mantisbt - Change Log
0027268: [security] Admin can get issues assigned to users not allowed to handle them (dregad) 0027039: [security] CVE-2020-25781: Access to private bug note attachments (dregad) 0027275: [security] CVE-2020-25288: HTML Injection on bug_update_page.php (dregad) 0027276: [security] Send reminder to viewer (dregad) 0027283: [security] Admin can set viewer as a tag creator (dregad) 0027284: [plug-ins] Priority can override to any positive integer (dregad) 0027299: [code cleanup] Remove code duplication in File API (dregad) 0027303: [code cleanup] When processing categories, it is not necessary to know the project id (dregad) 0027304: [security] CVE-2020-25830: HTML Injection in bug_actiongroup_page.php (dregad)
Security release including 3 CVEs. Many thanks to d3vpoo1 (https://gitlab.com/jrckmcsb) for identifying most of the issues.
9 issues View Issues