Hébergement Mantis


Mantis est un système open source de suivi de bug.

Installation en 1 clic Mantis

Installation en 1 clic

Mise à jour facile Mantis

Mise à jour facile

Sauvegarde et restauration Mantis

Sauvegarde et restauration


E-commerce et Entreprise
Version courante
Dernière mise à jour
10 May 2022
Français + 48 autres

Configuration requise

Taille de l'installation
50.00 Mo
Base de données
open source
Vue d'ensemble
Quoi de neuf
2.25.4 (version de sécurité)
10 Mai - 50MB2.25.4

Maintenance release fixing a couple of regressions introduced in 2.25.3, loading a JavaScript library from CDN and initializing the path on PHP 5.6.

Bug Fixes and Changes
  • [authorization] APPLICATION ERROR #13 [access denied] while creating new user when theshold configured as MANAGER in administration interface
  • [db mssql] APPLICATION ERROR 401 Database query failed. Error received from database was #-52: SQLState: IMSSP
  • [bugtracker] Errors trying to load moment.js library from CDN
  • [bugtracker] $g_path incorrectly set in config_defaults_inc.php on PHP 5.6
  • [installation] Javascript error in browser console when upgrading
  • [installation] Installer's Oracle-specific warning regarding identifiers' length is shown initially for MySQL
  • [authorization] Update issue icon on "My View" page is displayed even without having appropriate access rights
  • [authorization] Update issue icon on "View Issues" page is displayed even without having appropriate access rights


Security and maintenance release, fixing vulnerabilities in CSV Export (CVE-2021-43257) and Plugins management pages (CVE-2022-26144), as well as in bundled libraries guzzlehttp/psr7 (CVE-2022-24775) and moment.js (CVE-2022-24785). It also addresses several PHP 8.1 compatibility issues.

  • CVE-2022-26144: XSS in manage_plugin_page.php and manage_plugin_uninstall.php
  • CVE-2021-43257: CSV Injection with CSV Export Feature
  • Update moment.js to 2.29.2
  • Update ADOdb to 5.20.21
  • Update guzzlehttp/psr7 to 1.8.5

Bug Fixes and Changes
  • [api soap] SOAP call mc_project_get_id_from_name fails when there is no matching project in PHP 7.2
  • [bugtracker] Passing null to parameter of type XXX is deprecated
  • [api rest] Slim Application Error when RestFault generated
  • [bugtracker] Constant FILTER_SANITIZE_STRING is deprecated
  • [attachments] Adding an attachment with a long filename causes "Data too long for column 'filename'" application error
  • [bugtracker] 'format_issue_summary' custom function not called from View Issue Details page
  • [ui] Missing closing div tag causes incorrect page footer display
  • [installation] Unable to install
  • [custom fields] APPLICATION ERROR 1300 Custom field not found with case-sensitive database

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.4

2.25.2 (version de sécurité)
18 Juin 2021 - 50MBSecurity
  • [security] CVE-2021-33557: XSS in manage_custom_field_edit_page.php
  • [security] Update PHPMailer to 6.5.0

Changes and Bug Fixes
  • [custom fields] PHP 8: "Bad Request" error on custom field filters

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.2

2.25.1 (version de sécurité)
17 Mai 2021 - 50MBSecurity
  • [security] Update PHPMailer to 6.4.1 (fixes CVE-2020-36326)

Changes and Bug Fixes
  • [ui] Labels for email notifications in User Prefs page appear in bold
  • [ui] Project Edit Page does not display check boxes
  • [plug-ins] Bundled plugins 2.25.0: incorrect Mantis requirement
  • [ui] Unsightly vertical offset of the "Update Prefs" and "Reset Prefs" buttons.
  • [administration] Error removing project
  • [ui] Incorrect spacing between icon and text on manage_user_edit_page.php

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.1

2.25.0 (version majeure) (version de sécurité)
9 Avril 2021 - 50MB2.25.0

  • [security] Printing unsanitized user input in account_prof_edit_page.php
  • [security] Update PHPMailer to 6.3.0

Changes and Bug Fixes
  • [administration] "Add Version" without entering a version number outputs "Operation successful" though no version has actually been added
  • [administration] Attachment settings not available on "Workflow Thresholds" page
  • [administration] Issue revision settings not available on "Workflow Thresholds" page
  • [administration] Manage user page table footer is displayed even when empty
  • [administration] Misleading e-mail notification following password reset by admin
  • [administration] PHP warning in config_get_global
  • [administration] Some config options can be set in database, but should be configurable just in config_inc.php
  • [administration] SQL syntax error on manage_user_page
  • [administration] Sticky setting not available on "Workflow Thresholds" page
  • [administration] When deleting a project, there should be information of how many (if any) issues are affected
  • [api rest] /config REST API endpoint reports users as not found when they exist
  • [api rest] Errors in API documentation
  • [api rest] Incorrect documentation for tags
  • [api rest] REST API update issue triggers errors if payload is empty
  • [api rest] Upgrade guzzlehttp/guzzle from 6.5.2 to 6.5.5
  • [api soap] mc_issue_update() throws system warning when Project not specified in IssueData
  • [attachments] Improve pop-up description for file icons
  • [authentication] Username regex is too strict by default
  • [authorization] reporter allowed to close
  • [bugtracker] Admin check always has "WARN" for magic_quotes checks (PHP 7.4)
  • [bugtracker] Allow printing of standard confirmation alerts without buttons
  • [bugtracker] bugnote_clear_cache() does not work properly
  • [bugtracker] clickable summaries in view issues page
  • [bugtracker] It is not possible to clear the Default Profile
  • [bugtracker] Profile-related operations lack confirmations
  • [bugtracker] Refactor Profiles management pages to display a list of records
  • [bugtracker] Standardize on IEEE 1541 units (KiB, MiB) for file sizes
  • [bugtracker] Update securimage to 3.6.8
  • [change log] No hyperlinks in Changelog and Roadmap release notes
  • [code cleanup] Code cleanup around User/Global Profiles
  • [code cleanup] Convert Project and User Pref APIs to use DbQuery class
  • [code cleanup] Data integrity: ensure users' default_project preference is a valid project
  • [code cleanup] Error handlers use deprecated context parameter
  • [code cleanup] Implement ConfigsGetCommand and use from REST API
  • [code cleanup] Implement LocalizedStringsGetCommand and use from REST API
  • [code cleanup] Move release scripts to main repository
  • [code cleanup] New API function to get User Id by cookie string
  • [code cleanup] PHP notice in manage_user_edit_page.php when given invalid user id
  • [code cleanup] Refactor printing of project selection menus
  • [code cleanup] Remove obsolete 'posted' form param when reporting new issue
  • [code cleanup] Remove Project Info page
  • [code cleanup] Remove unused and regroup duplicated language strings
  • [code cleanup] Remove unused bug_monitor_list_view_inc.php file
  • [code cleanup] Standardize access of option database_version
  • [code cleanup] System notice in lang_error_handler
  • [code cleanup] Unneeded code for option display_project_padding
  • [code cleanup] Use user_is_login_request_allowed() instead of duplicating the logic
  • [custom fields] Custom date field with default value left blank even when field is required
  • [custom fields] Custom fields with comma can't be used in Manage Config Columns page
  • [custom fields] Incorrect error message when reporting issue with a custom field failing validation
  • [custom fields] Remove need to use {} for dynamic dates in custom fields default value
  • [custom fields] Validate date custom fields default value format
  • [db mssql] Update ADOdb to 5.20.20
  • [db postgresql] PHP 8.0 PostgreSQL builds fail due to deprecated pg_fieldsize() function
  • [db schema] Email field in mantis_email_table is shorter than user email in mantis_user_table
  • [documentation] Admin Guide has various broken links, obsolete info, etc.
  • [documentation] Fix discrepancies in documentation for $g_display_errors
  • [documentation] Host the Example Plugin from the Developers Guide in a repository in mantisbt-plugins organization
  • [documentation] Improve Custom Fields documentation
  • [documentation] Out of the box Mantis does not display either a Dependancy or Relationship Graph
  • [documentation] Remove helper_alternate_class() calls from Developers Guide and document alternative
  • [documentation] REST API documentation
  • [email] Enable S/MIME signed e-mail notifications
  • [filters] Preserving filters does not work correctly on sub-sub-projects
  • [filters] search field at project-selection is not working anymore
  • [html] Standardize the way fontawesome icons are printed
  • [installation] Required PHP json extension not documented and checked
  • [installation] Sourceforge [admin/test_langs.php] File missing from installation packages ( mantisbt-2.24.3.zip & mantisbt-2.24.3.tar.gz)
  • [installation] Using an empty timezone causes PHP notice on PHP 8
  • [javascript] MantisGraph: stop using chart.js bundled build
  • [ldap] Add STARTTLS Support to LDAP
  • [ldap] Changed default $g_ldap_protocol_version from 0 to 3.
  • [ldap] LDAP configuration options can be set in database
  • [ldap] LDAP server must be specified as an URI
  • [localization] Confusing message when selecting a project to enter an issue
  • [localization] Improve handling of missing language strings
  • [other] Upgrade release build scripts to Python3
  • [performance] Non visible image previews are transferred from server to client
  • [plug-ins] 3rd-party plugins cannot use chart.js library bundled with MantisGraph
  • [plug-ins] Admin checks should detect invalid / incorrectly installed plugins
  • [plug-ins] Create cronjob script and plugin event
  • [plug-ins] Force-installed plugins are not registered in order of priority
  • [plug-ins] Improve handling of invalid / incorrectly installed plugins
  • [plug-ins] MantisGraph: update Chart.js library to v2.9.3
  • [plug-ins] Plugin_force_uninstall is not declared
  • [plug-ins] Tag attach group action doesn't trigger EVENT_TAG_ATTACHED
  • [plug-ins] Validate plugin folder name and name match during setup
  • [preferences] issue report TOO_MANY_REDIRECTS
  • [preferences] Non existing field name os_version used where os_build should be used
  • [printing] Viewer does not get Selection column in View Issues or Print Reports lists
  • [sql] Error in bug_api.php when UPDATEing a bug
  • [sub-projects] Project Menu Bar does not indent subprojects properly
  • [time tracking] User list in time tracking summary is not sorted
  • [tools] TravisCI: add PHP 8.0 to tests, and switch to bionic build environment
  • [ui] "Move" functionality offered for users that have just access to a single project
  • [ui] Confusing redirection when editing profiles
  • [ui] Horizontal rules ( tag) are nearly invisible
  • [ui] Inconsistent form input labels' font size when HTML label element is used
  • [ui] Left-align the Send Reminder textarea
  • [ui] Manage users edit page: inconsistent spacing between sections
  • [ui] Questionable UI / button on "Edit Project Category" page
  • [ui] Upgrade to fontawesome version 4.7.0
  • [ui] Username field in Monitor box triggers password managers
  • [ui] Wrong page position after bugnote add/edit


