Mantis 0.19.4 is now available for download.
This maintenance release includes the following fixes:
- 0006419: [security] File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
- 0006420: [security] Injection Vulnerabilities in Filters (TKADV2005-11-002) (thraxisp)
- 0006457: [security] SQL Injection in manage user page (TKADV2005-11-002) (vboctor)
- 0006460: [security] HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- 0006486: [security] Port XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
All 0.19.x users are encouraged to upgrade to this release.
I'd like to take this opportunity to thank tk at trapkit dot de for reviewing Mantis code and reporting the above issues.