Mantis 2.25.6
23 February 2023
Mantis version 2.25.6 is now available (security release).
Upgrading to Mantis 2.25.6
Mantis 2.25.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Mantis updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Mantis install to test the 2.25.6 upgrade prior to applying it live. Get started managing your Mantis installations with Installatron
What's New in Mantis 2.25.6
Security
- 0031086: [security] CVE-2023-22476: Private issue summary disclosure (dregad)
Bug Fixes and Changes
- 0024720: [ldap] Editing user with use_ldap_email = ON empties email address (dregad)
- 0031827: [reports] Graphviz logs syntax error in line xx near ';' (atrol)
- 0031712: [code cleanup] PHP 8.1 deprecated warnings (dregad)
- 0031159: [tagging] Undefined constants TAG_NOT_ATTACHED + TAG_ALREADY_ATTACHED in tag_api.php (dregad)
- 0030922: [bugtracker] Browser extensions may trigger automatic bug monitoring (community)
- 0030918: [markdown] URLs should only be converted to links when process_url is ON (dregad)
- 0030835: [ui] unreachable submit button (Update Information) on issue update when using tab key (dregad)
- 0030841: [api rest] Update Slim Framework to 3.12.4 (dregad)
- 0030794: [signup] Captcha image not showing on PHP 8.1 (dregad)
- 0030777: [upgrade] Scalar typehint is not supported in PHP 5.x (dregad)
- 0030793: [bugtracker] config_flush_cache() doesn't clean the eval cache for individual options (dregad)
- 0030772: [security] Update moment.js to 2.29.4 (dregad)
- 0030791: [security] Allow adding relation type noopener/noreferrer to outgoing links (dregad)
- 0030771: [ldap] Poor error handling when $g_login_method = LDAP and PHP extension missing (dregad)
- 0030814: [signup] Captcha audio not working (dregad)
- 0030429: [other] Upcoming incompatibility with PHP 8.2, "Deprecate ${} string interpolation" RFC (dregad)
- 0031876: [plug-ins] XML import: Undefined property warning when importing bug notes (dregad)
- 0030790: [ldap] Deprecated conversion of false to array in ldap_api.php with PHP 8.1 (dregad)
- 0032037: [bugtracker] Remove "sponsorship_total" from columns default (dregad)
- 0031943: [installation] Creation of dynamic properies is deprecated in PHP 8.2 (dregad)
- 0022238: [documentation] Missing columns on $g_view_issues_page_columns documentation (dregad)
- 0031829: [ui] Status color boxes shown in black on bug_relationship_graph.php (dregad)
- 0031836: [bugtracker] Date conversion fails when editing a project version using a non-US date format (dregad)
- 0031889: [bugtracker] Product Version / Target Version - Date missing (dregad)