  • [security] CVE-2009-20001: User cookie string is not reset upon logout

Changes and Bug Fixes
  • [bugtracker] install.php throws SYSTEM WARNINGs
  • [custom fields] Unable to edit Issues having Date custom fields on PHP 8.0 for Category '0'

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.0

Afficher plus de versions
2.24.4 (version de sécurité)
29 Janvier 2021 - 50MBSecurity
  • [security] Private category can be access/used by a non member of a private project (IDOR)
  • [security] Attacker can leak private information via different functionality
  • [security] CVE-2020-29604: Full disclosure of private issue contents, including bugnotes and attachments
  • [security] CVE-2020-29605: Disclosure of private issue summary
  • [security] CVE-2020-29603: Disclosure of private project name
  • [security] CVE-2020-35571: XSS in helper_ensure_confirmed() calls
  • [security] User Account - Takeover
  • [security] Fixed in version can be changed to a version that doesn't exist
  • [security] When updating an issue, a Viewer user can be set as Reporter
  • [security] CVE-2020-35849: Revisions allow viewing private bugnotes id and summary
  • [security] CVE-2020-28413: SQL injection in the parameter "access" on the mc_project_get_users function throught the API SOAP.

  • [bugtracker] inconsistent UI for view bugnote revision
  • [security] Printing unsanitized user input in install.php
  • [printing] print_manage_user_sort_link Function Parameter Required after Optional
  • [code cleanup] Declaring a required parameter after an optional one is deprecated in PHP 8
  • [javascript] Javascript error in View Issues page
  • [bugtracker] Adapt Error handler to PHP 8
  • [bugtracker] Impossible to edit issues with PHP8

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.4

2.24.3 (version de sécurité)
29 Septembre 2020 - 50MBSecurity
  • [security] Admin can get issues assigned to users not allowed to handle them
  • [security] Admin can set viewer as a tag creator
  • [security] Send reminder to viewer
  • [security] CVE-2020-25288: HTML Injection on bug_update_page.php
  • [security] CVE-2020-25781: Access to private bug note attachments
  • [security] CVE-2020-25830: HTML Injection in bug_actiongroup_page.php

  • [plug-ins] Priority can override to any positive integer
  • [code cleanup] Remove code duplication in File API
  • [code cleanup] When processing categories, it is not necessary to know the project id

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3

2.24.2 (version de sécurité)
10 Août 2020 - 50MBSecurity
  • [security] CVE-2020-16266: HTML injection (maybe XSS) via custom field on view_all_bug_page.php
  • [security] Update PHPMailer from 6.1.4 to 6.1.6

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.2

2.24.1 (version de sécurité)
16 Juillet 2020 - 50MBSecurity
  • [security] APIs expose private attachments to users who has access to issue but not private notes
  • [security] file_get_visible_attachments shows private files that should be invisible to the user

  • [attachments] Attachments box is invisible when notes are private by default
  • [attachments] Database Server error while adding file to project
  • [administration] Impossible to reset user's password
  • [documentation] Documentation for REST API /users/{id}/reset missing
  • [api rest] Resetting password for protected user via REST API should fail

Bug Fixes
  • [bugtracker] changed project order / sequence
  • [bugtracker] OS build field not filled in viewing mode
  • [bugtracker] View Issue page does not show "Product Build" (wrong key names in code)

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.1

16 Mars 2020 - 50MBChanges
  • [email] Update phpmailer/phpmailer from 6.1.3 to 6.1.4 (dregad)
  • [ui] on mantisbt.org Roadmap progress bar 'data-percent' class could stand out better (syncguru)
  • [ui] Issue list throws warning on every issue without bug notes. (dregad)
  • [api rest] Update GuzzleHttp from 6.4.1 to 6.5.2 (dregad)
  • [ui] Incorrect CSS rules get applied if a word in custom field name matches an existing CSS class (atrol)
  • [code cleanup] Code Cleanup (atrol)
  • [reports] Wrong number of displayed rows on summary page (atrol)
  • [code cleanup] Remove $g_log_destination 'firebug' option, as the project is dead since 2017 (dregad)
  • [documentation] Admin Guide: remove doc for long-deprecated $g_ldap_port config (dregad)
  • [db mssql] Update ADOdb to 5.20.16 (dregad)
  • [feature] Limit reporter's access to their own issues (cproensa)
  • [plug-ins] New Event: EVENT_MENU_ISSUE_RELATIONSHIP (dregad)
  • [relationships] Dependency Graph crash on circular parent child relationships (dregad)
  • [reports] Display issue Summary inside relation graph nodes (dregad)
  • [rss] Access of non existent image in RSS feeds (dregad)
  • [filters] BugFilterQuery - issue? - trying to add join & where conditions (cproensa)
  • [relationships] Relationship Graph page UI lacks MantisBT 2.x layout (dregad)
  • [relationships] Relationship Graph page is missing legend (dregad)
  • [relationships] Relationship Graph - inconsistency between button label and title (dregad)
  • [plug-ins] Improve MantisColumn sort capability to allow sorting by more complex expressions (cproensa)
  • [filters] Wrong filtering by none-relationship (cproensa)
  • [ui] Generate token with empty name and APPLICATION ERROR #11 (dregad)
  • [api rest] Support user password reset via REST API (community)
  • [installation] Apostrophe in custom_field_string table causes upgrade from < 1.2.0 to fail (dregad)
  • [time tracking] Cell coloring for due date indicates "overdue" when not overdue yet. (dregad)
  • [time tracking] Cell coloring for due date indicates "overdue" when not overdue yet. (dregad)
  • [administration] how can I allow user to view only the issue that assigned to them (cproensa)
  • [bugtracker] Reporter can't see an issue they have been made a monitor of (cproensa)
  • [bugtracker] Change of due date background color (dregad)
  • [localization] lang_get_defaulted does not search for fallback language (dregad)
  • [bugtracker] Implement limit_reporters as a threshold (cproensa)
  • [authentication] login username is not trimmed (dregad)
  • [roadmap] User can't see in roadmap a private issue that they reported (cproensa)
  • [bugtracker] Allow multiple, customizable due date levels (dregad)
  • [time tracking] Cell coloring for due date indicates "overdue" when not overdue yet. (dregad)
  • [bugtracker] Change of due date background color (dregad)
  • [installation] Use appropriate statement to update DB schema when generating SQL (dregad)
  • [api rest] Passing out of range custom field id causes multiple PHP warnings / incorrect response (dregad)
  • [api rest] Passing unsanitized data to type hinted function causes program crash (dregad)
  • [api rest] Passing invalid id to rest api custom field update causes program crash (dregad)
  • [installation] Final statement to set database version not logged in SQL script (dregad)
  • [installation] Add informational comments to SQL script generated by installer (dregad)
  • [installation] improve installer messages when generating SQL script (dregad)
  • [installation] Allow admin to reset table pre/suffix to their default values (dregad)
  • [bugtracker] Make category on bug_report_page a required field when $g_allow_no_category = OFF; (dregad)
  • [bugtracker] Required fields when reporting an issue, should also be when updating it (dregad)
  • [bugtracker] Mass update does not allow setting an empty category (dregad)
  • [ui] Provide a way to 'show content' for all complex items on Manage Configuration Report page (dregad)
  • [plug-ins] No equivalent to lang_get_defaulted() in plugin_api() (dregad)
  • [bugtracker] Inheritance of sub project not read correctly from database (dregad)
  • [customization] Retire bug_change_status_page_fields config option (vboctor)

