JFIFHH .
BSA HACKER
Logo of a company Server : Apache
System : Linux nusantara.hosteko.com 4.18.0-553.16.1.lve.el8.x86_64 #1 SMP Tue Aug 13 17:45:03 UTC 2024 x86_64
User : koperas1 ( 1254)
PHP Version : 7.4.33
Disable Function : NONE
Directory :  /var/softaculous/mantis/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //var/softaculous/mantis/changelog.txt
mantisbt - 2.26.3 Released 2024-08-25

Maintenance release, fixing a couple regressions from 2.26.2 and a few other issues.

    0034442: [html] Wrong display of some column titles on "View Issues" page (dregad)
    0034461: [relationships] Relationship Graphs show/hide flag is not persistent (dregad)
    0034462: [relationships] Truncated HTML entities shown in Relationship Graph nodes' Issue summary (dregad)
    0034460: [filters] Sorting by "overdue" column does not work if "due_date" is not visible (dregad)
    0025407: [api rest] Resetting version fields to empty is not possible (dregad)
    0034458: [ui] Better icon for "overdue" column (dregad)
    0034586: [api rest] REST API GET /filters/{ID} returns empty array when ID does not exist (dregad)
    0034492: [code cleanup] Duplicated code in admin/check_api.php (dregad)
    0034480: [db mysql] Using MySQL 8.4 gives warning in admin checks (dregad)
    0034493: [api rest] REST API GET /issues endpoint returns HTML if given filter_id is not found (dregad)
    0034571: [ldap] ldap_simulation_get_user() does not return null when given non-string username (dregad)
    0034566: [administration] The "realname" field is cleared after a user is updated. (dregad)
    0034526: [performance] Bad performance when editing a project having a lot of subprojects (community)
    0034589: [code cleanup] CSP img-src has a duplicate 'self' value (dregad)
	
mantisbt - 2.26.2 Released 2024-05-11

Security and maintenance release addressing several vulnerabilities (CVE-2024-34077, CVE-2024-34080 and CVE-2024-34081; refer to the corresponding Issues for details). It also resolves a few PHP 8.x compatibility issues, as well as a few other bugs.
All installations are strongly advised to upgrade as soon as possible

    0034432: [security] CVE-2024-34081: Unsanitised custom field names printed (dregad)
    0033906: [bugtracker] Failed opening core.php in timeline_inc.php on PHP 8.2 / IIS (dregad)
    0034008: [documentation] MantisGraph: document usage of EVENT_MANTISGRAPH_SUBMENU (dregad)
    0034006: [code cleanup] MantisGraph: fix deprecated warnings in javascript (dregad)
    0034393: [html] Incorrect handling of HTML hexadecimal character references &#xNNN; (dregad)
    0034439: [code cleanup] Deprecated warning when updating Issue with null checkbox Custom Field (dregad)
    0034441: [excel] Excel error when opening exported issues with custom field with special characters (dregad)
    0034435: [bugtracker] Issue note links don't reflect if issue is resolved (vboctor)
    0034434: [security] CVE-2024-34080: Don't hyperlink references to notes whose issues are not accessible to user (vboctor)
    0034433: [security] CVE-2024-34077: Account Takeover in Password Reset and Account Registration Feature (dregad)
    0034417: [security] Update corejs-typeahead.js library to 1.3.4 (dregad)
    0034410: [api rest] REST API error reports incorrect field "version" when updating fixed in / target version with invalid value (dregad)
    0034399: [other] Internal server error on view_user_page (atrol)
    0012956: [bugtracker] Target Version does not respect GET or POST value when reporting issue (dregad)
    0034404: [bugtracker] Proceed button is shown twice when redirecting with pending errors (dregad)
    0034359: [api rest] REST API: "String not found" warning when adding note with invalid view_state (dregad)
    0034348: [api rest] Adding issue note with REST API returns HTTP 500 when given view_state is invalid (dregad)
    0034018: [filters] Filter "assigned to" and "monitor by" shows <br /> between the users when selecting multiple (advanced filtering) (dregad)
    0034106: [code cleanup] Deprecated creation of dynamic properties in BugData class (dregad)

mantisbt - 2.26.1 Released 2024-02-20

Security and maintenance release addressing a host header injection vulnerability (CVE-2024-23830). It also resolves several regression issues introduced in 2.26.0 release, and includes fixes for PHP 8.x compatibility as well as other issues.
All installations are strongly advised to upgrade as soon as possible

