Mantis

Mantis

Mantis è un software di bug tracking open source.

Installazione in 1 clic Mantis

Installazione in 1 clic

Aggiornamento facile Mantis

Aggiornamento facile

Salvataggio e ripristino Mantis

Salvataggio e ripristino

Informazione

Applicazione
progetti
Categoria
e-Commerce e-Business
Versione corrente
1.2.19
Ultimo aggiornamento
27 January 2015
Lingue
Italiano + 48 altre

Configurazione richiesta

Dimensione dell'installazione
22 Mo
Database
mysql
Licenza
open source
Veduta d'insieme
Novità

1.2.19


27 Gennaio 2015 - 22MBThis is a security update for the stable 1.2.x branch that resolves 5 security-related bugs and vulnerabilities and 2 regression issues introduced in 1.2.18. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.

Security
  • #17938/CVE-2014-9571: XSS in install.php
  • #17939/CVE-2014-9572: Improper Access Control in install.php
  • #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
  • #17984/CVE-2014-9624: CAPTCHA bypass
  • #17997/CVE-2015-1042: URL redirection issue

Regression
  • #17993 prevents new users from signing up on systems using CAPTCHA.
  • #17967 which causes a PHP error when reporting issues on systems with checkbox custom fields.

Full Changelog
  • 0017940: [security] CVE-2014-9573: SQL Injection in manage_user_page.php (dregad)
  • 0017984: [security] CVE-2014-9624: CAPTCHA bypass is way easier than it should be (dregad)
  • 0017997: [security] CVE-2015-1042: URL redirection issue (dregad)
  • 0017938: [security] CVE-2014-9571: XSS in install.php (dregad)
  • 0017939: [security] CVE-2014-9572: Improper Access Control in install.php (dregad)
  • 0017967: [bugtracker] Reporting an issue gives: 'Invalid argument supplied for foreach()' in '/opt/mantisbt-1.2.18/core/gpc_api.php' line 259 (dregad)
  • 0017925: [email] Order of notes in email notifications seem to be based on user who triggered the action (dregad)
  • 0017977: [bugtracker] Fix handling of due dates (dregad)
  • 0018025: [administration] Installer UI tweaks (dregad)
  • 0011742: [bugtracker] Sort bug notes by date, not by ID (dregad)
  • 0017993: [authentication] User creation with captcha broken by fix for issue 0017811 (dregad)