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.0

9 Décembre 2019 - 50MBChanges
  • [reports] Move MantisGraph pages to their own tab
  • [api rest] Update GuzzleHttp from 6.3.3 to 6.4.1
  • [attachments] "private bugnotes" as default setting prevents uploading further attachments
  • [attachments] Attaching files to a note creates a second note with only the attachments
  • [attachments] Deleting a note, should delete associated attachments
  • [attachments] Warning for users when making public notes with attachments private
  • [attachments] Add files information to EVENT_BUGNOTE_ADD event
  • [custom fields] Use custom field regular expression in the html input
  • [custom fields] Manage custom fields page does not show fields in order
  • [attachments] Switching note to private/public, should impact associated attachments
  • [auditing] Link attachments issue history events to attachments to determine visibility
  • [feature] Allow setting reminder bugnotes' view status
  • [filters] No way to filter "negative" for checkbox custom fields
  • [attachments] Attachments should be linkable to notes in db
  • [documentation] Wrong data types in ERD
  • [api rest] Implement IssueViewPageCommand to separate logic from rendering of issue view page
  • [ui] Inline actions user experience is inconsistent between different features
  • [filters] Filter for a date custom field fails when no values for this field exists
  • [documentation] Invalid URL for GraphViz home page
  • [plug-ins] Content Security Policy directive 'frame-ancestors' contains an invalid source when http_csp_add is called for it
  • [bugtracker] PHP notice in bug view page when viewing issue without category
  • [documentation] Update ERD diagram to reflect new field in bug_file table
  • [time tracking] Application Error 401 when clicking Time Tracking at the bottom of a bug notes page
  • [time tracking] Bugnotes time spent info is always shown even if time tracking is disabled
  • [attachments] Support attachments associated with private notes
  • [ui] Attachments displayed with empty user
  • [attachments] Comments on attachments
  • [api rest] Error requesting issues using saved filter
  • [attachments] Create a place holder note when submitting attachments without text
  • [email] "Email on monitoring" not configurable in manage_config_email_page
  • [attachments] Support inline playing of audio attachments
  • [documentation] preview_*_extensions config options not documented
  • [attachments] Support inline playing of video attachments
  • [db postgresql] check_pgsql_bool_columns: check wrongly suggests that the redirect_delay should be in boolean format
  • [ui] Both "monitor" and "end monitoring" buttons are displayed
  • [ui] "Users monitoring this issue" section not shown if nobody is monitoring the issue
  • [custom fields] Use max length property of custom field in inputs
  • [performance] Issue view api uses many custom field database queries
  • [performance] Issue view history api repeated calls to bug_get_attachments database query
  • [ui] Clone button is not displayed correctly
  • [bugtracker] Tags are not copied from master issue when cloning
  • [email] Bump phpmailer/phpmailer from 6.0.7 to 6.1.3
  • [tagging] Tag attachments list includes tags already attached to the bug
  • [administration] Custom fields selector in manage project page are not ordered by name
  • [custom fields] Filter value "none" is not available for multiselection list custom fields
  • [api rest] Update Slim Framework to 3.12.3
  • [tagging] Add $g_tag_create_threshold to Workflow Thresholds in the GUI
  • [bugtracker] Closing issues via group action with empty note creates a bugnote record
  • [ui] Attachments without note text are not displayed
  • [security] Vulnerability from library Moment.js 2.15.2
  • [administration] Use empty value as default project in "manage project" subproject section
  • [javascript] Update corejs-typeahead.js library to 1.3.0
  • [security] Update ADOdb to 5.20.15

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.23.0

2.22.1 (version de sécurité)
30 Septembre 2019 - 50MBSecurity
  • CVE-2019-15715: [Admin Required - Post Authentication] Command Execution / Injection Vulnerability
  • CVE-2019-8331: Update bundled Bootstrap to 3.4.1
  • Enable integrity hashes for CSS ressources from CDNs

Bug Fixes
  • For Complex Configuration option doesn't work when mod_rewrite is disabled

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.22.1

4 Septembre 2019 - 50MBBug Fixes
  • [bugtracker] Ability to add monitors to a bug when the bug is first reported
  • [plug-ins] Improve plugin schema upgrade error message
  • [api soap] SOAP API return value does not match definition in WSDL
  • [bugtracker] error_string() does not allow HTML tags inside of error messages
  • [installation] Reflect PHP requirements in Composer config
  • [html] Invalid HTML in manage_config_workflow_page.php
  • [bugtracker] Users can't add monitors if access < show_monitor_list_threshold and >= monitor_add_others_bug_threshold
  • [administration] Impossible to set add/remove monitors thresholds from manage page
  • [documentation] Improve documentation for monitors-related configs
  • [code cleanup] Remove get_email_link() API function
  • [code cleanup] New prepare_mailto_url() API function
  • [bugtracker] PHP Notices in User API
  • [printing] Remove hyperlinks on usernames in Word export
  • [attachments] Add support for pasting images as attachments
  • [security] Email for a new private bugnote was send to a non authorized reporter
  • [time tracking] Time tracking box rendering is broken
  • [bugtracker] Status color squares become black
  • [tagging] Report issue doesn't support multiple new tags
  • [plug-ins] Add EVENT_MENU_MAIN_FILTER to allow complete customisation of main menu
  • [api rest] REST API support for multiple authorization headers
  • [bugtracker] Replace mailto: by link to user profile page in view.php
  • [html] Leading newlines disappear when editing data in textarea elements
  • [code cleanup] Remove unused $p_can_report_only parameter in layout_navbar_projects_list()
  • [documentation] Admin guide: remove reference to unmaintained Firefox add-on
  • [administration] Simplify displaying of complex values in adm_config_report page
  • [javascript] Improve client-side sortable tables script
  • [plug-ins] EVENT_BUGNOTE_DATA event not documented in developer manual
  • [plug-ins] MantisGraph: update Chart.js library to v2.8.0
  • [code cleanup] MantisGraph: define Chart.js-related constants in the plugin
  • [plug-ins] Missing an API function to check if a plugin event has been declared
  • [tools] PHPUnit tests as run by Travis CI builds do not execute all defined suites
  • [bugtracker] IssueAddCommand does not create history entries identical to the code it replaced
  • [ui] Gravatar plugin should always use https
  • [other] bug_report_page is forced to be cached
  • [api rest] Missing tag name in error message when creating issue via REST API
  • [api rest] Invalid JSON response when creating issue with tag by name via REST API
  • [code cleanup] Glue after String Array is being Deprecated
  • [plug-ins] Gravatar Plugin Description
  • [tagging] Creating an invalid tag should fail with an error
  • [tagging] Tag-related error messages should reference the tag's name
  • [api rest] Adding issue via REST API should fail if requested tags can't be attached
  • [api rest] IssueAddCommand should create tag specified by name if they do not exist

