headers
John Reese | 26 Sep 16:24
Favicon
Gravatar

New IRC Channels

Howdy All,

I would like to announce a some changes to the IRC channels used for the 
MantisBT project.  I've registered a formal MantsBT group with Freenode, 
which has given us control of the mantisbt "namespace".

This means that we now have the #mantisbt channel, which will be used 
specifically for development discussions and random off topic chatter.

Our existing IRC channel #mantishelp is being moved to #mantisbt-help, 
and will be reserved for questions and support for end users.  The 
current #mantishelp channel is set up to forward users appropriately, 
but will be disbanded after a few weeks time.  The web client on 
mantisbt.org is already updated to send users to the correct channel.

Please update your IRC clients with the new channels names.

Cheers

--

-- 
John Reese
noswap.com

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 6 Sep 16:42
Favicon
Gravatar

MantisBT 1.2.8 Released

Hi all,

MantisBT 1.2.8 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are advised 
to upgrade to this release.

Paulino Calderon from Websec, High-Tech Bridge Security Research Lab and 
Paul Richards discovered 3 vulnerabilities:
  - 1x local file inclusion (LFI)/directory traversal
  - 2x cross site scriptin (XSS)

These vulnerabilities could have very severe consequences for users of
MantisBT, particularly as a result of the local file inclusion 
vulnerability. If an attacker can upload their own PHP script to the 
server as an attachment, they may be able to execute this script using 
the LFI vulnerability.

Refer to issues #13191 and #13281 for detailed information:

   http://www.mantisbt.org/bugs/view.php?id=13191
   http://www.mantisbt.org/bugs/view.php?id=13281

A full changelog for 1.2.8 can be found at:

   http://www.mantisbt.org/bugs/changelog_page.php?version_id=139

The release can be downloaded at:

   http://www.mantisbt.org/download.php
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 22 Aug 16:54
Favicon
Gravatar

MantisBT 1.2.7 Released

Howdy all,

MantisBT 1.2.7 is a security update for the stable 1.2.x branch. All 
installations that are currently running any 1.2.x version are advised 
to upgrade to this release.

Net.Edit0r from BlACK Hat Group posted a vulnerability report for an XSS 
issue in search.php. All MantisBT users (including anonymous users that 
are not logged in to public bug trackers) could be impacted by this 
vulnerability. Refer to issue #13245 [1] for full details.

This release also contains numerous minor bug fixes to MantisBT and 
improved translations in many languages.

A full changelog for 1.2.7 can be found on the official site:
   http://www.mantisbt.org/bugs/changelog_page.php?version_id=138

The release can be downloaded from:
   http://www.mantisbt.org/download.php

[1] http://www.mantisbt.org/bugs/view.php?id=13245

Cheers

--

-- 
John Reese
noswap.com

------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 26 Jul 16:08
Favicon
Gravatar

MantisBT 1.2.6 Released

Hi all,

MantisBT 1.2.6 is a maintenance update for the stable 1.2.x branch. It 
is recommended that all MantisBT users (including those still using 
1.1.x or earlier versions) upgrade to this latest release.

This release brings bug fixes and improvements across a range of 
MantisBT features, especially the SOAP API, authentication, time 
tracking, and billing areas. Documentation and translation updates are 
also included.

A full changelog for 1.2.6 can be found on the official site:
    http://www.mantisbt.org/bugs/changelog_page.php?version_id=114

The release is available for download at:
    http://www.mantisbt.org/download.php

Cheers

--

-- 
John Reese
noswap.com

------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 12 Jul 20:30
Favicon
Gravatar

MantisBT Moving to Github

Hi all,

I'd like to announce that as of now, the primary Git repositories for 
the MantisBT project are hosted at Github [1], using the "mantisbt" 
organization for all official code repositories.  I've also renamed the 
development tools repository from "mantisbt-dev" to "mantisbt-tools" for 
sake of clarity.  Commit emails will now be sent to the mantisbt-cvs 
list from noreply@... rather than git@...

Regarding plugins, I've have created a second organization on Github 
called "mantisbt-plugins" [2].  Community members with plugins are 
welcome to join the organization and have their repositories hosted 
there as a sort of "official list" of available plugins.  Simply send a 
request to the developer list, and we will add your Github account and 
create a repository that you can push to.  Any plugins currently hosted 
on git.mantisforge.org will continue to be available, although we would 
encourage moving them to Github as time permits.

Ideally, this move will benefit both community and developer 
contribution in multiple ways:

- Github allows for easy "forking" to give users their own repository to 
develop changes in, and also provides a method to submit "pull requests" 
back to the development team or plugin authors.

- Github allows users to easily manage their account and SSH keys for 
all repositories, and has a much friendlier interface for doing so.

- Github provides a better repository viewing interface, and allows for 
superior integration with MantisBT itself via service hooks.
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 5 Apr 21:12
Favicon
Gravatar

MantisBT 1.2.5 Released

Hi all,

MantisBT 1.2.5 is a maintenance update for the stable 1.2.x branch. It 
is recommended that all MantisBT users (including those still using 
1.1.x or earlier versions) upgrade to this latest release.

This release brings improved translations in many languages as well as 
numerous bug fixes across a range of MantisBT features.