Per saperne di più: https://www.mantisbt.org/blog/?p=408

1.2.18

(release di sicurezza)
7 Dicembre 2014 - 22MBThis is a security update for the stable 1.2.x branch that resolves 23 security-related bugs and vulnerabilities, including 7 Cross-Site Scripting (XSS) issues, 2 Code injection issues, 2 SQL injection (XSS) issues, 5 Information disclosure issues, and 7 Other security issues. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0009885: [security] Emails on relations is send to people who cannot see the related issue (vboctor).
  • 0017878: [security] Prevent unauthorized users setting handler when reporting issue (dregad).
  • 0017362: [security] Multiple vulnerabilities in MantisBT (dregad).
  • 0017877: [security] CVE-2014-9279: Db Credentials leak via unattended upgrade script (dregad).
  • 0017876: [security] CVE-2014-9281: Reflected XSS in admin panel / copy_field.php (dregad).
  • 0017874: [security] CVE-2014-9271: Persistent XSS in file uploads/attachments (dregad).
  • 0017875: [security] CVE-2014-9280: PHP Object Injection in filter API (dregad).
  • 0017297: [security] CVE-2014-9272: XSS in string_insert_hrefs allows script execution (dregad).
  • 0017648: [security] CVE-2014-6316: URL redirection issue (dregad).
  • 0017073: [other] Incorrect $specific_where (dregad).
  • 0017289: [documentation] Code allows display of Resolution and Status in bug report page, but doc says it's not allowed (dregad).
  • 0017292: [code cleanup] Use of deprecated PREG_REPLACE_EVAL ('e') pattern modifier (dregad).
  • 0017322: [attachments] Warning in bug report when attachments are disabled (dregad).
  • 0017324: [attachments] Debug output displayed when adding files (dregad).
  • 0017405: [bugtracker] proj_doc_update.php on document update crashes if new file is not uploaded (dregad).
  • 0017407: [bugtracker] Missing error param when updating project doc (dregad).
  • 0017457: [filters] Column summary of the free text search is not prefixed by table (filter_api) (dregad).
  • 0009460: [bugtracker] Default profile doesn't work (dregad).
  • 0010966: [security] No Errors shown at all if error_reporting=0 configured at server (dregad).
  • 0015420: [bugtracker] Invalid category check is not made (vboctor).
  • 0016957: [news] News section shouldn't show in permissions report when feature is disabled (vboctor).
  • 0016993: [api soap] Handler can be set without having appropriate access rights (vboctor).
  • 0017011: [db mssql] Graph « Cumulative by date » is not displayed in Summary > Advanced Summary (dregad).
  • 0017075: [migration] Import plugins should be able to set last_updated field to a date in the past (vboctor).
  • 0017076: [bugtracker] Issue history show date submitted and last updated as integers rather than dates (vboctor).
  • 0017847: [bugtracker] New BugData object due_date should be blank (dregad).
  • 0017848: [plug-ins] XML import plugin only replaces links in 'description' (dregad).
  • 0017640: [security] CVE-2014-6387: Null byte poisoning in LDAP authentication (dregad).
  • 0017725: [security] CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin (dregad).
  • 0017744: [security] Attachments displayed in history despite user not authorised to view them (dregad).
  • 0017763: [api soap] mc_issue_update() email notification doesn't include added notes (vboctor).
  • 0017780: [security] CVE-2014-8598: XML plugin should restrict ability to import data (dregad).
  • 0017812: [api soap] CVE-2014-8554: SQL injection in SOAP API (dregad).
  • 0017890: [security] CVE-2014-9269: XSS in extended project browser (dregad).
  • 0017870: [security] CVE-2014-8987: XSS in adm_config_report.php (dregad).
  • 0017889: [security] CVE-2014-8986: adm_config_report.php filtering does not check config option is valid (dregad).
  • 0017583: [security] CVE-2014-9270: Stored XSS in Mantis (dregad).
  • 0017841: [security] CVE-2014-9089: SQL injection in view_all_set.php (vboctor).
  • 0017811: [security] CVE-2014-9117: CAPTCHA bypass (vboctor).
  • 0017827: [email] Disposable library triggers PHP STRICT warnings (dregad).
  • 0017924: [news] Not possible to set 'announcement' flag when editing News (dregad).

Per saperne di più: http://www.mantisbt.org/bugs/changelog_page.php?version_id=191

1.2.17


4 Marzo 2014 - 22MBThis is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0016940: [news] undefined function db_params() in core/news_api.php (dregad)
  • 0016989: [other] The bug_get_bugnote_count() function in the bug API always returns 0 (atrol)
  • 0017007: [webpage] duplicate 'a' tag (atrol)
  • 0017055: [security] CVE-2014-2238: SQL injection vulnerability in adm_config_report.php (dregad)

Per saperne di più: http://www.mantisbt.org/bugs/changelog_page.php?version_id=189

