Hosting Mantis


Mantis ist ein Open Source Bug-Tracker.

Installation mit einem Klick Mantis

Installation mit einem Klick

Einfache Aktualisierung Mantis

Einfache Aktualisierung

Speichern und wiederherstellen Mantis

Speichern und wiederherstellen


e-Commerce und Business
Laufende Version
Letzte Aktualisierung
4 September 2019
Deutsch + 48 andere


Grösse der Installation
50.00 MB
Was gibt es Neues?


4 September - 50MBBug Fixes
  • [bugtracker] Ability to add monitors to a bug when the bug is first reported
  • [plug-ins] Improve plugin schema upgrade error message
  • [api soap] SOAP API return value does not match definition in WSDL
  • [bugtracker] error_string() does not allow HTML tags inside of error messages
  • [installation] Reflect PHP requirements in Composer config
  • [html] Invalid HTML in manage_config_workflow_page.php
  • [bugtracker] Users can't add monitors if access < show_monitor_list_threshold and >= monitor_add_others_bug_threshold
  • [administration] Impossible to set add/remove monitors thresholds from manage page
  • [documentation] Improve documentation for monitors-related configs
  • [code cleanup] Remove get_email_link() API function
  • [code cleanup] New prepare_mailto_url() API function
  • [bugtracker] PHP Notices in User API
  • [printing] Remove hyperlinks on usernames in Word export
  • [attachments] Add support for pasting images as attachments
  • [security] Email for a new private bugnote was send to a non authorized reporter
  • [time tracking] Time tracking box rendering is broken
  • [bugtracker] Status color squares become black
  • [tagging] Report issue doesn't support multiple new tags
  • [plug-ins] Add EVENT_MENU_MAIN_FILTER to allow complete customisation of main menu
  • [api rest] REST API support for multiple authorization headers
  • [bugtracker] Replace mailto: by link to user profile page in view.php
  • [html] Leading newlines disappear when editing data in textarea elements
  • [code cleanup] Remove unused $p_can_report_only parameter in layout_navbar_projects_list()
  • [documentation] Admin guide: remove reference to unmaintained Firefox add-on
  • [administration] Simplify displaying of complex values in adm_config_report page
  • [javascript] Improve client-side sortable tables script
  • [plug-ins] EVENT_BUGNOTE_DATA event not documented in developer manual
  • [plug-ins] MantisGraph: update Chart.js library to v2.8.0
  • [code cleanup] MantisGraph: define Chart.js-related constants in the plugin
  • [plug-ins] Missing an API function to check if a plugin event has been declared
  • [tools] PHPUnit tests as run by Travis CI builds do not execute all defined suites
  • [bugtracker] IssueAddCommand does not create history entries identical to the code it replaced
  • [ui] Gravatar plugin should always use https
  • [other] bug_report_page is forced to be cached
  • [api rest] Missing tag name in error message when creating issue via REST API
  • [api rest] Invalid JSON response when creating issue with tag by name via REST API
  • [code cleanup] Glue after String Array is being Deprecated
  • [plug-ins] Gravatar Plugin Description
  • [tagging] Creating an invalid tag should fail with an error
  • [tagging] Tag-related error messages should reference the tag's name
  • [api rest] Adding issue via REST API should fail if requested tags can't be attached
  • [api rest] IssueAddCommand should create tag specified by name if they do not exist

Lesen Sie mehr:


21 August - 50MBSecurity
  • [security] CVE-2019-15074: Stored XSS Vulnerability in Timeline

Lesen Sie mehr:


24 Juni - 50MBBug Fixes
  • [administration] Wrong access_level settings when updating rights in the project admin page (cproensa)
  • [administration] LOGFILE_NOT_WRITABLE error triggered if file does not exist (dregad)
  • [administration] Button label truncated on manage_config_workflow_page (dregad)
  • [other] Summary "By Date (days)" gets wrong number (cproensa)
  • [attachments] File upload timeout (atrol)
  • [reports] Summary statistics db error message (cproensa)

Lesen Sie mehr:


3 Mai - 50MB2.21.0
  • 0019642: [administration] If log file is not writable, log_event() fails silently (dregad)
  • 0022096: [timeline] My View page without timeline does not respect the $g_my_view_boxes_fixed_position setting (dregad)
  • 0022104: [ui] My View Page layout misses some boxes (dregad)
  • 0022143: [documentation] Encoding of custom files not documented (dregad)
  • 0022972: [documentation] Upgrade guide does not mention plugins (dregad)
  • 0023333: [filters] sub-project assignments missing from project-specific My View page (cproensa)
  • 0023418: [ui] Plugin tab in Summary section not highlighted when selected (community)
  • 0023550: [customization] Modification to status colors css (dregad)
  • 0025614: [installation] Missing file (api/rest/web.config) in installer (dregad)
  • 0025629: [administration] E_USER_DEPRECATED errors are no longer displayed inline (dregad)
  • 0025631: [administration] PHP Notice or incorrect file+line number when displaying DEPRECATED error (dregad)
  • 0025650: [ui] Show status with a color square instead of background color on Bug Update Page (dregad)
  • 0025651: [performance] Update color when new Status is selected in Bug Update Page (dregad)
  • 0025664: [ldap] LDAP documentation - Remove invalid 'hostname:port' example (dregad)
  • 0025679: [ui] Uneven distribution of boxes on My View page when Timeline is OFF (dregad)
  • 0025682: [ui] Show Invite button for users with manage users access level, not just administrators (community)
  • 0023037: [ui] Focus on project search (cproensa)
  • 0023694: [plug-ins] View Issue page menu links from EVENT MENU_ISSUE event are wrapped with "[", "]" characters (dregad)
  • 0025594: [ui] Projects menu search box should be hidden when having a small number of projects (cproensa)
  • 0025688: [api rest] Inconsistent naming of username field in REST API (community)
  • 0025693: [performance] Improve performance of Summary Page queries (cproensa)
  • 0025695: [bugtracker] Redirect to the new issue's page after reporting it (community)
  • 0025703: [api rest] Update Slim Framework to 3.12.1 (vboctor)

