assigned can change status even if not allowed by workflow (cproensa)
0020424: [csv] Export to CSV and Excel fails with large issue count (cproensa)
0011964: [integration] Configuration of Browser Search Plugin (dregad)
0021581: [customization] Workflow config page can corrupt report_bug_threshold if it's defined as an array (cproensa)
0021263: [security] CVE-2016-7111: Content Security Policy is weakened by Gravatar plugin (vboctor)
0008464: [bugtracker] $g_auto_set_status_to_assigned = ON does not always check for old status (cproensa)
0012742: [documentation] Event & Plugin documentation is bad & outdated (cproensa)
0006939: [bugtracker] Number of Private notes visible for reporters (cproensa)
0012409: [roadmap] "Scheduled For Release" even if no date is set (cproensa)
0020121: [bugtracker] bug_cache_database_result does not update bugnote statistics (cproensa)
0020535: [plug-ins] EVENT_BUG_VIEW_ATTACHMENT prints an extra "Array" before the plugin output. (cproensa)
0020551: [code cleanup] Why does user_cache_database_result() return cache value? (atrol)
0020682: [bugtracker] Workflow transitions not consistent with bug action "change status to" (cproensa)
0021072: [timeline] Timeline only show issues from current project (cproensa)
0021146: [other] Can't retrieve history of a bug with history_get_events_array($bug_id) (cproensa)
0021178: [custom fields] Report can be submit enven when checked "Required On Report" and "Type" is Textarea (cproensa)
0021293: [email] Send notifications by smtp does not work correctly, and the analysis of why it happend. (atrol)
0021372: [api soap] Unable to report issues using the SOAP API - Data truncated for column 'last_updated' (rombert)
0021375: [bugtracker] Status @30@ is not editable when editing issue (vboctor)
0021407: [customization] Event EVENT_MENU_ISSUE prints empty brackets even if no value is returned (cproensa)
0021410: [ui] text looks OK in edit of note but renders badly (dregad)
0021415: [bugtracker] update documentation for option auto_set_status_to_assigned (cproensa)
0021577: [mentions] Wrong language in subject of @ mention email notification (atrol)
0021579: [bugtracker] Error when limit_reporters and complex report_bug_threshold (cproensa)
0021580: [change log] in changelog, reporter user can view all bugs when limit_reporters is on (cproensa)
0021582: [customization] Workflow config page, access denied even if user has proper access levels (cproensa)
0021583: [html] manage_config_workflow_page, fields are not properly displayed for thresholds table rows (cproensa)
0021601: [administration] The Admin Checks and Install pages should use the same font as the rest of Mantis (dregad)
0021610: [bugtracker] Revert to multiple form security tokens per page (cproensa)
0021611: [security] CVE-2016-6837: XSS vulnerability in view_all_bug_page.php (dregad)
0021304: [administration] Don't prune system accounts (vboctor)
0021649: [code cleanup] Remove incorrectly placed db_param_push() (cproensa)
32 issues View Issues
MantisBT 2.0.0 release focuses on improvements to the UI compared to 1.3.x release. As of this release, the db schema is the same between 1.3.x and 2.0.0-beta.1, enabling users to easily try 2.0.0-beta.1 and provide feedback.
0020240: [ui] Footer issue: problem + solution (syncguru)
0008503: [feature] Have "send reminder" as a button rather than a not so visible link at the top of the issue (atrol)
0021115: [ui] Manage users page always shows filter '0' as selected (dregad)
0021140: [db schema] Remove DB2 support (atrol)
0020907: [ui] Report stay doesn't work in modern UI (vboctor)
0005851: [reports] X-Labels truncated in by Category Graph (vboctor)
0006663: [reports] I'm seeing three JPGraph-related problems (vboctor)
0007342: [reports] synthesis graphs by category: many "big" categories hide pie by legend (vboctor)
0007343: [reports] synthesis graphs by category: page not long enough for legend with a lot of categories (vboctor)
0007991: [reports] Graphs not centered (vboctor)
0010403: [reports] The legend on JPGraph graphs overlays the graph (vboctor)
0012159: [reports] By Developer, By Reporter and By date graph problems (vboctor)
0012384: [reports] Graph text being truncated (vboctor)
0012483: [reports] Jp graph not dispalying (vboctor)
0012725: [reports] Solution to "font file not readable/does not exist" seems not to work for JPGraph (vboctor)
0012825: [reports] Modern graphs using javascript graphing library (vboctor)
0012967: [reports] Category jpGraph not displayed (vboctor)
0013097: [reports] Graphs not working (vboctor)
0013160: [reports] Labels on x-axis in summary graphs too small and cropped (ezcLibrary) (vboctor)
0013879: [reports] Graph plugin uses hard coded font list; ignores any other (vboctor)
0014232: [reports] Advanced summary bad display (vboctor)
0015246: [reports] JPGraph 3.5.x anti aliasing error in Ubuntu (vboctor)
0017493: [reports] Graphs are not working out of the box (vboctor)
0021134: [relationships] Use of undefined constant when displaying relationship graphics (atrol)
0021177: [reports] Jpgraph doesn't work (vboctor)
0011671: [reports] 3 graphs couldnot display in the page of 'summary_jpgraph_page.php' (vboctor)
0017919: [ui] Modernize Mantis UI (syncguru)
0020286: [javascript] Missing JavaScript libraries (syncguru)
0020118: [ui] pen icon ancient (syncguru)
0020182: [custom fields] wrong field name for custom field parameter (syncguru)
0021130: [tagging] Usage of undefined function html_page_bottom (syncguru)
0021131: [signup] Usage of undefined functions in verify.php (vboctor)
0021214: [bugtracker] Update jQuery to 2.2.4 (community)
0021215: [bugtracker] Update FontAwesome to 4.6.3 (community)
0021216: [bugtracker] Upgrade Bootstrap to 3.3.6 (community)
0021217: [bugtracker] Use cross origin anonymous and check integrity when loading form CDN (community)
0021221: [ui] Fully localize drag and drop to attach (community)
0021220: [ui] Lost password form doesn't have labels or placeholder text (vboctor)
0021222: [ui] Drag and drop should honor 'allowed_files' config option (community)
0019590: [attachments] Attach via drag-and-drop (syncguru)
0021279: [administration] Fix error when going to Manage - Workflow Transitions and clicking update (vboctor)
