2008.12.09 - 1.1.6
This release fixes once and for all the caching troubles from previous stable releases, some
access permissions bugs, and a few various other issues. This release also improves the existing
source control integration by allowing remote checkins.
- 0009893: [administration] Users can change status on ViewOnly Tasks (jreese) - resolved.
- 0009815: [bugtracker] gpc_get_string_array() sometimes returns non-arrays (thraxisp) - resolved.
- 0009869: [bugtracker] application error 2800 still in version 1.1.5 (jreese) - resolved.
- 0009888: [bugtracker] Issue History Problem... build, os, os_version, and platform are not looking right and are not effected by language files. (jreese) - resolved.
- 0009890: [bugtracker] Case of extension for inline image is not ignored (jreese) - resolved.
- 0009900: [customization] Allowing update issue status disables the function to administrator (thraxisp) - resolved.
- 0008847: [integration] Revamp SVN and CVS integration (jreese) - resolved.
- 0009651: [other] Version copy from parent project copies incorrect date (jreese) - resolved.
- 0009928: [other] Inconsistent uses of file extension configuration settings. (jreese) - resolved.
2008.11.21 - 1.1.5
This release solves more issues relating to the security fixes introduced by 1.1.3, as well as various other minor bugs.
- 0009713: [authentication] Users are unable to confirm registration (jreese) - resolved.
- 0009017: [bugtracker] SYSTEM WARNING implode() [function.implode]: Bad arguments. (jreese) - resolved.
- 0009738: [bugtracker] Browser caching should be enabled on bug_change_status_page.php (jreese) - resolved.
- 0009748: [bugtracker] Port 9737: bugnote_add.php contains undefined t_note_type (vboctor) - resolved.
- 0009754: [bugtracker] Failed to report issue (APPLICATION ERROR #2800) (jreese) - resolved.
- 0009714: [csv] Error message/warning, if HTTP_USER_AGENT is not set (jreese) - resolved.
- 0009808: [db mysql] Linking Sub-Projects to a project -> APPLICATION ERROR #200 (jreese) - resolved.
- 0009760: [other] Mantis checks $g_allow_browser_caching setting incorrectly (jreese) - resolved.
- 0009780: [tagging] Changing project in Tag Details view gives "APPLICATION ERROR #200" (jreese) - resolved.
- 0009803: [tagging] Tags field in filter should not be shown when user has no access to tags (jreese) - resolved.
2008.10.18 - 1.1.4
We had to withdraw 1.1.3 because of a serious flaw affecting the bug_report*
pages. This new release fixes that problem and a newly discovered security issue.
- 0009704: [security] Remote Code Execution in manage_proj_page.php (giallu) - resolved.
- 0009691: [bugtracker] Failed to report issue.(Always APPLICATION ERROR #2800) (jreese) - resolved.
- 0009690: [other] Wrong parameter count for session_set_cookie_params() (jreese) - resolved.
- 0009693: [webpage] Generated HTML contains multiple hostnames when proxied (jreese) - resolved.
2008.10.09 - 1.1.3
In this release we fixed a couple of nasty bugs sneaked into 1.1.2, where sending bugnotes email notifications would fail and browser caching was not functional.
We also refined the implementation of form security tokens and closed a couple of security issues, an information disclosure (with no CVE) and a session hijacking (CVE-2008-3102).
- 0009321: [security] Users can get title and status of issues that they don't have access to. (vboctor) - resolved.
- 0009533: [security] Mantis should use secure sessions on https connections (jreese) - resolved.
- 0009286: [administration] stray "2" in manage_user_prune.php (vboctor) - resolved.
- 0009664: [authentication] Logout without unsetting session cookie (jreese) - resolved.
- 0009323: [bugtracker] Browser caching broken since 1.1.2 (jreese) - resolved.
- 0009470: [bugtracker] Tags filter not filling into text field when selecting from list using Internet Explorer (jreese) - resolved.
- 0009493: [custom fields] Removing custom fields from project causes application error 2800 (giallu) - resolved.
- 0009309: [email] Problems with e-mail notifications about bugnotes [PATCH] (giallu) - resolved.
- 0004678: [filters] Filter combos don't fill up on if switched to 'All Projects' - closed.
- 0009430: [graphs] bug_graph_bystatus shows heading by_category (thraxisp) - resolved.
- 0009431: [localization] no localization for usage of open, resolved, closed in bug_graph_bystatus.php (thraxisp) - resolved.
- 0008882: [other] Gravatar causes annoying security popups on IE when using Mantis over HTTPS/SSL (jreese) - resolved.
- 0009361: [other] php session fail created cause mantis app error. (jreese) - resolved.
- 0009560: [other] Wrong behaviour in Session API (session_save_path error message) (jreese) - resolved.
- 0009672: [other] Fixing form error by going back fails because of security token (jreese) - resolved.
- 0009343: [scripting] form security token prevents changing relationship while resolving bug (jreese) - resolved.
2008.06.17 - 1.1.2
This release focused on fixing few security issues; also includes assorted fixes for translations, usability and compatibility (most notably, with postgres) and a nasty memory leak on the string API causing incomplete rendering of pages. All users are advised to upgrade.
- 0008974: [security] XSS Vulnerability in filters (thraxisp) - closed.
- 0008975: [security] CSRF Vulnerabilities in user_create (jreese) - closed.
- 0008976: [security] Remote Code Execution in adm_config (giallu) - closed.
- 0009154: [security] arbitrary file inclusion through user preferences page (giallu) - closed.
- 0008123: [administration] Adding a user requires "$g_lost_password_feature = ON" (giallu) - closed.
- 0008924: [bugtracker] Port 8245: Target Version value lost in update issue page (giallu) - closed.
- 0008886: [change log] Change Log shows duplicate entries (jreese) - closed.
- 0008880: [db postgresql] Problem with date formatting in db_prepare_date function (giallu) - closed.
- 0009176: [db postgresql] Port 0008699: Get Time Tracking Information return a SQL query error (vboctor) - closed.
- 0009177: [filters] Port 0008916: Monitor by filter ignores show_monitor_list_threshold (vboctor) - closed.
- 0008830: [installation] set_time_limit() doesn't work in PHP safe mode (daryn) - closed.
- 0008858: [integration] DokuWiki integration: EMail notification on wiki page changes not working (vboctor) - closed.
- 0008774: [localization] Complete Hungarian retranslation (vboctor) - closed.
- 0009186: [localization] Port 0009046: French translation for $s_bug_assign_to_button (vboctor) - closed.
- 0009178: [other] Fix memleak in string api (vboctor) - closed.
- 0009208: [other] Several actions on bug update page lead into System Warning and App. Error (daryn) - closed.
- 0008931: [relationships] Circle Relations cause roadmap to malfunction (jreese) - closed.
- 0008853: [roadmap] Issue appears more than once in the Roadmap for a release. (jreese) - closed.
- 0007764: [scripting] APPLICATION WARNING #100: Configuration option 'category_enum_string' not found (vboctor) - closed.
- 0009183: [time tracking] Port 0008357: "Total time for issue" is shown even for users under threshold (vboctor) - closed.
- 0009184: [time tracking] Port 0008849: Emails ignore time tracking view threshold (vboctor) - closed.
- 0009185: [time tracking] Port 0008621: The expand icon is inverted for the Time tracking section (vboctor) - closed.
2008.01.19 - 1.1.1
This is a maintenance release for the 1.1.x branch. It includes a fix for PHP 4 support (#8681 stripos), several fixes for SOAP API, a security fix, and other minor bug fixes.
- 0008756: [security] "Most active bugs" summary XSS vulnerability (giallu) - resolved.
- 0008759: [api soap] Improve error handler to report location of errors (vboctor) - resolved.
- 0008767: [api soap] incorrect date and time handling in mc_project_version_add and mc_project_version_update (planser) - resolved.
- 0008683: [api soap] mc_projects_get_user_accessible raises SYSTEM NOTICE, but it should not (vboctor) - resolved.
- 0008695: [api soap] Error with attachments - Method DISK (planser) - resolved.
- 0008662: [bugtracker] Unneeded executable bits on mantis modules (giallu) - resolved.
- 0008738: [bugtracker] Could not create bug if project have not categorys and g_default_bug_category is empty (vboctor) - resolved.
- 0008770: [email] Sending queued emails is still attempted even if email notifications are turned OFF, causing errors (vboctor) - resolved.
- 0008707: [filters] "My View" shows warnings about "sort" / "dir" not defined (vboctor) - resolved.
- 0008708: [graphs] graph fails with error claiming bad colour name (thraxisp) - resolved.
- 0008732: [graphs] Many options on bug_graph_page.php broken, inconsistent, incomplete (thraxisp) - resolved.
- 0008684: [installation] UPGRADING file missing in doc (thraxisp) - resolved.
- 0008742: [localization] "actiongroup_error_issue_is_readonly" isn't defined (vboctor) - resolved.
- 0008758: [localization] Application error 18 with russian language (vboctor) - resolved.
- 0008692: [localization] Russian translation update. (vboctor) - resolved.
- 0008681: [upgrade] Mantis 1.1.0 has a dependency on stripos which was added in PHP 5 (vboctor) - resolved.
- 0008721: [upgrade] css and icon paths incorrect (vboctor) - resolved.
2007.12.19 - 1.1.0
- 0008679: [security] XSS Vulnerability in view.php , Attached Files (vboctor) - resolved.
- 0008591: [api soap] Error in api/soap/mc_filter_api.php#mc_filter_get() (planser) - resolved.
- 0008602: [api soap] Provide a SOAP friendly error handler (vboctor) - resolved.
- 0008604: [api soap] Wrong URL in E-Mail notifications by changes via webservice (vboctor) - resolved.
- 0008617: [api soap] mc_version() should return the Mantis version (vboctor) - resolved.
- 0008644: [api soap] Many errors of type SYSTEM NOTICE are thrown (planser) - resolved.
- 0008661: [bugtracker] Possible crash condition leading to blank or incomplete page (giallu) - resolved.
- 0008674: [email] Php script for sending mail via cronjob raise error when lang set to auto (vboctor) - resolved.
- 0008499: [graphs] Many graphs show "not enough data to create graph" after upgrading from 1.1.0a2 (jreese) - resolved.
- 0008567: [installation] cannot install on shared webserver, core/*.php inconsistent use of require_once($t_core_dir) (vboctor) - resolved.
- 0008437: [localization] Update to italian translation (giallu) - resolved.
- 0008645: [roadmap] Issue appears more than once in the Roadmap for a release. (jreese) - resolved.
2007.11.23 - 1.1.0rc3
- 0008494: [api soap] Remove backward compatibility code from SOAP API (vboctor) - resolved.
- 0008519: [api soap] Name collision between NuSoap SoapClient and PHP 5 Soap extension (vboctor) - resolved.
- 0008525: [api soap] mc_projects_get_user_accessible() shouldn't return ALL_PROJECTS (vboctor) - resolved.
- 0008541: [api soap] $g_mc_error_when_version_not_found is not defined (vboctor) - resolved.
- 0008566: [api soap] mc_project_version_add() doesn't set the date_order field correctly (vboctor) - resolved.
- 0008592: [api soap] Error in api/soap/mc_file_api.php#mc_file_add() (vboctor) - resolved.
- 0007646: [bugtracker] Show content link should change to Hide content when clicked (giallu) - resolved.
- 0008509: [bugtracker] Empty Note is added when updating issue (giallu) - resolved.
- 0008589: [bugtracker] file_download.php doesn't work with attachment names that contain accentuated characters when using Firefox (vboctor) - resolved.
- 0008564: [db db2] Attempting installation of MANTIS400, table not being created (slashsplat) - resolved.
- 0008511: [email] send_emails.php is missing <?php at the start of the file (giallu) - resolved.
- 0008238: [filters] urldecode() error on creating PermaLink (MartinFuchs) - resolved.
- 0008524: [integration] core/checkin.php is missing toplevel <? causing the script to fail. (vboctor) - resolved.
- 0008063: [other] mantis_version shouldn't be in the configuration file (jreese) - resolved.
