| Server IP : 104.21.30.238 / Your IP : 216.73.216.153 Web Server : LiteSpeed System : Linux premium151.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64 User : tempvsty ( 647) PHP Version : 8.0.30 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /proc/thread-self/./root/var/softaculous/mantis/ |
Upload File : |
mantisbt - 2.27.2 Released 2025-11-01
Maintenance and security release addressing 4 vulnerabilities, fixing several bugs and including a few minor improvements, Many thanks to Harry Sintonen / Reversec for CVE-2025-47776 (GHSA-4v8w-gg5j-ph37), Mazen Mahmoud for CVE-2025-46556 (GHSA-r3jf-hm7q-qfw5), Chaitanya Reddy for CVE-2025-55155 (GHSA-q747-c74m-69pr) and d3vpoo1 for CVE-2025-62520 (GHSA-g582-8vwr-68h2).
0035906: [db schema] Update ADOdb to 5.22.10 (dregad)
0036540: [bugtracker] Introduce a maximum PHP version (dregad)
0035915: [administration] Updating a global config yields incorrect error message (dregad)
0035893: [security] CVE-2025-46556: Denial-of-Service (DoS) via Excessive Note Length (dregad)
0036164: [administration] Impossible to delete a global config defined in the database (dregad)
0035668: [api rest] can't change issue category to "no category" via rest api (dregad)
0036269: [bugtracker] Collapsed status for "Users monitoring" section is not persisted (dregad)
0036265: [feature] Search with collapsed filter section expands it (dregad)
0036263: [administration] Error editing categories with PostgreSQL: APPLICATION ERROR 401 (dregad)
0036515: [administration] Hardcoded role instead of config in access level check on Manage Columns page (dregad)
0036542: [bugtracker] When editing a bugnote, a newline is appended to the text (dregad)
0036512: [other] Access Denied page returns HTTP status 200 (dregad)
0035854: [tools] PHPUnit assertObjectHasAttribute() method is deprecated (dregad)
0035853: [tools] PHPUnit tests RestFiltersTest fail when anonymous access is disabled (dregad)
0035852: [api rest] REST API GET /filters throws deprecation warning on PHP 8.1 (dregad)
0036503: [bugtracker] Ability to change the default project of a user (dregad)
0036257: [bugtracker] Deleted notes not showing in bug history (dregad)
0036535: [code cleanup] Custom Field admin checks refactoring (dregad)
0021675: [ui] Incorrect positioning of "View Issue Details" when recalled from "Direct link to note" (dregad)
0035967: [authentication] CVE-2025-47776: Authentication bypass for some passwords due to PHP type juggling (dregad)
0036005: [security] CVE-2025-55155: Lack of verification when changing a user's email address (dregad)
0036502: [security] CVE-2025-62520: Ability to copy private project configurations (Columns) (atrol)
mantisbt - 2.27.1 Released 2025-03-01
Maintenance release, fixing a few regressions introduced with 2.27.0 as well as many other issues including improved PHP 8 compatibility.
0027960: [tools] Continuous Integration: moving off TravisCI (dregad)
0034503: [administration] t_admin_dir_is_accessible check is wrong (dregad)
0034826: [preferences] Error when clearing default profile (atrol)
0034828: [other] HTTP response code not set on errors when using FastCGI (dregad)
0034813: [bugtracker] Schema: Release marker missing (atrol)
0034845: [email] Update PHPMailer to 6.9.3 (dregad)
0034854: [administration] Error when creating global profiles (atrol)
0034887: [db mysql] MySQL version 9.0 and 9.1 are not defined in Admin Checks (dregad)
0034916: [db postgresql] PostgreSQL versions 16 and 17 are not defined in Admin Checks (dregad)
0034917: [administration] Admin check for Graphviz tools broken on Windows (atrol)
0034959: [api soap] Due date is deleted when the caller have no permission to modify it (community)
0035198: [performance] Caching language loading can be more efficient. (dregad)
0035011: [installation] tokenizer php module is required, but not checked for and not documented as such (dregad)
0035262: [localization] 'en-gb' language is not defined warning for Gravatar plugin (dregad)
0035248: [db postgresql] Postgresql Error - db_stats.php - relation "sql_parts" does not exist (dregad)
0035257: [db schema] Update ADOdb to 5.22.8 (dregad)
0035255: [plug-ins] Unknown named parameter $bug_id (dregad)
0006264: [administration] In manage_proj_edit_page.php, the "Project" popup at the top of the window is ignored (community)
0035431: [installation] When installing on mysql with log queries, SET NAMES=UTF8 is not logged (dregad)
0035307: [documentation] Improve documentation for $g_phpMailer_method (community)
0035312: [rss] RSS Builder PHP deprecation warnings on PHP 8.1+ (community)
0035314: [printing] Printed reports on the page in "doc" format includes javascript from the server (community)
0035322: [html] Incorrect absolute URL in the tab menu (community)
0035403: [html] The avatar.png is a big JPEG actually (community)
0035233: [api rest] REST API fail external authentication (community)
0035209: [plug-ins] An invalid plugin can cause errors in other plugins' files (dregad)
0035200: [ui] Plug-in listing error during the language test process. (dregad)
0035199: [performance] Improvement of the file_get_mime_type() function (community)
0035432: [bugtracker] Issue's last updated date is not modified when a note is deleted (dregad)
0035064: [administration] Constant error 500 after deleting user option on adm_config_report.php page. (dregad)
