Menu
▾
▴
[mantisbt-dev] FW: Hi All - A change of direction for me.
|
From: P R. <pa...@ma...> - 2014-10-30 15:57:47
|
Robert, Damien, Before I send anything to the list regarding fork (which may be over weekend), I'm sending you two privately the some of the security patches that I have for 1.2.18 001: I deem to be minor - it's a 'safety' catch for if someone accidently configures a server incorrectly - in reality, unlikely to ever be an issue as mantis isn't userable in the state needed to trigger this. 002 - not a security fix as a such, but seemed to fix javascript errors that were making it hard to identify 3 003 - Fixes XSS issue in the extended browser - this only needs to be back ported to 1.2 as the code has gone from master 004 - Fixes a SQL injection issue in the SOAP api - I've emailed cve...@mi... asking for them to reserve a CVE for this (And also emailed them asking them to reserve a CVE for the other issues we've got patches in progress for. I've not yet emailed cve-assign for the 01 or 03 above. I'm wondering for both whether it's necessarily to bother - in the first case (001), I don’t think you'd even be able to use mantis properly in the state needed to hit this issue, and in the 2nd case (003) , given you'd need the extended project browser to be on, and be able to set a project name - the first of which I've never seen anyone use... Once I get a reply with CVE number, I'll forward it to you two again so a complete set of patches can be properly co-ordinated, and we can make sure nothing is missing. And then I'll reply publically to your list-mail rombert about names (don't worry, I've not picked something that will breed confusion), and further details. Paul -----Original Message----- From: Robert Munteanu [mailto:rob...@gm...] Sent: 21 October 2014 12:06 To: developer discussions Subject: Re: [mantisbt-dev] Hi All - A change of direction for me. Hi Paul, Let me start by acknowledging all the work you did on MantisBT - you definitely contributed a lot and MantisBT is today better due to your contributions, so a big thank you goes out for that. I wish you good luck with your fork - and hope you don't mind if we cherry-pick fixes that we find useful :-) On a related note, I echo Damien's comment on naming - it would breed confusion to name your project Mantis Issue Tracker ( MantisIT? ) so please pick another name that Cheers, Robert On Tue, Oct 21, 2014 at 12:24 AM, P Richards <pa...@ma...> wrote: > Hi All, > > > > Just to let you know that I’m going to embark on a new project – > “Mantis Issue Tracker”. This will be a fork from the Mantis Bug > Tracker project with a goal for being used for a helpdesk focus – this > is the environment I currently work in. > > > > After 10 years spent working on Mantis Bug Tracker, it has become > clear that Victor’s planned direction with moving towards a hosted > MantisHub and trying to make a financial return out of Mantis is not > aligned with the goal’s that I set myself for involvement with an open > source project. I’d like to wish him success with those aims. > > > > Myself, I’m keen to ensure that in todays hosted world with cloud > services etc, that it’s possible to run a freely available issue tracker for all. > > > > I’ll post more details in a few days. > > > > I still plan to continue to follow the project and submit any pull > requests, but I need to align my coding time with the needs for which > I use Mantis – which is as an issue checker in a MSSQL shop. > > > > In the meantime, please let me know as soon as damien has fixed his > email address, as it’s still broken and it would be good to do a joint > security release. > > > > Paul > > > ---------------------------------------------------------------------- > -------- Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > -- http://robert.muntea.nu/ ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ mantisbt-dev mailing list man...@li... https://lists.sourceforge.net/lists/listinfo/mantisbt-dev |
