From: Victor B. <vi...@fu...> - 2005-10-11 12:46:51
|
Hi all, Mantis now has two packages in SourceForge, mantis-dev and mantis-stable. The latest releases in these packages are 1.0.0rc2 and 0.19.3. All users who were monitoring the original Mantis package (for new releases) are now monitoring mantis-dev. I would encourage all of you to monitor the mantis-stable package in order to get the notification when Mantis 1.0.0 is released. You can also subscribe to Mantis blog at: http://www.futureware.biz/ Mantis 0.19.3 is a maintenance release that mainly contains security fixes. All 0.19.x users are advised to upgrade to this version. - 0006331: [security] Port #5247 to 0.19.3: Real email addresses are visible when using reminders (vboctor) - 0006332: [security] Port #5751 to 0.19.3: Javascript XSS vulnerability (vboctor) - 0006333: [security] Port #5959 to 0.19.3: Cross Site Scripting Vulnerabilty in the mantis/view_all_set.php Script (vboctor) - 0006335: [security] Port #6273 to 0.19.3: File Inclusion Vulnerability (vboctor) - 0006336: [security] Port #6275 to 0.19.3: SQL injection (vboctor) - 0006334: [security] Port #6097 to 0.19.3: user ID is cached indefinitely (vboctor) - 0006330: [bugtracker] System warning in login_page.php when no new installation (vboctor) Regards, Victor. |