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.22.0

2.21.2 (version de sécurité)
21 Août 2019 - 50MBSecurity
  • [security] CVE-2019-15074: Stored XSS Vulnerability in Timeline

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.21.2

24 Juin 2019 - 50MBBug Fixes
  • [administration] Wrong access_level settings when updating rights in the project admin page (cproensa)
  • [administration] LOGFILE_NOT_WRITABLE error triggered if file does not exist (dregad)
  • [administration] Button label truncated on manage_config_workflow_page (dregad)
  • [other] Summary "By Date (days)" gets wrong number (cproensa)
  • [attachments] File upload timeout (atrol)
  • [reports] Summary statistics db error message (cproensa)

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.21.1

2.21.0 (version majeure)
3 Mai 2019 - 50MB2.21.0
  • 0019642: [administration] If log file is not writable, log_event() fails silently (dregad)
  • 0022096: [timeline] My View page without timeline does not respect the $g_my_view_boxes_fixed_position setting (dregad)
  • 0022104: [ui] My View Page layout misses some boxes (dregad)
  • 0022143: [documentation] Encoding of custom files not documented (dregad)
  • 0022972: [documentation] Upgrade guide does not mention plugins (dregad)
  • 0023333: [filters] sub-project assignments missing from project-specific My View page (cproensa)
  • 0023418: [ui] Plugin tab in Summary section not highlighted when selected (community)
  • 0023550: [customization] Modification to status colors css (dregad)
  • 0025614: [installation] Missing file (api/rest/web.config) in installer (dregad)
  • 0025629: [administration] E_USER_DEPRECATED errors are no longer displayed inline (dregad)
  • 0025631: [administration] PHP Notice or incorrect file+line number when displaying DEPRECATED error (dregad)
  • 0025650: [ui] Show status with a color square instead of background color on Bug Update Page (dregad)
  • 0025651: [performance] Update color when new Status is selected in Bug Update Page (dregad)
  • 0025664: [ldap] LDAP documentation - Remove invalid 'hostname:port' example (dregad)
  • 0025679: [ui] Uneven distribution of boxes on My View page when Timeline is OFF (dregad)
  • 0025682: [ui] Show Invite button for users with manage users access level, not just administrators (community)
  • 0023037: [ui] Focus on project search (cproensa)
  • 0023694: [plug-ins] View Issue page menu links from EVENT MENU_ISSUE event are wrapped with "[", "]" characters (dregad)
  • 0025594: [ui] Projects menu search box should be hidden when having a small number of projects (cproensa)
  • 0025688: [api rest] Inconsistent naming of username field in REST API (community)
  • 0025693: [performance] Improve performance of Summary Page queries (cproensa)
  • 0025695: [bugtracker] Redirect to the new issue's page after reporting it (community)
  • 0025703: [api rest] Update Slim Framework to 3.12.1 (vboctor)

  • 0005151: [administration] Can't update user's project-specific access level (dregad)
  • 0025437: [api rest] Update Slim Framework to 3.12.0 (dregad)
  • 0004624: [feature] Add filtered summary (cproensa)
  • 0014656: [reports] Filter by dates in Summary Graphs (cproensa)
  • 0017304: [documentation] Manual does not describe variable "g_from_name" (atrol)
  • 0020069: [code cleanup] default_email_on_status, misleading comments in config_defaults (atrol)
  • 0023045: [feature] Usability suggestion at Report Issue screen (atrol)
  • 0023904: [performance] Massive queries to user table in edit project (cproensa)
  • 0024347: [security] web.config file is missing in api/rest (community)
  • 0024549: [filters] Permalink - Filter lose information after click on view issues (cproensa)
  • 0024775: [filters] Improve presentation of temporary filters (cproensa)
  • 0024776: [filters] Switching simple/advanced for a temporary filter loses the filter (cproensa)
  • 0025109: [html] Filter widget does not hide botton bar when collapsed (cproensa)
  • 0025130: [administration] "Check Installation" is missing from Admin menu (dregad)
  • 0025164: [reports] MantisGraph, implement filtered summary for graphs (cproensa)
  • 0025168: [reports] MantisGraph. Reporter graph does not fit width of page (dregad)
  • 0025174: [excel] Float custom field saved as String in XML-Excel export (atrol)
  • 0025210: [reports] Script error in graphs (cproensa)
  • 0025213: [rss] RSS feeds broken when using PHP >= 7.0 (atrol)
  • 0025381: [api rest] Get project doesn't return all versions (atrol)
  • 0025385: [ui] Summary page submenu not aligned when screen narrower than buttons (dregad)
  • 0025386: [ui] Incorrect spacing between submenu and main div for some MantisGraph screens (dregad)
  • 0025387: [ui] MantisGraph: redundant subtitle on Issue Trends page (dregad)
  • 0025403: [documentation] $g_notify_new_user_created_threshold_min is ignored on new account creation (atrol)
  • 0025408: [documentation] Minor documentation fixes (atrol)
  • 0025429: [api rest] Undefined variable t_show_detailed_errors in API REST (dregad)
  • 0025442: [db mssql] Wrong/duplicate bugnote_text_id in mantis_bugnote_table (cproensa)
  • 0025466: [reports] SYSTEM NOTICE on graph pages (atrol)
  • 0009757: [reports] View Issues - Select a Filter - Graph are not linked on this choice (cproensa)
  • 0012261: [filters] Cannot filter by versions of parent project when child project selected (cproensa)
  • 0020054: [administration] Cant modify configuration for All projects if only one project exists (cproensa)
  • 0021931: [reports] Filtered Summary (cproensa)
  • 0022099: [reports] Missing pie chart in "By Category Graphs" (cproensa)
  • 0022100: [code cleanup] Take care of released/obsolete flag when accessing version_cache_array_rows() cache (cproensa)
  • 0023245: [performance] project versions are not cached efficiently (cproensa)
  • 0024672: [security] Fix Bootstrap security issues (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042) (atrol)
  • 0024821: [code cleanup] Wrong caching in version API (cproensa)
  • 0025110: [authentication] Token error when login with a newly created user (cproensa)
  • 0025102: [api rest] /api/rest/issues endpoint supposedly returns all issues, but doesn't (community)
  • 0025133: [ui] Project selection is shown even if the user has no accesible projects (cproensa)
  • 0025163: [reports] MantisGraph summary links don't hghlight current graph page (cproensa)
  • 0025165: [reports] Summary doesn't honour issue access (dregad)
  • 0025217: [ui] Enable selection of a range in checkboxes lists. (cproensa)
  • 0025368: [administration] Manage project, copy from/to forms are easy to click accidentally and don't ask for confirmation (cproensa)
  • 0025378: [ui] Provide sortable functionality to simple tables (cproensa)
  • 0025400: [api rest] Allow adding/updating/deleting subprojects via REST API (community)
  • 0025434: [email] check all/ uncheck all checkbox for email notifcation (cproensa)
  • 0025436: [email] Bump phpmailer/phpmailer from 6.0.6 to 6.0.7 (dregad)
  • 0025446: [ui] 'show_queries_count' is a global setting, but 'show_memory_usage', 'show_timer' are not (atrol)
  • 0025454: [ui] Page adm_config_report does not cache users and generate many database queries (cproensa)
  • 0025455: [ui] Page adm_config_report, users in filter list are not correctly ordered (cproensa)
  • 0025456: [sql] Page adm_config_report has queries missing db_param_push() (cproensa)
  • 0025463: [attachments] Dropzone max-filesize option is not correct (cproensa)
  • 0025464: [attachments] Enforce max-filesize in dropzone to alert and drop big files before form submission (cproensa)
  • 0025465: [attachments] Dropzone preview does not work (cproensa)
  • 0025488: [reports] Update Chart.js to 2.7.3 (atrol)
  • 0025515: [api rest] Simple and Advanced filters are not consistent for handling sub-project issues (cproensa)
  • 0025522: [plug-ins] MantisGraph: limit number of slices in By Category pie chart (dregad)
  • 0025523: [plug-ins] MantisGraph: improve handling of colors in Pie charts (dregad)
  • 0025524: [plug-ins] MantisGraph: improve display of By Category Bar chart (dregad)
  • 0025532: [relationships] Error when adding a relationship if bug id contains whitespace as prefix or suffix (dregad)
  • 0025533: [relationships] When adding multiple relationships, ignore source issue and empty issue ids (dregad)
  • 0025572: [attachments] Redesign Dropzone file previews (cproensa)
  • 0025390: [tools] Travis CI builds fail for PHP 7.3 (dregad)

