Howdy all, MantisBT 1.2.4 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release.
Gjoko Krstic of Zero Science Lab reported multiple vulnerabilities in the admin/upgrade_unattended.php script. Issue #12607 provides more detail on the vulnerabilities discovered. We thank Gjoko for his detailed assistance with testing, patching and answering questions. Please note that the /admin/ directory should be removed from all MantisBT installations after the installation or upgrade has been completed. This is particularly true for MantisBT installations accessible over the Internet. Also included with 1.2.4 are some bug fixes relating to fonts in the MantisGraph plugin, SOAP API, CSV export, custom field values, relationship graphs, fields on the manage user page, built-in time tracking and the allow_reporter_close feature. This release includes updated translations for many languages and improved installation documentation in doc/INSTALL. A full changelog for the 1.2.x series can be found on the official site: http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 The release is available for download at: http://www.mantisbt.org/download.php Cheers -- John Reese LeetCode.net ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ mantisbt-help mailing list mantisbt-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mantisbt-help
