Not Yet Released
0023237: [performance] Project cache is not efficient with navbar project selection. (cproensa)
0022919: [time tracking] Time Tracking "auto count" is giving the wrong elapsed time (dregad)
0023227: [ui] When specifiying top_buttons display, the button on update screen has no styling. (atrol)
0021807: [ui] The required fields are not explicitly visible when updating, resolving or closing an issue (community)
0023202: [ui] Questionable order and functionality of top buttons on "View Issue" page (atrol)
0023112: [custom fields] Custom fields badly filtered when multi-projects (cproensa)
0023204: [performance] Unused and inefficient code in function layout_print_sidebar (atrol)
0023184: [bugtracker] AJAX calls with invalid endpoints fail with syntax error (dregad)
0023191: [time tracking] Unable to access time tracking reports (atrol)
0023144: [api rest] Support issue id as part of the path for REST API (vboctor)
0023143: [api rest] Support adding notes via REST API (vboctor)
0023131: [api rest] /api/rest/projects doesn't return child projects (vboctor)
0023139: [api rest] Notes returned by /issues REST API have incorrect timestamps (vboctor)
0023145: [api rest] Support deleting notes via REST API (vboctor)
0023187: [email] Update PHPMailer v5.2.23 to v5.2.24 (vboctor)
0023188: [bugtracker] Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor)
0023189: [markdown] Update Parsedown 1.6.2 to 1.6.3 (vboctor)
0023190: [code cleanup] Update PhpUnit from 4.8.35 to 4.8.36 (vboctor)
0022913: [email] Update disposable-email-checker to v3.0.1 using Composer (vboctor)
0022939: [code cleanup] Use Parsedown library v1.6.2 via Composer (vboctor)
0022940: [code cleanup] Update PHPMailer from 5.2.22 to 5.2.24 and use Composer (dregad)
0012313: [attachments] Can't open image attachments in browser windows (dregad)
0023159: [ui] Graph display is too faint and blurred (atrol)
0023087: [filters] Removing "Report an issue" permission removes user from Monitoring filter dropdown (atrol)
0023150: [html] Unused code and unused CSS delivered for obsoleted functionality (atrol)
0023141: [html] Unused CSS delivered (atrol)
0023116: [html] Due date field not displayed correctly when editing ticket (community)
0022730: [ui] 'Manage Configuration' tab usually does not highlight (dregad)
0023061: [ui] print_manage_menu() does not highlight active plugin pages (dregad)
0022813: [customization] Field is appearing in email notification but not used in UI. (joel)
0022984: [ui] Calendar doesn't show the correct date the first time it opens (dregad)
0022987: [code cleanup] Replace hardcoded language strings by translatable ones (dregad)
0022967: [ui] Questionable display of "Access Denied" on view_user_page (atrol)
0022981: [ui] Display of hardcoded string on view_user_page if e-mail address is empty (atrol)
34 issues View Issues
Not Yet Released
0023179: [security] Login page no longer warns about 'admin' directory being present (dregad)
0023146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
0023181: [administration] Checks on login page are never executed if "admin" dir does not exist (dregad)
0023185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
0023166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
5 issues View Issues
Released 2017-06-17
Maintenance release that fixes installation failure.
0022985: [installation] Initial installation does not continue after clicking install (dregad)
1 issue View Issues
Released 2017-06-04
Feature release with main focus on REST API improvements, some of the fixes also applies to the SOAP API.
0022850: [ui] Installation page layout and style issues (dregad)
0022765: [api rest] Implement a test framework for REST API (vboctor)
0022766: [api rest] Enum name should reflect non-localized enum name and label for localized name (vboctor)
0022767: [api rest] Include status color in status enum value for issues (vboctor)
0022768: [api rest] Support retrieving issues based on filter or a project (vboctor)
0022769: [api rest] Note type should be note instead of timelog if time tracking is not accessible to user (vboctor)
0022770: [api rest] Change version from string to an object (vboctor)
0022771: [api rest] Due date access check should be based on project access level rather than global one (vboctor)
0022772: [api rest] Don't return eta info if feature is disabled (vboctor)
0022773: [api rest] Don't return projection info if feature is disabled (vboctor)
0022774: [api rest] Some access denied errors don't show user info correctly (vboctor)
0022775: [api rest] Rename date_submitted to created_at and last_updated to updated_at (vboctor)
0022776: [api rest] Sticky flag should be a boolean rather than a string (vboctor)
0022777: [api rest] Don't return sponsorship_total (vboctor)
0022778: [api rest] Don't allow setting version to an undefined version (vboctor)
0022779: [api rest] Don't return profile information if feature disabled (vboctor)
0022780: [api rest] Don't return platform, os, and os_build if disabled (vboctor)
0022782: [api rest] Don't return target_version if user doesn't have access to view roadmap (vboctor)
0022783: [api rest] Return 400 instead of server side error if summary, description or project fields are missing (vboctor)
0022788: [api rest] Support retrieving projects accessible to users (vboctor)
0022808: [api rest] Use GuzzleHttp for http requests (vboctor)
0021871: [performance] Improve db_fetch_array performance (cproensa)
0021994: [attachments] issue with attachments cannot be moved between projects with different upload directories (uploads saved in file system) (dregad)
0022809: [api rest] Upgrade Slim Framework from 3.7.0 to latest (3.8.1) (vboctor)
0022851: [installation] Installer should display sample table names based on table prefix/suffix settings (dregad)
0022852: [localization] [de] Incorrect label in German "Change status" form (atrol)
0022865: [code cleanup] Login page displays a PHP system notice when using BASIC_AUTH (dregad)
0022864: [code cleanup] phpdoc for 'print_link_button' has incorrect order of parameters (cproensa)
0022868: [other] PHP variable misspelt in html_api.php (dregad)
0022904: [db mssql] database_api: db_insert_id returns string not int (mssql) (dregad)
0022905: [code cleanup] The URL of the return button in breadcrumbs div has a trailing '?' (dregad)
0022925: [time tracking] Time Tracking - issue (atrol)
0022928: [administration] $g_anonymous_account is case sensitive, preventing normal users from logging in (vboctor)
0022933: [timeline] Confusing entry in timeline when removing other users from monitoring list (atrol)
34 issues View Issues
Released 2017-06-04
0022923: [authentication] Logout page on authentication plugins never gets called (community)
0022926: [custom fields] Custom Fields - Date: Field does not show date (view.php), shows other text (vboctor)
0022937: [custom fields] Custom fields of type Email are not properly displayed (vboctor)
0022950: [custom fields] Custom Fields of Type Text showing Link (Url) as Text only (vboctor)
4 issues View Issues
Released 2017-05-20
MantisBT maintenance release for 2.4.x.
0022428: [markdown] CSV and Excel exports with markdown on (vboctor)
0022906: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
0022909: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad)
0022867: [markdown] Markdown formatting is broken for notes column on View Issues page (vboctor)
4 issues View Issues
Not Yet Released
0023175: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
0023186: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
2 issues View Issues
Released 2017-05-20
MantisBT maintenance release for 2.3.x
0022907: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
0022908: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad)
2 issues View Issues
Released 2017-05-20
MantisBT maintenance and security release for 1.3.x.
0020168: [db schema] Use of 'mantis' as plugin table prefix prevents plugin's installation (dregad)
0022702: [security] CVE-2017-7620: CSRF - Arbitrary Permalink Injection (dregad)
0022816: [security] CVE-2017-7620: Open redirection vulnerability in /login_page.php (dregad)
3 issues View Issues
Released 2017-04-30
0022452: [ui] Create new project button (community)
0021558: [ui] log destination for page produces messed output (syncguru)
0022665: [documentation] Wrong documentation of option bug_resolution_fixed_threshold (atrol)
0022689: [bugtracker] HTTP_X_FORWARDED_PROTO is not honored when loading Gravatar (vboctor)
0022744: [signup] Signup is not working on mantisbt.org/bugs (vboctor)
0022740: [performance] Allowed memory size of 268435456 bytes exhausted (vboctor)
0004235: [authentication] Support Generic Authentication through Plug-ins (vboctor)
0022140: [administration] Getting error dialog when reporting issues and file upload is disabled (cproensa)
0022635: [time tracking] Empty notes with time tracking show as empty notes for users that can't view time tracking (vboctor)
0022673: [attachments] Dropzone uploads files when submitting other forms (cproensa)
0022762: [api rest] Bug in error handling when user doesn't have access level to handle issue (vboctor)
11 issues View Issues
Released 2017-04-29
0022742: [security] CVE-2017-7897: XSS in timeline_inc.php (affects my_view_page.php and view_user_page.php) (dregad)
0022743: [timeline] Timeline "More Events" button also acts as "Next" button (dregad)
0022746: [authentication] Lost password redirects to login page if email address is empty and anonymous access is disabled (vboctor)
3 issues View Issues
Released 2017-04-16
Security and maintenance release
0022700: [localization] Due Date in bug_change_status_page.php (cproensa)
0022653: [filters] Regression: Filter by date broken (cproensa)
0022739: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)
3 issues View Issues
Released 2017-04-16
Security release
0022738: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)
1 issue View Issues
Released 2017-04-16
Security release
0022690: [security] CVE-2017-7615: Account verification page allows resetting any user's password (dregad)
1 issue View Issues
Released 2017-03-31
Feature release including security fixes and our brand new experimental REST API. The REST API can be extended by plugins and power web UI ajax features. In this release the REST API is disabled by default (expect for calls from within the web UI using cookie authentication) – see #22598 for more details.