41 issues View Issues
Released 2016-07-09
MantisBT 1.3.0 stable release
0021101: [bugtracker] Issues with emoji's are truncated before getting saved (dregad)
0020499: [feature] Compatibility with PHP 7 (dregad)
0021083: [mentions] Link to user page is not always displayed when using @ mentioning (dregad)
0021124: [administration] Creating/setting config options using adm_config_report.php is partially broken (dregad)
0021165: [ui] Using database configuration to enable gravatars does not work (vboctor)
0021136: [administration] Editing config option containing newline corrupts them by inserting <br> tags (dregad)
0021171: [ui] Change look & feel of links, borders and label background (atrol)
0021194: [administration] Partially hardcoded path for CSS-file (dregad)
8 issues View Issues
Released 2016-06-11
This second and last 1.3.x release candidate has 127 bug fixes and improvements. See blog post for more details -
0020772: [administration] Allow administrators to impersonate users (vboctor)
0009096: [tagging] Adding "tags" to $g_view_issues_page_columns does not work (vboctor)
0020783: [time tracking] Add category field to time tracking csv/Excel exports (community)
0020058: [customization] Updating config items in configuration report adds new ones (cproensa)
0009450: [tagging] Tagging possibility directly from "Report Issue" screen (vboctor)
0021057: [bugtracker] Update securimage to 3.6.4 (dregad)
0013048: [bugtracker] Login display in small part of the View issue page (cproensa)
0020372: [html] Inline error reports should not mess up non-HTML output (dregad)
0006009: [security] Cannot change password in second enter to verification page (cproensa)
0020686: [authentication] Make sure new users complete the registration process (cproensa)
0020547: [attachments] Attachments can't be uploaded after upgrade from 1.2 with MySQL in STRICT_ALL_TABLES sql_mode (dregad)
0020479: [db postgresql] Error 401 db_query bind params starts with $2 (dregad)
0020142: [performance] performance loading bug view with many attachments (community)
0020837: [mentions] Support @ mentions (vboctor)
0020787: [administration] Setting of arrays (complex type) in Configuration Page doesn't work (dregad)
       0020812: [administration] Setting of nested arrays in Configuration Page doesn't work (dregad)
       0020813: [administration] Setting Configuration Page of arrays with strings containing escaped quotes does not work (dregad)
       0020851: [administration] Configuration page parsing associative keys incorrectly (dregad)
       0020850: [administration] Configuration page parsing complex trims quotes incorrectly (dregad)
0020348: [sub-projects] Provide an option to disable sub-projects (vboctor)
0020352: [ui] bug_report_page.php is broken when 'attachments' field is hidden (dregad)
0020354: [code cleanup] Remove useless 'do_nothing' upgrade function (dregad)
0020355: [localization] Administrator e-mail has some HTML problem in the italian translation (dregad)
0020381: [administration] Administrator can disable their own account (vboctor)
0020382: [authorization] user_is_administrator() should not return true for disabled admins (vboctor)
0020383: [csv] Support notes as a column in View Issues, Print Issues, CSV and Excel (vboctor)
0020386: [custom fields] Required on resolve/close custom fields are not enforced (vboctor)
0020414: [preferences] Severities are missing from email preferences (dregad)
0020076: [bugtracker] auto_set_status_to_assigned is different in 1.3 (cproensa)
0020107: [administration] config report filter by option name doesnt work for some options (cproensa)
0020139: [performance] reduce print_subproject_option_list sql query count (cproensa)
0020357: [db schema] Admin checks for UTF-8 collation fail (dregad)
0020365: [db mysql] SYSTEM NOTICE: Undefined index with mysqli driver (dregad)
       0020467: [db mysql] Update ADOdb to 5.20.2 (dregad)
0020395: [ui] Edit Account window does not have required fields marked with red asterisk (dregad)
0020426: [administration] Admin checks detect 'utf8mb4' collation as non-UTF8 (dregad)
0020427: [administration] Admin checks should validate MySQL database default collation (dregad)
0020443: [installation] New 'api_token' table does not have standard options (dregad)
0020466: [administration] Admin Integrity checks are not operational (dregad)
0020470: [tools] TravisCI docbook broken (dregad)
0020471: [tools] Travis builds should always build docbook (dregad)
0020476: [code cleanup] gpc_get_int_array does not work for associative arrays (cproensa)
0020480: [code cleanup] Plugin filter fields throw warnings while rendering filter section (cproensa)
0020481: [filters] Plugin filter fields dont use dynamic filter expansion (cproensa)
0020523: [time tracking] Time tracking doesn't show project name in case of all project reports (vboctor)
0007932: [time tracking] Implement CSV and Excel export for billing report (vboctor)
0020256: [bugtracker] Don't show reopen button if status change is not allowed by workflow (cproensa)
0020258: [performance] Cache user data for my_view_page (cproensa)
0020371: [email] Email notifications are not sent to explicit users when notify flags are overridden in DB (vboctor)
0008779: [plug-ins] Need User life-cycle Events for plug-ins (vboctor)
0011279: [db postgresql] With PostgreSQL filtering for a date custom field yields to an error (dregad)
0011316: [feature] Allow to add mutliple user to monitor list (dregad)
0020075: [bugtracker] Error 1105 while changing bug status from bug_change_status_page.php (dregad)
0020141: [security] bugnote actions in view bug page should send data as POST (cproensa)
0020277: [security] CVE-2014-9759: SOAP API can be used to disclose confidential settings (atrol)
0020242: [performance] performance in manage project page with large user count (cproensa)
0020358: [localization] Admin language tests throw strange warnings (atrol)
0020403: [email] Email notifications are hard to troubleshoot (vboctor)
0020408: [bugtracker] show caller trace in file log (cproensa)
0020478: [code cleanup] bug_update.php: do not use strict type checking unless necessary (dregad)
0020531: [localization] Russian translation bulk update (dregad)
