From: John Reese <jreese@le...> - 2010-12-15 02:38:05
MantisBT 1.2.4 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are advised to
upgrade to this release.
Gjoko Krstic of Zero Science Lab reported multiple vulnerabilities in the
admin/upgrade_unattended.php script. Issue #12607 provides more detail on the
vulnerabilities discovered. We thank Gjoko for his detailed assistance with
testing, patching and answering questions. Please note that the /admin/
directory should be removed from all MantisBT installations after the
installation or upgrade has been completed. This is particularly true for
MantisBT installations accessible over the Internet.
Also included with 1.2.4 are some bug fixes relating to fonts in the
MantisGraph plugin, SOAP API, CSV export, custom field values, relationship
graphs, fields on the manage user page, built-in time tracking and the
allow_reporter_close feature. This release includes updated translations for
many languages and improved installation documentation in doc/INSTALL.
A full changelog for the 1.2.x series can be found on the official site:
The release is available for download at:
Get latest updates about Open Source Projects, Conferences and News.