Maintenance release

  • 0030791: [security] Allow adding relation type noopener/noreferrer to outgoing links (dregad)
  • 0030835: [ui] unreachable submit button (Update Information) on issue update when using tab key (dregad)
  • 0030841: [api rest] Update Slim Framework to 3.12.4 (dregad)
  • 0030814: [signup] Captcha audio not working (dregad)
  • 0030794: [signup] Captcha image not showing on PHP 8.1 (dregad)
  • 0030772: [security] Update moment.js to 2.29.4 (dregad)
  • 0030793: [bugtracker] config_flush_cache() doesn't clean the eval cache for individual options (dregad)
  • 0030777: [upgrade] Scalar typehint is not supported in PHP 5.x (dregad)
  • 0030771: [ldap] Poor error handling when $g_login_method = LDAP and PHP extension missing (dregad)
  • 0024720: [ldap] Editing user with use_ldap_email = ON empties email address (dregad)
8 of 10 issue(s) resolved View Issues

Feature and maintenance release. New configuration options were added to control access to Export and Print Report features (see 0022224). The default value for the latter was set to UPDATER for security reasons (see 0025492); to restore earlier behavior, administrators should set $g_print_reports_threshold = VIEWER;.

  • 0024689: [administration] Remove clickable alphanumeric index in manage_user_page.php
  • 0020577: [plug-ins] Consistent use of EVENT_UPDATE_BUG_DATA
  • 0028860: [localization] Incorrectly configured serbo-croatian (sh) language
  • 0021908: [security] Weakened security headers in 2.0.x
  • 0030415: [api rest] Delete / Update versions via REST API (community)
  • 0020431: [db schema] Use utf8mb4 charset for new MySQL installations (dregad)
  • 0008141: [bugtracker] Issue reporters should be able to update their own issues (atrol)
  • 0021820: [attachments] Support adding an attachment when editing an issue (cproensa)
  • 0021819: [attachments] Support adding an attachment from change status page (cproensa)
  • 0030047: [bugtracker] After login with HTTP_AUTH user is redirected to "main_page.php" (dregad)
  • 0022839: [authentication] Deprecate MD5 login method and replace with BCRYPT hash (dregad)
  • 0024628: [markdown] Double quotes " and lesser than sign < are shown as HTML entity within Markdown code blocks (dregad)
  • 0022408: [custom fields] Custom field's value logged as changed in history, when it wasn't changed (dregad)
  • 0028831: [ui] Improve date filter fields display (label and "no filter" text) (dregad)
  • 0021694: [ui] inconsistent presentation of required fields (syncguru)
  • 0020307: [printing] Print issue page needs to adjust formatting for tags and relationship handler (vboctor)
  • 0027807: [bugtracker] Prevent silent update of invalid enum fields when editing issue (dregad)
  • 0026929: [api rest] Support user account unlock via REST API (dregad)
  • 0020874: [ui] Content Security Policy blocked embedded images added by Chrome Extension (vboctor)
  • 0017577: [performance] Improve print_user_option_list() performance (dregad)
  • 0027572: [administration] Improve management of failed logins and locked accounts (dregad)
  • 0024241: [markdown] $g_html_valid_tags are not rendered if Markdown is enabled (dregad)
  • 0024188: [ui] Update issue history code to display user names via standard APIs
  • 0022841: [authentication] Don't truncate password when it exceeds db field size (dregad)
  • 0022840: [authentication] Don't expire user sessions when updating password hash after login method change (dregad)
  • 0020540: [attachments] Implement upgrade step to cleanup corrupt disk attachments after db->disk conversion (dregad)
  • 0022464: [custom fields] Loose type comparison can prevent custom field update (dregad)
  • 0019964: [authentication] Wrong anonymous rights application (dregad)
  • 0030773: [performance] Only load dynamic CSS status_config.php when necessary (dregad)
  • 0030790: [ldap] Deprecated conversion of false to array in ldap_api.php with PHP 8.1 (dregad)
  • 0029025: [email] Update PHPMailer to 6.6.3 (dregad)
  • 0030551: [administration] Project Edit Page improvements (dregad)
  •        0030423: [ui] Regroup the 2 Subprojects sections on Manage Project Edit page (dregad)
  •        0030550: [ui] Buttons' vertical size is slightly smaller than other form elements (dregad)
  •        0030494: [javascript] list.js navigation buttons scrolling to top of page (dregad)
  •        0028606: [administration] Incorrect filtering of users on Manage Project / Accounts (dregad)
  •        0030490: [javascript] list.js library causing CSP violation in manage_proj_edit_page.php (dregad)
  •              0030494: [javascript] list.js navigation buttons scrolling to top of page (dregad)
  •        0028562: [administration] Undefined constant ERROR_VERSION_NO_ACTION and missing matching error message (dregad)
  •        0028557: [administration] Inconsistent use of hyperlink instead of button to edit Custom Fields in Edit Project page (dregad)
  •        0030435: [ui] Manage Project Edit page should redirect to relevant section after updates (dregad)