  • 0005151: [administration] Can't update user's project-specific access level (dregad)
  • 0025437: [api rest] Update Slim Framework to 3.12.0 (dregad)
  • 0004624: [feature] Add filtered summary (cproensa)
  • 0014656: [reports] Filter by dates in Summary Graphs (cproensa)
  • 0017304: [documentation] Manual does not describe variable "g_from_name" (atrol)
  • 0020069: [code cleanup] default_email_on_status, misleading comments in config_defaults (atrol)
  • 0023045: [feature] Usability suggestion at Report Issue screen (atrol)
  • 0023904: [performance] Massive queries to user table in edit project (cproensa)
  • 0024347: [security] web.config file is missing in api/rest (community)
  • 0024549: [filters] Permalink - Filter lose information after click on view issues (cproensa)
  • 0024775: [filters] Improve presentation of temporary filters (cproensa)
  • 0024776: [filters] Switching simple/advanced for a temporary filter loses the filter (cproensa)
  • 0025109: [html] Filter widget does not hide botton bar when collapsed (cproensa)
  • 0025130: [administration] "Check Installation" is missing from Admin menu (dregad)
  • 0025164: [reports] MantisGraph, implement filtered summary for graphs (cproensa)
  • 0025168: [reports] MantisGraph. Reporter graph does not fit width of page (dregad)
  • 0025174: [excel] Float custom field saved as String in XML-Excel export (atrol)
  • 0025210: [reports] Script error in graphs (cproensa)
  • 0025213: [rss] RSS feeds broken when using PHP >= 7.0 (atrol)
  • 0025381: [api rest] Get project doesn't return all versions (atrol)
  • 0025385: [ui] Summary page submenu not aligned when screen narrower than buttons (dregad)
  • 0025386: [ui] Incorrect spacing between submenu and main div for some MantisGraph screens (dregad)
  • 0025387: [ui] MantisGraph: redundant subtitle on Issue Trends page (dregad)
  • 0025403: [documentation] $g_notify_new_user_created_threshold_min is ignored on new account creation (atrol)
  • 0025408: [documentation] Minor documentation fixes (atrol)
  • 0025429: [api rest] Undefined variable t_show_detailed_errors in API REST (dregad)
  • 0025442: [db mssql] Wrong/duplicate bugnote_text_id in mantis_bugnote_table (cproensa)
  • 0025466: [reports] SYSTEM NOTICE on graph pages (atrol)
  • 0009757: [reports] View Issues - Select a Filter - Graph are not linked on this choice (cproensa)
  • 0012261: [filters] Cannot filter by versions of parent project when child project selected (cproensa)
  • 0020054: [administration] Cant modify configuration for All projects if only one project exists (cproensa)
  • 0021931: [reports] Filtered Summary (cproensa)
  • 0022099: [reports] Missing pie chart in "By Category Graphs" (cproensa)
  • 0022100: [code cleanup] Take care of released/obsolete flag when accessing version_cache_array_rows() cache (cproensa)
  • 0023245: [performance] project versions are not cached efficiently (cproensa)
  • 0024672: [security] Fix Bootstrap security issues (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042) (atrol)
  • 0024821: [code cleanup] Wrong caching in version API (cproensa)
  • 0025110: [authentication] Token error when login with a newly created user (cproensa)
  • 0025102: [api rest] /api/rest/issues endpoint supposedly returns all issues, but doesn't (community)
  • 0025133: [ui] Project selection is shown even if the user has no accesible projects (cproensa)
  • 0025163: [reports] MantisGraph summary links don't hghlight current graph page (cproensa)
  • 0025165: [reports] Summary doesn't honour issue access (dregad)
  • 0025217: [ui] Enable selection of a range in checkboxes lists. (cproensa)
  • 0025368: [administration] Manage project, copy from/to forms are easy to click accidentally and don't ask for confirmation (cproensa)
  • 0025378: [ui] Provide sortable functionality to simple tables (cproensa)
  • 0025400: [api rest] Allow adding/updating/deleting subprojects via REST API (community)
  • 0025434: [email] check all/ uncheck all checkbox for email notifcation (cproensa)
  • 0025436: [email] Bump phpmailer/phpmailer from 6.0.6 to 6.0.7 (dregad)
  • 0025446: [ui] 'show_queries_count' is a global setting, but 'show_memory_usage', 'show_timer' are not (atrol)
  • 0025454: [ui] Page adm_config_report does not cache users and generate many database queries (cproensa)
  • 0025455: [ui] Page adm_config_report, users in filter list are not correctly ordered (cproensa)
  • 0025456: [sql] Page adm_config_report has queries missing db_param_push() (cproensa)
  • 0025463: [attachments] Dropzone max-filesize option is not correct (cproensa)
  • 0025464: [attachments] Enforce max-filesize in dropzone to alert and drop big files before form submission (cproensa)
  • 0025465: [attachments] Dropzone preview does not work (cproensa)
  • 0025488: [reports] Update Chart.js to 2.7.3 (atrol)
  • 0025515: [api rest] Simple and Advanced filters are not consistent for handling sub-project issues (cproensa)
  • 0025522: [plug-ins] MantisGraph: limit number of slices in By Category pie chart (dregad)
  • 0025523: [plug-ins] MantisGraph: improve handling of colors in Pie charts (dregad)
  • 0025524: [plug-ins] MantisGraph: improve display of By Category Bar chart (dregad)
  • 0025532: [relationships] Error when adding a relationship if bug id contains whitespace as prefix or suffix (dregad)
  • 0025533: [relationships] When adding multiple relationships, ignore source issue and empty issue ids (dregad)
  • 0025572: [attachments] Redesign Dropzone file previews (cproensa)
  • 0025390: [tools] Travis CI builds fail for PHP 7.3 (dregad)

