8c504e4bef
2008.10.18 - 1.1.4 =================================== We had to withdraw 1.1.3 because of a serious flaw affecting the bug_report* pages. This new release fixes that problem and a newly discovered security issue . - 0009704: [security] Remote Code Execution in manage_proj_page.php (giallu) - r esolved. - 0009691: [bugtracker] Failed to report issue.(Always APPLICATION ERROR #2800) (jreese) - resolved. - 0009690: [other] Wrong parameter count for session_set_cookie_params() (jreese ) - resolved. - 0009693: [webpage] Generated HTML contains multiple hostnames when proxied (jr eese) - resolved. 2008.10.09 - 1.1.3 =================================== In this release we fixed a couple of nasty bugs sneaked into 1.1.2, where sendin g bugnotes email notifications would fail and browser caching was not functional . We also refined the implementation of form security tokens and closed a couple o f security issues, an information disclosure (with no CVE) and a session hijacki ng (CVE-2008-3102). - 0009321: [security] Users can get title and status of issues that they don't h ave access to. (vboctor) - resolved. - 0009533: [security] Mantis should use secure sessions on https connections (jr eese) - resolved. - 0009286: [administration] stray "2" in manage_user_prune.php (vboctor) - resol ved. - 0009664: [authentication] Logout without unsetting session cookie (jreese) - r esolved. - 0009323: [bugtracker] Browser caching broken since 1.1.2 (jreese) - resolved. - 0009470: [bugtracker] Tags filter not filling into text field when selecting f rom list using Internet Explorer (jreese) - resolved. - 0009493: [custom fields] Removing custom fields from project causes applicatio n error 2800 (giallu) - resolved. - 0009309: [email] Problems with e-mail notifications about bugnotes [PATCH] (gi allu) - resolved. - 0004678: [filters] Filter combos don't fill up on if switched to 'All Projects ' - closed. - 0009430: [graphs] bug_graph_bystatus shows heading by_category (thraxisp) - re solved. - 0009431: [localization] no localization for usage of open, resolved, closed in bug_graph_bystatus.php (thraxisp) - resolved. - 0008882: [other] Gravatar causes annoying security popups on IE when using Man tis over HTTPS/SSL (jreese) - resolved. - 0009361: [other] php session fail created cause mantis app error. (jreese) - r esolved. - 0009560: [other] Wrong behaviour in Session API (session_save_path error messa ge) (jreese) - resolved. - 0009672: [other] Fixing form error by going back fails because of security tok en (jreese) - resolved. - 0009343: [scripting] form security token prevents changing relationship while resolving bug (jreese) - resolved. |
||
|---|---|---|
| .. | ||
| files | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||