Mantis Changelog

New in version 1.2.2

July 30th, 2010
  • MantisBT 1.2.2 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release.
  • Issue #11952 covers a security fix to the display of inline attachments, where “Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks”. See http://www.mantisbt.org/bugs/view.php?id=11952 for further details and information.
  • Also included with 1.2.2 are a range of translation updates, regression fixes, and bug fixes, including multiple SOAP API-related bugs and regressions.

New in version 1.2.0 (February 24th, 2010)

  • Converted the MantisBT Manual to Docbook format, and added a new Developer's Guide manual, both of which are compiled and included in every release
  • Implemented a plugin system with many plugins already released [2]
  • Global categories available to all projects, as well as project categories inheriting from parent projects to child projects; both are optional
  • Tracked change history for textarea fields (Description, etc) and bug notes
  • Customizable sets of columns for View Issues page and export formats
  • Combined simple and advanced views into a single, configurable view that allows selecting exactly what fields to show or hide
  • Improved roadmap and changelog pages, including version release dates, and permalinks to individual versions
  • Marking versions as obsolete to hide them from the roadmap and changelog
  • More configuration options for rebranding MantisBT installations
  • Improved support for PostgreSQL databases
  • Improved support for UTF-8 localizations and content
  • Implemented custom search providers for Firefox and Internet Explorer
  • Implemented localized timestamps using according to user-preferred timezones There have also been many improvements to the codebase beyond adding features:
  • Migrated to parameterised database queries throughout the codebase for both performance and security improvements
  • Added PHPDoc compatible documentation to all internal API's
  • Removed many hardcoded references to access levels and other enumerations, for improved customizability.
  • Migrated away from DATETIME fields to integer timestamps for timezone usage
  • All 3rd party code is now contained within the library/ path, including documentation on library versions and any patches applied
  • Initial support for MySQL 6 and PHP 5.3

New in version 1.2.0 RC1 (June 24th, 2009)

  • There are many new features added to 1.2.x, including:
  • Converted the MantisBT Manual to Docbook format, and added a new Developer's Guide manual, both of which are compiled and included in every release.
  • Implemented a plugin system with many plugins already released [2]
  • Global categories available to all projects, as well as project categories inheriting from parent projects to child projects; both are optional
  • Tracked change history for textarea fields (Description, etc) and bug notes
  • Customizable sets of columns for View Issues page and export formats
  • Improved roadmap and changelog pages, including version release dates, and permalinks to individual versions
  • Marking versions as obsolete to hide them from the roadmap and changelog
  • More configuration options for rebranding MantisBT installations
  • Improved support for PostgreSQL databases
  • Improved support for UTF-8 localizations and content
  • Implemented custom search providers for Firefox and Internet Explorer
  • Implemented localized timestamps using according to user-preferred timezones
  • There have also been many improvements to the codebase beyond adding features:
  • Migrated to parameterised database queries throughout the codebase for both performance and security improvements
  • Added PHPDoc compatible documentation to all internal API's
  • Removed many hardcoded references to access levels and other enumerations, for improved customizability.
  • Migrated away from DATETIME fields to integer timestamps for timezone usage
  • All 3rd party code is now contained within the library/ path, including documentation on library versions and any patches applied

New in version 1.1.8 (June 9th, 2009)

  • 0010570: [printing] Printing Bug does not work with configuration $g_show_view= SIMPLE_ONLY; (vboctor) - resolved.
  • 0010184: [custom fields] APPLICATION ERROR 0001303 when optional custom date field is left blank (jreese) - resolved.
  • 0010445: [other] Wrong copyright (siebrand) - resolved.
  • 0010448: [localization] Syntax error in polish translation (siebrand) - resolved.
  • 0010405: [localization] Arabic language and RTL (siebrand) - resolved.

New in version 1.1.5 (November 21st, 2008)

  • This release solves more issues relating to the security fixes introduced by 1.1.3, as well as various other minor bugs:
  • 0009713: [authentication] Users are unable to confirm registration (jreese).
  • 0009017: [bugtracker] SYSTEM WARNING implode() [function.implode]: Bad arguments. (jreese).
  • 0009738: [bugtracker] Browser caching should be enabled on bug_change_status_page.php (jreese).
  • 0009748: [bugtracker] Port 9737: bugnote_add.php contains undefined t_note_type (vboctor).
  • 0009754: [bugtracker] Failed to report issue (APPLICATION ERROR #2800) (jreese).
  • 0009714: [csv] Error message/warning, if HTTP_USER_AGENT is not set (jreese).
  • 0009808: [db mysql] Linking Sub-Projects to a project -> APPLICATION ERROR #200 (jreese).
  • 0009760: [other] Mantis checks $g_allow_browser_caching setting incorrectly (jreese).
  • 0009780: [tagging] Changing project in Tag Details view gives "APPLICATION ERROR #200" (jreese).
  • 0009803: [tagging] Tags field in filter should not be shown when user has no access to tags (jreese).

New in version 1.1.4 (October 24th, 2008)

  • We had to withdraw 1.1.3 because of a serious flaw affecting the bug_report* pages. This new release fixes that problem and a newly discovered security issue.