    0033480: [bugtracker] Blank page when redirecting with print_successful_redirect() (dregad)
    0033173: [api rest] No endpoints working on Windows server with PHP 8.1+ (dregad)
    0019381: [security] CVE-2024-23830: Host header attack vulnerability (dregad)
    0033418: [documentation] Document PHP ctype extension as required (dregad)
    0033481: [ui] Missing space between "*" and label for required fields on bug report page (dregad)
    0033426: [authentication] User not authenticated when following link from notification email (dregad)
    0033422: [api rest] Updating an issue with bugnote having empty text causes PHP errors (dregad)
    0033402: [api rest] Updating an Issue through the API sets all comments last edit timestamp (community)
    0033374: [other] Erratic behavior of RestProjectVersionTest::testProjectUpdateVersion PHPUnit test case (dregad)
    0033372: [db mssql] SQL error opening Manage Users page with MSSQL (dregad)
    0033248: [custom fields] APPLICATION ERROR 2800 Invalid form security token when trying to delete custom field (dregad)
    0033358: [custom fields] Custom fields are showing when resolving issues form despite not checking the option (atrol)
    0033171: [db schema] Update ADOdb to 5.22.7 (dregad)
    0033375: [tools] Enable PHP 8.3 on Travis CI builds (dregad)
    0033404: [authorization] Unable to grant user access to private issue by adding them as a monitoring user (atrol)
    0033519: [installation] MySQL Native Driver (mysqlnd) is required (dregad)
    0033588: [administration] Creating an Configuration Option with complex array fails when number is negative (dregad)
    0033631: [code cleanup] Uncaught exception in installer (dregad)
    0033634: [rss] Error in creating RSS when there are no issues to publish (dregad)
    0033651: [ui] Overflowing text issue on sidebar menu (dregad)
    0033756: [installation] Errors on browser console when installing (dregad)
    0033773: [installation] Install: reset buttons for table prefix/suffix not working at stage 2 (dregad)

mantisbt - 2.26.0 Released 2023-10-30
======================================
Feature and maintenance release. Dropping support for PHP 7.1 and older, the earliest supported PHP version is now 7.2.5. New configuration options were added to control access to Export and Print Report features (see 0022224). The default value for the latter was set to UPDATER for security reasons (see 0025492); to restore earlier behavior, administrators should set $g_print_reports_threshold = VIEWER;.