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.21.0

2.18.0 (version de sécurité)
6 Novembre 2018 - 50MB2.18.0

  • [code cleanup] Code Cleanup
  • [plug-ins] Plugin Columns - Export CSV or Excel - PHP 7.2.7 - crash error 500 - Reason missing 2 argument in call
  • [bugtracker] Changes to project_view_state and view_state to create only private projects
  • [html] Missing fallback for "Open Sans" font
  • [tagging] Error Creating Issue with new TAG
  • [performance] Performance enhancements of string processing


  • [security] CVE-2018-17783: XSS in manage_filter_edit_page.php
  • [security] CVE-2018-17782: XSS in manage_filter_page.php


  • [security] CVE-2018-16514: Reflected XSS in view_filters_page.php via core/filter_form_api.php


  • [relationships] relationship visibility in different project permission
  • [tagging] Tag cannot be selected if a tag containing the text of that tag has already been selected
  • [bugtracker] Late error message when trying to resolve issues
  • [authorization] Wrong box visibility on My View page
  • [administration] Please change a search option to manage users
  • [api soap] mc_filter_search_issues can't filter by date
  • [html] Inline image attachments should have their own container to prevent scrolling
  • [administration] Search for a part of
  • [api rest] Add function for creating a new project via REST
  • [api rest] Add function for updating a project via REST
  • [api rest] Add function to delete a project via REST API
  • [ui] bug_actiongroup and custom bug_actiongroup don't provide the same user experience when displaying error message
  • [ui] Footer displays behind sidebar on bug_actiongroup.php
  • [authorization] Custom fields can be changed without having update_bug_threshold access rights
  • [api soap] Add filter for the “last updated“ date in the soap api
  • [administration] Impersonate User is offered for disabled users


  • [security] CVE-2018-14895: XSS in bug_actiongroup.php


  • [ui] Local copy of Open Sans font does not include Latin-ext characters
  • [ui] Fonts are not rendered correctly in Windows clients
  • [upgrade] Improve handling of unserialize errors when upgrading
  • [ui] Font = Times News Roman after Upgrade from v2.7.0
  • [installation] MantisBT on Windows - Check for php_fileinfo.dll enabled on php.ini
  • [performance] Unneeded information in Change Log and Roadmap
  • [code cleanup] Code Cleanup
  • [performance] Performance enhancement of config_get_global function
  • [timeline] Missing display of events in Timeline if All Projects is selected
  • [documentation] Documentation: PHP documentation link: "installation.php" -> "install.php"
  • [documentation] Documentation: Admin Guide: Installation: Broken Link "Microsoft IIS", is now https://docs.microsoft.com/en-us/iis
  • [upgrade] Error in upgrade process 1.2.17 --> 1.3.0


  • [security] CVE-2018-13055: Reflected XSS in view filters page
  • [security] CVE-2018-14504: XSS in edit filters page


  • [filters] Cannot save private filter if not allowed to save shared filter
  • [wiki] URL encoding precludes reasonable wiki root_namespace values
  • [bugtracker] Incorrect issue status setting when changing status
  • [api rest] Support create project versions via REST API
  • [tagging] Exception Missing Class
  • [security] Update-Blocker:User-ID instead of Realname 0024139 as due to security policy requirements which prohibit IDs in mails and masks
  • [filters] show_user_realname_threshold is not considered when sorting by reporter or handler
  • [ui] Selecting users is not easy if show_realname is set to ON
  • [other] System warning if $g_log_destination = 'page' when using PHP 7.2
  • [api soap] Error while querying for issue header with PHP 7.2
  • [performance] Unneeded <meta> tag in <head> section
  • [ui] $g_show_realname for making usernames private

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.18.0

23 Mai 2018 - 50MB2.14.0
  • Update ADOdb to 5.20.12
  • IssueAddCommand Prevents API Folder Removal
  • E_DEPRECATED error on php7.2: each() function
  • Update Slim Framework from 3.8.1 to 3.9.2
  • Update GuzzleHttp from 6.3.0 to 6.3.2
  • Wrong documentation of datetime_picker_format in Admin Guide
  • Code Cleanup
  • Wrong documentation of my_view_boxes in Admin Guide
  • Support getting a single project via REST API
  • Plugin priority changed without being changed by user interaction

  • CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality
  • Markdown quoting rendered with broken HTML
  • Inconsistent realname display
  • Get all filter or specific filter returns incorrect information
  • REST API returns too much info for default category handler
  • Don't show category default handler for users that can't manage the project
  • API method mc_filter_get does not work
  • mb_internal_encoding no longer being set because of removal utf8 library
  • SYSTEM WARNING 'count(): Parameter must be an array or an object that implements Countable' in 'IssueNoteAddCommand.php

  • Broken rendering of @ mentions, # issue and ~ note links

  • In View Issues list, several columns are sorted by Id instead of display value
  • System Error on changing filters
  • Implement IssueAddCommand and use it from SOAP, REST and Web UI
  • Delay due to Mantis trying sending emails to non existent address
  • Filtering "note by" with "none" does not return any result
  • Not able to filter issues that have no relationship assigned
  • Filter settings saved when using Anonymous account
  • Filters not remembered when clicking through from "My View"
  • Support adding attachments when reporting issues
  • Remove usage of outdated phputf8 library
  • Implement IssueDeleteCommand and use it from SOAP, REST, and Web UI
  • Add Issue REST API doesn't trigger EVENT_REPORT_BUG_DATA plugin event
  • Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG_DATA plugin event
  • Add Issue REST API doesn't trigger issue_create_validate custom function
  • Add Issue SOAP API doesn't trigger issue_create_validate custom function
  • Add Issue REST API doesn't trigger issue_create_notify custom function
  • Add Issue SOAP API doesn't trigger issue_create_notify custom function
  • Add Issue REST API doesn't trigger EVENT_REPORT_BUG plugin event
  • Add Issue SOAP API doesn't trigger EVENT_REPORT_BUG plugin event
  • Add Issue REST API doesn't add the issue to recent list
  • Add Issue SOAP API doesn't add the issue to recent list
  • On ‘View Issues’ Page the filter does not allow user to select ‘blank’
  • Filter out duplicated issues
  • Filter filed "relationships" resets its value when "duplicate of" is selected
  • Can't login if admin directory has restricted access
  • Filtering with "note by" shows results from private notes for unprivileged users
  • Search filter returns matches in private notes for unprivileged users
  • Filter "monitored by" does not have option for "none"
  • Filter "assigned to" does not account for configuration "view_handler_threshold"
  • Filter "monitored by" does not account for configuration "show_monitor_list_threshold"
  • Filter tags inconsitent with OR filter operator
  • Filter field for relationship bug id is set to -1 by default
  • Entering Emojis in comments with a user mention crashes with an error
  • filter on relationships mistuned by switching sort order
  • Custom Fields of type "Textarea" cannot contain more than 255 chars due to bug_history table
  • POST request to login_password_page.php return 405 when admin folder is deleted or access restricted
  • Unable to start system check or installation with wrong PHP version
  • Application error 401: "ORDER BY clause is not in SELECT list" when sorting by category or project
  • Wrong documentation of string customization
  • Show File Attachment events in Timeline
  • Support providing a default value for issue description
  • $g_default_bug_steps_to_reproduce not documented
  • $g_default_bug_additional_info not documented

  • Broken rendering of @ mentions, # issue and ~ note links

  • CVE-2018-1000162: XSS vulnerability in Parsedown library
  • Update Parsedown library to 1.7.1
  • History entries display realname instead of username
  • Account page required change password on any field modification
  • Username
  • Wrong color of username in timeline

  • It is hard to @ mention users when show realnames is enabled
  • Non-existent duplicate_realname column is updated by various functions in user_api.php
  • users with dashes in their name will not work when @mentioned
  • EVENT_AUTH_USER_FLAGS should always be passed username rather than name
  • Identify Timeline tags operations with a specific icon
  • Option session_handler not implemented
  • Minor performance and code enhancements of config functions
  • Update supported languages
  • $g_ldap_realname_field generates WARNING: field 'givenName' does not exist.

