From: John R. <jr...@le...> - 2010-12-15 02:38:05
|
Howdy all, MantisBT 1.2.4 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are advised to upgrade to this release. Gjoko Krstic of Zero Science Lab reported multiple vulnerabilities in the admin/upgrade_unattended.php script. Issue #12607 provides more detail on the vulnerabilities discovered. We thank Gjoko for his detailed assistance with testing, patching and answering questions. Please note that the /admin/ directory should be removed from all MantisBT installations after the installation or upgrade has been completed. This is particularly true for MantisBT installations accessible over the Internet. Also included with 1.2.4 are some bug fixes relating to fonts in the MantisGraph plugin, SOAP API, CSV export, custom field values, relationship graphs, fields on the manage user page, built-in time tracking and the allow_reporter_close feature. This release includes updated translations for many languages and improved installation documentation in doc/INSTALL. A full changelog for the 1.2.x series can be found on the official site: http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 The release is available for download at: http://www.mantisbt.org/download.php Cheers -- John Reese LeetCode.net |
From: Jorge A. B. <li...@da...> - 2010-12-15 11:37:18
|
The link points to Mantis 0.9 dev download... should be http://sourceforge.net/projects/mantisbt/files/mantis-stable/1.2.4/ Regards El 14/12/2010 11:37 p.m., John Reese escribió: > The release is available for download at: > http://www.mantisbt.org/download.php -- Jorge Andrés Brugger Informática DASU - Obra Social del Personal de la Universidad Nacional de la Patagonia Comodoro Rivadavia, Chubut, Argentina Teléfono (0297) 446-4444 int. 103 Correo electrónico: jbr...@da... Website: www.dasu.com.ar |
From: John R. <jr...@le...> - 2010-12-15 13:26:46
|
On 12/15/2010 05:53 AM, Jorge Andrés Brugger wrote: > The link points to Mantis 0.9 dev download... should be > http://sourceforge.net/projects/mantisbt/files/mantis-stable/1.2.4/ Thank you, I didn't realize SF.net changed their URLs. It should be fixed now. -- John Reese LeetCode.net |
From: Damien R. <dam...@me...> - 2010-12-16 01:15:29
|
And this comes out just one day after I finally completed the testing cycle and migration from 1.2.1 to 1.2.3... GRRRR... Guess I'll just have to do it all over again in January ;-) Question: is there some kind of regular release plan (e.g. every 3-4 months), or do you just release whenever you feel there is a sufficient list of fixes ? In both cases, would it be possible to make planned release dates (even tentative) available to the public, e.g. on the Roadmap, or the web site ? Thanks Damien |
From: David H. <hic...@op...> - 2010-12-16 01:21:07
|
On Thu, 2010-12-16 at 02:15 +0100, Damien Regad wrote: > And this comes out just one day after I finally completed the testing > cycle and migration from 1.2.1 to 1.2.3... GRRRR... Guess I'll just have > to do it all over again in January ;-) Make sure you patch your installations with the latest security patches (if you're going to use older versions of MantisBT). > Question: is there some kind of regular release plan (e.g. every 3-4 > months), or do you just release whenever you feel there is a sufficient > list of fixes ? In both cases, would it be possible to make planned > release dates (even tentative) available to the public, e.g. on the > Roadmap, or the web site ? There is no regular release plan at the moment. Generally I think we're aiming for a release at least every 2 months for the stable branch. It really depends on what sort of patches have been committed (and the quantity). In the case of security releases such as 1.2.4, they're released as soon as possible. We can't predict when these releases will occur for obvious reasons. Regards, David |