0020554: [bugtracker] Inline errors should provide detailed info about where they occured (dregad)
0020553: [installation] Fatal error in admin/index.php (dregad)
0020574: [code cleanup] user_set_fields() throws an error when called with an empty fields list (dregad)
0020600: [bugtracker] steps to reproduce / additional info view checks are inconsistent in view / print issue pages (vboctor)
0020643: [plug-ins] Plugin API should throw error when trying to register invalid or non-existent class (dregad)
0020644: [installation] Installer should only generate a message when processing SQL steps (dregad)
0020655: [time tracking] Time tracking date range is not defaulted correct on view issue page (vboctor)
0016834: [db oracle] Can't remove category because of CLOB in the query (dregad)
0017816: [ui] Manage - Manage Tags form is missing the 1 pixel horizontal separator (cproensa)
0019929: [bugtracker] Support 'due date' in group actions (community)
0020103: [custom fields] display custom field values overflows container (cproensa)
0020198: [administration] Deleting category should be blocked if category has issues associated with it (community)
0020641: [ui] When $g_show_avatar = OFF, no avatar should be displayed (vboctor)
0020646: [javascript] Failure to load scripts from "javascript" folder (community)
0020659: [time tracking] CSV export for time tracking doesn't handle unicode characters (vboctor)
0020710: [authorization] CSV/Excel export of due date doesn't check access level (community)
0020711: [bugtracker] Support default due date for submitted issues (community)
0020712: [csv] CSV/Excel export shouldn't output unset due dates as a date (community)
0020724: [tagging] Tags with description are handled incorrectly (vboctor)
0020725: [performance] Cannot delete attachment - says security token is bad (community)
0020749: [tagging] Show tag description when hovering over tag name in drop down (vboctor)
0020761: [code cleanup] Add new API functions to check+ensure that a category can be deleted (dregad)
0009093: [email] Add a configuration option to enforce email uniqueness (vboctor)
0013788: [plug-ins] Add EVENT_USER_DISPLAY_AVATAR to enable plugins to use LDAP and Social Networks (vboctor)
0020543: [authentication] Login using username or email address (vboctor)
0020642: [administration] Avatar settings should be moved to plugin config page (vboctor)
0020784: [signup] Signup item appears in lost_pwd_page when allow_signup is set OFF (community)
0020818: [upgrade] Upgrade unattended script fails (vboctor)
0016931: [code cleanup] PHPUnit tests for admin config functions (dregad)
       0016932: [code cleanup] Move functions defined in adm_config_set.php to a core API (dregad)
0018016: [performance] Decreasing performance when loading bug view with many notes (cproensa)
0020306: [printing] Print issue page shows issue history before notes (vboctor)
0020483: [db postgresql] Error 401 with PostgreSQL manage_user_page (cproensa)
0020694: [customization] Add configuration for auto-generated www link target (dregad)
0020806: [email] Email doesn't include 'Due Date' when enabled and is set (vboctor)
0020816: [authentication] user verification / password reset allows setting of empty password (dregad)
0020817: [preferences] account update issue, when updating several user fields on same form (dregad)
0020854: [performance] Plugin columns are always called to cache, even if not visible. (cproensa)
0020857: [email] Add tags to email notifications when set (vboctor)
0020865: [bugtracker] 'Content Encoding Error' when errors occur before compress handler is started (dregad)
0020867: [administration] Edit Category Page fails when default user is deleted (vboctor)
0020876: [email] Email notifications for category owners (community)
0020894: [db postgresql] APPLICATION ERROR 401 @ user_edit_page when changing Accesslevel (dregad)
0020909: [ui] Do not add a space before version suffix (dregad)
0020910: [tools] Improve TravisCi builds performance (dregad)
0006282: [documentation] $g_max_file_size detailed twice in manual for some reason - is something missing? (atrol)
0011827: [documentation] Documentation states PHP 5.2.0 as sufficent but used ezComponents needs 5.2.1 (atrol)
0020465: [db schema] Reduce size of username and email fields to allow utf8mb4 charset (dregad)
0020472: [installation] New 'api_token' table columns are not defined in standard way (dregad)
0020660: [csv] CSV export for issues from View Issues page doesn't handle unicode characters (vboctor)
0020679: [feature] Enhance the logging to show email addresses being sent to (dregad)
0020684: [email] Possible regression caused by changed $g_debug_email handling (vboctor)
0020727: [timeline] Error 1100 (issue not found) in my_view_page (dregad)
0020866: [filters] Plugin Filters: Data Type mismatch. (cproensa)
0020880: [documentation] Improve documentation: Admin Guide > Configuration (dregad)
0020897: [email] User's access level in bugnotes displayed as '@0@' in email notifications (atrol)
0020943: [bugtracker] Account menu missing from API tokens manage page (cproensa)
0020964: [custom fields] custom field Checkbox type, label can be separated from check input (cproensa)
0021030: [sponsorships] Error 1704 assigning a sponsored after sponsorship has been turned off (dregad)
0021055: [bugtracker] Update ADOdb to 5.20.4 (dregad)
0021056: [bugtracker] Update PHPMsailer to 5.2.15 (dregad)
0021058: [bugtracker] Update disposable email checker to 2.1.1 (dregad)
0021059: [bugtracker] Update jQuery to v1.12.4 (dregad)
0021082: [documentation] Update ERD diagram to reflect recent changes (dregad)
0021087: [documentation] Document replacement of $g_page_title config by $g_top_include_page (dregad)
0021090: [security] CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php (dregad)
127 issues View Issues
Released 2015-12-05
MantisBT 1.3.0-rc.1 is the first release candidate for 1.3.0 release. It includes few features and a lot of fixes.

- API Tokens - Users can now generate tokens to use when connecting via SOAP API rather than having to use their username and password.
- Improved email notifications for scenarios like issue unassigned or re-assigned.