- 0008263: [scripting] smaller issue in email address recognition (jreese) - resolved.
2007.10.23 - 1.1.0rc2
- 0008467: [security] Users can login using the MD5 hash of the password (vboctor) - resolved.
- 0008480: [security] XSS Vulnerability in Tag details, Attach Tags (jreese) - resolved.
- 0008457: [administration] Removing a userdefined field from project results in APPLICATION ERROR #203 (vboctor) - resolved.
- 0008490: [administration] Undefined variable: t_version in manage_proj_ver_copy.php (vboctor) - resolved.
- 0008492: [api soap] Add attachment succeeds but creates broken attachment if upload path not found (vboctor) - resolved.
- 0008493: [api soap] Attachments created via SOAP API don't honor attachments_file_permissions config option (vboctor) - resolved.
- 0008241: [customization] Disable Roadmap (vboctor) - resolved.
- 0007787: [feature] Robust threading of e-mails using MIME headers (giallu) - resolved.
- 0008465: [filters] collapse filter section as default (giallu) - resolved.
- 0008254: [integration] Gravatar integration should handle empty email addresses (giallu) - resolved.
- 0008446: [localization] Update Estonian Language (vboctor) - resolved.
- 0008459: [localization] Update catalan translation (vboctor) - resolved.
- 0008463: [localization] re-authentication button does not appear in user's language (jreese) - resolved.
- 0008468: [localization] $s_select_option is missing in german language (vboctor) - resolved.
- 0008489: [localization] Update Japanese Localization for 1.1.0rc2 (vboctor) - resolved.
- 0005612: [other] Redirect time ignored in preferences (giallu) - resolved.
- 0007497: [other] Summary page is little of Garble (vboctor) - resolved.
- 0007999: [other] Project list view corrupted (vboctor) - resolved.
- 0008378: [other] Select custom avatar for default Gravatar image. (giallu) - resolved.
- 0008476: [other] Add a service to disposable email address checker (zakman) - resolved.
- 0008500: [other] Empty entry in "Category" drop down (vboctor) - resolved.
- 0008475: [printing] Function used two times in the same file (only one is necessary) (vboctor) - resolved.
- 0008461: [signup] signup_page and lost_pwd_page don't work if anonymous access not enabled (vboctor) - resolved.
- 0008443: [tagging] creating new tags for multi-selection (jreese) - resolved.
- 0008454: [time tracking] time tracking sum on request wrong (vboctor) - resolved.
2007.10.03 - 1.1.0rc1
- 0008286: [security] Add .htaccess to block access to core/, doc/, lang/, packages/ (vboctor) - resolved.
- 0008312: [security] Install script shouldn't include password in the form (jreese) - resolved.
- 0008336: [security] Require re-login for high impact tasks (jreese) - resolved.
- 0008340: [security] Changing password should create a new cookie_string (vboctor) - resolved.
- 0008291: [administration] check.php: Use of undefined constant db_is_connected - assumed 'db_is_connected' (vboctor) - resolved.
- 0008324: [administration] Rendering of "Manage Users" menu link ignores $g_manage_user_threshold (giallu) - resolved.
- 0008343: [administration] Admin created users bypass realname validity check (vboctor) - resolved.
- 0008380: [administration] Deleting old user Account results in Database inconsistency (vboctor) - resolved.
- 0008231: [bugtracker] Summary "By Date" shows suspicious totals (giallu) - resolved.
- 0008233: [bugtracker] Long standing issues report on summary page (giallu) - resolved.
- 0008395: [bugtracker] Recently Visited is not displayed. (jreese) - resolved.
- 0007809: [custom fields] Filter "none" on custom fields doesn't work (giallu) - resolved.
- 0007996: [custom fields] Confusion in string values of enumerated custom field due to non strict comparison of strings (zakman) - resolved.
- 0008371: [db db2] Use "days" instead of "to_days" when comparing dates for db2 (vboctor) - resolved.
- 0008384: [db db2] db_table_exists() doesn't work in case of DB2 (vboctor) - resolved.
- 0008385: [db db2] ADODB_db2._insert_id doesn't work (vboctor) - resolved.
- 0008386: [db db2] ADODB_db2 uses an invalid time format which is not accepted by db2 (vboctor) - resolved.
- 0008387: [db db2] adodb2-db2.DBTimeStamp uses TO_DATE() which doesn't work on DB2 (vboctor) - resolved.
- 0008389: [db db2] Remove references to odbc_db2 driver from code (we only support db2) (vboctor) - resolved.
- 0007690: [db mssql] number_format(); bad for SQL statments (vboctor) - resolved.
- 0008327: [documentation] show_extended_project_browser can only be set to OFF or ON (vboctor) - resolved.
- 0008252: [feature] Gravatars and case sensitivity of email addresses (giallu) - resolved.
- 0008237: [graphs] Error in dependency graphs (vboctor) - resolved.
- 0008206: [integration] Add (gr)avatars for users (giallu) - resolved.
- 0006850: [localization] obsolete MANTIS_ERROR (giallu) - resolved.
- 0007647: [localization] [de] Translation change from "Problem" (problem) to "Eintrag" (issue) (vboctor) - resolved.
- 0007720: [localization] Japanese language translation patch (vboctor) - resolved.
- 0007855: [localization] Priority colum header String not taken from strings file (vboctor) - resolved.
- 0008423: [localization] Update German Localization (vboctor) - resolved.
- 0008425: [localization] Update portuguese_brazil localization (vboctor) - resolved.
- 0008428: [localization] Update French Localization (vboctor) - resolved.
- 0008429: [localization] fix miscellanious errors in the german translation files (vboctor) - resolved.
- 0008407: [performance] Add caller function info to queries list (giallu) - resolved.
- 0008412: [performance] When showing queries show the time spent in SQL vs. PHP (vboctor) - resolved.
- 0008413: [performance] Provide a way to show queries for an access level threshold (vboctor) - resolved.
- 0007995: [other] Confusion in product_version values due to string comparisons with == operator (zakman) - resolved.
- 0008188: [other] Consistent use of collapse_api.php (DGtlRift) - resolved.
- 0008283: [other] $g_show_notices and $g_show_warnings should be marked as obsolete (vboctor) - resolved.
- 0008285: [other] File Download generates an E_NOTICE (vboctor) - resolved.
- 0008292: [other] my_view_inc: syntax error (vboctor) - resolved.
- 0008341: [other] Xwiki integration (vboctor) - resolved.
- 0008344: [other] Tokens API Clean-up and Changes (jreese) - resolved.
- 0008388: [other] Undefined variable $p_this_var in helper_api.php (vboctor) - resolved.
- 0008421: [other] Recently visted is showing some serialized filter instead of bug ids (vboctor) - resolved.
- 0008295: [printing] Include the bug history in the printout (zakman) - resolved.
- 0004614: [relationships] Relationship graph: sometimes arrows direction is not correct (vboctor) - resolved.
- 0007846: [relationships] APPLICATION ERROR #1802: Relationship not found (vboctor) - resolved.
- 0008269: [roadmap] Reporting a new issue, ADMIN/MANAGER/DEVELOPER should see field "Target Version" (jreese) - resolved.
- 0008274: [tagging] Implement Keyword Tagging Features (jreese) - resolved.
- 0008311: [tagging] System Notice: Undefined index 'tag_select' in view_all_bug_page.php (jreese) - resolved.
- 0008337: [tagging] Blank page (no data) when invalid tag filter chosen (jreese) - resolved.
- 0008368: [tagging] "Access Denied." when trying to attach a tag to an issue I reported (vboctor) - resolved.
- 0008396: [tagging] Don't allow creating tags if user can't attach them (jreese) - resolved.
- 0008246: [upgrade] Add support for running arbitrary functions (thraxisp) - resolved.
- 0005093: [webpage] Rights in custom menu does not work (vboctor) - resolved.
2007.08.01 - 1.1.0a4
- 0008154: [security] Port: CVE-2007-3215: PHPMailer vulnerability (thraxisp) - resolved.
- 0008164: [security] Potential URL redirection flaw in set_project.php (grangeway) - resolved.
- 0008165: [security] Potential URL redirection flaw in account_prefs_reset.php (grangeway) - resolved.
- 0008166: [security] Potential URL redirection flaw in permalink_page.php (grangeway) - resolved.
- 0008180: [security] Potential URL redirection flaw in login.php (grangeway) - resolved.
- 0008181: [security] Display of database error message could be used to generate Cross site scripting issue (grangeway) - resolved.
- 0007985: [administration] Database Schema that is more up-to-date than code is reported as out-of-date (vboctor) - resolved.
- 0008094: [administration] Managing versions / release schedule accross multiple projects. (vboctor) - resolved.
- 0008144: [administration] Remove obsolete CSS edit tool (vboctor) - resolved.
- 0008224: [authentication] anonymous login is not automatic (vboctor) - resolved.
- 0002950: [bugtracker] Hide Edit or Delete Profile when not needed (grangeway) - resolved.
- 0002996: [bugtracker] page link from email (in browser) - display more than "access denied" (grangeway) - resolved.
- 0003477: [bugtracker] print_mantis_error() function does not display msg. (grangeway) - resolved.
- 0003902: [bugtracker] all logins fail with "Cannot modify header information" (grangeway) - resolved.
- 0007125: [bugtracker] Application Error #200 (grangeway) - resolved.
- 0007531: [bugtracker] Get a wrong (?) error message by upload a big file (grangeway) - resolved.
- 0007812: [bugtracker] Remove white box around jump button in main menu (zakman) - resolved.
- 0007895: [bugtracker] Recently Visited when logged in as Anonymous shows issues i have not visited (giallu) - resolved.
- 0007928: [bugtracker] print_column_eta function missing (vboctor) - resolved.
- 0007842: [bugtracker] File attachment permissions (giallu) - resolved.
- 0007871: [bugtracker] Move "Add Note" pane below previous notes (giallu) - resolved.
- 0007984: [bugtracker] Wrong default value for additional info during report (vboctor) - resolved.
- 0008005: [bugtracker] items cannot be added to projects without categories (vboctor) - resolved.
- 0008018: [bugtracker] Add configuration option to allow/disallow free text in platform, os, and os_build (vboctor) - resolved.
- 0008044: [bugtracker] Edit/Delete bugnote buttons missing (giallu) - resolved.
- 0008067: [bugtracker] show status legend on top AND bottom (zakman) - resolved.
- 0008103: [bugtracker] Cannot modify the bugnote order. (giallu) - resolved.
- 0008111: [bugtracker] No space between date and username in email notifications (grangeway) - resolved.
- 0008147: [bugtracker] 'continue' while outside loop in function print_news_string_by_news_id() (grangeway) - resolved.
- 0008150: [bugtracker] Summary By Date could show also resolved bugs count (giallu) - resolved.
- 0008174: [bugtracker] & is displayed as & stopping us from using Unicode Characters (grangeway) - resolved.
- 0008190: [bugtracker] Showing Access Level in Note details (giallu) - resolved.
- 0008195: [bugtracker] Create Project Info Page (vboctor) - resolved.
- 0008208: [bugtracker] Most popular bug table on summary page (giallu) - resolved.
- 0006633: [change log] Editing a bug in advanced bug update page (grangeway) - resolved.
- 0008214: [change log] Change Log displays the version description as many times as the number of issues show (grangeway) - resolved.
- 0008091: [csv] csv_export doesn't work when project name contains accentuated characters (vboctor) - resolved.
- 0007346: [custom fields] Copy custom fields from one project to another (zakman) - resolved.
- 0007849: [custom fields] filters on custom date field causes SQL error (giallu) - resolved.
- 0007981: [custom fields] Manage projects custom field: Link custom field to project Errors (vboctor) - resolved.
- 0007986: [custom fields] Removing a custom field to project link from manage_custom_field_edit_page.php returns to wrong page (vboctor) - resolved.
- 0007987: [custom fields] Projects that a custom field can be linked to in manage_custom_field_edit_page.php shouldn't include ALL PROJECTS (vboctor) - resolved.
- 0008002: [custom fields] Unable to report issue. Error "data too long" on custom field name (grangeway) - resolved.