    0028068: [db mssql] Impossible to insert child records with ADOdb 5.21.0 on mssql (dregad)
    0028069: [db postgresql] PHP notices leading to unusable system with ADOdb 5.21.0 on pgsql (dregad)
    0008664: [localization] Translation in Espéranto (dregad)
    0026148: [ui] Add hash to MantisBT CSS files to force browser cache update (vboctor)
    0028830: [code cleanup] Remove PHP < 5.4 compatibility code from user_get_all_accessible_projects() (dregad)
    0026998: [plug-ins] Event on access level modifications (dregad)
    0028905: [localization] String optimizations for English language (atrol)
    0028861: [localization] Incorrectly configured saraiki language (dregad)
    0028918: [upgrade] Improve handling of unserialize->json conversion during upgrade (dregad)
    0028120: [performance] Improve performance of user_pref_clear_invalid_project_default() (dregad)
    0028826: [ui] Removing vertical lines in tabular presentation to reduce clutter (community)
    0028119: [code cleanup] Calling user_get_field() with non-existing user throws incorrect warning (dregad)
    0028124: [ui] Visually align the 1st column's width in manage_user_proj_delete.php (dregad)
    0028114: [code cleanup] Invalid HTML in manage_user_edit_page.php (dregad)
    0028182: [ui] progress bar on the title bar (road map) (dregad)
    0028965: [attachments] Show issue attachments along with issue header information (vboctor)
    0028963: [administration] Do not buffer output for CLI scripts (dregad)
    0028525: [administration] Using MySQL 8.0 gives warning in admin checks (atrol)
    0028533: [bugtracker] print_form_button() generates bad security token name for plugin action page (dregad)
    0028648: [localization] New Hindi Language Translation (dregad)
    0029027: [other] function gpc_set_cookie() ignores $p_httponly argument (community)
    0029026: [administration] Language checks should warn about languages not defined in config (dregad)
    0028668: [localization] Missing language codes in browser's auto map (dregad)
    0029269: [administration] Filter settings are not available on "Workflow Thresholds" page (atrol)
    0029230: [ldap] Can't set a custom field for ldap email (dregad)
    0029517: [authentication] Login redirection to plugin credentials page for non-existent user (community)
    0022109: [ui] Bugnotes links tilde ' ~' sign rendered as dash '-' in View page (dregad)
           0028964: [tools] New build script to download updated font files (dregad)
    0022224: [bugtracker] Access Restrictions to "Print Reports", "CSV Export", "Excel Export" in view all bugs page (dregad)
    0022371: [wiki] Support for WackoWiki (dregad)
    0025492: [security] Printing (print_all_bug_page) is a perf/security risk (dregad)
    0028902: [db mssql] APPLICATION ERROR 0000401 / Error MSSQL 4145 when view all bugs for 1000 projects or more (atrol)
    0028122: [administration] Improve handling of project assignment in manage_user_edit_page.php (dregad)
    0029611: [bugtracker] Cookies "SameSite" attribute triggers warnings in Firefox console (dregad)
    0029616: [bugtracker] collapse_settings cookie is hardcoded (dregad)
    0029903: [relationships] Wrong html syntax
    0030192: [change log] Changelog/Roadmap items are printed without any structure (dregad)
    0030283: [html] Invalid 'literal' tag used in MantisCoreFormatting language strings (dregad)
    0024621: [html] Closing </div> tag missing in sign up page (dregad)
    0027114: [ui] Long unbreakable text does not auto wrap in bug details page (community)
    0029583: [email] Support for sending emails with CC and/or BCC (community)
    0029585: [email] Unable to set the In-Reply-To header to a domain different from the current one (community)
    0029454: [email] monitor receives no mails if he is not project member (atrol)
    0030447: [administration] Detect invalid HTML in language strings (dregad)
    0030428: [installation] admin/check.php script says upload_max_size but actually checks upload_max_filesize (atrol)
    0030278: [code cleanup] Removing unused CUSTOM_FIELD_TYPE_xxx constants (dregad)
    0030279: [ui] Text Custom Field columns should be left-aligned (dregad)
    0030551: [administration] Project Edit Page improvements (dregad)
           0030423: [ui] Regroup the 2 Subprojects sections on Manage Project Edit page (dregad)
           0027274: [ui] Move Delete buttons into main form (dregad)
           0028562: [administration] Undefined constant ERROR_VERSION_NO_ACTION and missing matching error message (dregad)
           0028557: [administration] Inconsistent use of hyperlink instead of button to edit Custom Fields in Edit Project page (dregad)
           0030435: [ui] Manage Project Edit page should redirect to relevant section after updates (dregad)
           0028606: [administration] Incorrect filtering of users on Manage Project / Accounts (dregad)
           0030490: [javascript] list.js library causing CSP violation in manage_proj_edit_page.php (dregad)
                 0030494: [javascript] list.js navigation buttons scrolling to top of page (dregad)
           0030494: [javascript] list.js navigation buttons scrolling to top of page (dregad)
           0030550: [ui] Buttons' vertical size is slightly smaller than other form elements (dregad)
    0004993: [administration] Utility to copy attachments from File to Database (dregad)
    0032237: [api rest] REST API Create Project API requires administrator rather than create_project_threshold (vboctor)
    0017121: [api soap] phpunit FilterTest fail if there are more than 50 issues in the tracker (dregad)
    0022190: [markdown] Markdown markup should be done with CSS classes, not inline styles (community)
    0022791: [api rest] Support retrieving users with specified access level to a project (vboctor)
    0027128: [api rest] Can not get userid from another user with REST API (vboctor)
    0028528: [administration] Outdated PostgreSQL version information in Admin Checks (dregad)
    0029511: [installation] MSSQL blocking error during installation. (dregad)
    0030773: [performance] Only load dynamic CSS status_config.php when necessary (dregad)
    0030908: [api rest] Update postman collection (vboctor)
    0031993: [documentation] Using Docker to build Documentation (dregad)
    0031944: [ui] "pinning" an issue calls for not CSS code in view_all_inc.php (atrol)
    0031666: [plug-ins] Hook for Custom field on bug_change_status_page (community)
    0031833: [bugtracker] Issues should have canonical meta tag (community)
    0032244: [performance] Issue view page timeouts or inefficient for issues with large number of notes and attachments (vboctor)