- Refreshed all dependencies
- Misc. bug fixes
0019374: [installation] Install with mysqli driver triggers warning when generating SQL (dregad)
0019635: [db mysql] Update ADOdb to 5.20 (dregad)
0020217: [plug-ins] MantisGraph: dont show links for users without access level (cproensa)
0017766: [api soap] Access Tokens instead of Passwords (vboctor)
0020214: [documentation] Wrong event names in developers guide (atrol)
0020074: [db mssql] ADODB_FETCH_MODE global is not properly set by database_api.php (dregad)
0016771: [administration] workflow configuration (dregad)
0019978: [filters] Values not preserved on filter page (cproensa)
0020298: [timeline] some events in timeline appears in reverse order (cproensa)
0020321: [email] Re-assigned issues don't trigger 'owner' notifications (vboctor)
0020080: [filters] AJAX for 'Match type' and 'Highlight changed' filters doesn't work (dregad)
0020083: [custom fields] Extra quotation mark in custom field checkboxes (vboctor)
0020084: [plug-ins] EVENT_LAYOUT_BODY_END should fire after loading JS libraries (dregad)
0020088: [javascript] slow hiding of project-selector, filters (dregad)
0006847: [administration] wrong set_overrides() calling (dregad)
0019508: [javascript] Regression when using MantisBT in a browser where JavaScript is disabled (dregad)
0019731: [email] Notify user when they are unassigned a bug (vboctor)
0019970: [administration] Status to which reopened issues are set drops to 'feedback' (dregad)
0020068: [customization] No color applied to status enums with spaces in status values (dregad)
0020081: [javascript] Moving JS to bottom is causing 'ReferenceError: jQuery is not defined' errors (dregad)
0020087: [filters] Filter by "Fixed in Version" throws error (dregad)
0020082: [custom fields] Invalid query error when updating an issue (vboctor)
0020096: [html] manage_custom_field_edit_page inconsistent form header style (dregad)
0020105: [filters] Filter by "Match Type" throws error (dregad)
0020196: [custom fields] Invalid query on issue update due to custom field (vboctor)
0020197: [administration] 'default_category_for_moves' should support database config (vboctor)
0020241: [ui] In Workflow Transitions page, the Delete button's label is truncated at 1st word (dregad)
0020322: [email] Email on 'updated' action is missing from email notifications config page (vboctor)
0020326: [installation] PHP notice when converting tokens from php seralized to json (dregad)
0020327: [signup] Update securimage captcha library to 3.6.2 (dregad)
0020328: [email] Update Mailer to 5.2.14 (dregad)
31 issues View Issues
The beta 3 release with a bunch of performance and functional fixes and improvements.
0019992: [administration] Default page for Manage config submenu should be "Permissions Report" (dregad)
0019589: [attachments] Support adding a note + attachment in one step (vboctor)
0019945: [timeline] Timeline should take selected project into consideration (vboctor)
0019932: [performance] Load jquery from CDN (vboctor)
0019636: [signup] Update securimage captcha library to 3.5.4 (dregad)
0020002: [custom fields] Custom field value may not be purged (vboctor)
0013285: [performance] Move script inclusions from HEAD to document footer (syncguru)
0012544: [ldap] LDAP unavailability causes severe performance problems (dregad)
0017275: [email] email matching within Mantis should follow html5 standard (dregad)
0017279: [email] Email addresses validation and parsing is not consistent (dregad)
0017280: [email] Email address validation function strips characters (dregad)
0017717: [email] Update phpmailer to 5.2.9 (dregad)
0019575: [ui] Fix layout of Send Reminders page (dregad)
0019576: [security] Allow admins to disable Content Security Policy (dregad)
0019628: [email] Improve logging for email validation (dregad)
0019637: [db oracle] Checking for DB field's existence fails on Oracle (dregad)
0003874: [bugtracker] default view state for projects (vboctor)
0019638: [filters] Filtering by users throws error (dregad)
0017460: [email] Email notifications are sent in batches (dregad)
0017805: [installation] New installation page is broken if config file exists but database is not yet created (dregad)
0018015: [timeline] Refactor history_api to build timeline more efficiently (vboctor)
0019542: [custom fields] Support multi-line default values for memo fields (vboctor)
0019573: [other] Status legend on "My View" page should not depend on last used filter (dregad)
0019574: [bugtracker] Edited Issue's handler is set to blank when user has been demoted (dregad)
0019583: [documentation] Add $g_crypto_master_salt to sample config file (dregad)
0019629: [bugtracker] Error handler should catch all known PHP error types (dregad)
0019634: [custom fields] Users without write access to required custom field can't update issue (vboctor)
0019648: [authorization] Access denied when reporter re-opens an issue (vboctor)
0019649: [code cleanup] change_type is set to "close" when re-opening issues (vboctor)
0019657: [customization] Email notifications page sets default_notify_flags max threshold to 0 and min to 100 (vboctor)
0019660: [roadmap] Completed tasks are shown in sans serif typeface on the roadmap page (dregad)
0019670: [filters] View Issues page fails when a custom field is used for filtering and sorting (vboctor)
0019676: [installation] PHP notice in installer when system can't connect as admin (dregad)
0019683: [attachments] Support attaching multiple files with same name (vboctor)
0019685: [scripting] Upgrade jQuery to v1.11.3 and jQueryUI to v1.11.4 (dregad)
0019687: [code cleanup] Removed unused libraries (dregad)
0019688: [code cleanup] Update ez/Zeta Components to latest version (dregad)
0019689: [email] Update disposable e-mail checker to the latest version (dregad)
0019725: [bugtracker] bug_actiongroup_page.php does not display legend when position = BOTH (dregad)
0019726: [code cleanup] Deprecate db_query_bound(), use db_query() instead (dregad)
0019797: [administration] No users listed when using option "Hide inactive" option of manage user page (dregad)