- 0008121: [custom fields] Error message doesn't show field name after entering invalid value in custom field (zakman) - resolved.
- 0008047: [db db2] DB2 Support (experimental) (vboctor) - resolved.
- 0005544: [db mssql] MSSQL APPLICATION ERROR 0000401 When Uploading Files (grangeway) - resolved.
- 0007140: [db mssql] Upload File Less than 8 K (grangeway) - resolved.
- 0007912: [db mssql] Time tracking doesn't work- SQL syntax error (grangeway) - resolved.
- 0008220: [db mssql] New summary item contains invalid sql (giallu) - resolved.
- 0007417: [documentation] operating mysql user needs DELETE privilege (grangeway) - resolved.
- 0005138: [email] Bugnote Id doesn't appear in emails (vboctor) - resolved.
- 0007597: [email] Notification e-mail contain no messages. (grangeway) - resolved.
- 0008016: [email] Check Email broken in 1.1.0a3 (vboctor) - resolved.
- 0008077: [email] Block use of disposable email addresses (vboctor) - resolved.
- 0008176: [email] Email Server offline causes a delay in mantis interface (grangeway) - resolved.
- 0008101: [feature] List of involved developers (vboctor) - resolved.
- 0006468: [filters] My View page incorrectly sets filters (grangeway) - resolved.
- 0006725: [filters] Filtering on "duplicate of" fails while "has duplicate" works (giallu) - resolved.
- 0006836: [filters] Switching to "Advanced Filters" (or "Simple Filters") forgets the ?filter=N setting (grangeway) - resolved.
- 0007735: [filters] Filters are lost when clicking on page navigation (vboctor) - resolved.
- 0007982: [filters] "Create Permlink" not reliable (vboctor) - resolved.
- 0007992: [filters] "Create Permalink" should support custom fields (vboctor) - resolved.
- 0007993: [filters] "Create Permalink" should show URL in a Mantis page (vboctor) - resolved.
- 0007487: [graphs] wrong title of dependency-graph (grangeway) - resolved.
- 0004831: [installation] accessing mantis webserver through a proxy websserver (vboctor) - resolved.
- 0007907: [installation] Allow using system adodb (vboctor) - resolved.
- 0008115: [integration] Implement Twitter Integration (vboctor) - resolved.
- 0007733: [ldap] when using LDAP auth blank page upon login if LDAP extension not loaded (grangeway) - resolved.
- 0006217: [localization] [all lang] Wrong fIlename on download (vboctor) - resolved.
- 0007681: [localization] [es] Full review of spanish translation (Bithunter) - resolved.
- 0007730: [localization] [de] Translation change from "Aktualisieren" to "Bearbeiten" (zakman) - resolved.
- 0007961: [localization] Spanish translation (Bithunter) - resolved.
- 0008023: [localization] [all lang] Wrong URL on summary (vboctor) - resolved.
- 0008031: [localization] Update simplified chinese localization to 1.1.0a3 (giallu) - resolved.
- 0008051: [localization] [all lang] Wrong fIlename on print report (zakman) - resolved.
- 0008084: [localization] Spelling mistake in value of string $s_this_bug file lang/strings_spanish.txt (zakman) - resolved.
- 0008113: [localization] Error typo $s_signup_link in Spanish traslation ..... (zakman) - resolved.
- 0008168: [localization] german localisation in the current installation at www.mantisbt.org/bug (giallu) - resolved.
- 0008177: [localization] Extra characters in lang/strings_spanish.txt (giallu) - resolved.
- 0008201: [localization] Sync italian messages (giallu) - resolved.
- 0008221: [localization] Sync italian messages (vboctor) - resolved.
- 0005333: [other] Invalid zip file core/adodb/adodb-time.zip in CVS (giallu) - resolved.
- 0006772: [other] Bugnote ids are numeric, which is not valid HTML (giallu) - resolved.
- 0007138: [other] pages are not valid xhtml 1.0 transitional (giallu) - resolved.
- 0007885: [other] System logging constants (vboctor) - resolved.
- 0008054: [other] Mediawiki integration (vboctor) - resolved.
- 0008138: [other] Add more services to disposable email address checker (zakman) - resolved.
- 0006773: [relationships] When cloning an issue, cannot make it "not related" to parent issue (vboctor) - resolved.
- 0007548: [relationships] Status is underlined using a deprecated HTML element (giallu) - resolved.
- 0008130: [relationships] Custom relationships (grangeway) - resolved.
- 0007947: [roadmap] when bulk assigning target version I get permission messages (vboctor) - resolved.
- 0008194: [roadmap] Roadmap and Changelog list nesting for parent/child issues (grangeway) - resolved.
- 0006116: [rss] "Issues" RSS feed doesn't work when $g_anonymous_account = '' (grangeway) - resolved.
- 0007255: [rss] APPLICATION WARNING #user_get_field() for NO_USER (grangeway) - resolved.
- 0007938: [rss] Replace non free RSS creation class (vboctor) - resolved.
- 0006063: [scripting] APPLICATION ERROR 0000401 on MSSQL while uploading files (grangeway) - resolved.
- 0008159: [scripting] Provide MantisConnect webservice out of the box as the Mantis SOAP API (vboctor) - resolved.
- 0006782: [sql] MantisBT should do "SET NAMES $charset" on connect to database (vboctor) - resolved.
- 0008215: [sql] APPLICATION ERROR 401 on MySQL with file_upload_method = DISK (1.1.0a4-CVS) (giallu) - resolved.
- 0007931: [time tracking] $g_time_tracking_hours config option is never used (davidnewcomb) - resolved.
- 0007944: [time tracking] 'Update Perfs' error in 1.1.0a3 (vboctor) - resolved.
- 0007965: [time tracking] Time tracking information not shown on email notifications (vboctor) - resolved.
- 0008105: [time tracking] Total time on billing page (vboctor) - resolved.
- 0008131: [upgrade] install/upgrade tries to use "set schema" on a non db2 installation. (vboctor) - resolved.
- 0007340: [webpage] my view: status percentage legend shown on top and not as stated (giallu) - resolved.
2007.05.07 - 1.1.0a3
- 0007794: [security] Port 7772: Email notifications bypass security on custom fields (vboctor)
- 0007514: [administration] wrong variable used in user_api.php (grangeway)
- 0007545: [administration] config values are not escaped (zakman)
- 0007909: [administration] Implement auto-complete for Platform, OS and OS Version (vboctor)
- 0007468: [bugtracker] Mantis displays one bug 10 times in My View 'monitored by me' list (vboctor)
- 0007631: [bugtracker] Notes appear in the wrong order (vboctor)
- 0007801: [bugtracker] Category field should be empty and required (vboctor)
- 0007816: [bugtracker] Excel export needs htmlspecialchars() on description, steps_to_reproduce, additional_info (vboctor)
- 0007901: [bugtracker] Implement the "Add Note" group action (vboctor)
- 0007914: [bugtracker] Can't download attachments with IE over SSL (grangeway)
- 0007925: [bugtracker] Access level is displayed twice in "login info" if realname is not set (grangeway)
- 0007131: [change log] Skip Blank Changelogs (grangeway)
- 0007662: [change log] Support ability to set fixed in version for multiple issues (vboctor)
- 0007823: [change log] APPLICATION ERROR 1100 Issue 0 not found in change_log page with access-level 'reporter' (zakman)
- 0007658: [custom fields] Adding the option to manage the projects custum field will be added to. (vboctor)
- 0007875: [custom fields] Port 7774: custom fields not stored correctly in bug history (vboctor)
- 0006830: [customization] custom_function_override_issue_delete_notify and custom_function_override_issue_update_notify are not being triggered (vboctor)
- 0007900: [customization] Provide an easy mechanism to extend custom group actions (vboctor)
- 0007758: [db mssql] Error 0000401 when trying to view summary_page.php (grangeway)
- 0007817: [db postgresql] text search with PostgreSQL is always case sensitive (vboctor)
- 0007521: [email] wrong Message-ID when "Mail Queuing" is used. (vboctor)
- 0007546: [email] patch allowing real name in From: header (zakman)
- 0007667: [feature] Use $_GET parameters instead of $_POST for searches (vboctor)
- 0006244: [filters] Filter table has a little displacement in column (zakman)
- 0007008: [filters] "current project" in advanced filters always displays empty list (vboctor)
- 0007557: [filters] Dynamic filter selection (XMLHTTPRequest) broken when using IE7 (vboctor)
- 0007613: [filters] Advanced filters are not implemented until moving back to simple filters. (vboctor)
- 0007908: [filters] Support filtering by Platform, OS, OS Version (vboctor)
- 0007770: [graphs] Antialias disable (grangeway)
- 0007636: [installation] PHP requirements incorrect (vboctor)
- 0007645: [localization] [de] Translation for new Roadmap feature (achumakov)
- 0007648: [localization] [de] Translation change from "Wirklicher Name" to "Vollst�ndiger Name" (ryandesign)
- 0007677: [localization] [ru] Russian language translation patch (achumakov)
- 0007683: [localization] [it] Little fixes and update of strings_italian.txt (achumakov)
- 0007685: [localization] [de] Localization strings for target release (achumakov)
- 0007689: [localization] Little fixes and update of strings_italian.txt (achumakov)
- 0007921: [localization] Add Greek UTF-8 translation (vboctor)
- 0007760: [other] Missing text.gif file (vboctor)
- 0007811: [other] Reporter name is not crossed out for disabled users on update pages (vboctor)
- 0007813: [other] logging_api.php does not need the require_once call (zakman)
- 0007885: [other] System logging constants (vboctor)
- 0007653: [relationships] Html tags in issue title are not escaped when shown in "relationship" area (vboctor)
- 0007650: [roadmap] "Issues done" in roadmap should be included for each release, not for each project. (vboctor)
- 0007651: [roadmap] Support ability to set target release for multiple issues (vboctor)
- 0007682: [roadmap] Add progress bar to Roadmap (vboctor)
- 0007686: [roadmap] Update "target version" in all entries field after changing the target version strings (vboctor)
- 0007680: [signup] Successful Sign up should set login count to 1 (vboctor)
- 0007819: [sql] It works very slow (function diskfile_is_name_unique) (vboctor)
- 0004428: [time tracking] Time Tracking (davidnewcomb)
- 0007936: [time tracking] Unnecessary core/bugnote_stats_api.php (grangeway)
- 0007663: [upgrade] Add support for unattended upgrades (vboctor)
2006.12.07 - 1.1.0a2
In this release, localization files has been changed to all use the UTF-8 encoding. This allows the use of several languages within the same Mantis instance. The upgrade path to non-English installations is not yet implemented, hence, this alpha release SHOULD ONLY BE USED FOR ENGLISH installations. Among the major updates is the roadmap feature. There has been a database schema changes since 1.1.0a1 release, hence, the install script will need to be executed.