A full changelog for 1.2.5 can be found on the official site:
    http://www.mantisbt.org/bugs/changelog_page.php?version_id=113

The release is available for download at:
    http://www.mantisbt.org/download.php

Cheers

--

-- 
John Reese
noswap.com

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
Permalink | Reply | 0 comments |
headers
John Reese | 15 Dec 03:37
Gravatar

MantisBT 1.2.4 Released

Howdy all,

MantisBT 1.2.4 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are advised to
upgrade to this release.

Gjoko Krstic of Zero Science Lab reported multiple vulnerabilities in the
admin/upgrade_unattended.php script. Issue #12607 provides more detail on the
vulnerabilities discovered. We thank Gjoko for his detailed assistance with
testing, patching and answering questions. Please note that the /admin/
directory should be removed from all MantisBT installations after the
installation or upgrade has been completed. This is particularly true for
MantisBT installations accessible over the Internet.

Also included with 1.2.4 are some bug fixes relating to fonts in the
MantisGraph plugin, SOAP API, CSV export, custom field values, relationship
graphs, fields on the manage user page, built-in time tracking and the
allow_reporter_close feature. This release includes updated translations for
many languages and improved installation documentation in doc/INSTALL.

A full changelog for the 1.2.x series can be found on the official site:
   http://www.mantisbt.org/bugs/changelog_page.php?version_id=112

The release is available for download at:
   http://www.mantisbt.org/download.php

Cheers
--

-- 
John Reese
LeetCode.net
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 14 Sep 20:56
Gravatar

MantisBT 1.2.3 Released

Howdy folks,

MantisBT 1.2.3 is a security update for the stable 1.2.x branch. All 
installations that are currently running any 1.2.x version are advised 
to upgrade to this release.

Issue #12312 covers an XSS vulnerability in the upstream NuSOAP library. 
The fix has been applied to the library included in MantisBT releases, 
and a patch has been submitted upstream for future releases of NuSOAP. 
See http://www.mantisbt.org/bugs/view.php?id=12312 for further details.

Also included with 1.2.3 are another round of XSS fixes to MantisBT, 
improved excel export, translation updates, and bug fixes to the SOAP 
API, installation, plugin system, and email notifications.

The release changelog can be found at:
  - http://www.mantisbt.org/bugs/changelog_page.php?version_id=111

It can be downloaded at:
  - http://www.mantisbt.org/download.php

Cheers

--

-- 
John Reese
LeetCode.net

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 29 Jul 19:25
Gravatar

MantisBT 1.2.2 Released

Howdy all,

MantisBT 1.2.2 is a security update for the stable 1.2.x branch. All 
installations that are currently running any 1.2.x version are advised 
to upgrade to this release.

Issue #11952 covers a security fix to the display of inline attachments, 
where "Arbitrary inline attachment rendering could lead to cross-domain 
scripting or other browser attacks".  See 
http://www.mantisbt.org/bugs/view.php?id=11952 for further details and 
information.

Also included with 1.2.2 are a range of translation updates, regression 
fixes, and bug fixes, including multiple SOAP API-related bugs and 
regressions.

The release changelog can be found at:
     - http://www.mantisbt.org/bugs/changelog_page.php?version_id=110

It can be downloaded at:
     - http://www.mantisbt.org/download.php

Cheers

--

-- 
John Reese
LeetCode.net

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Reese | 23 Apr 20:44
Gravatar

MantisBT 1.2.1 Released

Hi all,

MantisBT 1.2.1 is a maintenance update for the stable 1.2.x branch. All
installations that are currently running any 1.1.x or 1.2.0 version are
advised to upgrade to this release.

Included with 1.2.1 are a range of bug fixes, translation updates, and general
improvements over the initial 1.2.0 release.  Highlights include an improved
installation, a fixed upgrade path from 1.1.x, fixes to the URL and path
detection, and updates to the plugin event system.

The release changelog can be found at:
    - http://www.mantisbt.org/bugs/changelog_page.php?version_id=109

It can be downloaded at:
    - http://www.mantisbt.org/download.php

Cheers

--

-- 
John Reese
LeetCode.net

------------------------------------------------------------------------------
Permalink | Reply | 0 comments |
headers
John Reese | 22 Feb 21:52
Gravatar

MantisBT 1.2.0 Released

MantisBT Release Notes

1.2.0 Stable Release
-------------------------------------------------

This release marks the first official release in the 1.2.x series of MantisBT.
1.2.0 is a major feature release for MantisBT, and includes many bugfixes and
enhancements over the 1.1.x stable branch.  All users of 1.1.x are highly
encouraged to upgrade as soon as possible.

A full changelog for the 1.2.x series can be found on the official site. [1]

There are many new features added to 1.2.0, including:

  - Converted the MantisBT Manual to Docbook format, and added a new Developer's
    Guide manual, both of which are compiled and included in every release

  - Implemented a plugin system with many plugins already released [2]

  - Global categories available to all projects, as well as project categories
    inheriting from parent projects to child projects;  both are optional

  - Tracked change history for textarea fields (Description, etc) and bug notes

  - Customizable sets of columns for View Issues page and export formats

  - Combined simple and advanced views into a single, configurable view that
    allows selecting exactly what fields to show or hide

  - Improved roadmap and changelog pages, including version release dates, and
(Continue reading)

Permalink | Reply | 0 comments |

Gmane