1.2.16

(release di sicurezza)
8 Febbraio 2014 - 22MBThis is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.
  • 0016879: [security] CVE-2014-1608: soap:Envelope SQL injection attack (dregad).
  • 0016880: [security] CVE-2014-1609: SQL injection vulnerabilities (dregad).
  • 0016513: [security] CVE-2013-4460: XSS in account_sponsor_page.php project names (atrol).
  • 0015770: [security] When $g_limit_reporters = ON; it is still possible to change reporter (dregad).
  • 0014301: [documentation] Add SOAP API documentation in the administration guide (rombert).
  • 0015572: [attachments] diskfile_is_name_unique() can return non-unique filename (dregad).
  • 0015762: [email] email_regex_simple() case sensitive, leading to incorrect e-mail links (dregad).
  • 0015775: [other] Wrong reporter when copying an issue (atrol).
  • 0015777: [other] Wrong value in field "Date Submitted" when copying issues (atrol).
  • 0015791: [other] System notice when json_url() retrieves non-existent member (dregad).
  • 0015807: [api soap] Support standard filters like ones in My View page in SOAP API (vboctor).
  • 0015812: [documentation] Wrong example code for custom validation functions (atrol).
  • 0009936: [api soap] add history information (rombert).
  • 0015496: [attachments] Script to move attachments from db to disk not working (dregad).
  • 0015774: [attachments] Incorrect number of attached files (dregad).
  • 0015893: [email] It should not be possible to reset a user's password if e-mail is blank (dregad).
  • 0015920: [administration] Missing config file causes cli scripts to fail silently (dregad).
  • 0015921: [code cleanup] Temp variables defined in global scope should be unset() after use (dregad).
  • 0015958: [email] Upgrade PHPMailer to 5.2.6 (dregad).
  • 0014543: [email] Emails are not sent to addresses with single subdomain (dregad).
  • 0015953: [email] 'Could not instantiate mail function' error with safe mode=ON (dregad).
  • 0015959: [api soap] SOAP: raw XML when browsing the WSDL (dregad).
  • 0016028: [api soap] Adding note via webservice generates wrong email content for assigned user (rombert).
  • 0016120: [email] Cannot modify Receive Reminder threshold on Manage Threshold Page (atrol).
  • 0009876: [performance] Performance problem with a lot of projects (dregad).
  • 0016174: [tools] Travis CI: set up PHP 5.5 build alongside 5.4 (rombert).
  • 0012955: [attachments] After updating a project documentation the file is damaged (dregad).
  • 0014541: [code cleanup] Remove calls to deprecated functions db_prepare* in "Docs" update page (dregad).
  • 0016126: [tools] Setup integration testing on Travis CI (rombert).
  • 0016158: [api soap] mc_filter_get_issues does not populate monitors fiels for retrieved issues (rombert).
  • 0016187: [administration] Application error on fresh install (dregad).
  • 0016202: [tools] Travis CI: set up PHP 5.3 build (atrol).
  • 0016204: [tools] User Test fails when bugnote_order is not set to default (dregad).
  • 0016205: [tools] Issue History tests fail when history order is descending (dregad).
  • 0016203: [tools] Issue History tests randomly fail (dregad).
  • 0010071: [administration] Manage Workflow Threshold page: 'Who can alter this value' is not saved (dregad).
  • 0012470: [custom fields] Custom fields names aren't translated in several places (dregad).
  • 0012480: [bugtracker] Editing a bug with no assigned user and no access to edit assigned to field shows 'user0' (dregad).
  • 0015790: [other] url_get() cURL should set User Agent (dregad).
  • 0015817: [api soap] SOAP API unit test failures (dregad).
  • 0016175: [tools] Customize Travis notifications (dregad).
  • 0016252: [api soap] API SOAP provides no answer after MantisBT upgrade (rombert).
  • 0016259: [bugtracker] When sorting issues by due_date, unset values should be listed at the end (dregad).
  • 0016337: [administration] Creating the first project on a fresh install causes error 2800 (dregad).
  • 0016340: [db db2] Error 401 for Manage Tags (dregad).
  • 0016341: [db postgresql] Impossible to retrieve attachments from DB with PostgreSQL >= 9.0 (dregad).
  • 0016342: [bugtracker] The g_html_valid_tags_single_line configuration variable seems to be ignored in favor of g_html_valid_tags (dregad).
  • 0016348: [code cleanup] Duplicated code in MantisCoreFormatting (dregad).
  • 0016408: [customization] config_eval() fails on configs that reference array values (vboctor).
  • 0016416: [installation] Improve first login experience by auto-redirecting to create project page (vboctor).
  • 0016431: [installation] Numerous "Invalid argument supplied for foreach()" errors when installing with DB script printed to screen (grangeway).
  • 0016484: [tagging] SOAP: Impossible to attach tags to issues (dregad).
  • 0016485: [api soap] SOAP API test failure for due date (dregad).
  • 0014563: [db oracle] Use of literal SQL statement causes ORA-01704 error when uploading attachments (dregad).
  • 0010873: [roadmap] Change Log/Roadmap do not work with inherited versions. (dregad).
  • 0014458: [other] Track third party libs as github repos (dregad).
  • 0015196: [api soap] Create history entries when creating issues with non-default status and resolution (rombert).
  • 0016376: [customization] Not able to change status without having update issue rights (dregad).
  • 0016420: [preferences] Editing user preferences when no project exists triggers application error 20 (dregad).
  • 0016607: [documentation] Wrong option html_tags in Admin Guide (atrol).
  • 0016767: [upgrade] upgrade_unattended script is no longer working (vboctor).
  • 0016768: [mantistouch] Default mantistouch_url correctly when MantisTouch is installed in 'm' subfolder (vboctor).
  • 0016769: [mantistouch] MantisTouch redirect can break soap api based on user agent sent (vboctor).
  • 0016770: [mantistouch] Redirect from MantisBT issue to MantisTouch should go to the same issue page on MantisTouch (vboctor).
  • 0011785: [code cleanup] Comment for access_compare_level in access_api.php is bogus (atrol).
  • 0015648: [email] add event signalling to email_build_subject() function (dregad).
  • 0015647: [email] email subject is build manually in function email_bug_info_to_one_user() (atrol).
  • 0016706: [plug-ins] Plugin pages can be accessed directly when schema upgrade is needed (dregad).
  • 0016812: [bugtracker] Moving issue to child->child changes category to default (dregad).
  • 0016848: [bugtracker] Remove main page from main menu when news feature is OFF (vboctor).
  • 0006343: [bugtracker] Change status using actiongroup does not send email notifiation (dregad).
  • 0013659: [email] e-mail notification about priority change is not sent when using bug_actiongroup_page.php (dregad).