0019838: [roadmap] Links broken on roadmap page (dregad)
0019971: [other] Misprint in strings_english.txt (atrol)
0019979: [ui] Wrong alignment on "Summary" page (atrol)
0019993: [administration] Remove link on "Manage Configuration" menu item (dregad)
0006198: [customization] Comment of custom_function_default_enum_released_versions is error (atrol)
0018048: [documentation] Installation manual refers to non existent admin/check.php (atrol)
0019881: [bugtracker] config_flush_cache() doesn't properly clean the cache (dregad)
0019900: [attachments] move attachments from db to disk very slow (dregad)
0019916: [filters] View Issues page fails when filtering custom fields (dregad)
0019927: [reports] Wrong datatype in excel XML export (vboctor)
0019943: [ui] Buggy calendar in due date (atrol)
0019984: [localization] Hardcoded strings in bug_update.php and bug_api.php (vboctor)
0020015: [documentation] Wrong variable name in administrators guide for phpMailer method (atrol)
0020016: [documentation] Documentation contains information for obsoleted option administrator_email (atrol)
0020028: [ui] In view.php, the in "Attached Files" label is not aligned with other labels (dregad)
0020042: [email] Wrong character counting in localized e-mails (atrol)
0020053: [email] Email validation fails when user email has a space (vboctor)
0020078: [custom fields] Hyperlink custom field names on manage project page (vboctor)
59 issues View Issues
0017958: [bugtracker] Disable admin_checks if admin folder doesn't exist (vboctor)
0009315: [db mssql] admin/install.php fails because of wrong ALTER TABLE (dregad)
0011524: [db mssql] 1.2.0rc2 with MS SQL not installable (dregad)
0019271: [authorization] Reporter can't re-open or close issues even if they have access (vboctor)
0019459: [email] Support disable all issue notifications via user preferences (vboctor)
0019264: [bugtracker] Handling single category case (vboctor)
0019269: [email] Account Updated email has formatting error (vboctor)
0019351: [bugtracker] Switching projects changes current page to My View page (vboctor)
0019471: [custom fields] Bug copy doesn't copy text area custom fields (vboctor)
0019472: [time tracking] Date range selector is disabled on view issue and time tracking pages (vboctor)
0019473: [time tracking] Time tracking selector doesn't maintain dates (vboctor)
0019475: [email] Administrators should be able to bypass allow_blank_email = OFF (vboctor)
0017959: [upgrade] Upgrade unattended produces a warning (vboctor)
0019501: [roadmap] The progress bar in Roadmap is broken (dregad)
0017751: [bugtracker] Timezone selection list does not include 'UTC' (dregad)
0017944: [performance] Regression from 1.2.x: slow performance when editing issues (vboctor)
0017964: [documentation] Documentation - minor typographical error. (dregad)
0017747: [installation] Timezone errors during install (dregad)
0017965: [reports] "Print Issues" link should be removed from summary page (vboctor)
0017966: [performance] My View Page takes about 5s to load (vboctor)
0017978: [administration] 'Manage Global Profiles' page errors out when disabled (vboctor)
0008657: [api soap] SOAP API support for custom filters (community)
0009742: [db mssql] Unable to install Mantis 1.1.2 with MS SQL (dregad)
0017782: [plug-ins] New Event: EVENT_MANAGE_VERSION_DELETE (vboctor)
0017918: [timeline] "More Events" Hyperlink in Timeline is not working (syncguru)
0017980: [administration] manage_user_page php error due to time user creation time in the future (dregad)
0018034: [timeline] Number of events in timeline is sometimes less than 50 (dregad)
0018035: [timeline] Timeline "More events" link should only appear when necessary (dregad)
0018051: [documentation] config_inc.php.sample should reflect the defaults (db_username and db_type) (dregad)
0019258: [custom fields] Custom fields of type date are disabled in filter (syncguru)
0019265: [custom fields] Assign-To fails when there is a custom field that is required on update (vboctor)
0019273: [security] CVE-2014-9572: Improper Access Control in install.php (dregad)
0019274: [security] CVE-2014-9571: XSS in install.php (dregad)
0019275: [security] CVE-2015-1042: URL redirection issue (dregad)
0019277: [security] CVE-2014-9573: SQL Injection in manage_user_page.php (dregad)
0019288: [timeline] Detaching a tag is displayed as adding a tag in timeline (dregad)
0019299: [reports] Summary page has "by category" and "by severity" labels swapped (vboctor)
0019352: [timeline] In Timeline, tags should hyperlink to Tag Details page (dregad)
0019368: [custom fields] custom field (type: float) default value not work. (atrol)
0019470: [administration] Search in Manage User should also match real names (vboctor)
0009541: [db mssql] Installation with MS SQL and odbc (odbc_mssql) (dregad)
0010218: [db mssql] Error message: APPLICATION ERROR 0000401 (dregad)
0010742: [db mssql] Database query failed. Error received from database was 0000206: Operand type clash: int is incompatible with text for the query (dregad)
0013250: [db mssql] Can't submit new issue, it will appear "APPLICATION ERROR #1100" "Bug 0 not found" (dregad)
0013905: [db mssql] Application Error 0000401 on summary_page.php (dregad)
0013906: [db mssql] Application error on manage_proj_edit_page.php (dregad)
0012674: [db mssql] APPLICATION ERROR 0000401 on manage_user_edit_page.php and other occasions (dregad)
0016977: [db mssql] Brand new database installation fails due to script errors (dregad)
0016978: [db mssql] Dependency error in MS SQL creation script (dregad)
0012908: [security] PHP remote code execution in install.php (dregad)
0014395: [db mssql] Critical Failure when Assigning Tags to Multiple Issues at Once (dregad)
0016256: [db mssql] Windows authentication failing with mssqlnative (dregad)
0016263: [db mssql] Login Failures Post Installation (dregad)
0019500: [installation] When an Update Function step fails during upgrade, installer prints 'Array' (dregad)
0019504: [security] CVE-2014-9701: XSS vulnerability in permalink_page.php (dregad)
55 issues View Issues
First beta version for 1.3.0 release.