Lesen Sie mehr:

Zeige mehr Versionen


6 November 2018 - 50MB2.18.0

  • [code cleanup] Code Cleanup
  • [plug-ins] Plugin Columns - Export CSV or Excel - PHP 7.2.7 - crash error 500 - Reason missing 2 argument in call
  • [bugtracker] Changes to project_view_state and view_state to create only private projects
  • [html] Missing fallback for "Open Sans" font
  • [tagging] Error Creating Issue with new TAG
  • [performance] Performance enhancements of string processing


  • [security] CVE-2018-17783: XSS in manage_filter_edit_page.php
  • [security] CVE-2018-17782: XSS in manage_filter_page.php


  • [security] CVE-2018-16514: Reflected XSS in view_filters_page.php via core/filter_form_api.php


  • [relationships] relationship visibility in different project permission
  • [tagging] Tag cannot be selected if a tag containing the text of that tag has already been selected
  • [bugtracker] Late error message when trying to resolve issues
  • [authorization] Wrong box visibility on My View page
  • [administration] Please change a search option to manage users
  • [api soap] mc_filter_search_issues can't filter by date
  • [html] Inline image attachments should have their own container to prevent scrolling
  • [administration] Search for a part of
  • [api rest] Add function for creating a new project via REST
  • [api rest] Add function for updating a project via REST
  • [api rest] Add function to delete a project via REST API
  • [ui] bug_actiongroup and custom bug_actiongroup don't provide the same user experience when displaying error message
  • [ui] Footer displays behind sidebar on bug_actiongroup.php
  • [authorization] Custom fields can be changed without having update_bug_threshold access rights
  • [api soap] Add filter for the “last updated“ date in the soap api
  • [administration] Impersonate User is offered for disabled users


  • [security] CVE-2018-14895: XSS in bug_actiongroup.php


  • [ui] Local copy of Open Sans font does not include Latin-ext characters
  • [ui] Fonts are not rendered correctly in Windows clients
  • [upgrade] Improve handling of unserialize errors when upgrading
  • [ui] Font = Times News Roman after Upgrade from v2.7.0
  • [installation] MantisBT on Windows - Check for php_fileinfo.dll enabled on php.ini
  • [performance] Unneeded information in Change Log and Roadmap
  • [code cleanup] Code Cleanup
  • [performance] Performance enhancement of config_get_global function
  • [timeline] Missing display of events in Timeline if All Projects is selected
  • [documentation] Documentation: PHP documentation link: "installation.php" -> "install.php"
  • [documentation] Documentation: Admin Guide: Installation: Broken Link "Microsoft IIS", is now
  • [upgrade] Error in upgrade process 1.2.17 --> 1.3.0


  • [security] CVE-2018-13055: Reflected XSS in view filters page
  • [security] CVE-2018-14504: XSS in edit filters page


  • [filters] Cannot save private filter if not allowed to save shared filter
  • [wiki] URL encoding precludes reasonable wiki root_namespace values
  • [bugtracker] Incorrect issue status setting when changing status
  • [api rest] Support create project versions via REST API
  • [tagging] Exception Missing Class
  • [security] Update-Blocker:User-ID instead of Realname 0024139 as due to security policy requirements which prohibit IDs in mails and masks
  • [filters] show_user_realname_threshold is not considered when sorting by reporter or handler
  • [ui] Selecting users is not easy if show_realname is set to ON
  • [other] System warning if $g_log_destination = 'page' when using PHP 7.2
  • [api soap] Error while querying for issue header with PHP 7.2
  • [performance] Unneeded <meta> tag in <head> section
  • [ui] $g_show_realname for making usernames private

Lesen Sie mehr:


23 Mai 2018 - 50MB2.14.0
  • Update ADOdb to 5.20.12
  • IssueAddCommand Prevents API Folder Removal
  • E_DEPRECATED error on php7.2: each() function
  • Update Slim Framework from 3.8.1 to 3.9.2
  • Update GuzzleHttp from 6.3.0 to 6.3.2
  • Wrong documentation of datetime_picker_format in Admin Guide
  • Code Cleanup
  • Wrong documentation of my_view_boxes in Admin Guide
  • Support getting a single project via REST API
  • Plugin priority changed without being changed by user interaction

  • CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality
  • Markdown quoting rendered with broken HTML
  • Inconsistent realname display
  • Get all filter or specific filter returns incorrect information
  • REST API returns too much info for default category handler
  • Don't show category default handler for users that can't manage the project
  • API method mc_filter_get does not work
  • mb_internal_encoding no longer being set because of removal utf8 library
  • SYSTEM WARNING 'count(): Parameter must be an array or an object that implements Countable' in 'IssueNoteAddCommand.php

