July 30th, 2010· MantisBT 1.2.2 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release.
· Issue #11952 covers a security fix to the display of inline attachments, where “Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks”. See http://www.mantisbt.org/bugs/view.php?id=11952 for further details and information.
· Also included with 1.2.2 are a range of translation updates, regression fixes, and bug fixes, including multiple SOAP API-related bugs and regressions.
February 24th, 2010· Converted the MantisBT Manual to Docbook format, and added a new Developer's Guide manual, both of which are compiled and included in every release
· Implemented a plugin system with many plugins already released [2]
· Global categories available to all projects, as well as project categories inheriting from parent projects to child projects; both are optional
· Tracked change history for textarea fields (Description, etc) and bug notes
· Customizable sets of columns for View Issues page and export formats
· Combined simple and advanced views into a single, configurable view that allows selecting exactly what fields to show or hide
· Improved roadmap and changelog pages, including version release dates, and permalinks to individual versions
· Marking versions as obsolete to hide them from the roadmap and changelog
· More configuration options for rebranding MantisBT installations
· Improved support for PostgreSQL databases
· Improved support for UTF-8 localizations and content
· Implemented custom search providers for Firefox and Internet Explorer
Implemented localized timestamps using according to user-preferred timezones There have also been many improvements to the codebase beyond adding features:
· Migrated to parameterised database queries throughout the codebase for both performance and security improvements
· Added PHPDoc compatible documentation to all internal API's
· Removed many hardcoded references to access levels and other enumerations, for improved customizability.
· Migrated away from DATETIME fields to integer timestamps for timezone usage
· All 3rd party code is now contained within the library/ path, including documentation on library versions and any patches applied
· Initial support for MySQL 6 and PHP 5.3
June 24th, 2009There are many new features added to 1.2.x, including:
· Converted the MantisBT Manual to Docbook format, and added a new Developer's Guide manual, both of which are compiled and included in every release.
· Implemented a plugin system with many plugins already released [2]
· Global categories available to all projects, as well as project categories inheriting from parent projects to child projects; both are optional
· Tracked change history for textarea fields (Description, etc) and bug notes
· Customizable sets of columns for View Issues page and export formats
· Improved roadmap and changelog pages, including version release dates, and permalinks to individual versions
· Marking versions as obsolete to hide them from the roadmap and changelog
· More configuration options for rebranding MantisBT installations
· Improved support for PostgreSQL databases
· Improved support for UTF-8 localizations and content
· Implemented custom search providers for Firefox and Internet Explorer
· Implemented localized timestamps using according to user-preferred timezones
There have also been many improvements to the codebase beyond adding features:
· Migrated to parameterised database queries throughout the codebase for both performance and security improvements
· Added PHPDoc compatible documentation to all internal API's
· Removed many hardcoded references to access levels and other enumerations, for improved customizability.
· Migrated away from DATETIME fields to integer timestamps for timezone usage
· All 3rd party code is now contained within the library/ path, including documentation on library versions and any patches applied
June 9th, 2009· 0010570: [printing] Printing Bug does not work with configuration $g_show_view= SIMPLE_ONLY; (vboctor) - resolved.
· 0010184: [custom fields] APPLICATION ERROR 0001303 when optional custom date field is left blank (jreese) - resolved.
· 0010445: [other] Wrong copyright (siebrand) - resolved.
· 0010448: [localization] Syntax error in polish translation (siebrand) - resolved.
· 0010405: [localization] Arabic language and RTL (siebrand) - resolved.
November 21st, 2008This release solves more issues relating to the security fixes introduced by 1.1.3, as well as various other minor bugs:
· 0009713: [authentication] Users are unable to confirm registration (jreese).
· 0009017: [bugtracker] SYSTEM WARNING implode() [function.implode]: Bad arguments. (jreese).
· 0009738: [bugtracker] Browser caching should be enabled on bug_change_status_page.php (jreese).
· 0009748: [bugtracker] Port 9737: bugnote_add.php contains undefined t_note_type (vboctor).
· 0009754: [bugtracker] Failed to report issue (APPLICATION ERROR #2800) (jreese).
· 0009714: [csv] Error message/warning, if HTTP_USER_AGENT is not set (jreese).
· 0009808: [db mysql] Linking Sub-Projects to a project -> APPLICATION ERROR #200 (jreese).
· 0009760: [other] Mantis checks $g_allow_browser_caching setting incorrectly (jreese).
· 0009780: [tagging] Changing project in Tag Details view gives "APPLICATION ERROR #200" (jreese).
· 0009803: [tagging] Tags field in filter should not be shown when user has no access to tags (jreese).
October 24th, 2008· We had to withdraw 1.1.3 because of a serious flaw affecting the bug_report* pages. This new release fixes that problem and a newly discovered security issue.
October 14th, 2008· 0008974: [security] XSS Vulnerability in filters (thraxisp) closed.