0017752: [bugtracker] Auto-refresh shouldn't update last visited (vboctor)
0010059: [relationships] Default resolution to "duplicate" if "duplicate_of" relationship exists (dhx)
0017360: [plug-ins] Prevent loading of jQuery related plugins (dregad)
0016477: [security] Redirect user to change password if logged in with default admin password (vboctor)
0006626: [custom fields] Support "Memo" custom field type (daryn)
0017837: [bugtracker] Add new 'DEPRECATED' error type (dregad)
0012881: [security] Add support for Strict-Transport-Security header (dhx)
0011600: [html] Bugnote direct links include mismatched parenthesis (dhx)
0015653: [bugtracker] APPLICATION ERROR 1303 when trying to reopen an issue (dregad)
0011898: [html] Hyperlink issue summaries on my_view_page (dhx)
0021086: [customization] Replacement of $g_page_title config by $g_top_include_page (dregad)
0016471: [html] Use CSS to set alternating colors in HTML tables (grangeway)
0008017: [administration] Increase the size of the username field (dregad)
0016917: [customization] Manage Configuration Complex Type fails when array is terminated with a semi-color (vboctor)
0012245: [javascript] Remove extended project browser feature (dhx)
0016565: [authentication] Implement new captcha library (grangeway)
       0008129: [signup] Alternative to captchas (grangeway)
       0008462: [feature] Captcha will benefit supporting other than jpeg format (grangeway)
       0008796: [other] The letters in the catchpa on account creation page are too small (grangeway)
       0010028: [security] Registrations by bots via captcha exploit (grangeway)
       0010972: [signup] openbase_dir breaks captcha generation (grangeway)
       0010976: [bugtracker] Remove instances of pass-by-reference (deprecated in PHP 5.3.0) (dregad)
0014679: [security] Support Content-Security-Policy (CSP) per W3C specification (dregad)
0017186: [mobile] Remove $g_mantistouch_url in favor of MantisTouchRedirect plugin (vboctor)
0016871: [email] Email notifications are sent with extra blank lines (vboctor)
0017246: [custom fields] Date custom fields can't store dates pre-1970 (vboctor)
0017832: [ui] Send Reminders page layout is not right (syncguru)
0017277: [email] Allow use of wildcards when limiting email domain names (grangeway)
0017382: [security] install.php: do not send the value of crypto_master_salt over http (grangeway)
0017441: [other] PHP Notice generated by logging api (dregad)
0017384: [localization] Remove unused twitter language strings (dregad)
0013713: [bugtracker] Upgrade ADOdb library to latest version (dregad)
       0013438: [db oracle] adodb: Fatal error: Call to a member function FetchRow() on a non-object (dregad)
             0013433: [db oracle] Error ORA-00904: "PROTECTED": invalid identifier for the query (dregad)
             0007644: [db oracle] Problems when creating the Mantis database schema on Oracle (dregad)
       0012837: [db postgresql] Download Attachment doesn't work; Get some header information or Jabber (dregad)
       0012150: [db oracle] Mantis 1.2.1 Install Error using Oracle db (dregad)
0013227: [db oracle] Oracle DB support multiple issues (dregad)
       0007644: [db oracle] Problems when creating the Mantis database schema on Oracle (dregad)
       0010996: [db oracle] Cant use Mantis with oracle9 - var binding fails (dregad)
       0006853: [db oracle] Instalation in oracle Database ... (dregad)
       0011014: [db oracle] Database creation SQL scripts may be more handy (dregad)
       0011265: [db oracle] Array results from Oracle have uppercase keys (dregad)
       0011270: [db oracle] db_insert_id is wrong for Oracle (dregad)
       0012151: [db oracle] Oracle database_api.php fatal error on install (dregad)
       0012478: [db oracle] Installation with Oracle fails (dregad)
       0016351: [db oracle] DB creation failed with ORA-01031 (dregad)
       0011276: [db oracle] db_param sometimes creating duplicate (dregad)
       0012152: [db oracle] Indexes already created (dregad)
       0010437: [change log] APPLICATION WARNING #403: Database field "description" not found. (dregad)
       0006895: [db oracle] install mantis with oracle (driver oci8) (dregad)
       0007185: [db oracle] Empty string incompatibility mysql/oracle (dregad)
       0007246: [db oracle] Not possible to use singup functionality (dregad)
       0007935: [db oracle] Problem with install / connexion / filtre (dregad)
       0008686: [db oracle] Pb on : "Attempting to connect to database as admin" (dregad)
       0012267: [db oracle] Custom Field Title and Value render as '@', $t_custom_field, '@'; in Oracle (dregad)
       0016330: [db oracle] html_status_percentage_legend() causes error ORA-00923 (dregad)
       0016331: [db oracle] Attaching file causes ORA-01400: cannot insert NULL into BLOB column (dregad)
       0016336: [db oracle] File attachment to DB fails when file bigger than 4000 bytes on Oracle (dregad)
       0007126: [db oracle] For the execution of Mantis in Oracle 8i, 9i (dregad)
       0015426: [db oracle] GetRowAssoc fails with Oracle DB (dregad)
       0010490: [db oracle] Some queries don't work due to the use of "AS" in table alias
0010747: [time tracking] User summary enhancement for billing page
0017783: [plug-ins] New Event: EVENT_MANAGE_PROJECT_DELETE (vboctor)
0017397: [timeline] Add timeline to My View page (vboctor)
0017913: [timeline] Hyperlinks in Timeline are not working (dregad)
0017971: [ui] anchor tags don't closed (dregad)
0011290: [feature] Create Clone access to reporters (dregad)
0016444: [api soap] Remove nusoap in favor of native php soap extension (vboctor)
0017012: [installation] Quotes not escaped on install (dregad)
0015678: [filters] Bad performance when filtering and using match type "Any Condition" (dregad)
0016411: [administration] On workflow thresholds page, changes in 'who can alter' are not color-highlighted (dregad)
0016412: [administration] 'delete specific settings' button should only be displayed when there are changes to delete (dregad)
0016462: [bugtracker] Priority column header is always displayed as "P" (dregad)