0035039: [reports] The GraphViz tool is almost impossible to customise for Windows (dregad)
0034783: [installation] Checking URL to installation is failing (dregad)
0035428: [code cleanup] Calling gpc_get_int() with null default throws deprecation warning on PHP 8.1 (dregad)
0035471: [ui] Incorrect styling of Plugin Filter Fields (dregad)
0035493: [ui] Inactive buttons of project navigation bar are not clickable (community)
0035302: [authentication] Deprecation warning in Securimage captcha with PHP 8.2 (dregad)
0035291: [filters] Filters including date custom fields don't work on PHP 8.0 (dregad)
0035180: [html] The MantisBT web interface must pass HTML validation (community)
0035179: [filters] Could not use plugins filters with "Permalink" (dregad)
0023593: [ui] Username does not fit in navbar user menu (community)
mantisbt - 2.27.0 Released 2024-09-29
Feature and maintenance release. Dropping support for PHP 7.3 and older, Markdown improvements including syntax highlighting for code blocks, Graphs improvements, code cleanup and bug fixes.
0022315: [markdown] Markdown converts " to " within code blocks and inline code (dregad)
0032808: [installation] Increase minimum PHP requirement to 7.4 (dregad)
0033373: [other] Update HTML Purifier to 4.17.0 (dregad)
0033521: [plug-ins] Project graph missing within MantisGraph (dregad)
0033842: [ui] Move buttons to Edit User section footer in Manage User Page (dregad)
0034042: [performance] MantisGraph: inefficient calculation of data sets for Issue Trends graph (dregad)
0033350: [email] Update PHPMailer to 6.9.1 (dregad)
0033007: [code cleanup] Remove deprecated and incorrect usage of Pragma: no-cache header (dregad)
0034139: [administration] Add OS information to SIte Information page (atrol)
0034379: [code cleanup] Modernizing Tests (partially tests/Mantis) (dregad)
0031017: [bugtracker] Allow disabling Categories (dregad)
0027004: [administration] Switch back from manage_user_edit_page to view_user_page (dregad)
0034041: [reports] MantisGraph: last resolved issue not computed in Issue Trends graph (dregad)
0033482: [bugtracker] Use config API to access allow_browser_cache (dregad)
0034040: [markdown] Markdown processing code cleanup (part 2) (community)
0033914: [code cleanup] Move timeline_inc.php from core to root directory (dregad)
0024628: [markdown] Double quotes " and lesser than sign < are shown as HTML entity within Markdown code blocks (dregad)
0024241: [markdown] $g_html_valid_tags are not rendered if Markdown is enabled (dregad)
0033623: [tools] Travis: switch to focal distribution for builds (dregad)
0022485: [markdown] Increase spacing before ``` blocks (community)
0033755: [tools] Enable Xdebug to facilitate PHPUnit tests troubleshooting (dregad)
0033774: [code cleanup] Refactor mc_project_api.php (dregad)
0034454: [other] Columns are offered in columns list without having access rights to them (atrol)
0034415: [markdown] Update Parsedown library to 1.7.4 (dregad)
0034463: [html] Wrong rendering of custom field names (atrol)
0034467: [ui] File attachment previews (drop zone) Remove button is not standard (dregad)
0026797: [administration] Add failed_login_count to user information (atrol)
0034455: [html] Wrong function used to format bug id (atrol)
0034459: [ui] Missing tooltip for bugnotes_count column (dregad)
0034456: [performance] Enhance performance of bug note formatting (atrol)
0024810: [markdown] Markdown links/code always show HTML entities for Ampersand and Less-than sign (dregad)
0023738: [markdown] Mantis issue links displayed as raw HTML in code block (dregad)
0022320: [markdown] Don't expand issue ids into URLs within code blocks (dregad)
0022231: [markdown] Fix unit tests for markdown (dregad)
0022181: [markdown] Markdown different rendering between inline code (single backtick) and ``` blocks (community)
0010289: [documentation] Admin Guide "Page Descriptions" pages have CR/LF problems (dregad)
0034609: [administration] Redundant config settings $g_dot_tool and $g_neato_tool (dregad)
0034616: [ui] Incorrect CSS class on Time Zone select field in Preferences page (community)
0034610: [reports] Poor error handling in relationship graphs generation (dregad)
0034611: [reports] Allow HTML-like labels in relationship graphs (dregad)
0034612: [ui] Error messages with newlines display <br> on CLI (dregad)
0034613: [bugtracker] Include additional details on Generic error message (dregad)
0034614: [code cleanup] Refactoring GraphViz API and Workflow Graph (dregad)
0033098: [tools] Ugrade to PHPUnit 9.6 and adapt test suite (dregad)
0032808: [installation] Increase minimum PHP requirement to 7.4 (dregad)
0034608: [administration] Workflow Graph display is difficult to read (dregad)
0034607: [administration] Incorrect Workflow Graph display if the status name contains a space (dregad)
0034498: [documentation] Clearer email queue guidance in Admin Guide (dregad)
0034464: [attachments] Improve display of file upload error messages (dropzone) (dregad)
0034124: [markdown] Add syntax highlighting to markdown codeblocks (community)
0034468: [code cleanup] Refactoring and cleaning up includes (dregad)
0033421: [api rest] Update Guzzle to 7.9.2 (dregad)
0027551: [attachments] Open attachment in a new tab/window (community)
mantisbt - 2.26.3 Released 2024-08-25
Maintenance release, fixing a couple regressions from 2.26.2 and a few other issues.