  •        0027274: [ui] Move Delete buttons into main form (dregad)
  • 0027383: [administration] Refactor and improve output of 'test_langs.php' admin script (dregad)
  • 0030447: [administration] Detect invalid HTML in language strings (dregad)
  • 0030429: [other] Upcoming incompatibility with PHP 8.2, "Deprecate ${} string interpolation" RFC (dregad)
  • 0024621: [html] Closing </div> tag missing in sign up page (dregad)
  • 0030428: [installation] admin/check.php script says upload_max_size but actually checks upload_max_filesize (atrol)
  • 0030278: [code cleanup] Removing unused CUSTOM_FIELD_TYPE_xxx constants (dregad)
  • 0030279: [ui] Text Custom Field columns should be left-aligned (dregad)
  • 0027114: [ui] Long unbreakable text does not auto wrap in bug details page (community)
  • 0029585: [email] Unable to set the In-Reply-To header to a domain different from the current one (community)
  • 0029583: [email] Support for sending emails with CC and/or BCC (community)
  • 0029454: [email] monitor receives no mails if he is not project member (atrol)
  • 0030283: [html] Invalid 'literal' tag used in MantisCoreFormatting language strings (dregad)
  • 0022224: [bugtracker] Access Restrictions to "Print Reports", "CSV Export", "Excel Export" in view all bugs page (dregad)
  • 0025492: [security] Printing (print_all_bug_page) is a perf/security risk (dregad)
  • 0030192: [change log] Changelog/Roadmap items are printed without any structure (dregad)
  • 0028618: [bugtracker] Category empty but required does not prevent form submission on Firefox Windows and Safari (dregad)
  • 0028902: [db mssql] APPLICATION ERROR 0000401 / Error MSSQL 4145 when view all bugs for 1000 projects or more (atrol)
  • 0029903: [relationships] Wrong html syntax
  • 0022109: [ui] Bugnotes links tilde ' ~' sign rendered as dash '-' in View page (dregad)
  •        0028964: [tools] New build script to download updated font files (dregad)
  • 0029882: [tools] Enable PHP 8.1 builds on Travis-CI (dregad)
  • 0029616: [bugtracker] collapse_settings cookie is hardcoded (dregad)
  • 0029611: [bugtracker] Cookies "SameSite" attribute triggers warnings in Firefox console (dregad)
  • 0028122: [administration] Improve handling of project assignment in manage_user_edit_page.php (dregad)
  • 0022371: [wiki] Support for WackoWiki (dregad)
  • 0029517: [authentication] Login redirection to plugin credentials page for non-existent user (community)
  • 0028015: [db schema] Update ADOdb to 5.21.4 (dregad)
  •        0028068: [db mssql] Impossible to insert child records with ADOdb 5.21.0 on mssql (dregad)
  •        0028069: [db postgresql] PHP notices leading to unusable system with ADOdb 5.21.0 on pgsql (dregad)
  •        0026599: [db schema] Behavioural changes for BLOBs in ADOdb 5.21
  • 0029269: [administration] Filter settings are not available on "Workflow Thresholds" page (atrol)
  • 0028965: [attachments] Show issue attachments along with issue header information (vboctor)
  • 0029230: [ldap] Can't set a custom field for ldap email (dregad)
  • 0026148: [ui] Add hash to MantisBT CSS files to force browser cache update (vboctor)
  • 0029027: [other] function gpc_set_cookie() ignores $p_httponly argument (community)
  • 0028963: [administration] Do not buffer output for CLI scripts (dregad)
  • 0028918: [upgrade] Improve handling of unserialize->json conversion during upgrade (dregad)
  • 0029026: [administration] Language checks should warn about languages not defined in config (dregad)
  • 0008664: [localization] Translation in EspĂ©ranto (dregad)
  • 0028861: [localization] Incorrectly configured saraiki language (dregad)
  • 0028905: [localization] String optimizations for English language (atrol)
  • 0028826: [ui] Removing vertical lines in tabular presentation to reduce clutter (community)
  • 0028528: [administration] Outdated PostgreSQL version information in Admin Checks (dregad)
  • 0028648: [localization] New Hindi Language Translation (dregad)
  • 0025956: [installation] Increase minimum PHP requirement to 7.0 (dregad)
  • 0028830: [code cleanup] Remove PHP < 5.4 compatibility code from user_get_all_accessible_projects() (dregad)
  • 0026998: [plug-ins] Event on access level modifications (dregad)
  • 0028533: [bugtracker] print_form_button() generates bad security token name for plugin action page (dregad)
  • 0028668: [localization] Missing language codes in browser's auto map (dregad)
  • 0028182: [ui] progress bar on the title bar (road map) (dregad)
  • 0028525: [administration] Using MySQL 8.0 gives warning in admin checks (atrol)
  • 0028114: [code cleanup] Invalid HTML in manage_user_edit_page.php (dregad)
  • 0028124: [ui] Visually align the 1st column's width in manage_user_proj_delete.php (dregad)
  • 0028119: [code cleanup] Calling user_get_field() with non-existing user throws incorrect warning (dregad)
  • 0028120: [performance] Improve performance of user_pref_clear_invalid_project_default() (dregad)
67 of 96 issue(s) resolved View Issues