  • Broken rendering of @ mentions, # issue and ~ note links

  • In View Issues list, several columns are sorted by Id instead of display value
  • System Error on changing filters
  • Implement IssueAddCommand and use it from SOAP, REST and Web UI
  • Delay due to Mantis trying sending emails to non existent address
  • Filtering "note by" with "none" does not return any result
  • Not able to filter issues that have no relationship assigned
  • Filter settings saved when using Anonymous account
  • Filters not remembered when clicking through from "My View"
  • Support adding attachments when reporting issues
  • Remove usage of outdated phputf8 library
  • Implement IssueDeleteCommand and use it from SOAP, REST, and Web UI
  • Add Issue REST API doesn't trigger EVENT_REPORT_BUG_DATA plugin event
  • Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG_DATA plugin event
  • Add Issue REST API doesn't trigger issue_create_validate custom function
  • Add Issue SOAP API doesn't trigger issue_create_validate custom function
  • Add Issue REST API doesn't trigger issue_create_notify custom function
  • Add Issue SOAP API doesn't trigger issue_create_notify custom function
  • Add Issue REST API doesn't trigger EVENT_REPORT_BUG plugin event
  • Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG plugin event
  • Add Issue REST API doesn't add the issue to recent list
  • Add Issue SOAP API doesn't add the issue to recent list
  • On ‘View Issues’ Page the filter does not allow user to select ‘blank’
  • Filter out duplicated issues
  • Filter filed "relationships" resets its value when "duplicate of" is selected
  • Can't login if admin directory has restricted access
  • Filtering with "note by" shows results from private notes for unprivileged users
  • Search filter returns matches in private notes for unprivileged users
  • Filter "monitored by" does not have option for "none"
  • Filter "assigned to" does not account for configuration "view_handler_threshold"
  • Filter "monitored by" does not account for configuration "show_monitor_list_threshold"
  • Filter tags inconsitent with OR filter operator
  • Filter field for relationship bug id is set to -1 by default
  • Entering Emojis in comments with a user mention crashes with an error
  • filter on relationships mistuned by switching sort order
  • Custom Fields of type "Textarea" cannot contain more than 255 chars due to bug_history table
  • POST request to login_password_page.php return 405 when admin folder is deleted or access restricted
  • Unable to start system check or installation with wrong PHP version
  • Application error 401: "ORDER BY clause is not in SELECT list" when sorting by category or project
  • Wrong documentation of string customization
  • Show File Attachment events in Timeline
  • Support providing a default value for issue description
  • $g_default_bug_steps_to_reproduce not documented
  • $g_default_bug_additional_info not documented

  • Broken rendering of @ mentions, # issue and ~ note links

  • CVE-2018-1000162: XSS vulnerability in Parsedown library
  • Update Parsedown library to 1.7.1
  • History entries display realname instead of username
  • Account page required change password on any field modification
  • Username
  • Wrong color of username in timeline

  • It is hard to @ mention users when show realnames is enabled
  • Non-existent duplicate_realname column is updated by various functions in user_api.php
  • users with dashes in their name will not work when @mentioned
  • EVENT_AUTH_USER_FLAGS should always be passed username rather than name
  • Identify Timeline tags operations with a specific icon
  • Option session_handler not implemented
  • Minor performance and code enhancements of config functions
  • Update supported languages
  • $g_ldap_realname_field generates WARNING: field 'givenName' does not exist.

  • REST API doesn't work from UI for some users
  • Warning message on login page

  • trigger_error() with errors must terminate scripts rather than being config based
  • Remove unused function print_bracket_link and code cleanup
  • Allow users to select font family that fits them best
  • Running admin/check fails
  • Unable to update user access level, due to check on 'Realname' returning KO
  • Support adding attachments that were not uploaded via the browser
  • Relationship type was localized in GET issue API
  • Failing REST API requests should include Mantis error code and localized message
  • Support adding users to monitor an issue via REST API
  • Support attachments when adding notes via REST API
  • Support time tracking when adding notes via REST API
  • Return status code 429 when hitting spam check limits
  • REST and SOAP API send two email notifications for mentioned users
  • Adding notes via SOAP and REST API with time tracking uses incorrect access check
  • Implement IssueNoteDeleteCommand for deleting notes
  • Protected admin users can't be unprotected
  • Update PHPMailer to 5.2.26
  • "Developer By Resolution" is the only box in the Summary page not ordered
  • Summary - Time Stats For Resolved Issues
  • Support downloading issue attachments
  • Summary page enhancement with bugs ratio support
  • Implement IssueNoteAddCommand to share code for adding notes
  • Filter links for resolved/closed custom statuses in Summary By Status report are incorrect
  • Support adding attachments to existing issues via REST API
  • Implement UserCreateCommand to create users
  • Create user via REST API
  • Implement UserDeleteCommand for deleting users
  • Delete user via REST API
  • Summary: always show the "By Project" box
  • Implement TagAttachCommand for attaching tags
  • Implement TagDetachCommand to detach tags
  • Add REST API to attach a tag
  • Add REST API to detach a tag
  • Summary: Reporter and Developer by Resolution miss a Total column
  • Implement IssueRelationshipAddCommand to add relationships
  • Support adding relationships via REST API
  • Implement IssueRelationshipDeleteCommand
  • Support deleting issue relationships via REST API
  • Some relationships are not formatted correctly in GET issue rest API
  • Remove obsolete code that checks if PHP file info API is defined
  • Footer displayed under sidebar on error page when $g_show_detailed_errors = ON
  • Make Fileinfo a mandatory PHP extension
  • The stack trace on detailed error page should not include the error handler itself
  • Remove deprecated "errcontext" parameter from standard error handler
  • Improve detailed error page layout

  • unable to create a bug with customfields via SOAP
  • Wrong constructor name in class FilterConverter
  • Resolving as duplicate does not add reporter and handler to monitoring list of duplicate issue
  • CVE-2018-6403: XSS in adm_config_report.php 'value' parameter