· 0008975: [security] CSRF Vulnerabilities in user_create (jreese) closed.
· 0008976: [security] Remote Code Execution in adm_config (giallu) closed.
· 0009154: [security] arbitrary file inclusion through user preferences page (giallu) closed.
· 0008123: [administration] Adding a user requires "$g_lost_password_feature = ON" (giallu) closed.
· 0008924: [bugtracker] Port 8245: Target Version value lost in update issue page (giallu) closed.
· 0008886: [change log] Change Log shows duplicate entries (jreese) closed.
· 0008880: [db postgresql] Problem with date formatting in db_prepare_date function (giallu) closed.
· 0009176: [db postgresql] Port 0008699: Get Time Tracking Information return a SQL query error (vboctor) closed.
· 0009177: [filters] Port 0008916: Monitor by filter ignores show_monitor_list_threshold (vboctor) closed.
· 0008830: [installation] set_time_limit() doesn't work in PHP safe mode (daryn) closed.
· 0008858: [integration] DokuWiki integration: EMail notification on wiki page changes not working (vboctor) closed.
· 0008774: [localization] Complete Hungarian retranslation (vboctor) closed.
· 0009186: [localization] Port 0009046: French translation for $s_bug_assign_to_button (vboctor) closed.
· 0009178: [other] Fix memleak in string api (vboctor) closed.
· 0009208: [other] Several actions on bug update page lead into System Warning and App. Error (daryn) closed.
· 0008931: [relationships] Circle Relations cause roadmap to malfunction (jreese) closed.
· 0008853: [roadmap] Issue appears more than once in the Roadmap for a release. (jreese) closed.
· 0007764: [scripting] APPLICATION WARNING #100: Configuration option 'category_enum_string' not found (vboctor) closed.
· 0009183: [time tracking] Port 0008357: "Total time for issue" is shown even for users under threshold (vboctor) closed.
· 0009184: [time tracking] Port 0008849: Emails ignore time tracking view threshold (vboctor) closed.
· 0009185: [time tracking] Port 0008621: The expand icon is inverted for the Time tracking section (vboctor) closed.
October 14th, 2008· 0008606: [api soap] Problem with categories (planser) - resolved.
· 0009345: [documentation] Document PHP extensions required by Mantis (vboctor) - resolved.
· 0009448: [plug-ins] Move the Freemind feature to a plugin (vboctor) - resolved.
· 0009275: [bugtracker] Tags filter not filling into text field when selecting from list using Internet Explorer (jreese) - resolved.
· 0008699: [db postgresql] Get Time Tracking Information return a SQL query error (grangeway) - resolved.
· 0009247: [security] A reporter can update an incidence (jreese) - resolved.
· 0009223: [bugtracker] auto-assigned in parent project categories doesn't work (jreese) - resolved.
· 0008933: [documentation] Bad link in source code. (grangeway) - resolved.
· 0009377: [installation] Installation: upgrade_list.php does not exist (grangeway) - resolved.
· 0008761: [scripting] compress_handler called before defined (grangeway) - resolved.
· 0003838: [webpage] HTML Beautification (rainmkr) - resolved.
· 0006236: [db postgresql] Escaping error in PostgreSQL (grangeway) - resolved.
· 0009461: [bugtracker] History of status changes broken (grangeway) - resolved.
· 0009104: [filters] Last page of search results not showing because of error 401 (daryn) - resolved.
· 0006796: [webpage] Webpages generated do not produce "Valid HTML" (grangeway) - resolved.
· 0008908: [other] Incorrectl dropdown menu while $g_show_extended_project_browser is on (grangeway) - resolved.
· 0009383: [webpage] Wrong URL directory path computed (CSS & images and JS not accessible) (grangeway) - resolved.
· 0009251: [bugtracker] Issue history contains the '@' symbol as the old value when certain fields of the bug report are modified (grangeway) - resolved.
· 0009266: [upgrade] webpath to the mantis installation is calculated wrong, if mantis is installed in the root directory of a webserver (grangeway) - resolved.
· 0006235: [administration] Impossible to select a user with empty user name (grangeway) - resolved.
· 0009060: [bugtracker] “Open and assigned to me:” and “Open and reported by me:” links on the “Main” page are incorrect. (grangeway) - resolved.
· 0003786: [feature] deleting a category that is in use should issue a warning (jreese) - resolved.
· 0008827: [localization] Some modifications in strings_french.txt (vboctor) - resolved.
· 0009451: [tagging] Tags with single quotes and double quotes are escaped more than once (vboctor) - resolved.
· 0008353: [tagging] Handling accentuated tags (giallu) - resolved.
· 0008764: [security] Remove mantis version number from publicly searchable pages (grangeway) - resolved.
· 0006731: [rss] Date not shown in RSS (grangeway) - resolved.
· 0009100: [news] RSS Feeds do no include date posted (grangeway) - resolved.