0022585: [timeline] Show timeline for specific user (cproensa)
0022507: [ui] On Edit Filter page, 'Filter name' input field is too narrow (dregad)
0022445: [ui] Manage users page does not show filters '0'-'9' as selected (atrol)
0022474: [administration] "Obsolete configuration" warnings when running admin checks (atrol)
0022499: [documentation] Document reuse of language strings (dregad)
0022501: [ui] Enhance layout of "View Issue Details" page (atrol)
0022505: [ui] Enhance layout of "Updating Issue Information" (atrol)
0022506: [attachments] Error updating project document (atrol)
0022423: [html] ID attribute for bugnote_text (community)
0022541: [localization] Enhance wording in manage_config_email_page.php and manage_config_work_threshold_page.php pages (atrol)
0022548: [ui] Remove unnecessary 'center' class from textarea in bugnote edit page (community)
0022571: [html] Add ID attribute for bugnote_text textarea (community)
0022572: [documentation] Wrong default value in documentation of "g_show_version" (atrol)
0021552: [ui] My account preferences: move project list outside the form (cproensa)
0022543: [ui] Open images in the browser rather than download them (vboctor)
0022582: [relationships] Relationships box layout is not right for reporters (vboctor)
0022583: [attachments] Open PDFs in the browser rather than downloading them (vboctor)
0022473: [plug-ins] Avatars should respect image aspect ratio (community)
0022590: [ui] Broken javascript and missing footer in My View Page (cproensa)
0022593: [plug-ins] Broken Snippet plugin (vboctor)
0022598: [api rest] REST API Framework (vboctor)
       0022599: [code cleanup] Use composer to pull in dependencies (vboctor)
       0022600: [api rest] Enable plugins to publish their own REST APIs (vboctor)
       0022601: [api rest] Support using REST API from Web UI Javascript (vboctor)
       0022602: [api rest] Provide a sandbox for interacting with REST API using Swagger UI (vboctor)
0022617: [code cleanup] Unneeded CSS file calendar-blue.css (atrol)
26 issues View Issues
Released 2017-03-31
Security fixes and maintenance release
0022392: [filters] Sorting all bugs list using a column header after applying a filter resets the filter (cproensa)
0022496: [filters] Permalink does not work with "Note By" (cproensa)
0022566: [filters] Filter error due to "view status" having an array value (cproensa)
0022555: [filters] Regression in custom field sorting (cproensa)
0022613: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
0022615: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
0022333: [markdown] Markdown starts heading in the middle of a line (joel)
0022545: [markdown] Markdown still converting '& amp;' to & and '& lt;' to < (dregad)
8 issues View Issues
Released 2017-03-31
Security fixes release
0022063: [db mssql] Installation on MSSQL fails at step 209 (dregad)
0022568: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
0022579: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
0022208: [db mssql] File upload to MS-SQL not working (dregad)
4 issues View Issues
Released 2017-03-30
Security release
0022612: [security] CVE-2017-7309: XSS in adm_config_report.php (dregad)
0022614: [security] CVE-2017-7241: XSS in move_attachments_page.php (dregad)
2 issues View Issues
Released 2017-03-21
Maintenance and Security release for 2.2 series
0022562: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad)
1 issue View Issues
Released 2017-03-21
Maintenance and Security release for 2.1 series
0022564: [security] CVE-2017-6799: XSS in view_filters_page.php (dregad)
0022565: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad)
0022563: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)
3 issues View Issues
Released 2017-03-21
Maintenance and Security release for 1.3 series
0022537: [security] CVE-2017-6973: XSS in adm_config_report.php (dregad)
0022468: [other] Resolution changes in some cases when closing issues (atrol)
2 issues View Issues
Released 2017-03-11
Maintenance release for 2.2 series including security fixes.
0022497: [security] CVE-2017-6799: XSS in view_filters_page.php (dregad)
0022561: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)
0022246: [markdown] Markdown is converting '&' signs to (ampersand[amp;]) inside code block or backtick as well (joel)
0022442: [printing] System error when opening Print reports (dregad)
0022479: [administration] Can't edit a project's name changing only accents a on MySQL (dregad)
0022510: [installation] Attempting to connect to database as admin BAD despite valid userid and password (dregad)
6 issues View Issues
Released 2017-03-11
Maintenance release for 1.3 series including security fixes.
0022486: [security] CVE-2017-6797: XSS in bug_change_status_page.php (dregad)
0022503: [tools] Travis CI builds fail for PHP > 5.5 (dregad)
0022309: [documentation] Example of Regular expression on documentation not work on MantisBT (atrol)
0022335: [documentation] Wrong documentation of $g_limit_email_domains in Admin Guide (atrol)
0022355: [documentation] typo error for the email_receive_own parameter (atrol)
5 issues View Issues
Released 2017-02-26
A feature release that includes all fixes from 2.1.1 release listed above, some setup fixes, status colors visibility improvements, shed some unnecessary js/css and multiple improvements for relationships feature.
0022401: [installation] Installer displays horizontal blue line under "Checking installation" section header (dregad)
0022361: [relationships] Trigger notifications on related issues when an issue is deleted (vboctor)
0022400: [installation] Installer does not show "GOOD" status for DB connections (dregad)
0021796: [ui] inline attachments should be directly visible (dregad)
0021724: [ui] Improve visibility of status colors (syncguru)
0008313: [relationships] More work needs to move to Relationship APIs (vboctor)
0016933: [relationships] Deleting relationship should set target bug's last updated (vboctor)
0021619: [code cleanup] Use constants instead of hardcoded values for filter view types (dregad)
0021881: [javascript] Remove jquery-ui is not longer used in Modern UI (syncguru)
0021897: [ui] Unaligned color coding of status (syncguru)
0022256: [javascript] Unbundle JS libraris from Ace theme files (syncguru)
0022273: [javascript] Enable CDN support for dropzone.js (syncguru)
0022296: [code cleanup] Options in $g_public_config_names are not sorted (atrol)
0022316: [code cleanup] Duplicate code to display the filter view type toggle menu item (dregad)
0022360: [relationships] relationship_add() doesn't return bug relationship information (vboctor)
0022362: [relationships] Use bin icon instead of 'delete' button to delete relationships (vboctor)
0022363: [relationships] Setting a duplicate id should update relationship with target issue if already exists (vboctor)
17 issues View Issues
Released 2017-02-26
A maintenance release for 2.1.x series
0022302: [filters] Permalink does not work with tags (cproensa)
0022266: [security] CVE-2017-7222: Sanitize window title (vboctor)
0022288: [bugtracker] Due date current value doesn't show in change status form (syncguru)
0022326: [time tracking] g_time_tracking_without_note has no effect (vboctor)
0022347: [filters] Filter allows to sort on non sortable fields (cproensa)
0022359: [ui] Enhance filter box UI (syncguru)
0022369: [filters] Recently Modified box on View Issues page does not display closed issues (cproensa)
7 issues View Issues
Released 2017-02-01
Maintenance release for 1.3.x series.
0022207: [security] Update PHPMailer to 5.2.22 (dregad)
0021798: [printing] Print reports failed : special characters are not formatted (atrol)
0017336: [installation] Hide non-mysql experimental DB's for new installation whilst we get proven DB Layer into Mantis (dregad)
0021588: [security] Update .htaccess files to support Apache 2.4 new authz syntax (dregad)
0022005: [sql] Database log for postgres/oracle not showing parameter substitution (cproensa)
0022018: [sql] Database log does not show boolean parameters correctly (cproensa)
0022194: [bugtracker] Update securimage to 3.6.5 (dregad)
0022235: [documentation] Setting preference "$g_register_globals" appears in documentation but not in "config_defaults_inc.php" (dregad)
0022240: [webpage] NOTICE: 'Undefined variable' with LDAP (atrol)
9 issues View Issues
Released 2017-02-01
Maintenance release for 2.0.x series.
0022107: [plug-ins] EVENT_MENU_MAIN does not support relative paths (dregad)
0022114: [tools] Travis builds should reflect supported PHP versions (dregad)
0022157: [installation] Incorrect Error Message on MSSQL installation (atrol)
0022168: [webpage] HTTPS for powered by-link (atrol)
0022230: [news] PHP system notice on News page (vboctor)
5 issues View Issues
Released 2017-01-30
MantisBT 2.1.0 feature release
0005731: [feature] search function for projects (vboctor)
0021551: [administration] Manage Users pagination loses filter letter (community)
0021935: [filters] Filter api refactoring, manage stored filters (cproensa)
       0006823: [filters] Date filter should work with "last update", too (community)
       0021618: [code cleanup] Duplicate code to determine the default view type (cproensa)
       0006732: [administration] Sorting issue lists isn't stable (each sort scrambles previous sort) (cproensa)
       0008626: [filters] Filter forgets custom date filtering (cproensa)
       0017852: [filters] Tags is showing on its own row in filter box (cproensa)
       0021031: [filters] Rewrite the filter box form (cproensa)
       0021032: [filters] Setting $g_filter_custom_fields_per_row to other than default can cause empty cells in filter box (cproensa)
       0021592: [filters] Unknown column 'mantis_bug_table.tags' (cproensa)
       0021827: [filters] Displaying date filter values : month always displayed in text (english) (community)
       0003803: [filters] Provide a way to update a saved filter (cproensa)
       0006042: [filters] Switching to "Advanced Filters" hides "Hide Status" and ignores setting (cproensa)
       0006551: [customization] Manage custom filters (cproensa)
       0007708: [feature] Feature: multiple sorting of problem informations (cproensa)
       0011007: [filters] After setting $g_view_filters = ADVANCED_ONLY in config_inc.php can still end up in simple filter mode. (cproensa)
       0020493: [filters] Wrong hide_status value on column sorting (cproensa)
       0020624: [filters] Filter shown inconsistent after changing from advanced to simple (cproensa)
       0020882: [filters] Filter by date inputs are shown disabled (cproensa)
       0021029: [bugtracker] Trigering a DEPRECATED error from the page body fails (cproensa)
       0021044: [performance] my view page, $t_hide_status_default consitency (cproensa)
       0021811: [filters] Advanced filter shows icorrect fields (cproensa)
       0009213: [filters] manage filter (cproensa)
       0009301: [filters] Add support for updating a current filter (cproensa)
       0018045: [ui] Changed ordering of fields on View Issues page (cproensa)
       0019700: [filters] Filters table on the view_all_bug_page.php shows empty lines when $g_enable_profiles is set to OFF (cproensa)
       0021814: [filters] plugin filter fields dont work with dynamic input (cproensa)
0022209: [bugtracker] Adding a custom field to a project makes the filter for this project unusable (atrol)
0011604: [change log] Versions marked as obsolete appear on change log page (vboctor)
0022164: [markdown] Font for quoted string in markdown is too large (joel)
0022172: [markdown] Markdown not displaying single line breaks (joel)
0022113: [localization] translatewiki.net integration updates (dregad)
0022169: [attachments] File upload not working when $g_allowed_files is set (atrol)
0022171: [plug-ins] Redefine plugin version requirements (dregad)
0022175: [markdown] Markdown converting '<' within backticks to & lt; (joel)
0022179: [markdown] Markdown is eating apostrophe / single quote (joel)
0022204: [markdown] News headlines are parsed with markdown, though they should not be (vboctor)
0022205: [plug-ins] Specifying plugin authors as array triggers 'Array to string conversion' (dregad)
0022206: [plug-ins] Improve documentation for plugins (dregad)
0022221: [documentation] Documentation: update 'Database tables' section (dregad)
0022232: [email] Email verbose notifications should be OFF by default (vboctor)
0022237: [code cleanup] Remove references to 'register_globals' (dregad)
0022239: [ui] checkbox for personal setting "E-mail Full Issue Details" still using old style (dregad)
0017920: [markdown] Native markdown support (joel)
0022131: [timeline] Remove yellow background in timeline date range (dregad)
46 issues View Issues
Released 2016-12-30
0020040: [security] Replace jscalendar by a newer widget (syncguru)
0021841: [installation] Minimum requirements for 2.x releases (dregad)
0021927: [administration] System utilities page for moving attachments should support move all attachments (joel)
0021925: [ui] Incorrect text for the remove file button in the file upload dropzone (dregad)
0021965: [documentation] Section 2.2.2.1 Admin Guide: Misaligned row in Table (dregad)
0022059: [ui] Missing leading zeroes in due date display (dregad)
0022064: [javascript] datetime picker does not work if 'cdn_enabled' is ON (community)
0021962: [ui] Due Date calendar icon wraps below the field (syncguru)
8 issues View Issues
Released 2016-12-30
0021959: [installation] Installer fails if mbstring extension is not installed (dregad)
0022031: [rss] RSS throws a system notice (cproensa)
0022073: [security] Potentially serious RCE vulnerability in bundled PHPMailer before 5.2.18 (CVE-2016-10033) (dregad)
0021964: [custom fields] Editing issues with custom fields throws system notice (cproensa)
0019586: [timeline] Support disabling timeline feature based on access level (dregad)
0022011: [bugtracker] LOG_ALL causes error (dregad)
0021966: [bugtracker] View Issues Page Throwing MySQL Error Due to Hard Coded SQL Query (cproensa)
0020004: [custom fields] Wrong custom fields are shown on bug closing (community)
0021883: [db mssql] MSSQL installation fails with BAD ALTER TABLE error (dregad)
0021930: [administration] Administrator - Manage Users Error - SQL SERVER VERSION GREATER THAN 2012 NOT SUPPORTED (dregad)
0021963: [feature] Setting version fields on View Issues page broken (cproensa)
0021998: [performance] My View page timeline history query performance (cproensa)
0022004: [documentation] Outdated information concerning Time Tracking (atrol)
0022013: [other] EVENT_BUG_DELETED event is not called consistently (community)
0022028: [performance] Time out caused by URL processing (cproensa)
0022074: [tagging] System notice when detaching tags (cproensa)
0022095: [timeline] Inconsistent number of "My View boxes" columns (dregad)
17 issues View Issues
Released 2016-11-26
The second release candidate for 2.0.0 release. This release includes all the fixes in 1.3.4 release.
