⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.188
Server IP:
162.254.39.145
Server:
Linux premium289.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64
Server Software:
LiteSpeed
PHP Version:
8.2.29
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
thread-self
/
root
/
var
/
softaculous
/
mantis
/
View File Name :
changelog.txt
mantisbt - 2.27.2 Released 2025-11-01 Maintenance and security release addressing 4 vulnerabilities, fixing several bugs and including a few minor improvements, Many thanks to Harry Sintonen / Reversec for CVE-2025-47776 (GHSA-4v8w-gg5j-ph37), Mazen Mahmoud for CVE-2025-46556 (GHSA-r3jf-hm7q-qfw5), Chaitanya Reddy for CVE-2025-55155 (GHSA-q747-c74m-69pr) and d3vpoo1 for CVE-2025-62520 (GHSA-g582-8vwr-68h2). 0035906: [db schema] Update ADOdb to 5.22.10 (dregad) 0036540: [bugtracker] Introduce a maximum PHP version (dregad) 0035915: [administration] Updating a global config yields incorrect error message (dregad) 0035893: [security] CVE-2025-46556: Denial-of-Service (DoS) via Excessive Note Length (dregad) 0036164: [administration] Impossible to delete a global config defined in the database (dregad) 0035668: [api rest] can't change issue category to "no category" via rest api (dregad) 0036269: [bugtracker] Collapsed status for "Users monitoring" section is not persisted (dregad) 0036265: [feature] Search with collapsed filter section expands it (dregad) 0036263: [administration] Error editing categories with PostgreSQL: APPLICATION ERROR 401 (dregad) 0036515: [administration] Hardcoded role instead of config in access level check on Manage Columns page (dregad) 0036542: [bugtracker] When editing a bugnote, a newline is appended to the text (dregad) 0036512: [other] Access Denied page returns HTTP status 200 (dregad) 0035854: [tools] PHPUnit assertObjectHasAttribute() method is deprecated (dregad) 0035853: [tools] PHPUnit tests RestFiltersTest fail when anonymous access is disabled (dregad) 0035852: [api rest] REST API GET /filters throws deprecation warning on PHP 8.1 (dregad) 0036503: [bugtracker] Ability to change the default project of a user (dregad) 0036257: [bugtracker] Deleted notes not showing in bug history (dregad) 0036535: [code cleanup] Custom Field admin checks refactoring (dregad) 0021675: [ui] Incorrect positioning of "View Issue Details" when recalled from "Direct link to note" (dregad) 0035967: [authentication] CVE-2025-47776: Authentication bypass for some passwords due to PHP type juggling (dregad) 0036005: [security] CVE-2025-55155: Lack of verification when changing a user's email address (dregad) 0036502: [security] CVE-2025-62520: Ability to copy private project configurations (Columns) (atrol) mantisbt - 2.27.1 Released 2025-03-01 Maintenance release, fixing a few regressions introduced with 2.27.0 as well as many other issues including improved PHP 8 compatibility. 0027960: [tools] Continuous Integration: moving off TravisCI (dregad) 0034503: [administration] t_admin_dir_is_accessible check is wrong (dregad) 0034826: [preferences] Error when clearing default profile (atrol) 0034828: [other] HTTP response code not set on errors when using FastCGI (dregad) 0034813: [bugtracker] Schema: Release marker missing (atrol) 0034845: [email] Update PHPMailer to 6.9.3 (dregad) 0034854: [administration] Error when creating global profiles (atrol) 0034887: [db mysql] MySQL version 9.0 and 9.1 are not defined in Admin Checks (dregad) 0034916: [db postgresql] PostgreSQL versions 16 and 17 are not defined in Admin Checks (dregad) 0034917: [administration] Admin check for Graphviz tools broken on Windows (atrol) 0034959: [api soap] Due date is deleted when the caller have no permission to modify it (community) 0035198: [performance] Caching language loading can be more efficient. (dregad) 0035011: [installation] tokenizer php module is required, but not checked for and not documented as such (dregad) 0035262: [localization] 'en-gb' language is not defined warning for Gravatar plugin (dregad) 0035248: [db postgresql] Postgresql Error - db_stats.php - relation "sql_parts" does not exist (dregad) 0035257: [db schema] Update ADOdb to 5.22.8 (dregad) 0035255: [plug-ins] Unknown named parameter $bug_id (dregad) 0006264: [administration] In manage_proj_edit_page.php, the "Project" popup at the top of the window is ignored (community) 0035431: [installation] When installing on mysql with log queries, SET NAMES=UTF8 is not logged (dregad) 0035307: [documentation] Improve documentation for $g_phpMailer_method (community) 0035312: [rss] RSS Builder PHP deprecation warnings on PHP 8.1+ (community) 0035314: [printing] Printed reports on the page in "doc" format includes javascript from the server (community) 0035322: [html] Incorrect