  • REST API doesn't work from UI for some users
  • Warning message on login page

  • trigger_error() with errors must terminate scripts rather than being config based
  • Remove unused function print_bracket_link and code cleanup
  • Allow users to select font family that fits them best
  • Running admin/check fails
  • Unable to update user access level, due to check on 'Realname' returning KO
  • Support adding attachments that were not uploaded via the browser
  • Relationship type was localized in GET issue API
  • Failing REST API requests should include Mantis error code and localized message
  • Support adding users to monitor an issue via REST API
  • Support attachments when adding notes via REST API
  • Support time tracking when adding notes via REST API
  • Return status code 429 when hitting spam check limits
  • REST and SOAP API send two email notifications for mentioned users
  • Adding notes via SOAP and REST API with time tracking uses incorrect access check
  • Implement IssueNoteDeleteCommand for deleting notes
  • Protected admin users can't be unprotected
  • Update PHPMailer to 5.2.26
  • "Developer By Resolution" is the only box in the Summary page not ordered
  • Summary - Time Stats For Resolved Issues
  • Support downloading issue attachments
  • Summary page enhancement with bugs ratio support
  • Implement IssueNoteAddCommand to share code for adding notes
  • Filter links for resolved/closed custom statuses in Summary By Status report are incorrect
  • Support adding attachments to existing issues via REST API
  • Implement UserCreateCommand to create users
  • Create user via REST API
  • Implement UserDeleteCommand for deleting users
  • Delete user via REST API
  • Summary: always show the "By Project" box
  • Implement TagAttachCommand for attaching tags
  • Implement TagDetachCommand to detach tags
  • Add REST API to attach a tag
  • Add REST API to detach a tag
  • Summary: Reporter and Developer by Resolution miss a Total column
  • Implement IssueRelationshipAddCommand to add relationships
  • Support adding relationships via REST API
  • Implement IssueRelationshipDeleteCommand
  • Support deleting issue relationships via REST API
  • Some relationships are not formatted correctly in GET issue rest API
  • Remove obsolete code that checks if PHP file info API is defined
  • Footer displayed under sidebar on error page when $g_show_detailed_errors = ON
  • Make Fileinfo a mandatory PHP extension
  • The stack trace on detailed error page should not include the error handler itself
  • Remove deprecated "errcontext" parameter from standard error handler
  • Improve detailed error page layout

  • unable to create a bug with customfields via SOAP
  • Wrong constructor name in class FilterConverter
  • Resolving as duplicate does not add reporter and handler to monitoring list of duplicate issue
  • CVE-2018-6403: XSS in adm_config_report.php 'value' parameter

  • Support retrieving user defined filters
  • Remove usage of deprecated function __autoload
  • Billing summary does not include sub-projects
  • Support standard filters defined by the system when retrieving issues
  • Limit change of impersonation threshold to global config
  • Support deleting filters
  • Don't print time tracking buttons and export links
  • Support configurable default billing rate
  • Removed useless collapse icon with duplicated title in billing report
  • Broken url for MantisBT logo in admin section
  • UI of Update Produkt Build page broken

  • The reporter can not solve or close the issue
  • When disable "Update an issue", then "Assign to" become access deined.
  • Reporter can´t change status of a bug
  • PHP error in change status page when user doesn't have access to private notes

  • Usage of deprecated each() function
  • Unneeded code for non supported old PHP versions
  • Don't validate handler when updating issues without updating handler
  • UI for protected plugins broken
  • REST APIs don't enforce required custom fields when reporting issues
  • Document need for consistency between "normal" and "datepicker" date formats
  • Default value for a date don't work
  • Using custom fields
  • database is not supported by PHP. Check that it has been compiled into your server.
  • Unneeded code for unsupported database types
  • Unneeded code for option meta_include_file
  • Category lookup is case sensitive
  • Internal Server Error 500 when category doesn't exist
  • Reporting an issue with default date {now} that is not visible doesn't work
  • Support exporting issue history
  • PHP error on getting issues when user doesn't have access
  • Function require_lib contains code to search in vendor folder
  • Unneeded code executed when retrieving global settings
  • Some check boxes on Manage Configuration > Workflow Threshold page are not centered
  • No preview of ANSI encoded text files that contain German Umlauts
  • Leverage ETag headers when getting issues
  • Leverage If-Match when deleting issues
  • Leverage If-Match when updating issues
  • mc_issue_update returns bug is read only on status update
  • Issues created via REST API with date custom fields fail
  • Token API does not work with config show show_realname

  • Access denied when updating bugs

Lire la suite: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.14.0

2.8.0 (version majeure)
1 Novembre 2017 - 50MBWARNING
From version 2.8.0, Mantis requires the PHP 'mysqli' extension. It no longer supports 'mysql' or 'pdo_mysql'.
This upgrade will automatically change your application's database driver to 'mysqli'.

  • [api rest] REST API Issue update support (vboctor)
  • [performance] Unneeded files delivered if Mantis Graphs plugin is enabled (atrol)
  • [performance] Unneeded code delivered to support unsupported IE9 (atrol)
  • [ui] Useless UI element on manage_proj_page (atrol)
  • [custom fields] Empty numeric fields should be display as empty rather than 0 (community)
  • [custom fields] Empty float fields should be displayed as empty rather than 0 (community)
  • [api soap] Updating issues via APIs should trigger email notifications (vboctor)
  • [bugtracker] Auto-refresh shouldn't update last visited (atrol)
  • [code cleanup] Usage of deprecated constant (atrol)
  • [html] Wrong class name for tags output (atrol)
  • [administration] Remove unused config option inline_file_exts (community)
  • [plug-ins] Add plugin event EVENT_BUG_ACTIONGROUP_FORM (cproensa)
  • [custom fields] Numeric field accepts floats and displays them as numeric (vboctor)
  • [bugtracker] resolving parent issues inconsistency (community)
  • [bugtracker] Notes are not in the correct order after cloning an issue (cproensa)
  • [code cleanup] Remove php_version_at_least() function from PHP API (dregad)
  • [email] DomainKeys Identified Mail (DKIM) Signatures (community)
  • [bugtracker] Handler user is visible even if view_handler_threshold is configured to not allow (cproensa)
  • [api rest] Enable REST API by default (vboctor)
  • [bugtracker] "show_assigned_names" configuration is not applied correctly in view_all_bug_page (cproensa)
  • [filters] Filter "advanced" mode is reset after sorting through column headers (cproensa)
  • [api rest] Facilitate troubleshooting REST API by displaying detailed errors (dregad)
  • [email] Update PHPMailer to v5.2.25 (vboctor)
  • [code cleanup] Force composer to honor PHP compatibility advertised for MantisBT (vboctor)
  • [ui] Bugnote text area not styled correctly when private by default (vboctor)
  • [bugtracker] Notes added via change status / edit always market private when private by default (vboctor)

Lire la suite: http://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.8.0

2.1.0 (version majeure)
13 Février 2017 - 22MBThis release has about 60 features and fixes including those merged from 2.0.1 and 1.3.6.

  • Markdown Support – MantisBT now provides markdown support similar to other tools that developers use like GitHub, Bitbucket, and others. We are starting off with rolling this out as an experimental feature that is disabled by default. Users are encouraged to try it out and provide us with feedback. To enable Markdown go to Manage – Manage Plugins – MantisBT Formatting 2.1.0, click ON next to "Markdown Processing" and click "Update Configuration". See examples for supported markdown.
  • Lots of Filtering Improvements – There has been major refactoring for the filtering code, lots of bug fixes, and addition of ability to edit saved filters, filter by last update timestamp, and others.

Lire la suite: http://mantisbt.org/blog/?p=498

27 Janvier 2015 - 22MBThis is a security update for the stable 1.2.x branch that resolves 5 security-related bugs and vulnerabilities and 2 regression issues introduced in 1.2.18. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.

  • #17938/CVE-2014-9571: XSS in install.php
  • #17939/CVE-2014-9572: Improper Access Control in install.php
  • #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
  • #17984/CVE-2014-9624: CAPTCHA bypass
  • #17997/CVE-2015-1042: URL redirection issue

  • #17993 prevents new users from signing up on systems using CAPTCHA.
  • #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields.