0021758: [administration] System utilities page for moving attachments not styled correctly in modern ui (joel)
0021840: [html] Add missing closing <div> in layout_api.php (syncguru)
0021854: [authentication] Re-authenticating when visiting manage page should re-use login page (vboctor)
0021861: [ui] Remove black bar from login page when it is empty (vboctor)
0021815: [code cleanup] print_button() has changed definition from v1.3 (cproensa)
5 issues View Issues
Released 2016-11-26
0021878: [performance] Improve issue note caching (vboctor)
0020916: [bugtracker] Fix "Request-URI too long" for bug action group page (cproensa)
0017367: [custom fields] Custom Field - On The Manage Columns - Mantis changed value to lower case (cproensa)
0021876: [email] Email notifications for notes shouldn't include full issue information (vboctor)
0021914: [performance] tags column in view-all page issues one query for each bug row (cproensa)
0021900: [performance] Custom fields produce a large number of db queries (cproensa)
0017923: [customization] Add more parameters to event signals on Bug Change Status Page (cproensa)
0020140: [customization] EVENT_FILTER_COLUMNS should accept objects along/instead classes (cproensa)
0021709: [bugtracker] on error after verification page, user still can browse the site (cproensa)
0021830: [email] Remove $g_mail_priority configuration option to reduce spam risk (vboctor)
0021838: [documentation] Wrong documentation of bug_reopen_resolution and bug_duplicate_resolution in Admin Guide (atrol)
0021844: [html] Ampersands in Gravatar urls are double-escaped on bug pages (dregad)
0021847: [ui] Submit Report annotation (atrol)
0021875: [email] Include note attachments information in issue note added notification (vboctor)
0021877: [email] Mentioned users in a new note shouldn't receive double notifications (vboctor)
0021879: [code cleanup] Explicitly pass issue note id to email notifications rather than getting latest note id (vboctor)
0021884: [code cleanup] Use meaningful names for bugnote cache global variables (cproensa)
0021912: [tagging] Related tags are not showed correctly (cproensa)
0021915: [reports] Undefined offset warining in summary page (cproensa)
0014268: [bugtracker] "Report Issue" is missing if the user has access to only private projects, but has not selected a project from the dropdown. (cproensa)
0020138: [performance] file_bug_attachment_count fetch data for all bugs (cproensa)
0020248: [custom fields] Custom field named with capital letters like "Component" doesn't display on views (cproensa)
0021673: [administration] Extend activation URL validity period from 1 to 7 days (vboctor)
0021894: [security] Handlers(Assignees) are visible when editing an issue even if they are not visible when viewing it (atrol)
0021896: [email] Fix Outlook preview for email notifications by removing empty line at top (dregad)
0021957: [installation] Missing default timezone blocks the installation (dregad)
26 issues View Issues
Released 2016-10-30
We are excited to share with you a milestone for the 2.0.0 release by releasing the first release candidate. We encourage users to try out and give us feedback. Since 2.0.0-rc.1 and 1.3.3 share the same database schema, it should be easy to try them out side by side. Download it now or check it out at https://www.mantishub.com
0021727: [attachments] Show attachments inline with notes (vboctor)
0021651: [security] Dropzone has inline scripts in View Issue page (syncguru)
0021806: [attachments] Attachment dropzone missing from notes when user doesn't have access to set view state (vboctor)
0021829: [email] Fix $g_mail_priority disabling and default to disabled (vboctor)
0021669: [security] Charts have inline scripts (syncguru)
0021715: [mobile] Menu and buttons missing for mid size browser window (syncguru)
0021722: [attachments] Issues with '+' button to view attachments inline (dregad)
0021736: [ui] Display real name in breadcrumb div (atrol)
0021743: [attachments] Attach files dropzone is not working (vboctor)
0021754: [mobile] Main navigation has no action / does not expand when clicked on (syncguru)
0021794: [mobile] Hide 'View Issues' buttons on small screens (syncguru)
0021805: [javascript] Javascript errors on login page (community)
12 issues View Issues
Released 2016-10-30
0021804: [html] Ampersands in Gravatar urls are not escaped properly (dregad)
0021802: [sql] Attempting to auto-link very long numbers can cause database errors (cproensa)
0006448: [filters] The "Changed(hrs):" filter label is confusing: change to "Hilite Changed(hrs):" (cproensa)
0021197: [filters] Hide status show"@0@ (And Above)" when press any "total" link from Summary page (cproensa)
0021737: [other] Users can't remove their real name from their account (atrol)
0021757: [documentation] Config folder is not documented at all related places in documentation (atrol)
0021793: [administration] Password reset email is sent to disabled users (cproensa)
0021795: [bugtracker] E_USER_DEPRECATED is not detected if error_reporting=0 (dregad)
0021808: [documentation] Inconsistency between Admin Guide and config_defaultsinc.php - g[show|enable]_product_build (atrol)
0021812: [filters] My view "resolved" filter has incorrect parameters (cproensa)
0021816: [other] Option reporter_summary_limit is wrongly considered on summary page (atrol)
11 issues View Issues
0021697: [ui] Clearer distinction between private and public notes (joel)
0021684: [ui] Account verify page layout broken (joel)
0021121: [ui] Project selection not usable with large number of projects (syncguru)
0021681: [ui] Breadcrumbs bar does not respect $g_show_realname (dregad)
0021603: [code cleanup] Publish full source code of ACE template (syncguru)
0021653: [reports] Graphs broken (vboctor)
0021682: [ui] "Operation successful" confirmation message partially hidden (dregad)
0021683: [ui] Standardize "operation successful" messages (dregad)
0021689: [code cleanup] Obsolete icon_path configuration (atrol)
0021710: [ui] Incorrect display on Bug report confirmation page (dregad)
0020102: [ui] Support switching saved filters and free text search when filter box is collapsed (syncguru)
0021704: [ui] Report Stay checkbox shows broken layout on action page (dregad)
0021721: [ui] Missing tooltips on issue id (dregad)
0021723: [bugtracker] Redirect to report page when creating a new issue with "report stay" checked (dregad)
0021726: [ui] Page bottom displayed behind Sidebar in API Tokens page (community)
0021728: [performance] Unneeded tooltip information on Summary page (dregad)
16 issues View Issues
Released 2016-10-02
0021730: [documentation] config_default_inc.php refers to 1.2.x rather than 1.3.x (vboctor)
0008358: [email] Indicate whether notes are private or public in email notifications (vboctor)
0010242: [feature] Copy Versions From / To should (optionally) update existing versions (dregad)
0019284: [csv] Export of the "bugnotes_count" column doesn't work (cproensa)
0021157: [bugtracker] Redirect loop when default project is disabled (community)
0021262: [security] Invalid Strict-Transport-Security header when server would already send it anyway (dregad)
0021280: [ui] Text boxes overlap on screens with high resolution (dregad)
0021652: [timeline] "closed issue" events are no longer shown in timeline (cproensa)
0021655: [customization] Workflow config page can corrupt set_status_threshold with array thresholds (cproensa)
0021656: [customization] set_status_threshold config is not deleted if is same as parent (cproensa)
0021659: [code cleanup] Syntax error in browser_search_plugin.php (community)
0021679: [tagging] Tagging UI visible without having rights to attach tags (atrol)
0021680: [email] Missing seperator in email notification for @ mentions (atrol)
0021707: [plug-ins] plugin_get() fails to use the default argument (community)
0017325: [code cleanup] helper_array_transpose should always return an array (dregad)
0021573: [upgrade] Error update from 1.2.19 to 1.3.0 / step 194 (vboctor)
0021696: [tools] Allow PHPUnit to capture Mantis-specific errors (dregad)
0021711: [bugtracker] Duplicate id field should show up when closing an issue (vboctor)
0021725: [code cleanup] cleanup description of db_now() (community)
19 issues View Issues
0021112: [performance] Unneeded tooltip information on "My View" page (syncguru)