0034442: [html] Wrong display of some column titles on "View Issues" page (dregad)
0034461: [relationships] Relationship Graphs show/hide flag is not persistent (dregad)
0034462: [relationships] Truncated HTML entities shown in Relationship Graph nodes' Issue summary (dregad)
0034460: [filters] Sorting by "overdue" column does not work if "due_date" is not visible (dregad)
0025407: [api rest] Resetting version fields to empty is not possible (dregad)
0034458: [ui] Better icon for "overdue" column (dregad)
0034586: [api rest] REST API GET /filters/{ID} returns empty array when ID does not exist (dregad)
0034492: [code cleanup] Duplicated code in admin/check_api.php (dregad)
0034480: [db mysql] Using MySQL 8.4 gives warning in admin checks (dregad)
0034493: [api rest] REST API GET /issues endpoint returns HTML if given filter_id is not found (dregad)
0034571: [ldap] ldap_simulation_get_user() does not return null when given non-string username (dregad)
0034566: [administration] The "realname" field is cleared after a user is updated. (dregad)
0034526: [performance] Bad performance when editing a project having a lot of subprojects (community)
0034589: [code cleanup] CSP img-src has a duplicate 'self' value (dregad)
mantisbt - 2.26.2 Released 2024-05-11
Security and maintenance release addressing several vulnerabilities (CVE-2024-34077, CVE-2024-34080 and CVE-2024-34081; refer to the corresponding Issues for details). It also resolves a few PHP 8.x compatibility issues, as well as a few other bugs.
All installations are strongly advised to upgrade as soon as possible
0034432: [security] CVE-2024-34081: Unsanitised custom field names printed (dregad)
0033906: [bugtracker] Failed opening core.php in timeline_inc.php on PHP 8.2 / IIS (dregad)
0034008: [documentation] MantisGraph: document usage of EVENT_MANTISGRAPH_SUBMENU (dregad)
0034006: [code cleanup] MantisGraph: fix deprecated warnings in javascript (dregad)
0034393: [html] Incorrect handling of HTML hexadecimal character references &#xNNN; (dregad)
0034439: [code cleanup] Deprecated warning when updating Issue with null checkbox Custom Field (dregad)
0034441: [excel] Excel error when opening exported issues with custom field with special characters (dregad)
0034435: [bugtracker] Issue note links don't reflect if issue is resolved (vboctor)
0034434: [security] CVE-2024-34080: Don't hyperlink references to notes whose issues are not accessible to user (vboctor)
0034433: [security] CVE-2024-34077: Account Takeover in Password Reset and Account Registration Feature (dregad)
0034417: [security] Update corejs-typeahead.js library to 1.3.4 (dregad)
0034410: [api rest] REST API error reports incorrect field "version" when updating fixed in / target version with invalid value (dregad)
0034399: [other] Internal server error on view_user_page (atrol)
0012956: [bugtracker] Target Version does not respect GET or POST value when reporting issue (dregad)
0034404: [bugtracker] Proceed button is shown twice when redirecting with pending errors (dregad)
0034359: [api rest] REST API: "String not found" warning when adding note with invalid view_state (dregad)
0034348: [api rest] Adding issue note with REST API returns HTTP 500 when given view_state is invalid (dregad)
0034018: [filters] Filter "assigned to" and "monitor by" shows <br /> between the users when selecting multiple (advanced filtering) (dregad)
0034106: [code cleanup] Deprecated creation of dynamic properties in BugData class (dregad)