Full Changelog
  • 0017940: [security] CVE-2014-9573: SQL Injection in manage_user_page.php (dregad)
  • 0017984: [security] CVE-2014-9624: CAPTCHA bypass is way easier than it should be (dregad)
  • 0017997: [security] CVE-2015-1042: URL redirection issue (dregad)
  • 0017938: [security] CVE-2014-9571: XSS in install.php (dregad)
  • 0017939: [security] CVE-2014-9572: Improper Access Control in install.php (dregad)
  • 0017967: [bugtracker] Reporting an issue gives: 'Invalid argument supplied for foreach()' in '/opt/mantisbt-1.2.18/core/gpc_api.php' line 259 (dregad)
  • 0017925: [email] Order of notes in email notifications seem to be based on user who triggered the action (dregad)
  • 0017977: [bugtracker] Fix handling of due dates (dregad)
  • 0018025: [administration] Installer UI tweaks (dregad)
  • 0011742: [bugtracker] Sort bug notes by date, not by ID (dregad)
  • 0017993: [authentication] User creation with captcha broken by fix for issue 0017811 (dregad)

Lire la suite: https://www.mantisbt.org/blog/?p=408

1.2.18 (version de sécurité)
7 Décembre 2014 - 22MBThis is a security update for the stable 1.2.x branch that resolves 23 security-related bugs and vulnerabilities, including 7 Cross-Site Scripting (XSS) issues, 2 Code injection issues, 2 SQL injection (XSS) issues, 5 Information disclosure issues, and 7 Other security issues. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0009885: [security] Emails on relations is send to people who cannot see the related issue (vboctor).
  • 0017878: [security] Prevent unauthorized users setting handler when reporting issue (dregad).
  • 0017362: [security] Multiple vulnerabilities in MantisBT (dregad).
  • 0017877: [security] CVE-2014-9279: Db Credentials leak via unattended upgrade script (dregad).
  • 0017876: [security] CVE-2014-9281: Reflected XSS in admin panel / copy_field.php (dregad).
  • 0017874: [security] CVE-2014-9271: Persistent XSS in file uploads/attachments (dregad).
  • 0017875: [security] CVE-2014-9280: PHP Object Injection in filter API (dregad).
  • 0017297: [security] CVE-2014-9272: XSS in string_insert_hrefs allows script execution (dregad).
  • 0017648: [security] CVE-2014-6316: URL redirection issue (dregad).
  • 0017073: [other] Incorrect $specific_where (dregad).
  • 0017289: [documentation] Code allows display of Resolution and Status in bug report page, but doc says it's not allowed (dregad).
  • 0017292: [code cleanup] Use of deprecated PREG_REPLACE_EVAL ('e') pattern modifier (dregad).
  • 0017322: [attachments] Warning in bug report when attachments are disabled (dregad).
  • 0017324: [attachments] Debug output displayed when adding files (dregad).
  • 0017405: [bugtracker] proj_doc_update.php on document update crashes if new file is not uploaded (dregad).
  • 0017407: [bugtracker] Missing error param when updating project doc (dregad).
  • 0017457: [filters] Column summary of the free text search is not prefixed by table (filter_api) (dregad).
  • 0009460: [bugtracker] Default profile doesn't work (dregad).
  • 0010966: [security] No Errors shown at all if error_reporting=0 configured at server (dregad).
  • 0015420: [bugtracker] Invalid category check is not made (vboctor).
  • 0016957: [news] News section shouldn't show in permissions report when feature is disabled (vboctor).
  • 0016993: [api soap] Handler can be set without having appropriate access rights (vboctor).
  • 0017011: [db mssql] Graph « Cumulative by date » is not displayed in Summary > Advanced Summary (dregad).
  • 0017075: [migration] Import plugins should be able to set last_updated field to a date in the past (vboctor).
  • 0017076: [bugtracker] Issue history show date submitted and last updated as integers rather than dates (vboctor).
  • 0017847: [bugtracker] New BugData object due_date should be blank (dregad).
  • 0017848: [plug-ins] XML import plugin only replaces links in 'description' (dregad).
  • 0017640: [security] CVE-2014-6387: Null byte poisoning in LDAP authentication (dregad).
  • 0017725: [security] CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin (dregad).
  • 0017744: [security] Attachments displayed in history despite user not authorised to view them (dregad).
  • 0017763: [api soap] mc_issue_update() email notification doesn't include added notes (vboctor).
  • 0017780: [security] CVE-2014-8598: XML plugin should restrict ability to import data (dregad).
  • 0017812: [api soap] CVE-2014-8554: SQL injection in SOAP API (dregad).
  • 0017890: [security] CVE-2014-9269: XSS in extended project browser (dregad).
  • 0017870: [security] CVE-2014-8987: XSS in adm_config_report.php (dregad).
  • 0017889: [security] CVE-2014-8986: adm_config_report.php filtering does not check config option is valid (dregad).
  • 0017583: [security] CVE-2014-9270: Stored XSS in Mantis (dregad).
  • 0017841: [security] CVE-2014-9089: SQL injection in view_all_set.php (vboctor).
  • 0017811: [security] CVE-2014-9117: CAPTCHA bypass (vboctor).
  • 0017827: [email] Disposable library triggers PHP STRICT warnings (dregad).
  • 0017924: [news] Not possible to set 'announcement' flag when editing News (dregad).

Lire la suite: http://www.mantisbt.org/bugs/changelog_page.php?version_id=191

4 Mars 2014 - 22MBThis is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0016940: [news] undefined function db_params() in core/news_api.php (dregad)
  • 0016989: [other] The bug_get_bugnote_count() function in the bug API always returns 0 (atrol)
  • 0017007: [webpage] duplicate 'a' tag (atrol)
  • 0017055: [security] CVE-2014-2238: SQL injection vulnerability in adm_config_report.php (dregad)