    0032245: [api rest] REST API for creating API tokens for users (vboctor)
    0032246: [api rest] Deleting a user should revoke (delete) all their API tokens (vboctor)
    0032247: [api rest] REST API for deleting API token (vboctor)
    0032248: [api rest] Get Project REST API returns html if user doesn't have access (vboctor)
    0032249: [api rest] Get Project Issues returns html if user doesn't have access to project (vboctor)
    0032258: [api rest] Add REST API for setting config options that are settable via database (vboctor)
    0032231: [code cleanup] Create ProjectAddCommand (vboctor)
    0032238: [code cleanup] Create ProjectUpdateCommand (vboctor)
    0032236: [api rest] REST API Create Project doesn't trigger EVENT_MANAGE_PROJECT_CREATE plugin event (vboctor)
    0032445: [api rest] REST API: Project Add API to return information about added version (vboctor)
    0032331: [api rest] Support selecting which fields to retrieve for an issue (vboctor)
    0032356: [api rest] REST API: Support Get User By ID (vboctor)
    0032357: [api rest] REST API: Support select for fields to return when getting user info (vboctor)
    0032382: [code cleanup] Duplicated code in email API (dregad)
    0032385: [bugtracker] Incorrect use of mb_strimwidth() to truncate old/new values in history API (dregad)
    0032466: [api rest] REST API: Create Project User (vboctor)
    0032469: [api rest] REST API: Support impersonation of users (vboctor)
    0032504: [documentation] Documentation: Hooking events declared by other plugins (dregad)
    0032704: [code cleanup] Remove deprecated function db_prepare_string() (dregad)
    0032714: [code cleanup] Remove function check_php_version() (atrol)
    0020647: [administration] Not able to update existing user accounts if $g_email_ensure_unique == ON (vboctor)
    0021657: [documentation] Development Guide - Chapter 4. Plugin System - Errors in text (dregad)
    0025956: [installation] Drop support for PHP 5.x (dregad)
    0027793: [documentation] Admin Guide lists incorrect/incomplete/obsolete required PHP extensions (dregad)
    0029882: [tools] Enable PHP 8.1 builds on Travis-CI (dregad)
    0030907: [api soap] SOAP API mc_project_get_users doesn't enforce access check (vboctor)
    0032232: [code cleanup] Create ProjectDeleteCommand (dregad)
    0032234: [api soap] SOAP API Create Project API requires administrator rather than create_project_threshold (vboctor)
    0032235: [api soap] SOAP API Create Project doesn't trigger EVENT_MANAGE_PROJECT_CREATE plugin event (vboctor)
    0032465: [api rest] REST API: User Update API (vboctor)
           0024757: [api rest] To move a user to disabled (vboctor)
           0027130: [api rest] change username via rest api (vboctor)
           0032464: [code cleanup] Implement UserUpdateCommand (vboctor)
    0032468: [api rest] REST API: Update Project User (vboctor)
    0032735: [code cleanup] Use range() function instead of string increment (dregad)
    0032804: [api rest] REST API unit test incorrectly failing with anonymous user (dregad)
    0032806: [documentation] Developers Guide PHPUnit section is out of date (dregad)
    0032811: [tagging] Wrong display of tag filter (atrol)
    0032814: [api soap] PHPUnit SOAP API tests trigger syntax error when extension is not loaded (dregad)
    0032815: [tools] Error when executing the complete PHPUnit test suite with AllTests.php (dregad)
    0032816: [tools] Use phpunit.xml to define Test Suites (dregad)
    0032828: [tools] TravisCI ' /usr/sbin/sendmail: not found' error after successful test execution (dregad)
    0032831: [code cleanup] Remove unnecessary check on Version Id (dregad)
    0032832: [code cleanup] Remove version_cache_row()'s 2nd parameter (dregad)
    0032835: [api rest] REST API errors when attempting to add or delete issue relationships (dregad)
    0032858: [api rest] Status codes returned by REST API delete operations are not consistent (dregad)
    0032864: [api rest] Missing PHPUnit tests for Projects REST API endpoints (dregad)
    0032866: [api rest] Allow REST API to run on PHP 8.1 without squelching E_DEPRECATED notices (dregad)
    0032901: [code cleanup] Unneeded PHP version checks (atrol)
    0005189: [bugtracker] "Operation successful." message page slows down interaction (vboctor)
    0028860: [localization] Incorrectly configured serbo-croatian (sh) language (dregad)
    0027383: [tools] Refactor and improve output of 'test_langs.php' admin script (dregad)
    0029025: [email] Update PHPMailer to 6.8.0 (dregad)
    0030812: [administration] "Copy Categories From" copies global categories (dregad)
    0030415: [api rest] REST API: Add API to Get / Delete / Update versions (vboctor)
    0032027: [bugtracker] PHP 8.2 support (dregad)
           0032734: [filters] Saving a filter triggers deprecated warning on PHP 8.2 (dregad)
           0032807: [api rest] Update Guzzle to 7.8.0 (dregad)
                 0027840: [installation] Increase minimum PHP requirement to 7.2.5 (dregad)
           0032028: [db schema] Update ADOdb to 5.22.5 (dregad)
                 0033031: [db mysql] Problem in the download process (عندي مشكله في عمليه التنزيل)
                 0027840: [installation] Increase minimum PHP requirement to 7.2.5 (dregad)
    0032038: [email] Missing In-Reply-To header in new bugnote email notification (community)
    0032467: [api rest] REST API: Delete Project User (vboctor)
    0032726: [filters] Filtering on "projection" field is missing (dregad)
    0032787: [administration] Facilitate identification of user accounts sharing the same email (dregad)
    0032810: [tools] Ugrade to PHPUnit 8.5 and adapt test suite (dregad)
           0027840: [installation] Increase minimum PHP requirement to 7.2.5 (dregad)
    0032900: [security] Use PHP random_bytes() instead of our custom crypto_generate_random_string function (atrol)
    0032926: [administration] Disallow setting logging options in database (atrol)
    0032940: [administration] Add admin check to detect users without e-mail address when allow_empty_email = OFF (dregad)
    0032978: [code cleanup] Avatar::get() returns Avatar instance, but phpdoc indicates it returns array (vboctor)
    0033003: [documentation] Duplicated REST API endpoint GET /issues in Postman documentation (vboctor)
    0033017: [documentation] Mantis version visible in REST API request headers even when $g_show_version is OFF (dregad)
    0033010: [administration] PHP errors triggered by Admin Checks cause silent failure (dregad)
    0033018: [api rest] Update Slim Framework to 3.12.5 (dregad)
    0033023: [api rest] REST and SOAP APIs fail to report that Mantis is offline (dregad)
    0033058: [plug-ins] Unknown named parameter $files (dregad)
	