  • Support retrieving user defined filters
  • Remove usage of deprecated function __autoload
  • Billing summary does not include sub-projects
  • Support standard filters defined by the system when retrieving issues
  • Limit change of impersonation threshold to global config
  • Support deleting filters
  • Don't print time tracking buttons and export links
  • Support configurable default billing rate
  • Removed useless collapse icon with duplicated title in billing report
  • Broken url for MantisBT logo in admin section
  • UI of Update Produkt Build page broken

  • The reporter can not solve or close the issue
  • When disable "Update an issue", then "Assign to" become access deined.
  • Reporter can´t change status of a bug
  • PHP error in change status page when user doesn't have access to private notes

  • Usage of deprecated each() function
  • Unneeded code for non supported old PHP versions
  • Don't validate handler when updating issues without updating handler
  • UI for protected plugins broken
  • REST APIs don't enforce required custom fields when reporting issues
  • Document need for consistency between "normal" and "datepicker" date formats
  • Default value for a date don't work
  • Using custom fields
  • database is not supported by PHP. Check that it has been compiled into your server.
  • Unneeded code for unsupported database types
  • Unneeded code for option meta_include_file
  • Category lookup is case sensitive
  • Internal Server Error 500 when category doesn't exist
  • Reporting an issue with default date {now} that is not visible doesn't work
  • Support exporting issue history
  • PHP error on getting issues when user doesn't have access
  • Function require_lib contains code to search in vendor folder
  • Unneeded code executed when retrieving global settings
  • Some check boxes on Manage Configuration > Workflow Threshold page are not centered
  • No preview of ANSI encoded text files that contain German Umlauts
  • Leverage ETag headers when getting issues
  • Leverage If-Match when deleting issues
  • Leverage If-Match when updating issues
  • mc_issue_update returns bug is read only on status update
  • Issues created via REST API with date custom fields fail
  • Token API does not work with config show show_realname

  • Access denied when updating bugs

Lesen Sie mehr:


1 November 2017 - 50MBWARNING
From version 2.8.0, Mantis requires the PHP 'mysqli' extension. It no longer supports 'mysql' or 'pdo_mysql'.
This upgrade will automatically change your application's database driver to 'mysqli'.

  • [api rest] REST API Issue update support (vboctor)
  • [performance] Unneeded files delivered if Mantis Graphs plugin is enabled (atrol)
  • [performance] Unneeded code delivered to support unsupported IE9 (atrol)
  • [ui] Useless UI element on manage_proj_page (atrol)
  • [custom fields] Empty numeric fields should be display as empty rather than 0 (community)
  • [custom fields] Empty float fields should be displayed as empty rather than 0 (community)
  • [api soap] Updating issues via APIs should trigger email notifications (vboctor)
  • [bugtracker] Auto-refresh shouldn't update last visited (atrol)
  • [code cleanup] Usage of deprecated constant (atrol)
  • [html] Wrong class name for tags output (atrol)
  • [administration] Remove unused config option inline_file_exts (community)
  • [plug-ins] Add plugin event EVENT_BUG_ACTIONGROUP_FORM (cproensa)
  • [custom fields] Numeric field accepts floats and displays them as numeric (vboctor)
  • [bugtracker] resolving parent issues inconsistency (community)
  • [bugtracker] Notes are not in the correct order after cloning an issue (cproensa)
  • [code cleanup] Remove php_version_at_least() function from PHP API (dregad)
  • [email] DomainKeys Identified Mail (DKIM) Signatures (community)
  • [bugtracker] Handler user is visible even if view_handler_threshold is configured to not allow (cproensa)
  • [api rest] Enable REST API by default (vboctor)
  • [bugtracker] "show_assigned_names" configuration is not applied correctly in view_all_bug_page (cproensa)
  • [filters] Filter "advanced" mode is reset after sorting through column headers (cproensa)
  • [api rest] Facilitate troubleshooting REST API by displaying detailed errors (dregad)
  • [email] Update PHPMailer to v5.2.25 (vboctor)
  • [code cleanup] Force composer to honor PHP compatibility advertised for MantisBT (vboctor)
  • [ui] Bugnote text area not styled correctly when private by default (vboctor)
  • [bugtracker] Notes added via change status / edit always market private when private by default (vboctor)

Lesen Sie mehr:


13 Februar 2017 - 22MBThis release has about 60 features and fixes including those merged from 2.0.1 and 1.3.6.

  • Markdown Support – MantisBT now provides markdown support similar to other tools that developers use like GitHub, Bitbucket, and others. We are starting off with rolling this out as an experimental feature that is disabled by default. Users are encouraged to try it out and provide us with feedback. To enable Markdown go to Manage – Manage Plugins – MantisBT Formatting 2.1.0, click ON next to "Markdown Processing" and click "Update Configuration". See examples for supported markdown.
  • Lots of Filtering Improvements – There has been major refactoring for the filtering code, lots of bug fixes, and addition of ability to edit saved filters, filter by last update timestamp, and others.

Lesen Sie mehr:


27 Januar 2015 - 22MBThis is a security update for the stable 1.2.x branch that resolves 5 security-related bugs and vulnerabilities and 2 regression issues introduced in 1.2.18. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.

  • #17938/CVE-2014-9571: XSS in install.php
  • #17939/CVE-2014-9572: Improper Access Control in install.php
  • #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
  • #17984/CVE-2014-9624: CAPTCHA bypass
  • #17997/CVE-2015-1042: URL redirection issue

  • #17993 prevents new users from signing up on systems using CAPTCHA.
  • #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields.

