[mantisbt-dev] MantisBT 1.2.15 Released

[Victor B. <vb...@gm...>]

Blog Post: http://www.mantisbt.org/blog/?p=249

MantisBT 1.2.15 is a security update for the stable 1.2.x branch.
All installations that are currently running any 1.2.x version are strongly
advised to upgrade to this release.

The following security issues were resolved:

   - Any malicious user could use the view issues page (search.php) to
   execute a filter that could bring down the site by overloading the
   database server (CVE-2013-1883). Affects MantisBT 1.2.12 and later.  Refer
   to issue #15573 <http://www.mantisbt.org/bugs/view.php?id=15573> for
   detailed information.
   - A cross site scripting (XSS) vulnerability allowed execution of
   arbitrary JavaScript code when deleting a version. Affects MantisBT
   1.2.14 and later. Refer to issue
#15511<http://www.mantisbt.org/bugs/view.php?id=15511> for
   detailed information.
   - In some cases, the ‘Close’ button would be available to unauthorized
   users, allowing them to close issues at will, bypassing the workflow
   settings. Affects MantisBT 1.2.12 and later. Refer to issue
#15453<http://www.mantisbt.org/bugs/view.php?id=15453> for
   detailed information.

This release also includes several bug fixes and enhancements to the
tracker and the SOAP api, as well as updated translations in many languages.

A full changelog for 1.2.15 can be found at
here<http://www.mantisbt.org/bugs/changelog_page.php?version_id=182>.
 Go ahead and download <http://www.mantisbt.org/download.php> it now.

Checkout Hosted MantisBT <http://www.mantisbt.org/hosting.php> to be up and
running in minutes.  For optimized access to MantisBT from iPhone, Android
and Windows Phone checkout MantisTouch <http://www.mantistouch.org/>.
Thanks,
-MantisBT Team