Released 2020-09-25

Security release including 3 CVEs. Many thanks to d3vpoo1 ( for identifying most of the issues.

0027268: [security] Admin can get issues assigned to users not allowed to handle them (dregad)
0027039: [security] CVE-2020-25781: Access to private bug note attachments (dregad)
0027275: [security] CVE-2020-25288: HTML Injection on bug_update_page.php (dregad)
0027276: [security] Send reminder to viewer (dregad)
0027283: [security] Admin can set viewer as a tag creator (dregad)
0027284: [plug-ins] Priority can override to any positive integer (dregad)
0027299: [code cleanup] Remove code duplication in File API (dregad)
0027303: [code cleanup] When processing categories, it is not necessary to know the project id (dregad)
0027304: [security] CVE-2020-25830: HTML Injection in bug_actiongroup_page.php (dregad)
9 issues View Issues