Full Changelog
  • 0017940: [security] CVE-2014-9573: SQL Injection in manage_user_page.php (dregad)
  • 0017984: [security] CVE-2014-9624: CAPTCHA bypass is way easier than it should be (dregad)
  • 0017997: [security] CVE-2015-1042: URL redirection issue (dregad)
  • 0017938: [security] CVE-2014-9571: XSS in install.php (dregad)
  • 0017939: [security] CVE-2014-9572: Improper Access Control in install.php (dregad)
  • 0017967: [bugtracker] Reporting an issue gives: 'Invalid argument supplied for foreach()' in '/opt/mantisbt-1.2.18/core/gpc_api.php' line 259 (dregad)
  • 0017925: [email] Order of notes in email notifications seem to be based on user who triggered the action (dregad)
  • 0017977: [bugtracker] Fix handling of due dates (dregad)
  • 0018025: [administration] Installer UI tweaks (dregad)
  • 0011742: [bugtracker] Sort bug notes by date, not by ID (dregad)
  • 0017993: [authentication] User creation with captcha broken by fix for issue 0017811 (dregad)

Lesen Sie mehr:


7 Dezember 2014 - 22MBThis is a security update for the stable 1.2.x branch that resolves 23 security-related bugs and vulnerabilities, including 7 Cross-Site Scripting (XSS) issues, 2 Code injection issues, 2 SQL injection (XSS) issues, 5 Information disclosure issues, and 7 Other security issues. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0009885: [security] Emails on relations is send to people who cannot see the related issue (vboctor).
  • 0017878: [security] Prevent unauthorized users setting handler when reporting issue (dregad).
  • 0017362: [security] Multiple vulnerabilities in MantisBT (dregad).
  • 0017877: [security] CVE-2014-9279: Db Credentials leak via unattended upgrade script (dregad).
  • 0017876: [security] CVE-2014-9281: Reflected XSS in admin panel / copy_field.php (dregad).
  • 0017874: [security] CVE-2014-9271: Persistent XSS in file uploads/attachments (dregad).
  • 0017875: [security] CVE-2014-9280: PHP Object Injection in filter API (dregad).
  • 0017297: [security] CVE-2014-9272: XSS in string_insert_hrefs allows script execution (dregad).
  • 0017648: [security] CVE-2014-6316: URL redirection issue (dregad).
  • 0017073: [other] Incorrect $specific_where (dregad).
  • 0017289: [documentation] Code allows display of Resolution and Status in bug report page, but doc says it's not allowed (dregad).
  • 0017292: [code cleanup] Use of deprecated PREG_REPLACE_EVAL ('e') pattern modifier (dregad).
  • 0017322: [attachments] Warning in bug report when attachments are disabled (dregad).
  • 0017324: [attachments] Debug output displayed when adding files (dregad).
  • 0017405: [bugtracker] proj_doc_update.php on document update crashes if new file is not uploaded (dregad).
  • 0017407: [bugtracker] Missing error param when updating project doc (dregad).
  • 0017457: [filters] Column summary of the free text search is not prefixed by table (filter_api) (dregad).
  • 0009460: [bugtracker] Default profile doesn't work (dregad).
  • 0010966: [security] No Errors shown at all if error_reporting=0 configured at server (dregad).
  • 0015420: [bugtracker] Invalid category check is not made (vboctor).
  • 0016957: [news] News section shouldn't show in permissions report when feature is disabled (vboctor).
  • 0016993: [api soap] Handler can be set without having appropriate access rights (vboctor).
  • 0017011: [db mssql] Graph « Cumulative by date » is not displayed in Summary > Advanced Summary (dregad).
  • 0017075: [migration] Import plugins should be able to set last_updated field to a date in the past (vboctor).
  • 0017076: [bugtracker] Issue history show date submitted and last updated as integers rather than dates (vboctor).
  • 0017847: [bugtracker] New BugData object due_date should be blank (dregad).
  • 0017848: [plug-ins] XML import plugin only replaces links in 'description' (dregad).
  • 0017640: [security] CVE-2014-6387: Null byte poisoning in LDAP authentication (dregad).
  • 0017725: [security] CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin (dregad).
  • 0017744: [security] Attachments displayed in history despite user not authorised to view them (dregad).
  • 0017763: [api soap] mc_issue_update() email notification doesn't include added notes (vboctor).
  • 0017780: [security] CVE-2014-8598: XML plugin should restrict ability to import data (dregad).
  • 0017812: [api soap] CVE-2014-8554: SQL injection in SOAP API (dregad).
  • 0017890: [security] CVE-2014-9269: XSS in extended project browser (dregad).
  • 0017870: [security] CVE-2014-8987: XSS in adm_config_report.php (dregad).
  • 0017889: [security] CVE-2014-8986: adm_config_report.php filtering does not check config option is valid (dregad).
  • 0017583: [security] CVE-2014-9270: Stored XSS in Mantis (dregad).
  • 0017841: [security] CVE-2014-9089: SQL injection in view_all_set.php (vboctor).
  • 0017811: [security] CVE-2014-9117: CAPTCHA bypass (vboctor).
  • 0017827: [email] Disposable library triggers PHP STRICT warnings (dregad).
  • 0017924: [news] Not possible to set 'announcement' flag when editing News (dregad).