- 0003375: [security] Bughistory bypasses security on custom fields (thraxisp)
- 0005163: [security] Default value for $g_bug_reminder_threshold should be higher than "reporter" (vboctor)
- 0007364: [security] Custom field visible in history independent from user role (thraxisp)
- 0003160: [bugtracker] Please use ISO dates in this installation (achumakov)
- 0006529: [bugtracker] default.css doesn't validate (vboctor)
- 0006721: [bugtracker] Can't set an sticky issue to unsticky (vboctor)
- 0007345: [bugtracker] Bug history shows records of private notes. (thraxisp)
- 0007429: [bugtracker] display wiki link when $g_wiki_enable = OFF in config_*.php (vboctor)
- 0007436: [bugtracker] Detect missing attachments in case of DISK file upload method (vboctor)
- 0007437: [bugtracker] Add recently visited issues to bug_change_status_page.php (vboctor)
- 0007462: [bugtracker] bugnote_delete.php redirection fails again (vboctor)
- 0005050: [custom fields] Custom Fields display in bug history (thraxisp)
- 0006724: [custom fields] Issue history ignores custom field read/write access (thraxisp)
- 0006726: [custom fields] Access level read in Issue History not used (thraxisp)
- 0005218: [customization] Bad default date format (achumakov)
- 0007638: [email] When a queued email causes an error, it can hold up others mails (vboctor)
- 0004988: [feature] Private bug notes/relationships in "issue history" (thraxisp)
- 0005716: [localization] [de] New german lang strings (achumakov)
- 0006410: [localization] [CJK] Email address detecting error when text in non-latin language. (achumakov)
- 0006566: [localization] [patch] Update for strings_dutch.txt (siebrand)
- 0007167: [localization] [all lang] feeds in utf-8 are invalid xml (achumakov)
- 0007375: [localization] Italian UTF8 localization file (vboctor)
- 0007396: [localization] [hu] SYSTEM WARNING: charset `iso-8859-2' not supported, assuming iso-8859-1 (achumakov)
- 0007448: [localization] [all lang] Unlocalizable text (achumakov)
- 0007449: [localization] Hard-coded capitalization in stats page breaks localization (vboctor)
- 0007490: [localization] update strings_catalan.txt (achumakov)
- 0007502: [localization] [all lang] Dates should use ISO format by default (achumakov)
- 0007526: [localization] japanese_utf8 is more suitable than japanese_sjis ($g_language_auto_map) (vboctor)
- 0007317: [other] Issue History (thraxisp)
- 0007641: [other] New Mantis Logo
- 0005766: [relationships] Graphviz Error on Windows (grangeway)
- 0004711: [roadmap] Create roadmap from feature requests in versions (vboctor)
- 0006494: [webpage] charset iso-8859-2 not supported (achumakov)
2006.10.28 - 1.0.6
- 0007466: [security] Port: 6719: Manager of a project can assign the Administrator role to a user. (vboctor)
- 0007543: [security] Port 5163: Default value for $g_bug_reminder_threshold should be higher than "reporter" (vboctor)
- 0007467: [administration] Port 6637: Disabled projects don't appear under parent project (vboctor)
- 0007527: [localization] Port 7526: japanese_utf8 is more suitable than japanese_sjis ($g_language_auto_map) (vboctor)
- 0007470: [localization] [all lang] Port latest localization files from Mantis 1.1 to Mantis 1.0.x (vboctor)
- 0007530: [localization] Port:: New Languages: bulgarian, catalan, czech_utf8, french_utf8, italian_utf8, polish_utf8, russian_utf8, slovene_utf8 (vboctor)
- 0007412: [other] Update Mantis to refer to new website (vboctor)
2006.09.11 - 1.1.0a1
This is the alpha release for Mantis 1.1, it is not recommended for production use. The list of issues below are relative to Mantis 1.0.0rc2, hence, some of the fixes, specially the security ones, would be available in the 1.0.x releases. This release has about 100 enhancements and fixes, some of the highlights include wiki integration, web based configuration (general/per user/per project), customizing columns for view/print/csv issues can now be done through the web interface and can be per user or project, email queuing, and authenticated RSS feeds.
- 0006637: [administration] Disabled projects don't appear under parent project (vboctor)
- 0006869: [administration] bug in string_sanitize_url() (thraxisp)
- 0006887: [administration] Updating user details and preferences should re-direct back to the same page (vboctor)
- 0006969: [administration] Show released flag on the version table in manage_proj_edit_page.php (vboctor)
- 0006972: [administration] Implement a Configuration Report to show all configs in database (vboctor)
- 0006973: [administration] Provide a way to set configuration via Mantis interface (vboctor)
- 0007096: [administration] fields too short in table "mantis_bug_history_table" (vboctor)
- 0003424: [bugtracker] Save login feature does not work (vboctor)
- 0004102: [bugtracker] Category field should be empty by default or default specified (vboctor)
- 0004460: [bugtracker] Show last visited N issues (vboctor)
- 0005408: [bugtracker] Suggestion: Tooltip (title) with text for priority icon (ryandesign)
- 0006248: [bugtracker] In menu lists, embedded spaces should be non-breaking (ryandesign)
- 0006355: [bugtracker] "Time Stats For Resolved Issues" is global, even if a specific project is selected (grangeway)
- 0006366: [bugtracker] Summary By Project: Open bugs (grangeway)
- 0006472: [bugtracker] Alternate method for selecting projects with many subprojects (jlatour)
- 0006504: [bugtracker] Extended Project browser crash when selecting back "All Projects" (jlatour)
- 0006512: [bugtracker] Specify multiple relationships at one time (vboctor)
- 0006824: [bugtracker] Need URL for bookmarking project page (vboctor)
- 0006860: [bugtracker] Can send remonders to all recipients (thraxisp)
- 0006974: [bugtracker] JS helper for the Jump text input box (vboctor)
- 0006986: [bugtracker] Remember login always redirects to main_page.php (vboctor)
- 0007088: [bugtracker] bugnote_delete.php redirection fails (vboctor)
- 0007089: [bugtracker] Priority is not shown as text in "My view" (vboctor)
- 0007114: [bugtracker] tabindex in duplicate in bug_report_advanced_page (vboctor)
- 0007257: [bugtracker] Port: Fix for #6869 / #7034 removes quoted "?" from arguments (thraxisp)
- 0007009: [change log] Fixed_in_version abbreviated hide version in Change Log (vboctor)
- 0006319: [customization] Option to customise columns on View Issues (vboctor)
- 0006488: [customization] Should be able to remove severity and reproducibility (vboctor)
- 0006866: [customization] User redirection after logging out (vboctor)
- 0007103: [customization] Added column resolution in view issues wrong content (vboctor)
- 0007110: [customization] Option to customise columns on CSV export (vboctor)
- 0007111: [customization] Option to customise columns on Print Issues page (vboctor)
- 0006701: [csv] Show custom fields in CSV export (vboctor)
- 0007003: [csv] Error in version 1.1.0-CVS when exporting to CSV (vboctor)
- 0007348: [customization] no print_column_date_submitted() in columns_api.php (vboctor)
- 0006559: [db mssql] "Prune Accounts" function doesn't work with MS SQL (vboctor)
- 0006888: [db mssql] Changelog doesn't work on MS SQL (vboctor)
- 0006952: [db mssql] MS SQL Error on View Filters Page (vboctor)
- 0006957: [db mssql] installtion fails - administrator have no rights on db (vboctor)
- 0006977: [db mssql] PHP Notice: Only variables should be assigned by reference (vboctor)
- 0005209: [db oracle] Bugtracker and Oracle (vboctor)
- 0006519: [db oracle] Error on opening Change Log (vboctor)
- 0005925: [email] Upgrade to PHPMailer 1.73 (vboctor)
- 0007097: [email] Link in e-Mail notifications is broken. (vboctor)
- 0006252: [feature] Control over display size of inlined images (vboctor)
- 0006253: [feature] Inlining of other types of files (vboctor)
- 0006921: [feature] Global Profiles list not sorted (vboctor)
- 0006500: [feature] favicon (vboctor)
- 0007212: [feature] Quick Full Text Search implementation (vboctor)
- 0006380: [filters] Filter returns private issues when it should not (thraxisp)
- 0006507: [filters] Allow filtering of issues in multiple (unrelated) projects (jlatour)
- 0006571: [filters] port Filters on custom fields failing (thraxisp)
- 0006647: [filters] Port #6634: [filters] Filter does not work with profiles (vboctor)
- 0006867: [filters] Call to undefined function: string_strip_tags() in query_store_page.php (thraxisp)
- 0007000: [filters] SYSTEM WARNING: Argument 1 to array_multisort() is expected to be an array or a sort flag (vboctor)
- 0006451: [installation] Upgrading Mantis packaging script (vboctor)
- 0006715: [installation] wrong display of a "validate_email = OFF"-warning (vboctor)
- 0006843: [installation] is_writable never success in install.php (thraxisp)
- 0007013: [installation] newbie admins may be redirected to blank page (vboctor)
- 0004746: [localization] New Korean UTF8 must be added to language list (ryandesign)
- 0006292: [localization] Add Catalan language (vboctor)
- 0006764: [localization] Typo in the dutch translation (vboctor)
- 0006837: [localization] translations into spanish missing (vboctor)
- 0007026: [localization] Add Bulgarian Localisation (thanks to Alex Stanev) (vboctor)
- 0007333: [localization] access_levels_enum_string not translated in manage_config_workflow_page.php (vboctor)
- 0005549: [other] Misc XHTML compliance fixes and more (patch) (ryandesign)
- 0006679: [other] Attachment download always opens "Save As" dialog even when a .png (thraxisp)
- 0006886: [other] Export to Word and Excel times out if process takes more than 30 seconds (vboctor)
- 0007012: [other] Word and Excel files are exported as _word and _excel (vboctor)
- 0007076: [other] checkin.php needs array_unique() (vboctor)
- 0007109: [other] Add more file icons + move icons to images/fileicons/ (vboctor)
- 0007426: [other] Update Mantis to refer to new website (vboctor)
- 0004019: [performance] Ability to update reporter increases update page size dramatically (vboctor)
- 0006627: [performance] Very slow performance when filing a new issue or adding a note (vboctor)
- 0006868: [printing] wrong strpos function call (thraxisp)
- 0004213: [rss] Request: Ability to log in to RSS feed via GET so that RSS would be available to registered users (vboctor)
- 0004641: [rss] RSS support for "View Issues" pages (vboctor)
- 0006757: [rss] Allow RSS syndication without allowing anonymous login. (vboctor)
- 0006987: [rss] Add $g_rss_enabled configuration option (vboctor)
- 0006453: [security] Make note private has no effect when resolving bug (thraxisp)
- 0006459: [security] Port #6457: SQL Injection in manage user page (TKADV2005-11-002) (vboctor)
- 0006462: [security] Port #6460: HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- 0006490: [security] Port Injection Vulnerabilities in Filters (TKADV2005-11-002) (thraxisp)
- 0006510: [security] Port: Additional XSS Vulnerabilities in Filter (thraxisp)
- 0006558: [security] XSS Vulnerability in manage_user (TKADV2005-11-002) (thraxisp)
- 0006564: [security] Port XSS Vulnerability in project documents (TKADV2005-11-002) (thraxisp)
- 0006570: [security] XSS Vulnerability in saved queries (TKADV2005-11-002) (thraxisp)
- 0006629: [security] Port: code injection (thraxisp)
- 0006664: [security] Port #6659: Cross site scripting vulnerability (thraxisp)
- 0006665: [security] Port #6044: 'Return' _GET is not checked (thraxisp)
- 0006667: [security] Adodb and phpmailer update .... (vboctor)
- 0006719: [security] Manager of a project can assign the Administrator role to a user. (vboctor)
- 0007006: [security] Login with disabled account possible (vboctor)
- 0007021: [upgrade] fixed_in_version is renamed to Fixed_in_version during database migration (vboctor)
- 0007356: [webpage] There is an extra "</a>" closing tag. (vboctor)
- Added Config: $g_rss_key_seed - A seed to be used as one of the input for calculating RSS authentication keys.
- Added Config: $g_view_issues_page_columns - An array of column names to be shown on the View Issues page.
- Added Config: $g_ldap_protocol_version - If not 0, then used to specify the LDAP protocol version to be used.
- Added Config: $g_set_configuration_threshold - the user access level threshold required to be able to set configuration option via Mantis interface.
- Added Config: $g_inline_file_exts - file extensions displayed inline
- Added Config: $g_default_bug_reproducibility - default bug reproducibility.
- Added Config: $g_default_bug_category - default bug category.
- Added Config: $g_recently_visited - Whether to show the most recently visited issues or not. At the moment we always track them even if this flag is off.
- Added Config: $g_recently_visited_count - The maximum number of issues to keep in the recently visited list.
