42496035e4
REPLACE_BASH in installed file. Replace PHP interpreter in installed *.php files. Move options framework into options.mk. Use INSTALLATION_DIRS instead of INSTALL_DATA_DIR. From doc/RELEASE: 1.2.17 Security Release (2014-03-04) ------------------------------------------------- MantisBT 1.2.17 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from [3]. An SQL injection vulnerability (CVE-2014-2238) in adm_config_report.php was patched. Refer to issue #17055 for detailed information. This release also includes a few bug fixes for the tracker, including News API correction for the regression issue #16940 introduced in 1.2.16, as well as updated translations in many languages. A full changelog for the 1.2.x series can be found on the official site. [1] 1.2.16 Security Release (2014-02-07) ------------------------------------------------- MantisBT 1.2.16 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from [3]. The following security issues were resolved: - Cross-site scripting (XSS) issue in account_sponsor_page.php, allowing a malicious user with project manager access to execute arbitrary JavaScript code (CVE-2013-4460). Affects MantisBT 1.1.0 and later. Refer to issue #16513 for detailed information. - SQL injection attacks through the SOAP API's mc_attachment_get() function (CVE-2014-1608). Affects MantisBT 1.1.0a4 and later. Refer to issue #16879 for detailed information. - Additional cases of unsanitized SQL query parameters usage were identified, potentially allowing SQL injection attacks (CVE-2014-1609). Refer to issue #16880 for detailed information. This release also includes many bug fixes and enhancements to the tracker and the SOAP api, as well as updated translations in many languages. A full changelog for the 1.2.x series can be found on the official site. [1] [1] The changelog is split between multiple releases: 1.2.17 http://www.mantisbt.org/bugs/changelog_page.php?version_id=189 1.2.16 http://www.mantisbt.org/bugs/changelog_page.php?version_id=183
27 lines
871 B
Text
27 lines
871 B
Text
===========================================================================
|
|
$NetBSD: MESSAGE,v 1.6 2014/09/24 01:06:26 rodent Exp $
|
|
|
|
To complete the setup you will need to read the INSTALL guide in order
|
|
to setup MySQL properly. In particular secion 3 of the document deals
|
|
with database setup.
|
|
|
|
The following URL can be used to complete the installation and database
|
|
setup:
|
|
|
|
http://localhost/mantis/admin/install.php
|
|
|
|
You will need to make Mantis accessible through your HTTP server.
|
|
If you are running Apache then you may add the following lines to httpd.conf:
|
|
|
|
Include ${PKG_SYSCONFDIR}/mantis.conf
|
|
|
|
to make Mantis accessible through:
|
|
|
|
http://localhost/mantis/index.php
|
|
|
|
|
|
IMPORTANT SECURITY NOTES:
|
|
|
|
* Once Mantis is running correctly remove or restrict access to
|
|
the admin directory.
|
|
===========================================================================
|