Lesen Sie mehr:


4 März 2014 - 22MBThis is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0016940: [news] undefined function db_params() in core/news_api.php (dregad)
  • 0016989: [other] The bug_get_bugnote_count() function in the bug API always returns 0 (atrol)
  • 0017007: [webpage] duplicate 'a' tag (atrol)
  • 0017055: [security] CVE-2014-2238: SQL injection vulnerability in adm_config_report.php (dregad)

Lesen Sie mehr:


8 Februar 2014 - 22MBThis is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0016879: [security] CVE-2014-1608: soap:Envelope SQL injection attack (dregad).
  • 0016880: [security] CVE-2014-1609: SQL injection vulnerabilities (dregad).
  • 0016513: [security] CVE-2013-4460: XSS in account_sponsor_page.php project names (atrol).
  • 0015770: [security] When $g_limit_reporters = ON; it is still possible to change reporter (dregad).
  • 0014301: [documentation] Add SOAP API documentation in the administration guide (rombert).
  • 0015572: [attachments] diskfile_is_name_unique() can return non-unique filename (dregad).
  • 0015762: [email] email_regex_simple() case sensitive, leading to incorrect e-mail links (dregad).
  • 0015775: [other] Wrong reporter when copying an issue (atrol).
  • 0015777: [other] Wrong value in field "Date Submitted" when copying issues (atrol).
  • 0015791: [other] System notice when json_url() retrieves non-existent member (dregad).
  • 0015807: [api soap] Support standard filters like ones in My View page in SOAP API (vboctor).
  • 0015812: [documentation] Wrong example code for custom validation functions (atrol).
  • 0009936: [api soap] add history information (rombert).
  • 0015496: [attachments] Script to move attachments from db to disk not working (dregad).
  • 0015774: [attachments] Incorrect number of attached files (dregad).
  • 0015893: [email] It should not be possible to reset a user's password if e-mail is blank (dregad).
  • 0015920: [administration] Missing config file causes cli scripts to fail silently (dregad).
  • 0015921: [code cleanup] Temp variables defined in global scope should be unset() after use (dregad).
  • 0015958: [email] Upgrade PHPMailer to 5.2.6 (dregad).
  • 0014543: [email] Emails are not sent to addresses with single subdomain (dregad).
  • 0015953: [email] 'Could not instantiate mail function' error with safe mode=ON (dregad).
  • 0015959: [api soap] SOAP: raw XML when browsing the WSDL (dregad).
  • 0016028: [api soap] Adding note via webservice generates wrong email content for assigned user (rombert).
  • 0016120: [email] Cannot modify Receive Reminder threshold on Manage Threshold Page (atrol).
  • 0009876: [performance] Performance problem with a lot of projects (dregad).
  • 0016174: [tools] Travis CI: set up PHP 5.5 build alongside 5.4 (rombert).
  • 0012955: [attachments] After updating a project documentation the file is damaged (dregad).
  • 0014541: [code cleanup] Remove calls to deprecated functions db_prepare* in "Docs" update page (dregad).
  • 0016126: [tools] Setup integration testing on Travis CI (rombert).
  • 0016158: [api soap] mc_filter_get_issues does not populate monitors fiels for retrieved issues (rombert).
  • 0016187: [administration] Application error on fresh install (dregad).
  • 0016202: [tools] Travis CI: set up PHP 5.3 build (atrol).
  • 0016204: [tools] User Test fails when bugnote_order is not set to default (dregad).
  • 0016205: [tools] Issue History tests fail when history order is descending (dregad).
  • 0016203: [tools] Issue History tests randomly fail (dregad).
  • 0010071: [administration] Manage Workflow Threshold page: 'Who can alter this value' is not saved (dregad).
  • 0012470: [custom fields] Custom fields names aren't translated in several places (dregad).
  • 0012480: [bugtracker] Editing a bug with no assigned user and no access to edit assigned to field shows 'user0' (dregad).
  • 0015790: [other] url_get() cURL should set User Agent (dregad).
  • 0015817: [api soap] SOAP API unit test failures (dregad).
  • 0016175: [tools] Customize Travis notifications (dregad).
  • 0016252: [api soap] API SOAP provides no answer after MantisBT upgrade (rombert).
  • 0016259: [bugtracker] When sorting issues by due_date, unset values should be listed at the end (dregad).
  • 0016337: [administration] Creating the first project on a fresh install causes error 2800 (dregad).
  • 0016340: [db db2] Error 401 for Manage Tags (dregad).
  • 0016341: [db postgresql] Impossible to retrieve attachments from DB with PostgreSQL >= 9.0 (dregad).
  • 0016342: [bugtracker] The g_html_valid_tags_single_line configuration variable seems to be ignored in favor of g_html_valid_tags (dregad).
  • 0016348: [code cleanup] Duplicated code in MantisCoreFormatting (dregad).
  • 0016408: [customization] config_eval() fails on configs that reference array values (vboctor).
  • 0016416: [installation] Improve first login experience by auto-redirecting to create project page (vboctor).
  • 0016431: [installation] Numerous "Invalid argument supplied for foreach()" errors when installing with DB script printed to screen (grangeway).
  • 0016484: [tagging] SOAP: Impossible to attach tags to issues (dregad).
  • 0016485: [api soap] SOAP API test failure for due date (dregad).
  • 0014563: [db oracle] Use of literal SQL statement causes ORA-01704 error when uploading attachments (dregad).
  • 0010873: [roadmap] Change Log/Roadmap do not work with inherited versions. (dregad).
  • 0014458: [other] Track third party libs as github repos (dregad).
  • 0015196: [api soap] Create history entries when creating issues with non-default status and resolution (rombert).
  • 0016376: [customization] Not able to change status without having update issue rights (dregad).
  • 0016420: [preferences] Editing user preferences when no project exists triggers application error 20 (dregad).
  • 0016607: [documentation] Wrong option html_tags in Admin Guide (atrol).
  • 0016767: [upgrade] upgrade_unattended script is no longer working (vboctor).
  • 0016768: [mantistouch] Default mantistouch_url correctly when MantisTouch is installed in 'm' subfolder (vboctor).
  • 0016769: [mantistouch] MantisTouch redirect can break soap api based on user agent sent (vboctor).
  • 0016770: [mantistouch] Redirect from MantisBT issue to MantisTouch should go to the same issue page on MantisTouch (vboctor).
  • 0011785: [code cleanup] Comment for access_compare_level in access_api.php is bogus (atrol).
  • 0015648: [email] add event signalling to email_build_subject() function (dregad).
  • 0015647: [email] email subject is build manually in function email_bug_info_to_one_user() (atrol).
  • 0016706: [plug-ins] Plugin pages can be accessed directly when schema upgrade is needed (dregad).
  • 0016812: [bugtracker] Moving issue to child->child changes category to default (dregad).
  • 0016848: [bugtracker] Remove main page from main menu when news feature is OFF (vboctor).
  • 0006343: [bugtracker] Change status using actiongroup does not send email notifiation (dregad).
  • 0013659: [email] e-mail notification about priority change is not sent when using bug_actiongroup_page.php (dregad).