- Added Language: polish_utf8 (thanks to Bartosz Tomasik)
- Updated Language: romanian (thanks to Cristian Navalici)
2006.07.23 - 1.0.5
- 0007301: [upgrade] Login page inaccessible after upgrade to 1.0.4 (thraxisp)
2006.07.22 - 1.0.4
- 0007051: [bugtracker] Fix for #6869 / #7034 removes quoted "?" from arguments (thraxisp)
- 0007298: [bugtracker] Port: bugnote_delete.php redirection fails (vboctor)
- 0007299: [bugtracker] Port: Save login feature does not work (vboctor)
- 0007300: [bugtracker] Port: Remember login always redirects to main_page.php (vboctor)
- 0007143: [other] Port: checkin.php needs array_unique() (vboctor)
2006.05.07 - 1.0.3
- 0007037: [security] Port: Login with disabled account possible (vboctor)
- 0007034: [bugtracker] Port: bug in string_sanitize_url() (vboctor)
- 0007028: [db mssql] Port: "Prune Accounts" function doesn't work with MS SQL (vboctor)
- 0007029: [db mssql] Port: MS SQL Error on View Filters Page (vboctor)
- 0007030: [db mssql] Port: installtion fails - administrator have no rights on db (vboctor)
- 0007032: [db mssql] Port: Error on opening Change Log (vboctor)
- 0007039: [db mssql] Notice: Only variables should be assigned by reference in \core\adodb\adodb.inc.php on line 2931 (vboctor)
- 0007035: [feature] Port: Global Profiles list not sorted (vboctor)
- 0007038: [filters] Port: SYSTEM WARNING: Argument 1 to array_multisort() is expected to be an array or a sort flag (vboctor)
- 0007031: [installation] Port: is_writable never success in install.php (vboctor)
- 0007041: [installation] Port: newbie admins may be redirected to blank page (vboctor)
- 0007033: [printing] Port: wrong strpos function call (vboctor)
- 0007027: [upgrade] Port: fixed_in_version is renamed to Fixed_in_version during database migration (vboctor)
2006.04.18 - 1.0.2
- 0006902: [security] XSS in mantis bug track system .... (thraxisp)
- 0006859: [bugtracker] Can send reminders to all recipients (thraxisp)
2006.02.18 - 1.0.1
- 0006722: [installation] Remaining mysqli_ install problems (ref. #0006672): mysqli_real_escape_string() expects parameter 1 to be link (thraxisp)
- 0006672: [installation] install.php assumes mysql extension, fails with mysqli extension (thraxisp)
- 0006668: [filters] Parse error while saving new filter: Call to undefined function: string_strip_tags() (thraxisp)
2006.02.04 - 1.0.0
- 0006044: [security] 'Return' _GET is not checked (thraxisp)
- 0006650: [security] ADOdb can be exploited to execute arbitrary SQL code (vboctor)
- 0006659: [security] Cross site scripting vulnerability (thraxisp)
- 0006634: [filters] Filter does not work with profiles (vboctor)
2006.01.17 - 1.0.0rc5
- 0006509: [security] Port: Additional XSS Vulnerabilities in Filter (thraxisp)
- 0006557: [security] XSS Vulnerability in manage_user (TKADV2005-11-002) (thraxisp)
- 0006563: [security] Port XSS Vulnerability in project documents (TKADV2005-11-002) (thraxisp)
- 0006569: [security] XSS Vulnerability in saved queries (TKADV2005-11-002) (thraxisp)
- 0006594: [bugtracker] config_flush_cache does not work correctly (thraxisp)
- 0006585: [documentation] don't see the documentation (thraxisp)
- 0006501: [filters] Categories can't be selected for filter-setting (thraxisp)
2005.12.13 - 1.0.0rc4
- 0006421: [security] Private bugs show up in public RSS feed (vboctor)
- 0006458: [security] Port #6457: SQL Injection in manage user page (TKADV2005-11-002) (vboctor)
- 0006461: [security] Port #6460: HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- 0006485: [security] XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
- 0006489: [security] Port Injection Vulnerabilities in Filters (TKADV2005-11-002) (thraxisp)
- 0006492: [security] Port #6453: Make note private has no effect when resolving bug (thraxisp)
- 0006432: [bugtracker] error processing does not work! (jlatour)
- 0006379: [filters] Filter returns private issues when it should not (thraxisp)
- 0006254: [localization] strings_korean_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006268: [localization] strings_chinese_simplified_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006304: [localization] [PATCH] Major overhaul of strings_dutch.txt (jlatour)
- 0006358: [localization] Updated Dutch localization (Wanderer)
- 0006474: [localization] Calls to htmlspecialchars should take into account the current charset (jlatour)
2005.10.29 - 1.0.0rc3
- 0006273: [security] File Inclusion Vulnerability (vboctor)
- 0006275: [security] SQL injection (vboctor)
- 0006234: [filters] Filter sometimes returns no results (thraxisp)
- 0006295: [filters] Old filters and view_state problems. (thraxisp)
- 0006288: [filters] Patch against CVS HEAD for Saved filter problem with view_state (thraxisp)
- 0006296: [filters] Filter sql includes unnecessary links to custom_field_string_table for date custom fields (thraxisp)
- 0006297: [filters] sorting on custom field, bring MySQL to deadlock loop (thraxisp)
2005.09.11 - 1.0.0rc2
- 0006097: [security] user ID is cached indefinately (thraxisp)
- 0006189: [security] List of users (in filter) visible for unauthorized users. (thraxisp)
- 0004368: [administration] Login page doesn't redirect to followed link, if the first login attempt fails (ryandesign)
- 0005861: [administration] APPLICATION ERROR #700 on manage_proj_edit_page.php?project_id=xx (thraxisp)
- 0005932: [administration] Manage eMail notification access rigths (thraxisp)
- 0006015: [administration] setting 'who can change notifications' fails (thraxisp)
- 0006053: [administration] How to delete all the "Project Specific Settings" from the "Workflow Thresholds" page ?? (thraxisp)
- 0006084: [administration] default language for account registration (thraxisp)
- 0006098: [administration] bug_report*.php uses "handle_bug_threshold" to display the Assign To combo box? (instead of "update_bug_assign_threshold") (thraxisp)
- 0006100: [administration] Creating a new project shows "Create New Subproject" page (thraxisp)
- 0006213: [administration] Saving "Status to set auto-assigned issues to" don´t work (thraxisp)
- 0004127: [bugtracker] Unnecessary dash in title when window title is empty string (jlatour)
- 0005261: [bugtracker] Reproducing newlines and br tags when cloning (ryandesign)
- 0005336: [bugtracker] Summary does not combine categories (thraxisp)
- 0005559: [bugtracker] Wrong dateformat displayed in issue history (thraxisp)
- 0005969: [bugtracker] Incorrect recipients for notifications (thraxisp)
- 0006003: [bugtracker] Sponsoring need to be verified (thraxisp)
- 0006012: [bugtracker] Mantis redirects to install.php if MANTIS_CONFIG env var is used (vboctor)
- 0006078: [bugtracker] Assigning bugs via group action not working properly (thraxisp)
- 0006091: [bugtracker] 'priority' selection is always ignored (thraxisp)
- 0006092: [bugtracker] CVS link gets mangled if filename is followed by a newline (ryandesign)
- 0006093: [bugtracker] Additional views in My View page (thraxisp)
- 0006112: [bugtracker] user see the 'Assigned to' value while capability 'View Assigned To' have been disable (thraxisp)
- 0006115: [bugtracker] "$g_delete_attachments_threshold" not working (thraxisp)
- 0006176: [customization] Cannot deselect everything on manage_config_email_page.php (thraxisp)
- 0006059: [documentation] MySQL 4.1.1 or later by default uses long passwords which don't work with php4 (thraxisp)
- 0006130: [documentation] spell error in CVS Integration manual (thraxisp)
- 0006131: [documentation] Problem in installation sequence: offline page disappears. (thraxisp)
- 0006132: [documentation] [/code] visible (thraxisp)
- 0006139: [documentation] system logging documentation in config_defaults_inc.php (thraxisp)
- 0005786: [filters] Strange behaviour when applying filter (thraxisp)
- 0005998: [filters] Sorting by sponsorship no longer works (thraxisp)
- 0006094: [filters] Filter lost when ordering on view_all_bug_page.php (thraxisp)
- 0006104: [filters] Filtering private issues: behavior depending on access level (thraxisp)
- 0006054: [installation] Bad call to print_test_result in admin/install.php (vboctor)
- 0006021: [installation] Mantis installation issues under sql server (thraxisp)
- 0006073: [installation] administrator account must not be created as protected (thraxisp)
- 0003634: [localization] wrong charset in error messages (jlatour)
- 0006001: [localization] Add chinese_simplified_utf8 localisation (vboctor)
- 0006028: [localization] chinese_traditional & chinese_traditional_utf8 localisation (vboctor)
- 0006030: [localization] Update Japanese Localisations (euc, sjis, utf8) (vboctor)
- 0006052: [localization] Apply update to Spanish language provided by zylk.net (vboctor)
- 0006089: [localization] Setting default language to 'auto' fails (thraxisp)
- 0005684: [other] Summary over projects evaluates wrong results (thraxisp)
- 0006108: [preferences] Changing Account Preferences generates APPLICATION ERROR #200 (thraxisp)
- 0005257: [relationships] Strange Error-Message: APPLICATION WARNING \#403: Database field 'status' not found (thraxisp)
- 0006164: [rss] RSS feed does not validate (ryandesign)
- 0006077: [scripting] Still uninitialized values in core/user_pref_api.php (thraxisp)
- 0006027: [sponsorships] In view.php, 'sponsorship_total' was displayed. (thraxisp)
- 0006020: [sql] Database query failure - click on Docs link - MSSQL (grangeway)
- 0006118: [sql] Database query failure - click on Docs link - MySQL 3.23 (thraxisp)
- 0006140: [sql] MSSQL: Ambiguous column name when trying to open Summary page (thraxisp)
- 0006142: [sql] PostgreSQL: creation of user failed (thraxisp)
2005.07.23 - 1.0.0rc1
- 0005959: [security] Cross Site Scripting Vulnerabilty in the mantis/view_all_set.php Script (thraxisp)
- 0005791: [administration] Projects marked as "private" can still be seen in Add as Subproject dropdown (thraxisp)
- 0005939: [administration] No double Real Names are allowed (thraxisp)
- 0005957: [administration] check.php generates php warnings when checking obselete configs (thraxisp)
- 0005962: [administration] undefined function: config_get_global() when upgrading string escaping (thraxisp)
- 0005963: [administration] system_utils.php has refresh view that refers to string escaping (vboctor)
- 0005978: [administration] "Remove All" users no longer works on manage project page (vboctor)
- 0004439: [bugtracker] Mailto links include an unneccessary 'target="_new"' (grangeway)
- 0005432: [bugtracker] Viewing a bug should change the "current project" (thraxisp)
- 0005655: [bugtracker] Problems creating a new account (similar to #5653) (thraxisp)
- 0005696: [bugtracker] Custom Field not shown in manage_custom_field_page.php after creation (thraxisp)
- 0005703: [bugtracker] HTML layout problems (Table column numbers mismatch) (thraxisp)
- 0005708: [bugtracker] HTML layout problems (Small buttons in bugnotes, et al) (vboctor)
- 0005724: [bugtracker] "Report Issue" page has no menu bar (vboctor)
- 0005741: [bugtracker] PHP notice generated when a priority is not defined $g_status_icon_arr (vboctor)
- 0005742: [bugtracker] bugnote_add() checks access to current project rather than current issue. (vboctor)
- 0005848: [bugtracker] Allowing preview attachment with jpeg extension (vboctor)
- 0005888: [bugtracker] error in user_get_accessible_projects (thraxisp)
- 0005918: [bugtracker] Update issue Pen Icon always displayed in my_view_page even if not allowed (thraxisp)
- 0005949: [bugtracker] signing up is a bit too restrictive (thraxisp)
- 0005953: [bugtracker] Error "issue 0 not found" on report pages (vboctor)
- 0005976: [bugtracker] Add a "Project: " label next to the switch project combobox (vboctor)
- 0005980: [bugtracker] View submitted issue after reporting should open in same window (vboctor)
- 0005725: [csv] Fatal error: Maximum execution time of 30 seconds exceeded during CSV export (vboctor)
- 0005745: [csv] CSV export is corrupt (vboctor)