0021650: [security] Content-Security-Policy is disabled in 2.0.0-beta.1 (vboctor)
0021111: [localization] Language strings contain double quotes (syncguru)
0021114: [ui] Manage users page action buttons appears on 2 rows when showing 'Unused' (syncguru)
0021117: [ui] Plugin dependencies are no longer color-coded (syncguru)
0021119: [ui] Wrong alignment of field on "Summary" page (syncguru)
0021123: [ui] Waste of vertical space on "My View" page (syncguru)
0021137: [ui] Questionable display of sub-projects in project menu bar (syncguru)
0021139: [ui] Display of file type icon broken on print_bug_page (syncguru)
0021223: [ui] "Report Issue" button on top toolbar should be hidden for VIEWER/anonymous users (vboctor)
0021224: [ui] Login and Signup buttons in top header don't work for anonymous users (vboctor)
0021397: [plug-ins] Plugin menu options don't show in main menu (vboctor)
0021398: [ui] My Account - Manage Columns actions page broken (syncguru)
0021400: [ui] Collapse settings are not saved by modern UI (syncguru)
0021405: [wiki] Wiki integration broken (vboctor)
0021414: [customization] Config menu options don't show in main menu (vboctor)
0021575: [reports] Graphs for enums (e.g. status) can break when an enum has 0 occurences (vboctor)
0021599: [ui] The test results in Admin Check results are no longer colored (dregad)
0021602: [administration] Admin: "Upgrade your installation" shown even when schema is up-to-date (syncguru)
0021609: [news] Page broken after updating news (atrol)
0021622: [administration] Alert messages are not styled correctly (syncguru)
0021638: [ui] Tables in Workflow Transitions page seems deformed (syncguru)
0021642: [ui] Highlight due date when the date has passed (syncguru)
0021644: [ui] Don't offer "My Account" in menu when being logged in as protected user (dregad)
0021647: [filters] New to restyle 'filter deleted' page (vboctor)
25 issues View Issues
Released 2016-08-27
0021203: [bugtracker] option auto_set_status_to_assigned can change status even if not allowed by workflow (cproensa)
0020424: [csv] Export to CSV and Excel fails with large issue count (cproensa)
0011964: [integration] Configuration of Browser Search Plugin (dregad)
0021581: [customization] Workflow config page can corrupt report_bug_threshold if it's defined as an array (cproensa)
0021263: [security] CVE-2016-7111: Content Security Policy is weakened by Gravatar plugin (vboctor)
0008464: [bugtracker] $g_auto_set_status_to_assigned = ON does not always check for old status (cproensa)
0012742: [documentation] Event & Plugin documentation is bad & outdated (cproensa)
0006939: [bugtracker] Number of Private notes visible for reporters (cproensa)
0012409: [roadmap] "Scheduled For Release" even if no date is set (cproensa)
0020121: [bugtracker] bug_cache_database_result does not update bugnote statistics (cproensa)
0020535: [plug-ins] EVENT_BUG_VIEW_ATTACHMENT prints an extra "Array" before the plugin output. (cproensa)
0020551: [code cleanup] Why does user_cache_database_result() return cache value? (atrol)
0020682: [bugtracker] Workflow transitions not consistent with bug action "change status to" (cproensa)
0021072: [timeline] Timeline only show issues from current project (cproensa)
0021146: [other] Can't retrieve history of a bug with history_get_events_array($bug_id) (cproensa)
0021178: [custom fields] Report can be submit enven when checked "Required On Report" and "Type" is Textarea (cproensa)
0021293: [email] Send notifications by smtp does not work correctly, and the analysis of why it happend. (atrol)
0021372: [api soap] Unable to report issues using the SOAP API - Data truncated for column 'last_updated' (rombert)
0021375: [bugtracker] Status @30@ is not editable when editing issue (vboctor)
0021407: [customization] Event EVENT_MENU_ISSUE prints empty brackets even if no value is returned (cproensa)
0021410: [ui] text looks OK in edit of note but renders badly (dregad)
0021415: [bugtracker] update documentation for option auto_set_status_to_assigned (cproensa)
0021577: [mentions] Wrong language in subject of @ mention email notification (atrol)
0021579: [bugtracker] Error when limit_reporters and complex report_bug_threshold (cproensa)
0021580: [change log] in changelog, reporter user can view all bugs when limit_reporters is on (cproensa)
0021582: [customization] Workflow config page, access denied even if user has proper access levels (cproensa)
0021583: [html] manage_config_workflow_page, fields are not properly displayed for thresholds table rows (cproensa)
0021601: [administration] The Admin Checks and Install pages should use the same font as the rest of Mantis (dregad)
0021610: [bugtracker] Revert to multiple form security tokens per page (cproensa)
0021611: [security] CVE-2016-6837: XSS vulnerability in view_all_bug_page.php (dregad)
0021304: [administration] Don't prune system accounts (vboctor)
0021649: [code cleanup] Remove incorrectly placed db_param_push() (cproensa)
32 issues View Issues
Released 2016-08-14
MantisBT 1.2.20 is the final maintenance and security release for the 1.2.x series.
All installations that are currently running any 1.2.x version are strongly advised to upgrade.

This release resolves 3 security and a couple of PHP 7 compatibility issues.
0016629: [email] Behaviour change for SMTP server without authentication. Bug? (dregad)
0017795: [documentation] Bug in the processing code for email settings (dregad)
0018049: [api soap] Getting errors when accessing SOAP documentation page (dregad)
0019344: [api soap] Cannot use object of type stdClass as array (dregad)
0019345: [api soap] Error when custom field is specified only by its name (no id provided) (dregad)
0019378: [documentation] Reflect announcements mailing list changes in the documentation (vboctor)
0019399: [bugtracker] Problem when moving issues with category between projects (dregad)
0019400: [other] core/bug_api.php, function create(): this_due_date (rombert)
0019588: [time tracking] Access to "billing_page.php" (dregad)
0019606: [email] Numeric References Should Not Transpose Into URL Unless Number = Valid Issue Number (dregad)
0019609: [administration] function timezone_identifiers_list used before checked for existance. Lead to Fatal error (dregad)
0019873: [security] CVE-2015-5059: documentation in private projects can be seen by every user (dregad)
0019879: [attachments] Download page triggers errors when file does not exist (dregad)
0020018: [attachments] Copied bug attachments have wrong ownership (dregad)
0020041: [bugtracker] APPLICATION ERROR 0002200 - Could not find a tag with that name (atrol)
0020116: [documentation] Documentation contains description for obsolete configuration option allow_bug_delete_access_level (dregad)
0020183: [documentation] EVENT_MENU_ISSUE should pass bug_id as parameter (dregad)
0019270: [documentation] Missing documentation from 1.2.19 download (vboctor)
0019301: [security] CVE-2015-2046 : XSS in adm_config_report.php (FG-VD-15-008) (dregad)
0020340: [attachments] Attachment is saved to disk and database at the same time (dregad)
0020350: [other] json_url() may break non-ASCII strings. (dregad)
0020364: [authentication] access_denied() should proceed to default page defined in system config (dregad)
0020500: [installation] Installation fails in PHP 7 environment (atrol)
0020501: [code cleanup] Installer throws warning in PHP 7 environment (dregad)
0020513: [code cleanup] Double fetch of same database column (dregad)
0020746: [html] HTML status legend bar does not show dead-end status (dregad)
0020743: [documentation] Wrong event names in the documentation (atrol)
0020824: [bugtracker] collapse_cache_token() always update token ID # 5 (dregad)
0020822: [bugtracker] Collapsing/Expanding sections triggers error 2300 (dregad)
0020864: [administration] "user_pref_get_language()" not defined (dregad)
0020915: [webpage] Incorrect variable name in Email Setup Guide: $g_phpmailer_method (atrol)
0020956: [security] CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php (dregad)
32 issues View Issues
MantisBT 2.0.0 release focuses on improvements to the UI compared to 1.3.x release. As of this release, the db schema is the same between 1.3.x and 2.0.0-beta.1, enabling users to easily try 2.0.0-beta.1 and provide feedback.
