Elier Delgado | 13 Dec 04:15 2014
Picon

Frameworks

Hello all, 

First at all, I want to thank you for your great contribution. You can feel good because many people are thankful for having Mantis. 
I was happy to introduced it in several places :)

I recently had to go through the code debugging an issue and I was wondering if you ever have think on porting progressively Mantis into any framework?

Regards, Elier
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Victor Boctor | 6 Dec 04:50 2014
Picon

MantisBT 1.2.18 Released

MantisBT 1.2.18 is an important security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from [2]. This release resolves a total of 43 issues, including fixes for 23 security- related bugs and vulnerabilities: - 7 Cross-Site Scripting (XSS) issues: #17297/CVE-2014-9272, #17583/CVE-2014-9270, #17870/CVE-2014-8987, #17874/CVE-2014-9271, #17876/CVE-2014-9281, #17889/CVE-2014-8986, #17890/CVE-2014-9269 - 2 Code injection issues: #17725/CVE-2014-7146, #17875/CVE-2014-9280 - 2 SQL injection (XSS) issues: #17812/CVE-2014-8554, #17841/CVE-2014-9089 - 5 Information disclosure issues: #9885, #17744, #17877/CVE-2014-9279, #17742/CVE-2014-8988, #17243/CVE-2014-8553 - 7 Other security issues: #10966, #17338, #17640/CVE-2014-6387, #17648/CVE-2014-6316, #17780/CVE-2014-8598, #17811/CVE-2014-9117, #17878 Please refer to the changelog [1] on the MantisBT web site for complete details on each of these issues. We would like to thank the following individuals and organizations for their valued contribution in discovering and fixing these issues, in no particular order: Mati Aharoni from Offensive Security and their bug bounty program, Matthias Karlsson, Matthew Daley, Egidio Romano, Florian Fuchs, Shahee Mirza, Oleg K, Alejo Popovici, Edwin Gozeling, Paul Richards, Roland Becker, Victor Boctor and Damien Regad.


Thanks,
MantisBT Team
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Alain D'EURVEILHER | 5 Dec 16:48 2014
Picon

[New Plugin] FilterBugList

Hi,
I would like a new plugin to be hosted, but I'm facing some difficulties with writting the page on the wiki and transfering the ownership on github.

The plugin is currently hosted there on github:
https://github.com/AlainD-/FilterBugList
(FYI the plugin allow to filter by giving a list of bug ids)

Can you please:
1) Review
2) if OK, add me the rights to create the wiki page (for the user 'Bozz' of the bugtracker)
3) allow me to transfer the ownership on github to your organization.

Thank you very much in advance.

--

AlainD.

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Louis BAYLE | 5 Dec 10:08 2014
Picon

Is there an API Doc on custom filters ?

Hi,
I would like to open the view_all_bug_page.php with a set of issues that are not defined by any of the current Mantis fields. Basicaly, I need to specify a list of bug_id.

Is it possible ? Is there a doc that describes how to do that ?

I was thinking of building an URL like this
mantis/view_all_bug_page.php?bug_id=12,54,65,567,534

If it does not exist, would you be interested in a PR with such a feature ? have you any hints on how to do it ?

Thank you,
Best regards,

Louis BAYLE

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Gianluca Sforna | 28 Nov 12:38 2014
Picon
Subject: 1.2.18

1.2.18

Hi all
what are there plans for the 1.2.18 release?

I am receiving many security issues reports for the RPM package in
Fedora/EPEL repos and it would be great if I could just rebase the
package from the upstream tarball instead of chasing the correct patch
set to apply.

Thanks

G.

--

-- 
Gianluca Sforna

http://morefedora.blogspot.com
http://plus.google.com/+gianlucasforna - http://twitter.com/giallu

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
Victor Boctor | 8 Nov 23:42 2014
Picon

Preparing blog post for 1.3.0-beta.1

Hi all,

I’ve put together some thoughts relating to the points we want to communicate in the post.  I would appreciate if you can provide your thoughts about the same. I’ve created a gist to make discussing and evolving this easier.


Thanks,
-Victor
------------------------------------------------------------------------------
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
P Richards | 30 Oct 16:57 2014

FW: Hi All - A change of direction for me.

Robert, Damien, 

Before I send anything to the list regarding fork (which may be over weekend),  I'm sending you two privately
the some of the security patches that I have for 1.2.18

001: I deem to be minor - it's a 'safety' catch for if someone accidently configures a server incorrectly - in
reality, unlikely to ever be an issue as mantis isn't userable in the state needed to trigger this.

002 - not a security fix as a such, but seemed to fix javascript errors that were making it hard to identify 3

003 - Fixes XSS issue in the extended browser - this only needs to be back ported to 1.2 as the code has gone from master

004 - Fixes a SQL injection issue in the SOAP api - I've emailed
cve-assign@... asking  for them to reserve a CVE for this (And
also emailed them asking them to reserve a CVE for the other issues we've got patches in progress for. I've
not yet emailed cve-assign for the 01 or 03 above. I'm wondering for both whether it's necessarily to
bother - in the first case (001), I don’t think you'd even be able to use mantis properly in the state
needed to hit this issue, and in the 2nd case (003) , given you'd need the extended project browser to be on,
and be able to set a project name - the first of which I've never seen anyone use...