- 0005297: [custom fields] performance problem when filtering on custom fields (thraxisp)
- 0005712: [custom fields] Entered custom fields are not stored into the database at status change (thraxisp)
- 0005977: [custom fields] SQL error when setting filter (thraxisp)
- 0005771: [customization] Support custom actions in issue group actions (vboctor)
- 0005775: [customization] Support custom actions in the issue view page (vboctor)
- 0005869: [customization] Custom button with issue id in the link (vboctor)
- 0005476: [documentation] <b>[Access Level Problem]</b> Can see all docs (thraxisp)
- 0005523: [feature] add option to put filter at bottom of display, or eliminate entirely (vboctor)
- 0005792: [feature] Add a configuration variable for "default additional information" value (vboctor)
- 0005793: [feature] Add a configuration variable for "steps to reproduce" field (vboctor)
- 0004927: [filters] On MSSQL sorting and filtration does not work. (grangeway)
- 0005535: [filters] Date filters does not work (thraxisp)
- 0005687: [filters] Hide Status of "none" doesn't render properly (thraxisp)
- 0005697: [filters] Simple filter on [Reporter] doesn't work any more (thraxisp)
- 0005700: [filters] Hide Status of "none" doesn't render properly for old filters (thraxisp)
- 0005719: [filters] System warning when trying to filter custom date field (thraxisp)
- 0005720: [filters] Sort doesnt work (thraxisp)
- 0005788: [filters] Related to filter is cleaned after changing e.g. Assigned To (thraxisp)
- 0005808: [filters] The reporter field in advance filter is not ordered corectly (thraxisp)
- 0005909: [filters] Can't sort or filter using MSSQL (grangeway)
- 0005914: [filters] My View doesnt list assigned bugs of child projects (thraxisp)
- 0005943: [filters] I can't print some selected Issues (only all) (thraxisp)
- 0005972: [filters] Sorting using column titles is broken (thraxisp)
- 0005451: [localization] Danish translation not updatet in CVS (vboctor)
- 0005693: [localization] Use English language if a string is not found in other languages (vboctor)
- 0005756: [localization] Support for French Canadian localization (vboctor)
- 0005768: [localization] Missing new string for strings_german.txt added (vboctor)
- 0005772: [localization] Add Icelandic localisation (vboctor)
- 0005773: [localization] Add a way to test all localisation files for syntax errors (vboctor)
- 0005811: [localization] Simplified Chinese Language for 1.0.0a3 (vboctor)
- 0005997: [localization] Add chinese_traditional_utf8 localization (vboctor)
- 0005522: [other] Emailed activation codes are always incorrect (thraxisp)
- 0005769: [other] Inconsistency in file upload logic (thraxisp)
- 0005795: [other] Enhancements relating to SVN integration (vboctor)
- 0005927: [performance] null checking failure in user_get_accessible_subprojects (user_api.php) (thraxisp)
- 0005948: [performance] user_pref initialization makes many database queries (thraxisp)
- 0005952: [preferences] Resetting preferences causing an error in lang_load() (vboctor)
- 0005671: [printing] Summary printing to excel and word empty report (thraxisp)
- 0005754: [rss] RSS Feed does not validate (vboctor)
- 0005817: [rss] Escape hyperlinks in rss feeds (vboctor)
- 0005818: [rss] Don't use relative urls for issue links and issue notes links (vboctor)
- 0005819: [rss] Don't include issue status in rss issue links since it may be obsolete (vboctor)
- 0005934: [rss] Rss fails when XML has '&' in it (vboctor)
- 0005743: [scripting] bugnote_add() doesn't allow specifying an author other than the current logged in user (vboctor)
- 0005844: [scripting] The order of issue notes is random if submitted timestamp is the same (vboctor)
- 0005870: [sponsorships] Error when setting a sponsorship on an issue (vboctor)
- 0005979: [sponsorships] Enhancements to My Sponsorship page (thraxisp)
- 0005889: [sql] What's with all these queries (thraxisp)
- 0005919: [sql] ODBC_MSSQL driver does not format escape characters correctly (grangeway)
- 0005689: [upgrade] After upgrading to 1.0.0a3 Mantis not working correct (thraxisp)
- 0005858: [upgrade] Upgrade from 0.17.5 to 1.0.0a3 fails (thraxisp)
- Custom Function Changed: custom_function_default_checkin(): Added a $p_fixed parameter (vboctor).
- Added Config: $g_source_control_fixed_regexp - the regular expression to use to detect that an issue is resolved (vboctor).
- Added Config: $g_source_control_set_resolution_to - the resolution to set to when an issue is fixed (vboctor).
- Added Config: $g_default_bug_steps_to_reproduce - default value for the bug steps to reproduce field (vboctor).
- Added Config: $g_default_bug_additional_info - default value for the bug addition information field (vboctor).
- Added Config: $g_filter_position - to control the positioning of the filter box on the View Issues page (vboctor).
- Updated Config: $g_dhtml_filters - changed default from OFF to ON (thraxisp)
- Updated Polish language (Arkadiusz Hutta / vboctor)
- Updated Brazilian Portuguese language (Juliano Ravasi Ferraz / vboctor)
- Updated Danish language (Gunner Poulsen / vboctor)
- Updated Estonian language (Klemens Kasemaa / vboctor)
- Updated Finnish language (Tomi Hurenius / vboctor)
- Updated French language (BZC ToOn'S / vboctor)
2005.05.31 - 1.0.0a3
- 0005514: [administration] unable to manage inactive Projects (thraxisp)
- 0005446: [administration] Configuration control should show defaults (thraxisp)
- 0005652: [administration] email logging fails in email_notify_new_account (masc)
- 0005554: [administration] Implement an administration feature for database statistics (vboctor)
- 0005678: [administration] Hide empty sections in manage_user_page.php (vboctor)
- 0003384: [bugtracker] $g_path setting in config_inc.php will NOT override default (thraxisp)
- 0003729: [bugtracker] When using the browser's back button, the form is cleared out. (thraxisp)
- 0004000: [bugtracker] Cannot export more than 50 items (masc)
- 0004762: [bugtracker] Preformatted text is misbehaving. (thraxisp)
- 0004828: [bugtracker] workflow: defaults for status values (thraxisp)
- 0005304: [bugtracker] "duplicate", "unable to duplicate" -> "unable to reproduce" (thraxisp)
- 0005480: [bugtracker] Change wording of note in workflow transitions management interface when editing rules for all projects (thraxisp)
- 0005526: [bugtracker] current_user_is_anonymous() returns true when it should not (vboctor)
- 0005507: [bugtracker] Reporting page doesn't render... (thraxisp)
- 0005508: [bugtracker] Summary -> Access denied. (thraxisp)
- 0005513: [bugtracker] on close issue, don`t set resolution = resolve (thraxisp)
- 0005527: [bugtracker] Acknowledgement does not work with custom fields (thraxisp)
- 0005606: [bugtracker] Support prefetching of web page for Google Web Accelerator and Browsers (vboctor)
- 0005610: [bugtracker] Actiongroup assign action: wrong permissions check (thraxisp)
- 0005621: [bugtracker] Are you sure you wish to delete this file? --> "Remove User" (masc)
- 0005653: [bugtracker] Account signup confirmation (masc)
- 0005587: [custom fields] Custom field date type reset to blank (thraxisp)
- 0005680: [customization] Unknown fields are not handled correctly in View Issues (vboctor)
- 0005534: [email] not sending email on new (thraxisp)
- 0005492: [feature] APPLICATION ERROR #500 after updated from 0.19.2 (thraxisp)
- 0004899: [filters] <b>[ Custom Fields ]</b> Display in "all projects" (thraxisp)
- 0005148: [filters] DHTML Filters do not work with Firefox 1.0 (only IE) (thraxisp)
- 0005500: [filters] which button to update the filter ? (thraxisp)
- 0005569: [filters] +/- button on Filter does not remember. (thraxisp)
- 0005572: [filters] +/- button to show/hide filters doesn't work with IE5.5 (thraxisp)
- 0005598: [filters] Add filter for profile (jlatour)
- 0005599: [filters] Version filters do not show versions in subprojects (jlatour)
- 0005675: [filters] [none] in filters is interpreted as [any] (thraxisp)
- 0005533: [installation] Problem Downloading The Uploaded Documents (thraxisp)
- 0005503: [localization] Updated language dutch file for 1.0.0a2 (Wanderer)
- 0005519: [localization] Missing localization in manage_config_email_page.php (thraxisp)
- 0005520: [localization] Error in strings_russian.txt (Wanderer)
- 0005622: [localization] There is a wrong chartset in strings_croatian.txt (vboctor)
- 0005623: [localization] Dutch translation (Wanderer)
- 0003756: [other] Opening webpages in same window (thraxisp)
- 0004925: [other] "Not an issue" resolution is extremely WRONG term (thraxisp)
- 0005546: [other] Invalid HTML: missing <tr></tr> in bugnote_view.inc.php (patch) (vboctor)
- 0005589: [other] [HELP] Can't acces to uploaded files :-( (thraxisp)
- 0004432: [performance] Allow caching of attached files (thraxisp)
- 0005169: [printing] Exporting to Exel file - field names are not selected by language (masc)
- 0005639: [printing] Sort is not working in print_all_bug_page.php (vboctor)
- 0005545: [relationships] On resolve issue can set the "Duplicate ID" with the ID of current issue (thraxisp)
- 0003907: [rss] Bad RSS link on http://bugs.mantisbt.org/ (vboctor)
- 0005046: [rss] Unreadable RSS data (vboctor)
- 0005512: [rss] "XML Parsing Error: undefined entity" in issues rss feed (vboctor)
- 0005528: [rss] Issue category in the issues rss was set to the issue summary (vboctor)
- 0005634: [rss] Ability to get the issues feed sorted by last_updated or submit_date (vboctor)
- 0005635: [rss] Support for feeds for filters (vboctor)
- 0005556: [scripting] Separate logic from GUI in file_list_attachments() (vboctor)
- 0005540: [sql] PostgreSQL script does not match MySQL script (vboctor)
- New Feature: generic logging interface
- New Config: $g_wrap_in_preformatted_text - if ON, will wrap text inside <pre> formatted text (thraxisp)
- New Config: $g_log_level - system logging level bit map (thraxisp)
- New Config: $g_log_destination - system logging destination (thraxisp)
- New Config: $g_allow_browser_cache - allow the browser to cache all pages (thraxisp)
- New Config: $g_allow_file_cache - allow the browser to cache downloaded files (thraxisp)
2005.04.25 - 1.0.0a2
- 0005470: [administration] Copyright date in footer incorrect (vboctor)
- 0002686: [bugtracker] switch project often goes back to the main page (thraxisp)
- 0005471: [bugtracker] view_all_bug_page.php not working (thraxisp)
- 0005483: [bugtracker] Auto-linked URLs have target="blank", should have target="_blank" (thraxisp)
- 0005485: [change log] Change log only shows users reported issues, even if user is an admin if limit_reporters is set (thraxisp)
- 0005126: [email] Email notification about resolved related issue contains duplicated title (thraxisp)
- 0005422: [email] Error when Update Configuration is pressed on Email Configuration Page (thraxisp)
- 0004578: [installation] Can't delete administration account without email/name (thraxisp)
- 0005457: [installation] At least MySQL 4.1.x for this version (thraxisp)
- 0005461: [localization] lang directory / strings_french.txt : error in $s_account_reset_msg (vboctor)
- 0005472: [localization] Some hardcoded text in 1.0.0a1 (thraxisp)
- 0005207: [performance] Improve performance of "My View" (thraxisp)
- 0005502: [rss] Implement an RSS feed for issues (vboctor)
- 0005453: [sponsorships] Sponsorship total is missing from view all bugs (thraxisp)
- 0005450: [sql] db_generate.sql gives syntax errors (thraxisp)
- 0005456: [upgrade] PRIMARY KEY not null error on upgrade (thraxisp)
2005.04.18 - 1.0.0a1
- 0004589: [administration] Administrator cannot manage projects to which he/she is assigned. (thraxisp)
- 0004595: [administration] file upload in error report doesnt work (thraxisp)
- 0004950: [administration] "Prune Accounts" should confirm before deleting user accounts (masc)
- 0004975: [administration] Confirmation message in admin area (masc)