0008503: [feature] Have "send reminder" as a button rather than a not so visible link at the top of the issue (atrol)
0021115: [ui] Manage users page always shows filter '0' as selected (dregad)
0021140: [db schema] Remove DB2 support (atrol)
0020907: [ui] Report stay doesn't work in modern UI (vboctor)
0005851: [reports] X-Labels truncated in by Category Graph (vboctor)
0006663: [reports] I'm seeing three JPGraph-related problems (vboctor)
0007342: [reports] synthesis graphs by category: many "big" categories hide pie by legend (vboctor)
0007343: [reports] synthesis graphs by category: page not long enough for legend with a lot of categories (vboctor)
0007991: [reports] Graphs not centered (vboctor)
0010403: [reports] The legend on JPGraph graphs overlays the graph (vboctor)
0012159: [reports] By Developer, By Reporter and By date graph problems (vboctor)
0012384: [reports] Graph text being truncated (vboctor)
0012483: [reports] Jp graph not dispalying (vboctor)
0012725: [reports] Solution to "font file not readable/does not exist" seems not to work for JPGraph (vboctor)
0012825: [reports] Modern graphs using javascript graphing library (vboctor)
0012967: [reports] Category jpGraph not displayed (vboctor)
0013097: [reports] Graphs not working (vboctor)
0013160: [reports] Labels on x-axis in summary graphs too small and cropped (ezcLibrary) (vboctor)
0013879: [reports] Graph plugin uses hard coded font list; ignores any other (vboctor)
0014232: [reports] Advanced summary bad display (vboctor)
0015246: [reports] JPGraph 3.5.x anti aliasing error in Ubuntu (vboctor)
0017493: [reports] Graphs are not working out of the box (vboctor)
0021134: [relationships] Use of undefined constant when displaying relationship graphics (atrol)
0021177: [reports] Jpgraph doesn't work (vboctor)
0011671: [reports] 3 graphs couldnot display in the page of 'summary_jpgraph_page.php' (vboctor)
0017919: [ui] Modernize Mantis UI (syncguru)
0020286: [javascript] Missing JavaScript libraries (syncguru)
0020118: [ui] pen icon ancient (syncguru)
0020182: [custom fields] wrong field name for custom field parameter (syncguru)
0020240: [ui] Footer issue: problem + solution (syncguru)
0021130: [tagging] Usage of undefined function html_page_bottom (syncguru)
0021131: [signup] Usage of undefined functions in verify.php (vboctor)
0021214: [bugtracker] Update jQuery to 2.2.4 (community)
0021215: [bugtracker] Update FontAwesome to 4.6.3 (community)
0021216: [bugtracker] Upgrade Bootstrap to 3.3.6 (community)
0021217: [bugtracker] Use cross origin anonymous and check integrity when loading form CDN (community)
0021221: [ui] Fully localize drag and drop to attach (community)
0021220: [ui] Lost password form doesn't have labels or placeholder text (vboctor)
0021222: [ui] Drag and drop should honor 'allowed_files' config option (community)
0019590: [attachments] Attach via drag-and-drop (syncguru)
0021279: [administration] Fix error when going to Manage - Workflow Transitions and clicking update (vboctor)
41 issues View Issues
Released 2016-07-09
MantisBT 1.3.0 stable release
0020499: [feature] Compatibility with PHP 7 (dregad)
0021083: [mentions] Link to user page is not always displayed when using @ mentioning (dregad)
0021101: [bugtracker] Issues with emoji's are truncated before getting saved (dregad)
0021124: [administration] Creating/setting config options using adm_config_report.php is partially broken (dregad)
0021165: [ui] Using database configuration to enable gravatars does not work (vboctor)
0021136: [administration] Editing config option containing newline corrupts them by inserting
tags (dregad)
0021171: [ui] Change look & feel of links, borders and label background (atrol)
0021194: [administration] Partially hardcoded path for CSS-file (dregad)
8 issues View Issues
Released 2016-06-11
This second and last 1.3.x release candidate has 127 bug fixes and improvements. See blog post for more details - https://www.mantisbt.org/blog/?p=436
0020783: [time tracking] Add category field to time tracking csv/Excel exports (community)
0020058: [customization] Updating config items in configuration report adds new ones (cproensa)
0009450: [tagging] Tagging possibility directly from "Report Issue" screen (vboctor)
0021057: [bugtracker] Update securimage to 3.6.4 (dregad)
0013048: [bugtracker] Login display in small part of the View issue page (cproensa)
0020372: [html] Inline error reports should not mess up non-HTML output (dregad)
0006009: [security] Cannot change password in second enter to verification page (cproensa)
0020686: [authentication] Make sure new users complete the registration process (cproensa)
0020547: [attachments] Attachments can't be uploaded after upgrade from 1.2 with MySQL in STRICT_ALL_TABLES sql_mode (dregad)
0020479: [db postgresql] Error 401 db_query bind params starts with $2 (dregad)
0020142: [performance] performance loading bug view with many attachments (community)
0020772: [administration] Allow administrators to impersonate users (vboctor)
0020837: [mentions] Support @ mentions (vboctor)
0020787: [administration] Setting of arrays (complex type) in Configuration Page doesn't work (dregad)
       0020812: [administration] Setting of nested arrays in Configuration Page doesn't work (dregad)
       0020813: [administration] Setting Configuration Page of arrays with strings containing escaped quotes does not work (dregad)
       0020851: [administration] Configuration page parsing associative keys incorrectly (dregad)
       0020850: [administration] Configuration page parsing complex trims quotes incorrectly (dregad)
0020348: [sub-projects] Provide an option to disable sub-projects (vboctor)
0020352: [ui] bug_report_page.php is broken when 'attachments' field is hidden (dregad)
0020354: [code cleanup] Remove useless 'do_nothing' upgrade function (dregad)
0020355: [localization] Administrator e-mail has some HTML problem in the italian translation (dregad)
0020381: [administration] Administrator can disable their own account (vboctor)
0020382: [authorization] user_is_administrator() should not return true for disabled admins (vboctor)
0020383: [csv] Support notes as a column in View Issues, Print Issues, CSV and Excel (vboctor)
0020386: [custom fields] Required on resolve/close custom fields are not enforced (vboctor)
0020414: [preferences] Severities are missing from email preferences (dregad)
0020076: [bugtracker] auto_set_status_to_assigned is different in 1.3 (cproensa)
0020107: [administration] config report filter by option name doesnt work for some options (cproensa)
0020139: [performance] reduce print_subproject_option_list sql query count (cproensa)
0020357: [db schema] Admin checks for UTF-8 collation fail (dregad)
0020365: [db mysql] SYSTEM NOTICE: Undefined index with mysqli driver (dregad)
       0020467: [db mysql] Update ADOdb to 5.20.2 (dregad)
0020395: [ui] Edit Account window does not have required fields marked with red asterisk (dregad)
0020426: [administration] Admin checks detect 'utf8mb4' collation as non-UTF8 (dregad)
0020427: [administration] Admin checks should validate MySQL database default collation (dregad)
0020443: [installation] New 'api_token' table does not have standard options (dregad)
0020466: [administration] Admin Integrity checks are not operational (dregad)
0020470: [tools] TravisCI docbook broken (dregad)
0020471: [tools] Travis builds should always build docbook (dregad)
0020476: [code cleanup] gpc_get_int_array does not work for associative arrays (cproensa)
0020480: [code cleanup] Plugin filter fields throw warnings while rendering filter section (cproensa)
0020481: [filters] Plugin filter fields dont use dynamic filter expansion (cproensa)
0020523: [time tracking] Time tracking doesn't show project name in case of all project reports (vboctor)
0007932: [time tracking] Implement CSV and Excel export for billing report (vboctor)
0020256: [bugtracker] Don't show reopen button if status change is not allowed by workflow (cproensa)
0020258: [performance] Cache user data for my_view_page (cproensa)
0020371: [email] Email notifications are not sent to explicit users when notify flags are overridden in DB (vboctor)
0008779: [plug-ins] Need User life-cycle Events for plug-ins (vboctor)
0011279: [db postgresql] With PostgreSQL filtering for a date custom field yields to an error (dregad)
0011316: [feature] Allow to add mutliple user to monitor list (dregad)
0020075: [bugtracker] Error 1105 while changing bug status from bug_change_status_page.php (dregad)
0020141: [security] bugnote actions in view bug page should send data as POST (cproensa)
0020277: [security] CVE-2014-9759: SOAP API can be used to disclose confidential settings (atrol)
0020242: [performance] performance in manage project page with large user count (cproensa)
0020358: [localization] Admin language tests throw strange warnings (atrol)
0020403: [email] Email notifications are hard to troubleshoot (vboctor)
0020408: [bugtracker] show caller trace in file log (cproensa)
0020478: [code cleanup] bug_update.php: do not use strict type checking unless necessary (dregad)
0020531: [localization] Russian translation bulk update (dregad)
0020554: [bugtracker] Inline errors should provide detailed info about where they occured (dregad)
0020553: [installation] Fatal error in admin/index.php (dregad)
0020574: [code cleanup] user_set_fields() throws an error when called with an empty fields list (dregad)
0020600: [bugtracker] steps to reproduce / additional info view checks are inconsistent in view / print issue pages (vboctor)
0020643: [plug-ins] Plugin API should throw error when trying to register invalid or non-existent class (dregad)
0020644: [installation] Installer should only generate a message when processing SQL steps (dregad)
0020655: [time tracking] Time tracking date range is not defaulted correct on view issue page (vboctor)
0009096: [tagging] Adding "tags" to $g_view_issues_page_columns does not work (vboctor)
0016834: [db oracle] Can't remove category because of CLOB in the query (dregad)
0017816: [ui] Manage - Manage Tags form is missing the 1 pixel horizontal separator (cproensa)
0019929: [bugtracker] Support 'due date' in group actions (community)
0020103: [custom fields] display custom field values overflows container (cproensa)
0020198: [administration] Deleting category should be blocked if category has issues associated with it (community)
0020641: [ui] When $g_show_avatar = OFF, no avatar should be displayed (vboctor)
0020646: [javascript] Failure to load scripts from "javascript" folder (community)
0020659: [time tracking] CSV export for time tracking doesn't handle unicode characters (vboctor)
0020710: [authorization] CSV/Excel export of due date doesn't check access level (community)
0020711: [bugtracker] Support default due date for submitted issues (community)
0020712: [csv] CSV/Excel export shouldn't output unset due dates as a date (community)
0020724: [tagging] Tags with description are handled incorrectly (vboctor)
0020725: [performance] Cannot delete attachment - says security token is bad (community)
0020749: [tagging] Show tag description when hovering over tag name in drop down (vboctor)
0020761: [code cleanup] Add new API functions to check+ensure that a category can be deleted (dregad)
0009093: [email] Add a configuration option to enforce email uniqueness (vboctor)
0013788: [plug-ins] Add EVENT_USER_DISPLAY_AVATAR to enable plugins to use LDAP and Social Networks (vboctor)
0020543: [authentication] Login using username or email address (vboctor)
0020642: [administration] Avatar settings should be moved to plugin config page (vboctor)
0020784: [signup] Signup item appears in lost_pwd_page when allow_signup is set OFF (community)
0020818: [upgrade] Upgrade unattended script fails (vboctor)
0016931: [code cleanup] PHPUnit tests for admin config functions (dregad)
       0016932: [code cleanup] Move functions defined in adm_config_set.php to a core API (dregad)
0018016: [performance] Decreasing performance when loading bug view with many notes (cproensa)
0020306: [printing] Print issue page shows issue history before notes (vboctor)
0020483: [db postgresql] Error 401 with PostgreSQL manage_user_page (cproensa)
0020694: [customization] Add configuration for auto-generated www link target (dregad)
0020806: [email] Email doesn't include 'Due Date' when enabled and is set (vboctor)
0020816: [authentication] user verification / password reset allows setting of empty password (dregad)
0020817: [preferences] account update issue, when updating several user fields on same form (dregad)
0020854: [performance] Plugin columns are always called to cache, even if not visible. (cproensa)
0020857: [email] Add tags to email notifications when set (vboctor)
0020865: [bugtracker] 'Content Encoding Error' when errors occur before compress handler is started (dregad)
0020867: [administration] Edit Category Page fails when default user is deleted (vboctor)
0020876: [email] Email notifications for category owners (community)
0020894: [db postgresql] APPLICATION ERROR 401 @ user_edit_page when changing Accesslevel (dregad)
0020909: [ui] Do not add a space before version suffix (dregad)
0020910: [tools] Improve TravisCi builds performance (dregad)
0006282: [documentation] $g_max_file_size detailed twice in manual for some reason - is something missing? (atrol)
0011827: [documentation] Documentation states PHP 5.2.0 as sufficent but used ezComponents needs 5.2.1 (atrol)
0020465: [db schema] Reduce size of username and email fields to allow utf8mb4 charset (dregad)
0020472: [installation] New 'api_token' table columns are not defined in standard way (dregad)
0020660: [csv] CSV export for issues from View Issues page doesn't handle unicode characters (vboctor)
0020679: [feature] Enhance the logging to show email addresses being sent to (dregad)
0020684: [email] Possible regression caused by changed $g_debug_email handling (vboctor)
0020727: [timeline] Error 1100 (issue not found) in my_view_page (dregad)
0020866: [filters] Plugin Filters: Data Type mismatch. (cproensa)
0020880: [documentation] Improve documentation: Admin Guide > Configuration (dregad)
0020897: [email] User's access level in bugnotes displayed as '@0@' in email notifications (atrol)
0020943: [bugtracker] Account menu missing from API tokens manage page (cproensa)
0020964: [custom fields] custom field Checkbox type, label can be separated from check input (cproensa)
0021030: [sponsorships] Error 1704 assigning a sponsored after sponsorship has been turned off (dregad)
0021055: [bugtracker] Update ADOdb to 5.20.4 (dregad)
0021056: [bugtracker] Update PHPMsailer to 5.2.15 (dregad)
0021058: [bugtracker] Update disposable email checker to 2.1.1 (dregad)
0021059: [bugtracker] Update jQuery to v1.12.4 (dregad)
0021082: [documentation] Update ERD diagram to reflect recent changes (dregad)
0021087: [documentation] Document replacement of $g_page_title config by $g_top_include_page (dregad)
0021090: [security] CVE-2016-5364: Reflected XSS inside manage_custom_field_edit_page.php (dregad)
127 issues View Issues
Released 2015-12-05
MantisBT 1.3.0-rc.1 is the first release candidate for 1.3.0 release. It includes few features and a lot of fixes.