New in version 1.1.2 (October 14th, 2008)

  • 0008974: [security] XSS Vulnerability in filters (thraxisp) closed.
  • 0008975: [security] CSRF Vulnerabilities in user_create (jreese) closed.
  • 0008976: [security] Remote Code Execution in adm_config (giallu) closed.
  • 0009154: [security] arbitrary file inclusion through user preferences page (giallu) closed.
  • 0008123: [administration] Adding a user requires "$g_lost_password_feature = ON" (giallu) closed.
  • 0008924: [bugtracker] Port 8245: Target Version value lost in update issue page (giallu) closed.
  • 0008886: [change log] Change Log shows duplicate entries (jreese) closed.
  • 0008880: [db postgresql] Problem with date formatting in db_prepare_date function (giallu) closed.
  • 0009176: [db postgresql] Port 0008699: Get Time Tracking Information return a SQL query error (vboctor) closed.
  • 0009177: [filters] Port 0008916: Monitor by filter ignores show_monitor_list_threshold (vboctor) closed.
  • 0008830: [installation] set_time_limit() doesn't work in PHP safe mode (daryn) closed.
  • 0008858: [integration] DokuWiki integration: EMail notification on wiki page changes not working (vboctor) closed.
  • 0008774: [localization] Complete Hungarian retranslation (vboctor) closed.
  • 0009186: [localization] Port 0009046: French translation for $s_bug_assign_to_button (vboctor) closed.
  • 0009178: [other] Fix memleak in string api (vboctor) closed.
  • 0009208: [other] Several actions on bug update page lead into System Warning and App. Error (daryn) closed.
  • 0008931: [relationships] Circle Relations cause roadmap to malfunction (jreese) closed.
  • 0008853: [roadmap] Issue appears more than once in the Roadmap for a release. (jreese) closed.
  • 0007764: [scripting] APPLICATION WARNING #100: Configuration option 'category_enum_string' not found (vboctor) closed.
  • 0009183: [time tracking] Port 0008357: "Total time for issue" is shown even for users under threshold (vboctor) closed.
  • 0009184: [time tracking] Port 0008849: Emails ignore time tracking view threshold (vboctor) closed.
  • 0009185: [time tracking] Port 0008621: The expand icon is inverted for the Time tracking section (vboctor) closed.

New in version 1.2.0 Alpha 2 (October 14th, 2008)