- 0004982: [administration] Mantis fails converting nested URLs into hyperlinks (bpfennig)
- 0004983: [administration] HTML should not be allowed in the Summary field, even if it is part of the allowed HTML list in the configuration (thraxisp)
- 0005033: [administration] Turkish translation Email notifications fail. (thraxisp)
- 0005044: [administration] No warning message for missing strings (thraxisp)
- 0005045: [administration] windows specific path bug in move_db2disk (thraxisp)
- 0005065: [administration] Added Info about Who can assign issues in Permissions Report (thraxisp)
- 0005087: [administration] language changes if bug report is incomplete (thraxisp)
- 0005099: [administration] French translation (patch) (Wanderer)
- 0005100: [administration] "confirmation has been sent to your email address" when reseting other user's password (thraxisp)
- 0005286: [administration] Copy user permissions from one project to another (jlatour)
- 0005287: [administration] Permissions listed on 'Manage Project' page are global, not per-project. (jlatour)
- 0005417: [administration] Can't set the real name to the login name (thraxisp)
- 0005445: [administration] You can delete the last administrator in the system. (thraxisp)
- 0003343: [bugtracker] Manager cannot see Project after creating it as "Private". (vboctor)
- 0003364: [bugtracker] Unassigned public projects are not listed on manage_user_edit_page.php (jlatour)
- 0003498: [bugtracker] allow signup with deactivated email-support, new user should be able to set a password (vwegert)
- 0003581: [bugtracker] "Manage" menu item not consequently available for project managers (vwegert)
- 0003882: [bugtracker] Private notes on public bugs notify people below private threshold (extesnion of #3824) (thraxisp)
- 0004611: [bugtracker] "&" displayed as "&" in summary categories (grangeway)
- 0004787: [bugtracker] Issue Summary is marked as updated when it contains 'quotes' or "double quotes" (thraxisp)
- 0004857: [bugtracker] Upgraded to 0.19.1 - DISK Upload failed - No error message (thraxisp)
- 0004874: [bugtracker] Assign to (users) fails from the View_all_bug_page.php Issues screen - I found out why, too. (thraxisp)
- 0004908: [bugtracker] Missing error alert when file upload fails (Report Issue only) (thraxisp)
- 0004959: [bugtracker] "Delete Issue" should show information identifying issue to be deleted (bpfennig)
- 0004964: [bugtracker] Backdoor for assigning sponsored issues (bpfennig)
- 0004992: [bugtracker] Use of is_uploaded_file() in file_add() prevents use in importer PHP script. (thraxisp)
- 0005004: [bugtracker] Relationship table doesn't show whether an issue is private or not. (masc)
- 0005013: [bugtracker] html_status_percentage_legend() generates notices (vboctor)
- 0005052: [bugtracker] Sort by ID bug (vwegert)
- 0005079: [bugtracker] Reopen Issue - Show Assign to only if Access level >= update_bug_assign_threshold (thraxisp)
- 0005080: [bugtracker] Close Issue - Show Fixed in Version only if Access level >= handle_bug_threshold (thraxisp)
- 0005095: [bugtracker] Close bug page needs to show resolution dropdown... (thraxisp)
- 0005130: [bugtracker] bug_view_page.php always shows Product Version (thraxisp)
- 0005153: [bugtracker] Divide by 0 error in status_percentage_legend (thraxisp)
- 0005187: [bugtracker] Breaks HTML links incorrectly (grangeway)
- 0005237: [bugtracker] Support for subprojects that can be linked to several parent projects (jlatour)
- 0005250: [bugtracker] Subprojects listed multiple times in project selection drop-down (jlatour)
- 0005251: [bugtracker] Subprojects not shown in 'project menu bar' (jlatour)
- 0005252: [bugtracker] Subprojects not listed in category field when outside 'All Projects' (jlatour)
- 0005267: [bugtracker] Reopen issues are not marked as "reopened" (thraxisp)
- 0005314: [bugtracker] updater cannot reopen issue even though $g_reopen_bug_threshold = UPDATER; (thraxisp)
- 0005341: [bugtracker] Allow thresholds to take on discrete values (thraxisp)
- 0005343: [bugtracker] File download does not use filename in Konqueror / download script should set disposition type (thraxisp)
- 0005346: [bugtracker] misleading error message and inconsistent user interface (thraxisp)
- 0005396: [bugtracker] It shows only administrators in "assign to" dropdown and "manage project" page for private projects (thraxisp)
- 0005423: [bugtracker] Status change doesn't appear in bug history when issue is automatically assigned to a person (thraxisp)
- 0005439: [bugtracker] the mantis_config_table needs a primary key (thraxisp)
- 0005143: [change log] Possibility to extend the changelog (vboctor)
- 0005146: [change log] "Version not found" error on changelog page (thraxisp)
- 0003791: [custom fields] Additional Custom-Field-Type "version" (vboctor)
- 0004683: [custom fields] Is there a way to localize enumations of custom fields? (vboctor)
- 0004897: [custom fields] SQL standardization in custom_field_api.php (grangeway)
- 0005021: [custom fields] Custom fields don't get updated in version 0.19.2 (thraxisp)
- 0005068: [custom fields] Custom fields showing up unexpectedly while doing "Change Status to:" (vboctor)
- 0005179: [custom fields] Support setting a custom field value for multiple issues (vboctor)
- 0005180: [custom fields] Support custom fields with dynamic possible values (vboctor)
- 0005416: [custom fields] mandatory custom field: problem when updating an "Display when Reporting Issues" only bug (thraxisp)
- 0004960: [customization] Show parameter name in gpc_api.php error messages (thraxisp)
- 0005170: [customization] Issues list sorting (thraxisp)
- 0003401: [documentation] remove project doc (masc)
- 0004896: [documentation] Updating project documentation entry needs upload (masc)
- 0004729: [email] No [ENTER] after "The following issue..." in MS OUTLOOK (thraxisp)
- 0004976: [email] Relationship section uses the language of the person who did the action (thraxisp)
- 0005061: [email] e-mail recipients not removed in case of corresponding email_on_xxxaction not defined in db (thraxisp)
- 0005097: [email] email recipients not computed correctly (thraxisp)
- 0005132: [email] Can't suppress messages on change of handler (thraxisp)
- 0000934: [feature] Would be nice to select what columns to view (vboctor)
- 0003070: [feature] Standard Profiles for all users to use (jlatour)
- 0003961: [feature] Add the ability to custom enumerations by project (vboctor)
- 0004314: [feature] Bug status percentage (bpfennig)
- 0004551: [feature] Sticky issues (bpfennig)
- 0004695: [feature] Set View-Status of bugnote when change status through button (thraxisp)
- 0004842: [feature] we should be able to giva a target for a given bug. (vboctor)
- 0004978: [feature] g_notify_flags + reopened and owner (thraxisp)
- 0005246: [feature] Allow file:/// to become a clickable link. (grangeway)
- 0004315: [filters] Show filter without reloading whole page (thraxisp)
- 0004544: [filters] Impossible to filter on category which name contains " ' " (thraxisp)
- 0004718: [filters] Not possible to select blank fields in filter (thraxisp)
- 0004793: [filters] Some filters are lacking the [none] selection (vwegert)
- 0004853: [filters] Add the ability to filter by relationship (thraxisp)
- 0004932: [filters] In advanced filter mode, display 'empty' values in drop-down lists as '[empty]' istead showing blank list box entry (thraxisp)
- 0004998: [filters] Can't use Date Filters in the filters screens (thraxisp)
- 0005075: [filters] Add additional standard filter attributes (thraxisp)
- 0005120: [filters] APPLICATION ERROR #401 when Reporter uses shared filter (thraxisp)
- 0005131: [filters] Trim filter values (thraxisp)
- 0005226: [filters] When setting filters for ALL Projects, no reporters, developers, etc.. listed when project_user_list is empty (thraxisp)
- 0005394: [filters] select multiple 'assigned to' then change 'hide status' and value is ignored (thraxisp)
- 0001890: [graphs] summary displays '0' where not supposed to (thraxisp)
- 0003512: [graphs] I have alot of categories and several category graphs show up very small with illegible text. Need feature to autosize & colors (thraxisp)
- 0003922: [graphs] Add in ability to have certain graphs in large size (thraxisp)
- 0004651: [graphs] Legend of two summary graphs not properly set-up (thraxisp)
- 0004929: [graphs] Inscriptions on the graphs on Apache for Microsoft Windows for CP1251 do not hatch. (thraxisp)
- 0004971: [graphs] Bargraphs show lines - this is incorrect (thraxisp)
- 0004986: [graphs] Graphs should cache data (thraxisp)
- 0004994: [graphs] Two "system font directories" in configuration (bpfennig)
- 0005236: [installation] check.php not working (jlatour)
- 0005023: [localization] Typo in french localization - "bug courrant" should be "bug courant" (Wanderer)
- 0005031: [localization] Typos in Norwegian translation (Wanderer)
- 0005051: [localization] Column names in permissions report aren't localized (thraxisp)
- 0005060: [localization] New danish translation (Wanderer)
- 0005206: [localization] Changing some German strings (Wanderer)
- 0005292: [localization] spelling errors in german $s_signup_info (Wanderer)
- 0005322: [localization] Delete attachment shows empty text and button in German-Version (Wanderer)
- 0005377: [localization] german: text changes (Wanderer)
- 0005411: [localization] New polish translation (Wanderer)
- 0004664: [other] Can't upload project documents for "All Projects" (masc)
- 0004860: [other] File downloads via HTTPS with IE6 do not work (thraxisp)
- 0004962: [other] URL not parsing after ? in any link (bpfennig)
- 0004995: [other] Sign up for a new account no longer works... (masc)
- 0004997: [other] HTML special characters in Summary field incorrectly displayed in My View (thraxisp)
- 0005001: [other] click-through on summary page requested (thraxisp)
- 0005011: [other] Delete file attached bug instead of project doc (masc)
- 0005134: [other] My View Page "Assigend to me" (vboctor)
- 0005225: [other] Dropdown lists for Real Name sorted by first name not by last name (thraxisp)
- 0005282: [other] Inappropriate error when Uploading a File without a file (thraxisp)
- 0004979: [printing] Images not shown while printing bug details (bpfennig)
- 0005074: [printing] Bugnote Id doesn't appear when printing note (thraxisp)
- 0005119: [printing] print preview does not show, if note has been edited (thraxisp)
- 0005113: [relationships] include duplicate-of and has-duplicate relationship options when creating a clone (thraxisp)
- 0005290: [relationships] Relationship box invalid in View.php page (thraxisp)
- 0005345: [relationships] Quotes and ampersands are corrupted in issues names in relationships list ("test & test") (vwegert)
- 0004952: [scripting] some issues with script authentication support (thraxisp)
- 0005199: [scripting] Mantis mangles URLS (grangeway)
- 0005247: [security] Real email addresses are visible when using reminders (thraxisp)
- 0005092: [sponsorships] Users sponsoring bug (thraxisp)
- 0004996: [sql] "Open and assigned to me" shows wrong number (thraxisp)
- 0005110: [sql] Slow SQL statement on my view page (thraxisp)
- 0005171: [sql] Upgrade adodb to v4.60 (latest) (thraxisp)
- 0005380: [sql] Invalid LEFT JOIN syntax for Oracle (thraxisp)
- 0005419: [sql] Odd use of SELECT DISTINCT (thraxisp)
- 0005434: [sql] More SELECT DISTINCT (in filter_api.php) (vboctor)
- 0005057: [webpage] PHP 5/Mysql 4.0/Apache 2.0 - Index page fails to load (vboctor)
- 0005063: [webpage] Checkbox graphic unclear, Solution is included in this bug (thraxisp)
- 0005307: [webpage] URL not parsed correct after 'X' (grangeway)
- Support customizing which fields/custom fields should be shown in the View Issues page via custom functions (vboctor)
- Support for dynamically populated custom fields (use =versions_enum or =categories_enum or =anyfunc in possible values field) (vboctor)