- API Tokens - Users can now generate tokens to use when connecting via SOAP API rather than having to use their username and password.
- Improved email notifications for scenarios like issue unassigned or re-assigned.
- Refreshed all dependencies
- Misc. bug fixes
0020217: [plug-ins] MantisGraph: dont show links for users without access level (cproensa)
0017766: [api soap] Access Tokens instead of Passwords (vboctor)
0020214: [documentation] Wrong event names in developers guide (atrol)
0020074: [db mssql] ADODB_FETCH_MODE global is not properly set by database_api.php (dregad)
0016771: [administration] workflow configuration (dregad)
0019978: [filters] Values not preserved on filter page (cproensa)
0020298: [timeline] some events in timeline appears in reverse order (cproensa)
0020321: [email] Re-assigned issues don't trigger 'owner' notifications (vboctor)
0020080: [filters] AJAX for 'Match type' and 'Highlight changed' filters doesn't work (dregad)
0020083: [custom fields] Extra quotation mark in custom field checkboxes (vboctor)
0020084: [plug-ins] EVENT_LAYOUT_BODY_END should fire after loading JS libraries (dregad)
0020088: [javascript] slow hiding of project-selector, filters (dregad)
0006847: [administration] wrong set_overrides() calling (dregad)
0019508: [javascript] Regression when using MantisBT in a browser where JavaScript is disabled (dregad)
0019635: [db mysql] Update ADOdb to 5.20 (dregad)
0019731: [email] Notify user when they are unassigned a bug (vboctor)
0019970: [administration] Status to which reopened issues are set drops to 'feedback' (dregad)
0020068: [customization] No color applied to status enums with spaces in status values (dregad)
0020081: [javascript] Moving JS to bottom is causing 'ReferenceError: jQuery is not defined' errors (dregad)
0020087: [filters] Filter by "Fixed in Version" throws error (dregad)
0020082: [custom fields] Invalid query error when updating an issue (vboctor)
0020096: [html] manage_custom_field_edit_page inconsistent form header style (dregad)
0020105: [filters] Filter by "Match Type" throws error (dregad)
0020196: [custom fields] Invalid query on issue update due to custom field (vboctor)
0020197: [administration] 'default_category_for_moves' should support database config (vboctor)
0020241: [ui] In Workflow Transitions page, the Delete button's label is truncated at 1st word (dregad)
0020322: [email] Email on 'updated' action is missing from email notifications config page (vboctor)
0020326: [installation] PHP notice when converting tokens from php seralized to json (dregad)
0020327: [signup] Update securimage captcha library to 3.6.2 (dregad)
0020328: [email] Update Mailer to 5.2.14 (dregad)
30 issues View Issues
The beta 3 release with a bunch of performance and functional fixes and improvements.
0019992: [administration] Default page for Manage config submenu should be "Permissions Report" (dregad)
0019589: [attachments] Support adding a note + attachment in one step (vboctor)
0019945: [timeline] Timeline should take selected project into consideration (vboctor)
0019932: [performance] Load jquery from CDN (vboctor)
0019636: [signup] Update securimage captcha library to 3.5.4 (dregad)
0020002: [custom fields] Custom field value may not be purged (vboctor)
0013285: [performance] Move script inclusions from HEAD to document footer (syncguru)
0012544: [ldap] LDAP unavailability causes severe performance problems (dregad)
0017275: [email] email matching within Mantis should follow html5 standard (dregad)
0017279: [email] Email addresses validation and parsing is not consistent (dregad)
0017280: [email] Email address validation function strips characters (dregad)
0017717: [email] Update phpmailer to 5.2.9 (dregad)
0019575: [ui] Fix layout of Send Reminders page (dregad)
0019576: [security] Allow admins to disable Content Security Policy (dregad)
0019628: [email] Improve logging for email validation (dregad)
0019637: [db oracle] Checking for DB field's existence fails on Oracle (dregad)
0003874: [bugtracker] default view state for projects (vboctor)
0019638: [filters] Filtering by users throws error (dregad)
0017460: [email] Email notifications are sent in batches (dregad)
0017805: [installation] New installation page is broken if config file exists but database is not yet created (dregad)
0018015: [timeline] Refactor history_api to build timeline more efficiently (vboctor)
0019542: [custom fields] Support multi-line default values for memo fields (vboctor)
0019573: [other] Status legend on "My View" page should not depend on last used filter (dregad)
0019574: [bugtracker] Edited Issue's handler is set to blank when user has been demoted (dregad)
0019583: [documentation] Add $g_crypto_master_salt to sample config file (dregad)
0019629: [bugtracker] Error handler should catch all known PHP error types (dregad)
0019634: [custom fields] Users without write access to required custom field can't update issue (vboctor)
0019648: [authorization] Access denied when reporter re-opens an issue (vboctor)
0019649: [code cleanup] change_type is set to "close" when re-opening issues (vboctor)
0019657: [customization] Email notifications page sets default_notify_flags max threshold to 0 and min to 100 (vboctor)
0019660: [roadmap] Completed tasks are shown in sans serif typeface on the roadmap page (dregad)
0019670: [filters] View Issues page fails when a custom field is used for filtering and sorting (vboctor)
0019676: [installation] PHP notice in installer when system can't connect as admin (dregad)
0019683: [attachments] Support attaching multiple files with same name (vboctor)
0019685: [scripting] Upgrade jQuery to v1.11.3 and jQueryUI to v1.11.4 (dregad)
0019687: [code cleanup] Removed unused libraries (dregad)
0019688: [code cleanup] Update ez/Zeta Components to latest version (dregad)
0019689: [email] Update disposable e-mail checker to the latest version (dregad)
0019725: [bugtracker] bug_actiongroup_page.php does not display legend when position = BOTH (dregad)
0019726: [code cleanup] Deprecate db_query_bound(), use db_query() instead (dregad)
0019797: [administration] No users listed when using option "Hide inactive" option of manage user page (dregad)
0019838: [roadmap] Links broken on roadmap page (dregad)
0019971: [other] Misprint in strings_english.txt (atrol)
0019979: [ui] Wrong alignment on "Summary" page (atrol)
0019993: [administration] Remove link on "Manage Configuration" menu item (dregad)
0006198: [customization] Comment of custom_function_default_enum_released_versions is error (atrol)
0018048: [documentation] Installation manual refers to non existent admin/check.php (atrol)
0019881: [bugtracker] config_flush_cache() doesn't properly clean the cache (dregad)
0019900: [attachments] move attachments from db to disk very slow (dregad)
0019916: [filters] View Issues page fails when filtering custom fields (dregad)
0019927: [reports] Wrong datatype in excel XML export (vboctor)
0019943: [ui] Buggy calendar in due date (atrol)
0019984: [localization] Hardcoded strings in bug_update.php and bug_api.php (vboctor)
0020015: [documentation] Wrong variable name in administrators guide for phpMailer method (atrol)
0020016: [documentation] Documentation contains information for obsoleted option administrator_email (atrol)
0020028: [ui] In view.php, the in "Attached Files" label is not aligned with other labels (dregad)
0020042: [email] Wrong character counting in localized e-mails (atrol)
0020053: [email] Email validation fails when user email has a space (vboctor)
0020078: [custom fields] Hyperlink custom field names on manage project page (vboctor)
59 issues View Issues
0017958: [bugtracker] Disable admin_checks if admin folder doesn't exist (vboctor)
0009315: [db mssql] admin/install.php fails because of wrong ALTER TABLE (dregad)
0011524: [db mssql] 1.2.0rc2 with MS SQL not installable (dregad)
0019271: [authorization] Reporter can't re-open or close issues even if they have access (vboctor)
0019459: [email] Support disable all issue notifications via user preferences (vboctor)
0019264: [bugtracker] Handling single category case (vboctor)
0019269: [email] Account Updated email has formatting error (vboctor)
0019351: [bugtracker] Switching projects changes current page to My View page (vboctor)
0019471: [custom fields] Bug copy doesn't copy text area custom fields (vboctor)
0019472: [time tracking] Date range selector is disabled on view issue and time tracking pages (vboctor)
0019473: [time tracking] Time tracking selector doesn't maintain dates (vboctor)
0019475: [email] Administrators should be able to bypass allow_blank_email = OFF (vboctor)
0017959: [upgrade] Upgrade unattended produces a warning (vboctor)
0019501: [roadmap] The progress bar in Roadmap is broken (dregad)
0017751: [bugtracker] Timezone selection list does not include 'UTC' (dregad)
0017944: [performance] Regression from 1.2.x: slow performance when editing issues (vboctor)
0017964: [documentation] Documentation - minor typographical error. (dregad)
0017747: [installation] Timezone errors during install (dregad)
0017965: [reports] "Print Issues" link should be removed from summary page (vboctor)
0017966: [performance] My View Page takes about 5s to load (vboctor)
0017978: [administration] 'Manage Global Profiles' page errors out when disabled (vboctor)
0008657: [api soap] SOAP API support for custom filters (community)
0009742: [db mssql] Unable to install Mantis 1.1.2 with MS SQL (dregad)
0017782: [plug-ins] New Event: EVENT_MANAGE_VERSION_DELETE (vboctor)
0017918: [timeline] "More Events" Hyperlink in Timeline is not working (syncguru)
0017980: [administration] manage_user_page php error due to time user creation time in the future (dregad)
0018034: [timeline] Number of events in timeline is sometimes less than 50 (dregad)
0018035: [timeline] Timeline "More events" link should only appear when necessary (dregad)
0018051: [documentation] config_inc.php.sample should reflect the defaults (db_username and db_type) (dregad)
0019258: [custom fields] Custom fields of type date are disabled in filter (syncguru)
0019265: [custom fields] Assign-To fails when there is a custom field that is required on update (vboctor)
0019273: [security] CVE-2014-9572: Improper Access Control in install.php (dregad)
0019274: [security] CVE-2014-9571: XSS in install.php (dregad)
0019275: [security] CVE-2015-1042: URL redirection issue (dregad)
0019277: [security] CVE-2014-9573: SQL Injection in manage_user_page.php (dregad)
0019288: [timeline] Detaching a tag is displayed as adding a tag in timeline (dregad)
0019299: [reports] Summary page has "by category" and "by severity" labels swapped (vboctor)
0019352: [timeline] In Timeline, tags should hyperlink to Tag Details page (dregad)
0019368: [custom fields] custom field (type: float) default value not work. (atrol)
0019470: [administration] Search in Manage User should also match real names (vboctor)
0009541: [db mssql] Installation with MS SQL and odbc (odbc_mssql) (dregad)
0010218: [db mssql] Error message: APPLICATION ERROR 0000401 (dregad)
0010742: [db mssql] Database query failed. Error received from database was 0000206: Operand type clash: int is incompatible with text for the query (dregad)
0013250: [db mssql] Can't submit new issue, it will appear "APPLICATION ERROR #1100" "Bug 0 not found" (dregad)
0013905: [db mssql] Application Error 0000401 on summary_page.php (dregad)
0013906: [db mssql] Application error on manage_proj_edit_page.php (dregad)
0012674: [db mssql] APPLICATION ERROR 0000401 on manage_user_edit_page.php and other occasions (dregad)
0016977: [db mssql] Brand new database installation fails due to script errors (dregad)
0016978: [db mssql] Dependency error in MS SQL creation script (dregad)
0012908: [security] PHP remote code execution in install.php (dregad)
0014395: [db mssql] Critical Failure when Assigning Tags to Multiple Issues at Once (dregad)
0016256: [db mssql] Windows authentication failing with mssqlnative (dregad)
0016263: [db mssql] Login Failures Post Installation (dregad)
0019500: [installation] When an Update Function step fails during upgrade, installer prints 'Array' (dregad)
0019504: [security] CVE-2014-9701: XSS vulnerability in permalink_page.php (dregad)
55 issues View Issues
Released 2015-01-24
MantisBT 1.2.19 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are strongly
advised to upgrade to this release.