Lesen Sie mehr:


15 April 2013 - 22MBMantisBT 1.2.15 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Please refer to the release notes for details.
  • 0002971: [bugtracker] Reminders are not added to bug history (dregad) - closed.
  • 0015470: [bugtracker] Reminders recipient list is truncated (dregad) - closed.
  • 0010047: [documentation] Adding new statuses section is missing a step (dregad) - closed.
  • 0010118: [documentation] lang_get_current() returns wrong language if $g_default_language overwritten (dregad) - closed.
  • 0010372: [feature] Don't allow reminders to be sent if the user doesn't have an email address specificed (dregad) - closed.
  • 0013054: [installation] Installer displays a blank page if core.php encounters a critical error (dregad) - closed.
  • 0015357: [bugtracker] uninitialized library path (dregad) - closed.
  • 0015471: [bugtracker] bug_reminder.php does not handle unsent reminders (dregad) - closed.
  • 0015472: [bugtracker] email_bug_reminder() API's return array is always full list of recipients (dregad) - closed.
  • 0015481: [custom fields] Custom fields values are not sorted in the main filter (dregad) - closed.
  • 0015528: [printing] Custom fields user has no access to should not be displayed on print pages (dregad) - closed.
  • 0015538: [bugtracker] Issues list is not displayed when $g_limit_reporters is ON (dregad) - closed.
  • 0015540: [documentation] Wrong example code for custom status translation (atrol) - closed.
  • 0015558: [bugtracker] url_get() does not fall back to other methods when no data is retrieved (dregad) - closed.
  • 0015573: [security] CVE-2013-1883: One query can be issued via current Mantis interface to take down site (dregad) - closed.
  • 0015575: [documentation] Turning on $g_show_queries_list causes Mantis to crash with an error (dregad) - closed.
  • 0015659: [localization] Appears @70@ and @80@ in the list of resolutions in the "view Issues" page when mantis is in catalan. (dregad) - closed.
  • 0015691: [administration] Config report: retrieval of saved project filter from cookie does not work (dregad) - closed.
  • 0015453: [security] CVE-2013-1930: Close button is shown on webpage despite 'close' is not a valid status by workflow (dregad) - closed.
  • 0015511: [security] CVE-2013-1931: XSS vulnerability when deleting a version (atrol) - closed.
  • 0015698: [bugtracker] 'extract() expects parameter 1 to be array, boolean given' in '/srv/www/bugs/account_prof_edit_page.php' line 48 (dregad) - closed.
  • 0015704: [documentation] Wrong description of writing custom_functions (atrol) - closed.
  • 0015744: [bugtracker] Reminder bugnote with list of recipients not added if no text provided (dregad) - closed.
  • 0015451: [api soap] Incorrect invocations of SoapObjectsFactory::newSoapFault (rombert) - closed.
  • 0015517: [api soap] mc_project_get_versions() result can't be parsed by C# (dregad) - closed.
  • 0015522: [api soap] mc_project_get_issues does not report due_date (dregad) - closed.

Lesen Sie mehr:


(Nachtrag 1)
4 April 2013 - 22MBApplications:
  • Install: Improvements to the install routine to improve compatibility with more PHP configurations.


30 Januar 2013 - 22MBMantisBT 1.2.14 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Please refer to the release notes for details.
  • 0015415: [security] XSS vulnerability on Configuration Report page (dregad) - closed.
  • 0015416: [security] XSS issue in adm_config_report.php when displaying complex value (dregad) - closed.
  • 0015411: [performance] Huge memory consumption for print_user_option_list() (dregad) - closed.

Lesen Sie mehr:


11 November 2012 - 22MB


9 Juni 2012 - 22MB


2 April 2012 - 22MB


4 März 2012 - 21MB


6 September 2011 - 21MB


23 August 2011 - 16MB


27 Juli 2011 - 16MB


6 April 2011 - 16MB


15 Dezember 2010 - 16MB


14 Oktober 2010 - 16MB

Unsere Webhostings sind kompatibel mit


Nur Webhosting

100 GB und mehr
Erweiterte Verwaltung von EV- und DV-SSL-Zertifikaten

Weitere Infos

ab 5.75 € / Monat


Das Web+Mail-Komplettangebot

100 GB und mehr
Erweiterte Verwaltung von EV- und DV-SSL-Zertifikaten

Professionelle E-Mail
25 E-Mail-Adressen mit unbegrenztem Speicherplatz

Instant Messaging
Sychronisation von Kontakten und Kalendern

Weitere Infos

ab 7.42 € / Monat



100 GB und mehr
Erweiterte Verwaltung von EV- und DV-SSL-Zertifikaten

2 CPU und mehr
6 GB RAM und mehr
100% SSD
100% dedizierte Ressourcen

Infomaniak verwaltet Ihren Server

Weitere Infos

ab 29 € / Monat

Preise in EUR


Nützliche Anleitungen