Once I get a reply with CVE number, I'll forward it to you two again so a complete set of patches can be properly
co-ordinated, and we can make sure nothing is missing. And then I'll reply publically to your list-mail
rombert about names (don't worry, I've not picked something that will breed confusion), and further details.

Paul

-----Original Message-----
From: Robert Munteanu [mailto:robert.munteanu@...] 
Sent: 21 October 2014 12:06
To: developer discussions
Subject: Re: [mantisbt-dev] Hi All - A change of direction for me.

Hi Paul,

Let me start by acknowledging all the work you did on MantisBT - you definitely contributed a lot and
MantisBT is today better due to your contributions, so a big thank you goes out for that.

I wish you good luck with your fork - and hope you don't mind if we cherry-pick fixes that we find useful :-)

On a related note, I echo Damien's comment on naming - it would breed confusion to name your project Mantis
Issue Tracker ( MantisIT? ) so please pick another name that

Cheers,

Robert

On Tue, Oct 21, 2014 at 12:24 AM, P Richards <paul@...> wrote:
> Hi All,
>
>
>
> Just to let you know that I’m going to embark on a new project – 
> “Mantis Issue Tracker”. This will be a fork from the Mantis Bug 
> Tracker project with a goal for being used for a helpdesk focus – this 
> is the environment I currently work in.
>
>
>
> After 10 years spent working on Mantis Bug Tracker, it has become 
> clear that Victor’s planned direction with moving towards a hosted 
> MantisHub and trying to make a financial return out of Mantis is not 
> aligned with the goal’s that I set myself for involvement with an open 
> source project. I’d like to wish him success with those aims.
>
>
>
> Myself, I’m keen to ensure that in todays hosted world with cloud 
> services etc, that it’s possible to run a freely available issue tracker for all.
>
>
>
> I’ll post more details in a few days.
>
>
>
> I still plan to continue to follow the project and submit any pull 
> requests, but I need to align my coding time with the needs for which 
> I use Mantis – which is as an issue checker in a MSSQL shop.
>
>
>
> In the meantime, please let me know as soon as damien has fixed his 
> email address, as it’s still broken and it would be good to do a joint 
> security release.
>
>
>
> Paul
>
>
> ----------------------------------------------------------------------
> -------- Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> mantisbt-dev mailing list
> mantisbt-dev@...
> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
>

--
http://robert.muntea.nu/

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
------------------------------------------------------------------------------
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
Robert Munteanu | 25 Oct 11:24 2014
Picon

Simplify Target Version/Fixed in Version management for 1.3

Hi,

I was thinking that having two different version fields ( target
version and fixed in version ) in a bug can be confusing for some
users. I understand that there are some advanced use cases, but IMO we
should also optimize for the simple workflow, where fix version should
be the same as the target version.

For that I suggest the following enhancement for 1.3:

When modifying a bug such that
- status >= bug_resolved_status_threshold
- resolution >= bug_resolution_fixed_threshold
- target_version exists
- fixed_in_version is empty

Then automatically set the fixed_in_version to be equal to the target_version.

Thoughts?

Robert

--

-- 
http://robert.muntea.nu/

------------------------------------------------------------------------------
P Richards | 20 Oct 23:24 2014

Hi All - A change of direction for me.

Hi All,

 

Just to let you know that I’m going to embark on a new project – “Mantis Issue Tracker”. This will be a fork from the Mantis Bug Tracker project with a goal for being used for a helpdesk focus – this is the environment I currently work in.

 

After 10 years spent working on Mantis Bug Tracker, it has become clear that Victor’s planned direction with moving towards a hosted MantisHub and trying to make a financial return out of Mantis is not aligned with the goal’s that I set myself for involvement with an open source project. I’d like to wish him success with those aims.

 

Myself, I’m keen to ensure that in todays hosted world with cloud services etc, that it’s possible to run a freely available issue tracker for all.

 

I’ll post more details in a few days.

 

I still plan to continue to follow the project and submit any pull requests, but I need to align my coding time with the needs for which I use Mantis – which is as an issue checker in a MSSQL shop.

 

In the meantime, please let me know as soon as damien has fixed his email address, as it’s still broken and it would be good to do a joint security release.

 

Paul

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
P Richards | 20 Oct 20:43 2014

19:30 Status update

ERROR: Permission to mantisbt/mantisbt.git denied to grangeway.

fatal: Could not read from remote repository.

 

Please make sure you have the correct access rights

and the repository exists.

 

And still unable to email dregad-yNRIyJjUR0xg9hUCZPvPmw@public.gmane.org

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev
P Richards | 20 Oct 19:27 2014

.

ERROR: Permission to mantisbt/mantisbt.git denied to grangeway.

fatal: Could not read from remote repository.

 

Please make sure you have the correct access rights

and the repository exists.

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
mantisbt-dev mailing list
mantisbt-dev@...
https://lists.sourceforge.net/lists/listinfo/mantisbt-dev

Gmane