Per saperne di più: http://www.mantisbt.org/bugs/changelog_page.php?version_id=183

visualizzare più versioni

1.2.15

(release di sicurezza)
15 Aprile 2013 - 22MBMantisBT 1.2.15 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Please refer to the release notes for details.
  • 0002971: [bugtracker] Reminders are not added to bug history (dregad) - closed.
  • 0015470: [bugtracker] Reminders recipient list is truncated (dregad) - closed.
  • 0010047: [documentation] Adding new statuses section is missing a step (dregad) - closed.
  • 0010118: [documentation] lang_get_current() returns wrong language if $g_default_language overwritten (dregad) - closed.
  • 0010372: [feature] Don't allow reminders to be sent if the user doesn't have an email address specificed (dregad) - closed.
  • 0013054: [installation] Installer displays a blank page if core.php encounters a critical error (dregad) - closed.
  • 0015357: [bugtracker] uninitialized library path (dregad) - closed.
  • 0015471: [bugtracker] bug_reminder.php does not handle unsent reminders (dregad) - closed.
  • 0015472: [bugtracker] email_bug_reminder() API's return array is always full list of recipients (dregad) - closed.
  • 0015481: [custom fields] Custom fields values are not sorted in the main filter (dregad) - closed.
  • 0015528: [printing] Custom fields user has no access to should not be displayed on print pages (dregad) - closed.
  • 0015538: [bugtracker] Issues list is not displayed when $g_limit_reporters is ON (dregad) - closed.
  • 0015540: [documentation] Wrong example code for custom status translation (atrol) - closed.
  • 0015558: [bugtracker] url_get() does not fall back to other methods when no data is retrieved (dregad) - closed.
  • 0015573: [security] CVE-2013-1883: One query can be issued via current Mantis interface to take down site (dregad) - closed.
  • 0015575: [documentation] Turning on $g_show_queries_list causes Mantis to crash with an error (dregad) - closed.
  • 0015659: [localization] Appears @70@ and @80@ in the list of resolutions in the "view Issues" page when mantis is in catalan. (dregad) - closed.
  • 0015691: [administration] Config report: retrieval of saved project filter from cookie does not work (dregad) - closed.
  • 0015453: [security] CVE-2013-1930: Close button is shown on webpage despite 'close' is not a valid status by workflow (dregad) - closed.
  • 0015511: [security] CVE-2013-1931: XSS vulnerability when deleting a version (atrol) - closed.
  • 0015698: [bugtracker] 'extract() expects parameter 1 to be array, boolean given' in '/srv/www/bugs/account_prof_edit_page.php' line 48 (dregad) - closed.
  • 0015704: [documentation] Wrong description of writing custom_functions (atrol) - closed.
  • 0015744: [bugtracker] Reminder bugnote with list of recipients not added if no text provided (dregad) - closed.
  • 0015451: [api soap] Incorrect invocations of SoapObjectsFactory::newSoapFault (rombert) - closed.
  • 0015517: [api soap] mc_project_get_versions() result can't be parsed by C# (dregad) - closed.
  • 0015522: [api soap] mc_project_get_issues does not report due_date (dregad) - closed.