0016463: [bugtracker] Sort order defaults to descending (dregad)
0012632: [signup] Signup with empty username and e-mail is possible when display_errors[E_USER_ERROR] = 'inline' (dregad)
0016025: [html] Change pages' doctype to HTML5 (dregad)
0016026: [feature] Use the 'Default project' when reporting a new bug (dregad)
0016059: [bugtracker] System should warn users when debug settings are enabled (dregad)
0016061: [administration] Enable bitwise operations to set log levels (dregad)
0016062: [code cleanup] Defining new constants to replace hardcoded strings (dregad)
0009701: [installation] Install/upgrade shouldn't need admin user when DB already exists (dregad)
0015205: [installation] Installer should ask admin for the default timezone to use (dregad)
0016468: [html] Box "assigned" will not be shown if empty (dregad)
0016029: [preferences] Impossible to copy columns to/from a subproject when parent is selected (dregad)
0016357: [installation] install.php: Retry overwrites database password (dregad)
0007632: [installation] Create operational database user at time of installation (dregad)
0007635: [installation] Install script can't get MySQL version if database user doesn't exist or doesn't have access privileges (dregad)
0013937: [filters] Versions and Categories from existing filter not preselected when editing it (dregad)
0016568: [html] Remove vendor specific CSS for rounded corners (atrol)
0016810: [customization] $s_os in custom_strings_inc.php partially ignored (atrol)
0007737: [filters] Changed(hrs) filter (dregad)
0010912: [installation] Move code from admin/install.php to a new API file within core (and make plugins also use this API) (dhx)
0016554: [bugtracker] Project privacy change from public to to private kicks manager out (dregad)
0016584: [filters] Error when query bug by custom-field (date) in postgresql (dregad)
0016849: [attachments] Drop FTP support (vboctor)
0016891: [email] Update DisposableEmailChecker to v2 and change to submodule (vboctor)
0016941: [db mysql] Change default db type from mysql to mysqli (dregad)
0016970: [localization] Hardcoded file size unit 'k' (dregad)
0016951: [localization] String 'Due date was' is hardcoded into core files (dregad)
0016969: [administration] Missing check for db_table_plugin_prefix in admin checks (dregad)
0017117: [localization] Plugin description translation not displayed (dregad)
0007179: [db oracle] limit selection required for oracle (probleme viewed at the page my_view_page.php) (dregad)
0007190: [db oracle] error in filter_api with date filter (dregad)
0009314: [db mssql] ADODB GetRowAssoc does not work (dregad)
0011549: [installation] PHP include_path change restriction (dregad)
0015427: [db mssql] Deploy mantis with MSSQL and UTF8 (dregad)
0016446: [api soap] Merge MantisConnect configs into MantisBT standard configs (vboctor)
0016850: [customization] Add config folder for customization files (vboctor)
0017176: [html] Add the possibility to define the x-ua-compatible meta (dregad)
0017184: [api soap] Anonymous authentication to soap api (vboctor)
0017185: [api soap] Read-only access via soap api should be available to VIEWER level (vboctor)
0017233: [api soap] Fix the license in the SOAP API file headers (vboctor)
0010488: [db oracle] Inserting strings > 4000 Bytes not working -> direct file upload and email (dregad)
0012248: [db postgresql] Problem updating from 1.1.8 to 1.2.0 (dregad)
0015699: [db postgresql] Upgrade 1.2.10 to 1.2.14 Issues (dregad)
0016392: [db postgresql] Bool columns in pgsql system created before MantisBT 1.1.0 have smallint type in DB (dregad)
0014538: [security] plugins directory must be secured/fixed. (grangeway)
0017377: [code cleanup] Reduce unneeded global Variables: g_libraries_included (grangeway)
0017370: [bugtracker] Roadmap+Changelog display "0" instead of project name in error message (dregad)
0017378: [code cleanup] Reduce unneeded global Variables: g_api_included (grangeway)
0017381: [security] Provide additional random number generators (grangeway)
0017385: [administration] Removal of copy_fields utility (grangeway)
0015589: [db postgresql] Upgrade fails with postgresql (dregad)
0016878: [db mssql] Install triggers varchar to datetime conversion error on sql server 2008 (dregad)
0016975: [localization] Invalid enumeration string value displayed if localized value does not exist (dregad)
0017376: [performance] Perf: use sprintf over utf8_str_pad (dregad)
0017359: [plug-ins] Errors when loading a plugin's page when its dependencies are not met (dregad)
0017366: [plug-ins] Remove direct access to global variable in plugin.php (dregad)
0017368: [plug-ins] Provide plugin's basename in error messages (dregad)
0017380: [security] IIS: add web.config to deny access to config/ (grangeway)
0017411: [change log] Empty change log is confusing (vboctor)
0017412: [roadmap] Empty roadmap is confusing (vboctor)
0017520: [filters] "Project not found" error after deleting project (dregad)
0005466: [bugtracker] Changes are overwritten (dregad)
0002814: [feature] Prefix CSS class names (daryn)
0005037: [relationships] No more rel. graphs with PHP 4.3.10 and Win2K (grangeway)
0017501: [administration] Default $g_display_errors setting should reflect what an admin would want to use (dregad)
0005147: [filters] Suppress product version in filters too (daryn)
0006178: [reports] relationship graph is empty (grangeway)
0006447: [filters] The filter table columns shouldn't be used to divide the "Search/Filters" row at the bottom of the table. (daryn)
0006497: [filters] Setting view_filters to ADVANCED_ONLY or SIMPLE_ONLY only takes into effect after changing a filter (daryn)
0006620: [reports] Relationgraph is not displayed (grangeway)
0006700: [filters] Inconsistent behavior on filter select box (daryn)
0008207: [sql] mantis_project_hierarchy_table allows duplicate rows (grangeway)
0008250: [administration] Create Project - Show upload path defined in absolute_path_default_upload_folder (dhx)
0008276: [customization] When set a filter to a value different than the default, the color could be changed (atrol)
0009828: [bugtracker] Reopen issue access check is wrong (dhx)