absolute URL in the tab menu (community) 0035403: [html] The avatar.png is a big JPEG actually (community) 0035233: [api rest] REST API fail external authentication (community) 0035209: [plug-ins] An invalid plugin can cause errors in other plugins' files (dregad) 0035200: [ui] Plug-in listing error during the language test process. (dregad) 0035199: [performance] Improvement of the file_get_mime_type() function (community) 0035432: [bugtracker] Issue's last updated date is not modified when a note is deleted (dregad) 0035064: [administration] Constant error 500 after deleting user option on adm_config_report.php page. (dregad) 0035039: [reports] The GraphViz tool is almost impossible to customise for Windows (dregad) 0034783: [installation] Checking URL to installation is failing (dregad) 0035428: [code cleanup] Calling gpc_get_int() with null default throws deprecation warning on PHP 8.1 (dregad) 0035471: [ui] Incorrect styling of Plugin Filter Fields (dregad) 0035493: [ui] Inactive buttons of project navigation bar are not clickable (community) 0035302: [authentication] Deprecation warning in Securimage captcha with PHP 8.2 (dregad) 0035291: [filters] Filters including date custom fields don't work on PHP 8.0 (dregad) 0035180: [html] The MantisBT web interface must pass HTML validation (community) 0035179: [filters] Could not use plugins filters with "Permalink" (dregad) 0023593: [ui] Username does not fit in navbar user menu (community) mantisbt - 2.27.0 Released 2024-09-29 Feature and maintenance release. Dropping support for PHP 7.3 and older, Markdown improvements including syntax highlighting for code blocks, Graphs improvements, code cleanup and bug fixes. 0022315: [markdown] Markdown converts " to " within code blocks and inline code (dregad) 0032808: [installation] Increase minimum PHP requirement to 7.4 (dregad) 0033373: [other] Update HTML Purifier to 4.17.0 (dregad) 0033521: [plug-ins] Project graph missing within MantisGraph (dregad) 0033842: [ui] Move buttons to Edit User section footer in Manage User Page (dregad) 0034042: [performance] MantisGraph: inefficient calculation of data sets for Issue Trends graph (dregad) 0033350: [email] Update PHPMailer to 6.9.1 (dregad) 0033007: [code cleanup] Remove deprecated and incorrect usage of Pragma: no-cache header (dregad) 0034139: [administration] Add OS information to SIte Information page (atrol) 0034379: [code cleanup] Modernizing Tests (partially tests/Mantis) (dregad) 0031017: [bugtracker] Allow disabling Categories (dregad) 0027004: [administration] Switch back from manage_user_edit_page to view_user_page (dregad) 0034041: [reports] MantisGraph: last resolved issue not computed in Issue Trends graph (dregad) 0033482: [bugtracker] Use config API to access allow_browser_cache (dregad) 0034040: [markdown] Markdown processing code cleanup (part 2) (community) 0033914: [code cleanup] Move timeline_inc.php from core to root directory (dregad) 0024628: [markdown] Double quotes " and lesser than sign < are shown as HTML entity within Markdown code blocks (dregad) 0024241: [markdown] $g_html_valid_tags are not rendered if Markdown is enabled (dregad) 0033623: [tools] Travis: switch to focal distribution for builds (dregad) 0022485: [markdown] Increase spacing before ``` blocks (community) 0033755: [tools] Enable Xdebug to facilitate PHPUnit tests troubleshooting (dregad) 0033774: [code cleanup] Refactor mc_project_api.php (dregad) 0034454: [other] Columns are offered in columns list without having access rights to them (atrol) 0034415: [markdown] Update Parsedown library to 1.7.4 (dregad) 0034463: [html] Wrong rendering of custom field names (atrol) 0034467: [ui] File attachment previews (drop zone) Remove button is not standard (dregad) 0026797: [administration] Add failed_login_count to user information (atrol) 0034455: [html] Wrong function used to format bug id (atrol) 0034459: [ui] Missing tooltip for bugnotes_count column (dregad) 0034456: [performance] Enhance performance of bug note formatting (atrol) 0024810: [markdown] Markdown links/code always show HTML entities for Ampersand and Less-than sign (dregad) 0023738: [markdown] Mantis issue links displayed as raw HTML in code block (dregad) 0022320: [markdown] Don't expand issue ids into URLs within code blocks (dregad) 0022231: [markdown] Fix unit tests for markdown (dregad) 0022181: [markdown] Markdown different rendering between inline code (single backtick) and ``` blocks (community) 0010289: [documentation] Admin Guide "Page Descriptions" pages have CR/LF problems (dregad) 0034609: [administration] Redundant config settings $g_dot_tool and $g_neato_tool (dregad) 0034616: [ui] Incorrect CSS class on Time Zone select field in Preferences page (community) 0034610: [reports] Poor error handling in relationship graphs generation (dregad) 0034611: [reports] Allow HTML-like labels in relationship graphs (dregad) 0034612: [ui] Error messages with newlines display <br> on CLI (dregad) 0034613: [bugtracker] Include additional details on Generic error message (dregad) 0034614: [code cleanup] Refactoring GraphViz API and Workflow Graph (dregad) 0033098: [tools] Ugrade to PHPUnit 9.6 and adapt test suite (dregad) 0032808: [installation] Increase minimum PHP requirement to 7.4 (dregad) 0034608: [administration] Workflow Graph display is difficult to read (dregad) 0034607: [administration] Incorrect Workflow Graph display if the status name contains a space (dregad) 0034498: [documentation] Clearer email queue guidance in Admin Guide (dregad) 0034464: [attachments] Improve display of file upload error messages (dropzone) (dregad) 0034124: [markdown] Add syntax highlighting to markdown codeblocks (community) 0034468: [code cleanup] Refactoring and cleaning up includes (dregad) 0033421: [api rest] Update Guzzle to 7.9.2 (dregad) 0027551: [attachments] Open attachment in a new tab/window (community) mantisbt - 2.26.3 Released 2024-08-25 Maintenance release, fixing a couple regressions from 2.26.2 and a few other issues. 0034442: [html] Wrong display of some column titles on "View Issues" page (dregad) 0034461: [relationships] Relationship Graphs show/hide flag is not persistent (dregad) 0034462: [relationships] Truncated HTML entities shown in Relationship Graph nodes' Issue summary (dregad) 0034460: [filters] Sorting by "overdue" column does not work if "due_date" is not visible (dregad) 0025407: [api rest] Resetting version fields to empty is not possible (dregad) 0034458: [ui] Better icon for "overdue" column (dregad) 0034586: [api rest] REST API GET /filters/{ID} returns empty array when ID does not exist (dregad) 0034492: [code cleanup] Duplicated code in admin/check_api.php (dregad) 0034480: [db mysql] Using MySQL 8.4 gives warning in admin checks (dregad) 0034493: [api rest] REST API GET /issues endpoint returns HTML if given filter_id is not found (dregad) 0034571: [ldap] ldap_simulation_get_user() does not return null when given non-string username (dregad) 0034566: [administration] The "realname" field is cleared after a user is updated. (dregad) 0034526: [performance] Bad performance when editing a project having a lot of subprojects (community) 0034589: [code cleanup] CSP img-src has a duplicate 'self' value (dregad) mantisbt - 2.26.2 Released 2024-05-11 Security and maintenance release addressing several vulnerabilities (CVE-2024-34077, CVE-2024-34080 and CVE-2024-34081; refer to the corresponding Issues for details). It also resolves a few PHP 8.x compatibility issues, as well as a few other bugs. All installations are strongly advised to upgrade as soon as possible 0034432: [security] CVE-2024-34081: Unsanitised custom field names printed (dregad) 0033906: [bugtracker] Failed opening core.php in timeline_inc.php on PHP 8.2 / IIS (dregad) 0034008: [documentation] MantisGraph: document usage of EVENT_MANTISGRAPH_SUBMENU (dregad) 0034006: [code cleanup] MantisGraph: fix deprecated warnings in javascript (dregad) 0034393: [html] Incorrect handling of HTML hexadecimal character references &#xNNN; (dregad) 0034439: [code cleanup] Deprecated warning when updating Issue with null checkbox Custom Field (dregad) 0034441: [excel] Excel error when opening exported issues with custom field with special characters (dregad) 0034435: [bugtracker] Issue note links don't reflect if issue is resolved (vboctor) 0034434: [security] CVE-2024-34080: Don't hyperlink references to notes whose issues are not accessible to user (vboctor) 0034433: [security] CVE-2024-34077: Account Takeover in Password Reset and Account Registration Feature (dregad) 0034417: [security] Update corejs-typeahead.js library to 1.3.4 (dregad) 0034410: [api rest] REST API error reports incorrect field "version" when updating fixed in / target version with invalid value (dregad) 0034399: [other] Internal server error on view_user_page (atrol) 0012956: [bugtracker] Target Version does not respect GET or POST value when reporting issue (dregad) 0034404: [bugtracker] Proceed button is shown twice when redirecting with pending errors (dregad) 0034359: [api rest] REST API: "String not found" warning when adding note with invalid view_state (dregad) 0034348: [api rest] Adding issue note with REST API returns HTTP 500 when given view_state is invalid (dregad) 0034018: [filters] Filter "assigned to" and "monitor by" shows <br /> between the users when selecting multiple (advanced filtering) (dregad) 0034106: [code cleanup] Deprecated creation of dynamic properties in BugData class (dregad)