· 0009395: [bugtracker] Summary page generates incorrect filter links for categories (daryn) - resolved.
· 0009392: [other] Remove ?> from the end of config_defaults_inc.php and config_inc.php to avoid errors due to blank lines (vboctor) - resolved.
· 0009258: [api soap] Adding bug throws fault for undefined "due_date" field (vboctor) - resolved.
· 0009043: [installation] Invalid link to login page after installation (bug + patch) (jreese) - resolved.
· 0009387: [db postgresql] Cannot create new user (invalid input syntax for type boolean: "2") (jreese) - resolved.
· 0009166: [graphs] JPGraph - Array keys Should be checked with isset() - especially when error reporting is E_ALL (grangeway) - resolved.
· 0009187: [security] arbitrary file inclusion through user preferences page (giallu) - resolved.
· 0009370: [documentation] User Documentation link is wrong (jreese) - resolved.
· 0007953: [time tracking] Time Tracking assigment lost, when changing issue status without note text (daryn) - resolved.
· 0009364: [administration] SYSTEM WARNING message received when deleting a project (jreese) - resolved.
· 0009312: [integration] wiki integration and undefined function auth_is_user_authenticated (with patch) (jreese) - resolved.
· 0009349: [bugtracker] Tagging/untagging an issue should update it's last modified date (vboctor) - resolved.
· 0009348: [bugtracker] Monitoring/unmonitoring an issue should update it's last modified date (vboctor) - resolved.
· 0009347: [bugtracker] Due Date should be disabled by default (vboctor) - resolved.
· 0009332: [relationships] Remove auth_get_current_user_id from relationship_api.php (vboctor) - resolved.
· 0009346: [bugtracker] Due Date is shown in history even if user doesn't have access to view due dates (vboctor) - resolved.
· 0009322: [security] Port of 0009321: Users can get title and status of issues that they don't have access to. (vboctor) - resolved.
· 0008372: [performance] Control Page Overload (grangeway) - resolved.
· 0009138: [other] Submit Report doesn't work (grangeway) - resolved.
· 0009288: [integration] Twitter updates don't show category correctly (always []) (vboctor) - resolved.
· 0008192: [integration] Twitter message has wrong escaping for quotation marks (vboctor) - resolved.
· 0009281: [localization] czech translation (vboctor) - resolved.
· 0009285: [custom fields] bad named function in /core/excel_api.php file (vboctor) - resolved.
· 0003241: [other] On Excel, no column headings display. (vboctor) - resolved.
· 0009267: [plug-ins] URL for updating plugin settings is wrong. (jreese) - resolved.
· 0009265: [plug-ins] Add an event to allow adding links to View Issues page (vboctor) - resolved.
· 009237: [sql] When using g_limit_reporters produces SQL error for reporters (daryn) - resolved.
· 0008849: [time tracking] Emails ignore time tracking view threshold (daryn) - resolved.
· 0009228: [bugtracker] THIS INSTALLATION: sorting of notes does not work any more (jreese) - resolved.
· 0008160: [filters] filter for notes (daryn) - resolved.
· 0009099: [filters] using advanced filtering leads to APPLICATION ERROR 0000401 (daryn) - resolved.
· 0008980: [security] Port: Remote Code Execution in adm_config (giallu) - resolved.
· 0008977: [security] Port 0008974: XSS Vulnerability in filters (thraxisp) - resolved.
· 0009170: [other] Fix for 0008981 (protection against multiple submissions) broken IE and Opera support (vboctor) - resolved.
· 0008357: [time tracking] "Total time for issue" is shown even for users under threshold (daryn) - resolved.
· 0008916: [filters] Monitor by filter ignores show_monitor_list_threshold (daryn) - resolved.
· 0009141: [bugtracker] summary_page error when DB is empty (giallu) - resolved.
· 0009133: [security] "APPLICATION ERROR #19" when switching project in revision 5250 (thraxisp) - resolved.
· 0002963: [performance] manage_proj_edit_page executes more than 5000 queries (grangeway) - resolved.
· 0008675: [db postgresql] Incorrect use of boolean in postgres 8.2.4 (grangeway) - resolved.
· 0009115: [administration] Removing user's access to a private project doesn't work (vboctor) - resolved.
· 0009040: [administration] Missing category_id column (vboctor) - resolved.
· 0007508: [filters] Custom fields should have a additional flag, if they should be avaliable as filter or not. (daryn) - resolved.
· 0009087: [change log] Renaming a version doesn't update the corresponding issue fields (jreese) - resolved.
· 0009001: [change log] memory exhausted on changelog (giallu) - resolved.
· 0008843: [time tracking] Ignores tracking_reporting_threshold (daryn) - resolved.
· 0009094: [other] Insert page break between issues when exporting Microsoft Word DOC format (vboctor) - resolved.
Find us on Google+
