blog post: http://www.mantisbt.org/blog/?p=236

MantisBT 1.2.13 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release.

Two cross site scripting (XSS) vulnerability issues affecting MantisBT 1.2.12 only (earlier versions are not impacted) were discovered:

A workflow-related security issue was also fixed:

In addition to the corrections for the above-mentioned security issues, this release also includes several bug fixes and enhancements:

A full changelog for 1.2.13 can be found at here.  Go ahead and download it now.

Checkout Hosted MantisBT to be up and running in minutes.  For optimized access to MantisBT from iPhone, Android and Windows Phone checkout MantisTouch.

Thanks,
Mantis Team