Per saperne di più: http://www.mantisbt.org/bugs/changelog_page.php?version_id=182

1.2.14

(appendice 1)
4 Aprile 2013 - 22MBApplications:
  • Install: Improvements to the install routine to improve compatibility with more PHP configurations.

1.2.14

(release di sicurezza)
30 Gennaio 2013 - 22MBMantisBT 1.2.14 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Please refer to the release notes for details.
  • 0015415: [security] XSS vulnerability on Configuration Report page (dregad) - closed.
  • 0015416: [security] XSS issue in adm_config_report.php when displaying complex value (dregad) - closed.
  • 0015411: [performance] Huge memory consumption for print_user_option_list() (dregad) - closed.

Per saperne di più: http://www.mantisbt.org/bugs/changelog_page.php?version_id=181

1.2.12


11 Novembre 2012 - 22MB

1.2.11


9 Giugno 2012 - 22MB

1.2.10


2 Aprile 2012 - 22MB

1.2.9


4 Marzo 2012 - 21MB

1.2.8


6 Settembre 2011 - 21MB

1.2.7


23 Agosto 2011 - 16MB

1.2.6


27 Luglio 2011 - 16MB

1.2.5


6 Aprile 2011 - 16MB

1.2.4


15 Dicembre 2010 - 16MB

1.2.3


14 Ottobre 2010 - 16MB

I nostri hosting Web compatibili con
Mantis

Web

Solo l'hosting Web

Hosting Web 100% SSD
100 GB e +
Gestione multisito
Certificati SSL gratuiti
Protezione Anti-DDoS
10 GB di VOD


Per maggiori informazioni

a partire da 5.75 €/mese

Classic

L'offerta completa Web+Mail

Hosting Web 100% SSD
100 GB e +
Gestione multisito
Certificati SSL gratuiti
Protezione Anti-DDoS
10 GB di VOD


Posta professionale
25 indirizzi e-mail con spazio illimitato


WorkSpace
Messaggistica online
Messaggistica istantanea
Sincronizzazione dei contatti e agende


Per maggiori informazioni

a partire da 7.42 €/mese

Server Cloud

Gestito

Hosting Web 100% SSD
100 GB e +
Multi-hosting e multisito
Certificati SSL gratuiti
Protezione Anti-DDoS
10 GB di VOD


Potenza
2 CPU e +
6 GB di RAM e +
100% SSD
Risorse 100% dedicate


Gestione
Infomaniak gestisce il suo server


Per maggiori informazioni

a partire da 29 €/mese

Prezzo in EUR Tasse incluse