0010226: [email] No email on 'update->assign' (dhx)
0010884: [customization] Make 'edit', 'delete', and 'make private' buttons on bugnotes independently configurable (dhx)
0010914: [code cleanup] Make db_get_table behave like plugin_table (dhx)
0011291: [attachments] Add support for Lighttpd's X-Sendfile method for sending attachments stored locally (dhx)
0011320: [administration] Provide a way to disable the raw configuration management (vboctor)
0011396: [feature] difference between closed and resolved (dhx)
0011404: [bugtracker] Record dropping of bug revisions in bug history (dhx)
0011405: [bugtracker] Add link to bugnote revisions under "Updated on" line (for bugnotes that have at least 1 edit) (dhx)
0011494: [bugtracker] Don't allow *_inc.php files to be called directly (dhx)
0011495: [bugtracker] Cannot move core, library and language directories out of wwwroot (dhx)
0011552: [bugtracker] No errors shown when actiongroup tag attaching fails (dhx)
0011554: [bugtracker] Status legend should react to current filter settings (dhx)
0011576: [administration] New and improved check.php for checking MantisBT installation settings/environment (dhx)
0011728: [attachments] Attachments error when downloading or viewing (dhx)
0011732: [integration] Remove built-in source code integration support (dhx)
0011738: [authentication] $g_session_key parameter is not working (dhx)
0011758: [feature] Adding a bug note should not change the status of the issue (dhx)
0011804: [security] allow_reporter_reopen lets reporter make any update, not just reopen (dhx)
0011893: [html] Patch: XHTML validity, semantics and styleability improvements (dhx)
0011896: [html] Remove [^] "open in new window" suffix from links (dhx)
0011897: [html] Refactor footer of pages using XHTML/CSS and allow user-specified copyright notice (dhx)
0011908: [html] CSS class names on View Issues page (patch) (dhx)
0011967: [plug-ins] Problems with EVENT_UPDATE_BUG (dhx)
0011995: [html] Add CSS IDs to html elements for styling and javascript access. (daryn)
0012085: [bugtracker] Deprecate $g_allow_close_immediately (dhx)
0012094: [bugtracker] ERROR_BUG_READ_ONLY_ACTION_DENIED is not obsolete but ERROR_BUG_RESOLVED_ACTION_DENIED is (dhx)
0012095: [bugtracker] bug_monitor_copy() should check users exist (dhx)
0012096: [feature] On marking an issue as a duplicate add the reporter and handler to the monitor list of the destination bug (dhx)
0012205: [bugtracker] Do not leave feedback status when the handler adds a note (dhx)
0012327: [filters] Enhance plugin filters to allow developers to specify the number of columns to use in the bug filter. (daryn)
0012509: [code cleanup] replacement for file_get_extension (dhx)
0012571: [db mssql] Some configuration options cannot be saved to MS SQL Server (fix attached) (grangeway)
0012696: [documentation] Typo error on the admin config fields page in documentation (dhx)
0012852: [customization] Customization per project are not handled correctly on my view page. (daryn)
0013236: [plug-ins] add event to print attachment (dregad)
0002609: [email] Support multiple valid e-mail domains. (grangeway)
0005245: [administration] Account profile contains Version, while report issue contains product build and OS Version (grangeway)
0007118: [bugtracker] Report Issue: attaching an oversized file raises wrong error message in bug_report.php/gpc_get (gpc_api.php) (grangeway)
0011802: [bugtracker] Update Product Version of multiple bugs (dregad)
0012620: [plug-ins] Plug-ins included through function (dhx)
0014112: [bugtracker] maximum execution time when uploading (grangeway)
0006444: [feature] "Add and edit category" button (dregad)
0012013: [plug-ins] Improvements for plugin ImportExportXml (and required core changes) (dregad)
0012541: [api soap] mc_issue_note_add function not honoring reporter data (vboctor)
0015869: [api soap] API call mc_login with valid LDAP user which is not in mantis DB -> result: login failed (vboctor)
0016610: [documentation] Suggestion for Admin Guide: Vars' default values on new line (dregad)
0017410: [time tracking] Time tracking information is not included in issue print page (vboctor)
0017455: [authentication] BASIC_AUTH does not work for SOAP requests (vboctor)
0017533: [customization] Adding assoc arrays via config page converts numbers to strings (vboctor)
0017809: [performance] Store config entries json encoded (grangeway)
0017825: [custom fields] Clarify separator that can be used to separate possible values (vboctor)
0008762: [feature] Incorrect categories sorting in the report issue. (vboctor)
0009260: [bugtracker] Manage Columns doesn't work per project (vboctor)
0010730: [security] Improve random number generation with openssl_random_pseudo_bytes (dhx)
0011981: [security] Do not allow to send a reminder on a private issue to users under threshold (dhx)
0012253: [feature] Graphviz Graph to display workflow - PATCH
0012368: [security] Remove input side XSS validation of user real names (dhx)
0012666: [html] Mantis uses Refresh: on IIS instead of Location: (dhx)
0013699: [customization] Changing columns for single projects (vboctor)
0014852: [installation] Installation fails during install with postgres as DB (dregad)
0016024: [security] When user reports an issue, the unpermitted project can be selected (dregad)
0017932: [javascript] CSP violation errors in view_all_bug_page.php (dregad)
0017851: [ui] view_user_page.php is not updated to new styles (vboctor)
0017834: [ui] Change button like links in filter box to buttons (syncguru)
0017815: [ui] Search user box is stretched out (syncguru)
0017830: [filters] Collapse filter box by default (vboctor)
0017831: [ui] View Issue page UI tweaks (syncguru)
0017912: [bugtracker] Summary submenu displays "\n" on the page (dregad)
0011826: [security] Remove all inline JavaScript from MantisBT (use external scripts instead) (dhx)
       0009117: [javascript] Please remove projax from mantis (dhx)
       0012631: [javascript] Replace old inline dynamic filter code with jQuery equivalent (dhx)
0017916: [ui] Login form is stretched on large resolutions (syncguru)
219 issues View Issues