This release resolves 5 security issues and fixes 2 regressions introduced in 1.2.18.
0019493: [security] CVE-2014-9701: XSS vulnerability in permalink_page.php (dregad)
0017940: [security] CVE-2014-9573: SQL Injection in manage_user_page.php (dregad)
0017984: [security] CVE-2014-9624: CAPTCHA bypass is way easier than it should be (dregad)
0017997: [security] CVE-2015-1042: URL redirection issue (dregad)
0017938: [security] CVE-2014-9571: XSS in install.php (dregad)
0017939: [security] CVE-2014-9572: Improper Access Control in install.php (dregad)
0017967: [bugtracker] Reporting an issue gives: 'Invalid argument supplied for foreach()' in '/opt/mantisbt-1.2.18/core/gpc_api.php' line 259 (dregad)
0017925: [email] Order of notes in email notifications seem to be based on user who triggered the action (dregad)
0017977: [bugtracker] Fix handling of due dates (dregad)
0018025: [administration] Installer UI tweaks (dregad)
0011742: [bugtracker] Sort bug notes by date, not by ID (dregad)
0017993: [authentication] User creation with captcha broken by fix for issue 0017811 (dregad)
12 issues View Issues
First beta version for 1.3.0 release.
0010059: [relationships] Default resolution to "duplicate" if "duplicate_of" relationship exists (dhx)
0017360: [plug-ins] Prevent loading of jQuery related plugins (dregad)
0016477: [security] Redirect user to change password if logged in with default admin password (vboctor)
0006626: [custom fields] Support "Memo" custom field type (daryn)
0017837: [bugtracker] Add new 'DEPRECATED' error type (dregad)
0012881: [security] Add support for Strict-Transport-Security header (dhx)
0011600: [html] Bugnote direct links include mismatched parenthesis (dhx)
0015653: [bugtracker] APPLICATION ERROR 1303 when trying to reopen an issue (dregad)
0011898: [html] Hyperlink issue summaries on my_view_page (dhx)
0021086: [customization] Replacement of $g_page_title config by $g_top_include_page (dregad)
0016471: [html] Use CSS to set alternating colors in HTML tables (grangeway)
0008017: [administration] Increase the size of the username field (dregad)
0016917: [customization] Manage Configuration Complex Type fails when array is terminated with a semi-color (vboctor)
0012245: [javascript] Remove extended project browser feature (dhx)
0016565: [authentication] Implement new captcha library (grangeway)
       0008129: [signup] Alternative to captchas (grangeway)
       0008462: [feature] Captcha will benefit supporting other than jpeg format (grangeway)
       0008796: [other] The letters in the catchpa on account creation page are too small (grangeway)
       0010028: [security] Registrations by bots via captcha exploit (grangeway)
       0010972: [signup] openbase_dir breaks captcha generation (grangeway)
       0010976: [bugtracker] Remove instances of pass-by-reference (deprecated in PHP 5.3.0) (dregad)
0014679: [security] Support Content-Security-Policy (CSP) per W3C specification (dregad)
0017186: [mobile] Remove $g_mantistouch_url in favor of MantisTouchRedirect plugin (vboctor)
0016871: [email] Email notifications are sent with extra blank lines (vboctor)
0017752: [bugtracker] Auto-refresh shouldn't update last visited (vboctor)
0017246: [custom fields] Date custom fields can't store dates pre-1970 (vboctor)
0017832: [ui] Send Reminders page layout is not right (syncguru)
0017277: [email] Allow use of wildcards when limiting email domain names (grangeway)
0017382: [security] install.php: do not send the value of crypto_master_salt over http (grangeway)
0017441: [other] PHP Notice generated by logging api (dregad)
0017384: [localization] Remove unused twitter language strings (dregad)
0013713: [bugtracker] Upgrade ADOdb library to latest version (dregad)
       0013438: [db oracle] adodb: Fatal error: Call to a member function FetchRow() on a non-object (dregad)
             0013433: [db oracle] Error ORA-00904: "PROTECTED": invalid identifier for the query (dregad)
             0007644: [db oracle] Problems when creating the Mantis database schema on Oracle (dregad)
       0012837: [db postgresql] Download Attachment doesn't work; Get some header information or Jabber (dregad)
       0012150: [db oracle] Mantis 1.2.1 Install Error using Oracle db (dregad)
0013227: [db oracle] Oracle DB support multiple issues (dregad)
       0007644: [db oracle] Problems when creating the Mantis database schema on Oracle (dregad)
       0010996: [db oracle] Cant use Mantis with oracle9 - var binding fails (dregad)
       0006853: [db oracle] Instalation in oracle Database ... (dregad)
       0011014: [db oracle] Database creation SQL scripts may be more handy (dregad)
       0011265: [db oracle] Array results from Oracle have uppercase keys (dregad)
       0011270: [db oracle] db_insert_id is wrong for Oracle (dregad)
       0012151: [db oracle] Oracle database_api.php fatal error on install (dregad)
       0012478: [db oracle] Installation with Oracle fails (dregad)
       0016351: [db oracle] DB creation failed with ORA-01031 (dregad)
       0011276: [db oracle] db_param sometimes creating duplicate (dregad)
       0012152: [db oracle] Indexes already created (dregad)
       0010437: [change log] APPLICATION WARNING #403: Database field "description" not found. (dregad)
       0006895: [db oracle] install mantis with oracle (driver oci8) (dregad)
       0007185: [db oracle] Empty string incompatibility mysql/oracle (dregad)
       0007246: [db oracle] Not possible to use singup functionality (dregad)
       0007935: [db oracle] Problem with install / connexion / filtre (dregad)
       0008686: [db oracle] Pb on : "Attempting to connect to database as admin" (dregad)
       0012267: [db oracle] Custom Field Title and Value render as '@', $t_custom_field, '@'; in Oracle (dregad)
       0016330: [db oracle] html_status_percentage_legend() causes error ORA-00923 (dregad)
       0016331: [db oracle] Attaching file causes ORA-01400: cannot insert NULL into BLOB column (dregad)
       0016336: [db oracle] File attachment to DB fails when file bigger than 4000 bytes on Oracle (dregad)
       0007126: [db oracle] For the execution of Mantis in Oracle 8i, 9i (dregad)
       0015426: [db oracle] GetRowAssoc fails with Oracle DB (dregad)
       0010490: [db oracle] Some queries don't work due to the use of "AS" in table alias
0010747: [time tracking] User summary enhancement for billing page
0017783: [plug-ins] New Event: EVENT_MANAGE_PROJECT_DELETE (vboctor)
0017397: [timeline] Add timeline to My View page (vboctor)
0017913: [timeline] Hyperlinks in Timeline are not working (dregad)
0017971: [ui] anchor tags don't closed (dregad)
0011290: [feature] Create Clone access to reporters (dregad)
0016444: [api soap] Remove nusoap in favor of native php soap extension (vboctor)
0017012: [installation] Quotes not escaped on install (dregad)
0015678: [filters] Bad performance when filtering and using match type "Any Condition" (dregad)
0016411: [administration] On workflow thresholds page, changes in 'who can alter' are not color-highlighted (dregad)
0016412: [administration] 'delete specific settings' button should only be displayed when there are changes to delete (dregad)
0016462: [bugtracker] Priority column header is always displayed as "P" (dregad)
0016463: [bugtracker] Sort order defaults to descending (dregad)
0012632: [signup] Signup with empty username and e-mail is possible when display_errors[E_USER_ERROR] = 'inline' (dregad)
0016025: [html] Change pages' doctype to HTML5 (dregad)
0016026: [feature] Use the 'Default project' when reporting a new bug (dregad)
0016059: [bugtracker] System should warn users when debug settings are enabled (dregad)
0016061: [administration] Enable bitwise operations to set log levels (dregad)
0016062: [code cleanup] Defining new constants to replace hardcoded strings (dregad)
0009701: [installation] Install/upgrade shouldn't need admin user when DB already exists (dregad)
0015205: [installation] Installer should ask admin for the default timezone to use (dregad)
0016468: [html] Box "assigned" will not be shown if empty (dregad)
0016029: [preferences] Impossible to copy columns to/from a subproject when parent is selected (dregad)
0016357: [installation] install.php: Retry overwrites database password (dregad)
0007632: [installation] Create operational database user at time of installation (dregad)
0007635: [installation] Install script can't get MySQL version if database user doesn't exist or doesn't have access privileges (dregad)
0013937: [filters] Versions and Categories from existing filter not preselected when editing it (dregad)
0016568: [html] Remove vendor specific CSS for rounded corners (atrol)
0016810: [customization] $s_os in custom_strings_inc.php partially ignored (atrol)
0007737: [filters] Changed(hrs) filter (dregad)
0010912: [installation] Move code from admin/install.php to a new API file within core (and make plugins also use this API) (dhx)
0016554: [bugtracker] Project privacy change from public to to private kicks manager out (dregad)
0016584: [filters] Error when query bug by custom-field (date) in postgresql (dregad)
0016849: [attachments] Drop FTP support (vboctor)
0016891: [email] Update DisposableEmailChecker to v2 and change to submodule (vboctor)
0016941: [db mysql] Change default db type from mysql to mysqli (dregad)
0016970: [localization] Hardcoded file size unit 'k' (dregad)
0016951: [localization] String 'Due date was' is hardcoded into core files (dregad)
0016969: [administration] Missing check for db_table_plugin_prefix in admin checks (dregad)
0017117: [localization] Plugin description translation not displayed (dregad)
0007179: [db oracle] limit selection required for oracle (probleme viewed at the page my_view_page.php) (dregad)