  • 0008606: [api soap] Problem with categories (planser) - resolved.
  • 0009345: [documentation] Document PHP extensions required by Mantis (vboctor) - resolved.
  • 0009448: [plug-ins] Move the Freemind feature to a plugin (vboctor) - resolved.
  • 0009275: [bugtracker] Tags filter not filling into text field when selecting from list using Internet Explorer (jreese) - resolved.
  • 0008699: [db postgresql] Get Time Tracking Information return a SQL query error (grangeway) - resolved.
  • 0009247: [security] A reporter can update an incidence (jreese) - resolved.
  • 0009223: [bugtracker] auto-assigned in parent project categories doesn't work (jreese) - resolved.
  • 0008933: [documentation] Bad link in source code. (grangeway) - resolved.
  • 0009377: [installation] Installation: upgrade_list.php does not exist (grangeway) - resolved.
  • 0008761: [scripting] compress_handler called before defined (grangeway) - resolved.
  • 0003838: [webpage] HTML Beautification (rainmkr) - resolved.
  • 0006236: [db postgresql] Escaping error in PostgreSQL (grangeway) - resolved.
  • 0009461: [bugtracker] History of status changes broken (grangeway) - resolved.
  • 0009104: [filters] Last page of search results not showing because of error 401 (daryn) - resolved.
  • 0006796: [webpage] Webpages generated do not produce "Valid HTML" (grangeway) - resolved.
  • 0008908: [other] Incorrectl dropdown menu while $g_show_extended_project_browser is on (grangeway) - resolved.
  • 0009383: [webpage] Wrong URL directory path computed (CSS & images and JS not accessible) (grangeway) - resolved.
  • 0009251: [bugtracker] Issue history contains the '@' symbol as the old value when certain fields of the bug report are modified (grangeway) - resolved.
  • 0009266: [upgrade] webpath to the mantis installation is calculated wrong, if mantis is installed in the root directory of a webserver (grangeway) - resolved.
  • 0006235: [administration] Impossible to select a user with empty user name (grangeway) - resolved.
  • 0009060: [bugtracker] “Open and assigned to me:” and “Open and reported by me:” links on the “Main” page are incorrect. (grangeway) - resolved.
  • 0003786: [feature] deleting a category that is in use should issue a warning (jreese) - resolved.
  • 0008827: [localization] Some modifications in strings_french.txt (vboctor) - resolved.
  • 0009451: [tagging] Tags with single quotes and double quotes are escaped more than once (vboctor) - resolved.
  • 0008353: [tagging] Handling accentuated tags (giallu) - resolved.
  • 0008764: [security] Remove mantis version number from publicly searchable pages (grangeway) - resolved.
  • 0006731: [rss] Date not shown in RSS (grangeway) - resolved.
  • 0009100: [news] RSS Feeds do no include date posted (grangeway) - resolved.
  • 0009395: [bugtracker] Summary page generates incorrect filter links for categories (daryn) - resolved.
  • 0009392: [other] Remove ?> from the end of config_defaults_inc.php and config_inc.php to avoid errors due to blank lines (vboctor) - resolved.
  • 0009258: [api soap] Adding bug throws fault for undefined "due_date" field (vboctor) - resolved.
  • 0009043: [installation] Invalid link to login page after installation (bug + patch) (jreese) - resolved.
  • 0009387: [db postgresql] Cannot create new user (invalid input syntax for type boolean: "2") (jreese) - resolved.
  • 0009166: [graphs] JPGraph - Array keys Should be checked with isset() - especially when error reporting is E_ALL (grangeway) - resolved.
  • 0009187: [security] arbitrary file inclusion through user preferences page (giallu) - resolved.
  • 0009370: [documentation] User Documentation link is wrong (jreese) - resolved.
  • 0007953: [time tracking] Time Tracking assigment lost, when changing issue status without note text (daryn) - resolved.
  • 0009364: [administration] SYSTEM WARNING message received when deleting a project (jreese) - resolved.
  • 0009312: [integration] wiki integration and undefined function auth_is_user_authenticated (with patch) (jreese) - resolved.
  • 0009349: [bugtracker] Tagging/untagging an issue should update it's last modified date (vboctor) - resolved.
  • 0009348: [bugtracker] Monitoring/unmonitoring an issue should update it's last modified date (vboctor) - resolved.
  • 0009347: [bugtracker] Due Date should be disabled by default (vboctor) - resolved.
  • 0009332: [relationships] Remove auth_get_current_user_id from relationship_api.php (vboctor) - resolved.
  • 0009346: [bugtracker] Due Date is shown in history even if user doesn't have access to view due dates (vboctor) - resolved.
  • 0009322: [security] Port of 0009321: Users can get title and status of issues that they don't have access to. (vboctor) - resolved.
  • 0008372: [performance] Control Page Overload (grangeway) - resolved.
  • 0009138: [other] Submit Report doesn't work (grangeway) - resolved.
  • 0009288: [integration] Twitter updates don't show category correctly (always []) (vboctor) - resolved.
  • 0008192: [integration] Twitter message has wrong escaping for quotation marks (vboctor) - resolved.
  • 0009281: [localization] czech translation (vboctor) - resolved.
  • 0009285: [custom fields] bad named function in /core/excel_api.php file (vboctor) - resolved.
  • 0003241: [other] On Excel, no column headings display. (vboctor) - resolved.
  • 0009267: [plug-ins] URL for updating plugin settings is wrong. (jreese) - resolved.
  • 0009265: [plug-ins] Add an event to allow adding links to View Issues page (vboctor) - resolved.
  • 009237: [sql] When using g_limit_reporters produces SQL error for reporters (daryn) - resolved.
  • 0008849: [time tracking] Emails ignore time tracking view threshold (daryn) - resolved.
  • 0009228: [bugtracker] THIS INSTALLATION: sorting of notes does not work any more (jreese) - resolved.
  • 0008160: [filters] filter for notes (daryn) - resolved.
  • 0009099: [filters] using advanced filtering leads to APPLICATION ERROR 0000401 (daryn) - resolved.
  • 0008980: [security] Port: Remote Code Execution in adm_config (giallu) - resolved.
  • 0008977: [security] Port 0008974: XSS Vulnerability in filters (thraxisp) - resolved.
  • 0009170: [other] Fix for 0008981 (protection against multiple submissions) broken IE and Opera support (vboctor) - resolved.
  • 0008357: [time tracking] "Total time for issue" is shown even for users under threshold (daryn) - resolved.
  • 0008916: [filters] Monitor by filter ignores show_monitor_list_threshold (daryn) - resolved.
  • 0009141: [bugtracker] summary_page error when DB is empty (giallu) - resolved.
  • 0009133: [security] "APPLICATION ERROR #19" when switching project in revision 5250 (thraxisp) - resolved.
  • 0002963: [performance] manage_proj_edit_page executes more than 5000 queries (grangeway) - resolved.
  • 0008675: [db postgresql] Incorrect use of boolean in postgres 8.2.4 (grangeway) - resolved.
  • 0009115: [administration] Removing user's access to a private project doesn't work (vboctor) - resolved.
  • 0009040: [administration] Missing category_id column (vboctor) - resolved.
  • 0007508: [filters] Custom fields should have a additional flag, if they should be avaliable as filter or not. (daryn) - resolved.
  • 0009087: [change log] Renaming a version doesn't update the corresponding issue fields (jreese) - resolved.
  • 0009001: [change log] memory exhausted on changelog (giallu) - resolved.
  • 0008843: [time tracking] Ignores tracking_reporting_threshold (daryn) - resolved.
  • 0009094: [other] Insert page break between issues when exporting Microsoft Word DOC format (vboctor) - resolved.