mantisbt - 2.25.8 Released 2023-10-14
======================================
Security and maintenance release addressing an information disclosure issue (CVE-2023-44394) and a security issue in bundled GuzzleHttp library (CVE-2023-29197). This release also resolves several PHP 8.x compatibility and REST API issues.

All installations are strongly advised to upgrade as soon as possible.

	 0028618: [bugtracker] Category empty but required does not prevent form submission on Firefox Windows and Safari (dregad)
	 0029438: [api rest] Unsupported operand types when an incident with time tracking notes is updated via REST API (dregad)
	 0032390: [plug-ins] Impossible to install a plugin without any dependencies (dregad)
	 0032432: [security] Update guzzlehttp/psr7 to 1.9.1 (dregad)
	 0032612: [bugtracker] DEPRECATED: 'Creation of dynamic property BugData::$bug_text_id (dregad)
	 0032451: [bugtracker] Email uniqueness is not enforced on case-sensitive databases (dregad)
	 0032459: [bugtracker] Graphics x Apple Safari 16 (atrol)
	 0032703: [bugtracker] Local documentation is not accessible (403) (dregad)
	 0032788: [ui] Incorrect styling of table headers (dregad)
	 0032809: [bugtracker] PHP 8.1 deprecation notice in user_search_cache() (dregad)
	 0032860: [api rest] REST API allows resolving an issue with unresolved children (dregad)
	 0032865: [html] Wrong HTML tags on "Manage Filters" page (atrol)
	 0032889: [plug-ins] EVENT_MENU_DOCS is never triggered (dregad)
	 0026365: [api rest] Missing Authorization header in REST API causing requests to fail (dregad)
	 0032981: [security] CVE-2023-44394: Information Leakage on DokuWiki Integration (dregad)