0007190: [db oracle] error in filter_api with date filter (dregad)
0009314: [db mssql] ADODB GetRowAssoc does not work (dregad)
0011549: [installation] PHP include_path change restriction (dregad)
0015427: [db mssql] Deploy mantis with MSSQL and UTF8 (dregad)
0016446: [api soap] Merge MantisConnect configs into MantisBT standard configs (vboctor)
0016850: [customization] Add config folder for customization files (vboctor)
0017176: [html] Add the possibility to define the x-ua-compatible meta (dregad)
0017184: [api soap] Anonymous authentication to soap api (vboctor)
0017185: [api soap] Read-only access via soap api should be available to VIEWER level (vboctor)
0017233: [api soap] Fix the license in the SOAP API file headers (vboctor)
0010488: [db oracle] Inserting strings > 4000 Bytes not working -> direct file upload and email (dregad)
0012248: [db postgresql] Problem updating from 1.1.8 to 1.2.0 (dregad)
0015699: [db postgresql] Upgrade 1.2.10 to 1.2.14 Issues (dregad)
0016392: [db postgresql] Bool columns in pgsql system created before MantisBT 1.1.0 have smallint type in DB (dregad)
0014538: [security] plugins directory must be secured/fixed. (grangeway)
0017377: [code cleanup] Reduce unneeded global Variables: g_libraries_included (grangeway)
0017370: [bugtracker] Roadmap+Changelog display "0" instead of project name in error message (dregad)
0017378: [code cleanup] Reduce unneeded global Variables: g_api_included (grangeway)
0017381: [security] Provide additional random number generators (grangeway)
0017385: [administration] Removal of copy_fields utility (grangeway)
0015589: [db postgresql] Upgrade fails with postgresql (dregad)
0016878: [db mssql] Install triggers varchar to datetime conversion error on sql server 2008 (dregad)
0016975: [localization] Invalid enumeration string value displayed if localized value does not exist (dregad)
0017376: [performance] Perf: use sprintf over utf8_str_pad (dregad)
0017359: [plug-ins] Errors when loading a plugin's page when its dependencies are not met (dregad)
0017366: [plug-ins] Remove direct access to global variable in plugin.php (dregad)
0017368: [plug-ins] Provide plugin's basename in error messages (dregad)
0017380: [security] IIS: add web.config to deny access to config/ (grangeway)
0017411: [change log] Empty change log is confusing (vboctor)
0017412: [roadmap] Empty roadmap is confusing (vboctor)
0017520: [filters] "Project not found" error after deleting project (dregad)
0005466: [bugtracker] Changes are overwritten (dregad)
0002814: [feature] Prefix CSS class names (daryn)
0005037: [relationships] No more rel. graphs with PHP 4.3.10 and Win2K (grangeway)
0017501: [administration] Default $g_display_errors setting should reflect what an admin would want to use (dregad)
0005147: [filters] Suppress product version in filters too (daryn)
0006178: [reports] relationship graph is empty (grangeway)
0006447: [filters] The filter table columns shouldn't be used to divide the "Search/Filters" row at the bottom of the table. (daryn)
0006497: [filters] Setting view_filters to ADVANCED_ONLY or SIMPLE_ONLY only takes into effect after changing a filter (daryn)
0006620: [reports] Relationgraph is not displayed (grangeway)
0006700: [filters] Inconsistent behavior on filter select box (daryn)
0008207: [sql] mantis_project_hierarchy_table allows duplicate rows (grangeway)
0008250: [administration] Create Project - Show upload path defined in absolute_path_default_upload_folder (dhx)
0008276: [customization] When set a filter to a value different than the default, the color could be changed (atrol)
0009828: [bugtracker] Reopen issue access check is wrong (dhx)
0010226: [email] No email on 'update->assign' (dhx)
0010884: [customization] Make 'edit', 'delete', and 'make private' buttons on bugnotes independently configurable (dhx)
0010914: [code cleanup] Make db_get_table behave like plugin_table (dhx)
0011291: [attachments] Add support for Lighttpd's X-Sendfile method for sending attachments stored locally (dhx)
0011320: [administration] Provide a way to disable the raw configuration management (vboctor)
0011396: [feature] difference between closed and resolved (dhx)
0011404: [bugtracker] Record dropping of bug revisions in bug history (dhx)
0011405: [bugtracker] Add link to bugnote revisions under "Updated on" line (for bugnotes that have at least 1 edit) (dhx)
0011494: [bugtracker] Don't allow *_inc.php files to be called directly (dhx)
0011495: [bugtracker] Cannot move core, library and language directories out of wwwroot (dhx)
0011552: [bugtracker] No errors shown when actiongroup tag attaching fails (dhx)
0011554: [bugtracker] Status legend should react to current filter settings (dhx)
0011576: [administration] New and improved check.php for checking MantisBT installation settings/environment (dhx)
0011728: [attachments] Attachments error when downloading or viewing (dhx)
0011732: [integration] Remove built-in source code integration support (dhx)
0011738: [authentication] $g_session_key parameter is not working (dhx)
0011758: [feature] Adding a bug note should not change the status of the issue (dhx)
0011804: [security] allow_reporter_reopen lets reporter make any update, not just reopen (dhx)
0011893: [html] Patch: XHTML validity, semantics and styleability improvements (dhx)
0011896: [html] Remove [^] "open in new window" suffix from links (dhx)
0011897: [html] Refactor footer of pages using XHTML/CSS and allow user-specified copyright notice (dhx)
0011908: [html] CSS class names on View Issues page (patch) (dhx)
0011967: [plug-ins] Problems with EVENT_UPDATE_BUG (dhx)
0011995: [html] Add CSS IDs to html elements for styling and javascript access. (daryn)
0012085: [bugtracker] Deprecate $g_allow_close_immediately (dhx)
0012094: [bugtracker] ERROR_BUG_READ_ONLY_ACTION_DENIED is not obsolete but ERROR_BUG_RESOLVED_ACTION_DENIED is (dhx)
0012095: [bugtracker] bug_monitor_copy() should check users exist (dhx)
0012096: [feature] On marking an issue as a duplicate add the reporter and handler to the monitor list of the destination bug (dhx)
0012205: [bugtracker] Do not leave feedback status when the handler adds a note (dhx)
0012327: [filters] Enhance plugin filters to allow developers to specify the number of columns to use in the bug filter. (daryn)
0012509: [code cleanup] replacement for file_get_extension (dhx)
0012571: [db mssql] Some configuration options cannot be saved to MS SQL Server (fix attached) (grangeway)
0012696: [documentation] Typo error on the admin config fields page in documentation (dhx)
0012852: [customization] Customization per project are not handled correctly on my view page. (daryn)
0013236: [plug-ins] add event to print attachment (dregad)
0002609: [email] Support multiple valid e-mail domains. (grangeway)
0005245: [administration] Account profile contains Version, while report issue contains product build and OS Version (grangeway)
0007118: [bugtracker] Report Issue: attaching an oversized file raises wrong error message in bug_report.php/gpc_get (gpc_api.php) (grangeway)
0011802: [bugtracker] Update Product Version of multiple bugs (dregad)
0012620: [plug-ins] Plug-ins included through function (dhx)
0014112: [bugtracker] maximum execution time when uploading (grangeway)
0006444: [feature] "Add and edit category" button (dregad)
0012013: [plug-ins] Improvements for plugin ImportExportXml (and required core changes) (dregad)
0012541: [api soap] mc_issue_note_add function not honoring reporter data (vboctor)
0015869: [api soap] API call mc_login with valid LDAP user which is not in mantis DB -> result: login failed (vboctor)
0016610: [documentation] Suggestion for Admin Guide: Vars' default values on new line (dregad)
0017410: [time tracking] Time tracking information is not included in issue print page (vboctor)
0017455: [authentication] BASIC_AUTH does not work for SOAP requests (vboctor)
0017533: [customization] Adding assoc arrays via config page converts numbers to strings (vboctor)
0017809: [performance] Store config entries json encoded (grangeway)
0017825: [custom fields] Clarify separator that can be used to separate possible values (vboctor)
0008762: [feature] Incorrect categories sorting in the report issue. (vboctor)
0009260: [bugtracker] Manage Columns doesn't work per project (vboctor)
0010730: [security] Improve random number generation with openssl_random_pseudo_bytes (dhx)
0011981: [security] Do not allow to send a reminder on a private issue to users under threshold (dhx)
0012253: [feature] Graphviz Graph to display workflow - PATCH
0012368: [security] Remove input side XSS validation of user real names (dhx)
0012666: [html] Mantis uses Refresh: on IIS instead of Location: (dhx)
0013699: [customization] Changing columns for single projects (vboctor)
0014852: [installation] Installation fails during install with postgres as DB (dregad)
0016024: [security] When user reports an issue, the unpermitted project can be selected (dregad)
0017932: [javascript] CSP violation errors in view_all_bug_page.php (dregad)
0017851: [ui] view_user_page.php is not updated to new styles (vboctor)
0017834: [ui] Change button like links in filter box to buttons (syncguru)
0017815: [ui] Search user box is stretched out (syncguru)
0017830: [filters] Collapse filter box by default (vboctor)
0017831: [ui] View Issue page UI tweaks (syncguru)
0017912: [bugtracker] Summary submenu displays "\n" on the page (dregad)
0011826: [security] Remove all inline JavaScript from MantisBT (use external scripts instead) (dhx)
       0009117: [javascript] Please remove projax from mantis (dhx)
       0012631: [javascript] Replace old inline dynamic filter code with jQuery equivalent (dhx)
0017916: [ui] Login form is stretched on large resolutions (syncguru)
219 issues View Issues