Lire la suite: http://www.mantisbt.org/bugs/changelog_page.php?version_id=189

1.2.16 (version de sécurité)
8 Février 2014 - 22MBThis is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0016879: [security] CVE-2014-1608: soap:Envelope SQL injection attack (dregad).
  • 0016880: [security] CVE-2014-1609: SQL injection vulnerabilities (dregad).
  • 0016513: [security] CVE-2013-4460: XSS in account_sponsor_page.php project names (atrol).
  • 0015770: [security] When $g_limit_reporters = ON; it is still possible to change reporter (dregad).
  • 0014301: [documentation] Add SOAP API documentation in the administration guide (rombert).
  • 0015572: [attachments] diskfile_is_name_unique() can return non-unique filename (dregad).
  • 0015762: [email] email_regex_simple() case sensitive, leading to incorrect e-mail links (dregad).
  • 0015775: [other] Wrong reporter when copying an issue (atrol).
  • 0015777: [other] Wrong value in field "Date Submitted" when copying issues (atrol).
  • 0015791: [other] System notice when json_url() retrieves non-existent member (dregad).
  • 0015807: [api soap] Support standard filters like ones in My View page in SOAP API (vboctor).
  • 0015812: [documentation] Wrong example code for custom validation functions (atrol).
  • 0009936: [api soap] add history information (rombert).
  • 0015496: [attachments] Script to move attachments from db to disk not working (dregad).
  • 0015774: [attachments] Incorrect number of attached files (dregad).
  • 0015893: [email] It should not be possible to reset a user's password if e-mail is blank (dregad).
  • 0015920: [administration] Missing config file causes cli scripts to fail silently (dregad).
  • 0015921: [code cleanup] Temp variables defined in global scope should be unset() after use (dregad).
  • 0015958: [email] Upgrade PHPMailer to 5.2.6 (dregad).
  • 0014543: [email] Emails are not sent to addresses with single subdomain (dregad).
  • 0015953: [email] 'Could not instantiate mail function' error with safe mode=ON (dregad).
  • 0015959: [api soap] SOAP: raw XML when browsing the WSDL (dregad).
  • 0016028: [api soap] Adding note via webservice generates wrong email content for assigned user (rombert).
  • 0016120: [email] Cannot modify Receive Reminder threshold on Manage Threshold Page (atrol).
  • 0009876: [performance] Performance problem with a lot of projects (dregad).
  • 0016174: [tools] Travis CI: set up PHP 5.5 build alongside 5.4 (rombert).
  • 0012955: [attachments] After updating a project documentation the file is damaged (dregad).
  • 0014541: [code cleanup] Remove calls to deprecated functions db_prepare* in "Docs" update page (dregad).
  • 0016126: [tools] Setup integration testing on Travis CI (rombert).
  • 0016158: [api soap] mc_filter_get_issues does not populate monitors fiels for retrieved issues (rombert).
  • 0016187: [administration] Application error on fresh install (dregad).
  • 0016202: [tools] Travis CI: set up PHP 5.3 build (atrol).
  • 0016204: [tools] User Test fails when bugnote_order is not set to default (dregad).
  • 0016205: [tools] Issue History tests fail when history order is descending (dregad).
  • 0016203: [tools] Issue History tests randomly fail (dregad).
  • 0010071: [administration] Manage Workflow Threshold page: 'Who can alter this value' is not saved (dregad).
  • 0012470: [custom fields] Custom fields names aren't translated in several places (dregad).
  • 0012480: [bugtracker] Editing a bug with no assigned user and no access to edit assigned to field shows 'user0' (dregad).
  • 0015790: [other] url_get() cURL should set User Agent (dregad).
  • 0015817: [api soap] SOAP API unit test failures (dregad).
  • 0016175: [tools] Customize Travis notifications (dregad).
  • 0016252: [api soap] API SOAP provides no answer after MantisBT upgrade (rombert).
  • 0016259: [bugtracker] When sorting issues by due_date, unset values should be listed at the end (dregad).
  • 0016337: [administration] Creating the first project on a fresh install causes error 2800 (dregad).
  • 0016340: [db db2] Error 401 for Manage Tags (dregad).
  • 0016341: [db postgresql] Impossible to retrieve attachments from DB with PostgreSQL >= 9.0 (dregad).
  • 0016342: [bugtracker] The g_html_valid_tags_single_line configuration variable seems to be ignored in favor of g_html_valid_tags (dregad).
  • 0016348: [code cleanup] Duplicated code in MantisCoreFormatting (dregad).
  • 0016408: [customization] config_eval() fails on configs that reference array values (vboctor).
  • 0016416: [installation] Improve first login experience by auto-redirecting to create project page (vboctor).
  • 0016431: [installation] Numerous "Invalid argument supplied for foreach()" errors when installing with DB script printed to screen (grangeway).
  • 0016484: [tagging] SOAP: Impossible to attach tags to issues (dregad).
  • 0016485: [api soap] SOAP API test failure for due date (dregad).
  • 0014563: [db oracle] Use of literal SQL statement causes ORA-01704 error when uploading attachments (dregad).
  • 0010873: [roadmap] Change Log/Roadmap do not work with inherited versions. (dregad).
  • 0014458: [other] Track third party libs as github repos (dregad).
  • 0015196: [api soap] Create history entries when creating issues with non-default status and resolution (rombert).
  • 0016376: [customization] Not able to change status without having update issue rights (dregad).
  • 0016420: [preferences] Editing user preferences when no project exists triggers application error 20 (dregad).
  • 0016607: [documentation] Wrong option html_tags in Admin Guide (atrol).
  • 0016767: [upgrade] upgrade_unattended script is no longer working (vboctor).
  • 0016768: [mantistouch] Default mantistouch_url correctly when MantisTouch is installed in 'm' subfolder (vboctor).
  • 0016769: [mantistouch] MantisTouch redirect can break soap api based on user agent sent (vboctor).
  • 0016770: [mantistouch] Redirect from MantisBT issue to MantisTouch should go to the same issue page on MantisTouch (vboctor).
  • 0011785: [code cleanup] Comment for access_compare_level in access_api.php is bogus (atrol).
  • 0015648: [email] add event signalling to email_build_subject() function (dregad).
  • 0015647: [email] email subject is build manually in function email_bug_info_to_one_user() (atrol).
  • 0016706: [plug-ins] Plugin pages can be accessed directly when schema upgrade is needed (dregad).
  • 0016812: [bugtracker] Moving issue to child->child changes category to default (dregad).
  • 0016848: [bugtracker] Remove main page from main menu when news feature is OFF (vboctor).
  • 0006343: [bugtracker] Change status using actiongroup does not send email notifiation (dregad).
  • 0013659: [email] e-mail notification about priority change is not sent when using bug_actiongroup_page.php (dregad).

Lire la suite: http://www.mantisbt.org/bugs/changelog_page.php?version_id=183

1.2.15 (version de sécurité)
15 Avril 2013 - 22MBMantisBT 1.2.15 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Please refer to the release notes for details.
  • 0002971: [bugtracker] Reminders are not added to bug history (dregad) - closed.
  • 0015470: [bugtracker] Reminders recipient list is truncated (dregad) - closed.
  • 0010047: [documentation] Adding new statuses section is missing a step (dregad) - closed.
  • 0010118: [documentation] lang_get_current() returns wrong language if $g_default_language overwritten (dregad) - closed.
  • 0010372: [feature] Don't allow reminders to be sent if the user doesn't have an email address specificed (dregad) - closed.
  • 0013054: [installation] Installer displays a blank page if core.php encounters a critical error (dregad) - closed.
  • 0015357: [bugtracker] uninitialized library path (dregad) - closed.
  • 0015471: [bugtracker] bug_reminder.php does not handle unsent reminders (dregad) - closed.
  • 0015472: [bugtracker] email_bug_reminder() API's return array is always full list of recipients (dregad) - closed.
  • 0015481: [custom fields] Custom fields values are not sorted in the main filter (dregad) - closed.
  • 0015528: [printing] Custom fields user has no access to should not be displayed on print pages (dregad) - closed.
  • 0015538: [bugtracker] Issues list is not displayed when $g_limit_reporters is ON (dregad) - closed.
  • 0015540: [documentation] Wrong example code for custom status translation (atrol) - closed.
  • 0015558: [bugtracker] url_get() does not fall back to other methods when no data is retrieved (dregad) - closed.
  • 0015573: [security] CVE-2013-1883: One query can be issued via current Mantis interface to take down site (dregad) - closed.
  • 0015575: [documentation] Turning on $g_show_queries_list causes Mantis to crash with an error (dregad) - closed.
  • 0015659: [localization] Appears @70@ and @80@ in the list of resolutions in the "view Issues" page when mantis is in catalan. (dregad) - closed.
  • 0015691: [administration] Config report: retrieval of saved project filter from cookie does not work (dregad) - closed.
  • 0015453: [security] CVE-2013-1930: Close button is shown on webpage despite 'close' is not a valid status by workflow (dregad) - closed.
  • 0015511: [security] CVE-2013-1931: XSS vulnerability when deleting a version (atrol) - closed.
  • 0015698: [bugtracker] 'extract() expects parameter 1 to be array, boolean given' in '/srv/www/bugs/account_prof_edit_page.php' line 48 (dregad) - closed.
  • 0015704: [documentation] Wrong description of writing custom_functions (atrol) - closed.
  • 0015744: [bugtracker] Reminder bugnote with list of recipients not added if no text provided (dregad) - closed.
  • 0015451: [api soap] Incorrect invocations of SoapObjectsFactory::newSoapFault (rombert) - closed.
  • 0015517: [api soap] mc_project_get_versions() result can't be parsed by C# (dregad) - closed.
  • 0015522: [api soap] mc_project_get_issues does not report due_date (dregad) - closed.

Lire la suite: http://www.mantisbt.org/bugs/changelog_page.php?version_id=182

1.2.14 (supplément 1)
4 Avril 2013 - 22MBApplications:
  • Install: Improvements to the install routine to improve compatibility with more PHP configurations.

1.2.14 (version de sécurité)
30 Janvier 2013 - 22MBMantisBT 1.2.14 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Please refer to the release notes for details.
  • 0015415: [security] XSS vulnerability on Configuration Report page (dregad) - closed.
  • 0015416: [security] XSS issue in adm_config_report.php when displaying complex value (dregad) - closed.
  • 0015411: [performance] Huge memory consumption for print_user_option_list() (dregad) - closed.

Lire la suite: http://www.mantisbt.org/bugs/changelog_page.php?version_id=181

11 Novembre 2012 - 22MB
9 Juin 2012 - 22MB
2 Avril 2012 - 22MB
4 Mars 2012 - 21MB
6 Septembre 2011 - 21MB
23 Août 2011 - 16MB
27 Juillet 2011 - 16MB
6 Avril 2011 - 16MB
15 Décembre 2010 - 16MB
14 Octobre 2010 - 16MB

Nos hébergements Web compatibles avec


Uniquement l'hébergement Web

Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD

En savoir plus

à partir de CHF 9.92 / mois


L'offre complète Web+Mail

Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD

Messagerie professionnelle
5 adresses email avec stockage illimité

Messagerie en ligne
Messagerie instantanée
Synchronisation des contacts et agendas

En savoir plus

à partir de CHF 12.00 / mois

Serveur Cloud


Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD

2 CPU et +
6 Go de RAM et +
100% SSD
Ressources 100% dédiées

Infomaniak gère votre serveur

En savoir plus

à partir de CHF 39.00 / mois

Prix en CHF