- Reworked config_api to fetch configuration from the database with fallback to global variables (thraxisp)
- Support for recursive evaluation of configuration strings by the inclusion of %config% in a config string (thraxisp)
- New Config: $g_graph_font - truetype font for graphs(thraxisp)
- New Config: $g_graph_window_width - window width is used to scale the graphs(thraxisp)
- New Config: $g_graph_bar_aspect - bar graph aspect ration (height / width)(thraxisp)
- New Config: $g_graph_summary_graphs_per_row - graphs to put in each row in the advanced summary page (thraxisp)
- New Config: $g_max_dropdown_length - length to truncate dropdown menu items to for view_all_bugs_page (thraxisp)
- New Config: $g_sort_by_last_name - sort for names in dropdown lists (thraxisp)
- New Config: $g_view_configuration_threshold - threshold for users to view the system configurations (thraxisp)
- New Config: $g_global_settings - array of string patterns for config variables that are not in the database (thraxisp)
- removed config option - $g_relationship_graph_fontpath replaced by $g_system_font_folder (bpfennig)
- Update Estonian language
2004.12.11 - 0.19.2
- 0003113: [security] LDAP authentication failure (vboctor)
- 0004921: [security] Webmaster email address is exposed to SPAM in html_api.php (vboctor)
- 0004819: [administration] Use of persistent connections prevents upgrade (grangeway)
- 0004822: [administration] Error (?) in graphviz_api (grangeway)
- 0004887: [administration] reset password sent email to user with extral texts (thraxisp)
- 0004901: [administration] When $g_create_project_threshold = MANAGER, and manager creates project, he should automatically be added to project as manager (vboctor)
- 0004916: [administration] Workflow checking is not implemented on bulk Update Status (selecting multiple issues on View Issues) (thraxisp)
- 0004946: [administration] After adding a user redirect to manage_user_edit_page rather than manage_user_page (vboctor)
- 0004947: [administration] "Never Logged In" and "New Accounts" use inconsistent sorting order (vboctor)
- 0004948: [administration] Hyperlink user names in "New Users" and "Never Logged In" (vboctor)
- 0004949: [administration] Remove extra colon at the end of "New Users" and "Never Logged In" (vboctor)
- 0004957: [administration] installation check issue: switch "send reset password" no more recognized? (thraxisp)
- 0004855: [administration] Account Update page shows header twice when there is an error (vboctor)
- 0004525: [customization] $g_bug_link_tag doesn't work when it contains "/" (grangeway)
- 0004872: [customization] CSV export uses , as separator but excel only recognizes ; in non-english locales (vboctor)
- 0004687: [custom fields] Closing an item deletes custom-field-value if type of custom-field is CHECKBOX or MULTILIST (grangeway)
- 0004865: [custom fields] Email address custom fields not displayed correctly when viewing an issue (grangeway)
- 0002064: [bugtracker] filedownload seems to change file content (thraxisp)
- 0004584: [bugtracker] In bug_actiongroup_page.php use status color coding (vboctor)
- 0004829: [bugtracker] bugnotes of deleted users cause error (vboctor)
- 0004834: [bugtracker] When you reopen an issue (after the issue has been RESOLVED), resolution is not set to REOPENED as it should be (vboctor)
- 0004856: [bugtracker] Close immediately doesn't (vboctor)
- 0004889: [bugtracker] Ask user for confirmation when deleting an attachment (user0)
- 0004894: [bugtracker] Close immediately appears on Change Status to Closed page (vboctor)
- 0004912: [bugtracker] Reminders are not handled in print_bugnote_inc.php (thraxisp)
- 0004914: [bugtracker] On reopen, notification mail is sent to the old handler instead of the new handler. (thraxisp)
- 0004923: [bugtracker] Updating bug not possible for certain roles (thraxisp)
- 0004924: [bugtracker] Who is mythical "user0" in Changelog Page? (vboctor)
- 0004808: [graphs] Not exactly true data shown in graphs (thraxisp)
- 0004941: [graphs] Cumulative by date graph doesn't show x-label (thraxisp)
- 0004961: [graphs] Wrong cumulative by date graph (thraxisp)
- 0004909: [printing] Printing bugnotes regardless of user rigth and bugnote status (thraxisp)
- 0004958: [printing] print_all_bug_page_word.php -> date displayed wrong (thraxisp)
- 0004450: [localization] Real name was changed to "?‹¿Ì‘±" (jlatour)
- 0004954: [localization] $s_delete_attachment_sure_msg missing from strings_english.txt (masc)
- 0004910: [sql] Upgrade ADODB from v3.50 to v4.54 (jlatour)
- 0004911: [sql] db_prepare_string() doesn't work with mysqli (vboctor)
- 0004861: [change log] Fixed by user0 (vboctor)
- 0004878: [scripting] filter_get_bug_rows() does not take project_id and user_id (vboctor)
- 0004830: [relationships] missing <?php in relationship_api.php (grangeway)
- 0004922: [documentation] Defaults for Workflow contain "Superfluous arc to itself" (vboctor)
- 0003457: [webpage] PHP5 issues (vboctor)
- 0004917: [email] A bug concerning mail notification is found in function bug_update of ../core/bug_api.php. (vboctor)
- 0004779: [feature] MySQL 5 support using mysqli extension (grangeway)
- 0004764: [other] Url detection issue (grangeway)
- 0004765: [other] url detection issue (grangeway)
- 0004942: [other] Possible redirect loop in autenthication (masc)
- New Config: $g_csv_separator - specify separated to be used in exported csv files (vboctor)
2004.11.06 - 0.19.1
- 0004341: [security] Users removed from projects are still listed as 'monitoring' bugs (DGtlRift)
- 0003117: [security] Summary shows info about projects that are not assigned to this user (bpfennig)
- 0004749: [feature] Uploading large files fails & slogs Apache (thraxisp)
- 0004758: [feature] Support RSS autodiscovery on all Mantis pages (vboctor)
- 0004648: [feature] Assign To independent of $g_update_bug_threshold (thraxisp)
- 0004662: [feature] required fields on bug report/update (thraxisp)
- 0004655: [feature] removing an attachment don't remove file in FTP server (thraxisp)
- 0004659: [feature] FTP unload don't work fine (thraxisp)
- 0004440: [feature] It should be possible to define an assigned to at "Change Status To" (thraxisp)
- 0003276: [feature] Add bugnote numbering and bugnote links. (bpfennig)
- 0004173: [feature] sorting of real- and user-names (thraxisp)
- 0004393: [feature] Version should be add with advanced options (bpfennig)
- 0004394: [feature] Add link to remove all users from project (bpfennig)
- 0004497: [filters] Add filter for priority (DGtlRift)
- 0004774: [filters] Problem with Simple Text Search and Bug ID (masc)
- 0004505: [filters] Search in bugnotes not possible ( anymore? ) (Narcissus)
- 0004803: [relationships] when the relation "child of" was delteted, in issue "parent of" was displayed. (masc)
- 0004506: [relationships] When cloning a bug you should be able to set the relationship (masc)
- 0004484: [relationships] Show which project a related issue belongs to (masc)
- 0004184: [relationships] Related issues resolved email should be more informative (masc)
- 0004224: [relationships] Can't resolve issue as duplicate of other with existing "related to" relationship (masc)
- 0004620: [relationships] File bug_create_child.php no more used (vboctor)
- 0004434: [relationships] Relationship (dependency) graphs (grangeway)
- 0004770: [change log] $g_limit_reporters does not work on the changelog (masc)
- 0004400: [change log] Changelog should view release notes (vboctor)
- 0004658: [change log] Changelog should support project_id parameter (vboctor)
- 0004623: [administration] Add access level summary report (masc)
- 0004760: [administration] version_is_unique() called with wrong parameters (vboctor)
- 0004555: [administration] Warnings on set_time_limit() in safe mode (vboctor)
- 0004292: [administration] Sign-up sends a password for LDAP (thraxisp)
- 0004407: [administration] History Column Titles do not match table text formating (bpfennig)
- 0004576: [administration] Simplify display options for error handler (thraxisp)
- 0004773: [bugtracker] bug_view_advanced history link points to not-advanced bug_view (masc)
- 0004769: [bugtracker] limit_reporter does not work on Jump to Bug (masc)
- 0004725: [bugtracker] (#1466) Broken HTML / Misaligned links on top of view pages (thraxisp)
- 0004724: [bugtracker] Is there a way to control the display of the history? (vboctor)
- 0004004: [bugtracker] unable to download large size attachment (thraxisp)
- 0004698: [bugtracker] Config $g_reopen_bug_threshold marked obsolete but still present (thraxisp)
- 0004652: [bugtracker] Fixed in Version not applyed to Bug at CLOSE (thraxisp)
- 0004646: [bugtracker] Notes always added as private, if default_bugnote_view_status = VS_PRIVATE (vboctor)
- 0004616: [bugtracker] Variable $g_port generates a warning (grangeway)
- 0004615: [bugtracker] Issues can have two attachments with the same display name (thraxisp)
- 0001466: [bugtracker] How about having [prev] / [next] bugs buttons in the view_* pages as well? (grangeway)
- 0004540: [bugtracker] Mismatch between status and resolution (thraxisp)
- 0004537: [bugtracker] "Change Status To" shows @@ sometimes (thraxisp)
- 0004542: [bugtracker] Updater cannot reopen issue and cannot close his own issues (thraxisp)
- 0004539: [bugtracker] Realnames shown inconsequent (thraxisp)
- 0004363: [bugtracker] "Add user to project" should have an additional button (bpfennig)
- 0004171: [bugtracker] Make all text area widths the same as for 'Add Note' (bpfennig)
- 0004538: [bugtracker] $g_bug_resolved_status_threshold doesn't work correctly with additional status (thraxisp)
- 0002091: [bugtracker] Bugnotes containing urls with the '@' sign in them get mangled (bpfennig)
- 0004326: [bugtracker] Links protected by brackets are not processed properly (bpfennig)
- 0004241: [bugtracker] Misleading string "Login" used (Wanderer)
- 0004437: [bugtracker] Filenames of uploaded attached files are damaged (thraxisp)
- 0004572: [bugtracker] Change automatic links not to include a dot (if present) after the URI. (bpfennig)
- 0004761: [documentation] Update documentation timestamp on new upload (thraxisp)
- 0004675: [documentation] If you upload a file (using 'edit' on a exisiting document) the filename will not be obfuscated (thraxisp)
- 0004669: [printing] Space missing between 2 fields (thraxisp)
- 0004649: [customization] Why available statuses are sorted on "bug view" page in "change status to" dropdown? (thraxisp)
- 0003774: [custom fields] Only administrator can manage custom fields, because link is missing (thraxisp)
- 0004558: [custom fields] Custom Fields doesn't display links (bpfennig)
- 0004229: [sql] Missing parameter "port" in the ADOConnection implementation (grangeway)
- 0004548: [email] status_bug_new missing? (thraxisp)
- 0003983: [graphs] Graphs should use $s_orct localization string (bpfennig)
- 0004745: [other] PHP 5 array_merge() change causes errors (vboctor)
- 0004168: [other] Languages in "My Account"/"Preferences" are not sorted (DGtlRift)
- 0004668: [other] Detect If host is a Unix or Windows-Box (thraxisp)
- 0004521: [other] Extra text emitted from checkin.php (thraxisp)
- 0004258: [other] Username used instead of real name. (thraxisp)
- 0004526: [other] Spaces needed after colons on main page (vboctor)
- 0004802: [localization] In adm_permissions_report.php line199, "lang_get" is not used. (masc)
- 0004743: [localization] parse error in $s_reminder_monitor (strings_german.txt) (Wanderer)
- 0004701: [localization] Add Ukrainian language (vboctor)
- 0004606: [localization] emails have non-english strings in relationship section (thraxisp)
- 0004667: [localization] croatian and latvian languages missing from config_defaults_inc.php (vboctor)
- 0004573: [localization] Missing 'finnish' language choice in config_defaults_inc.php (vboctor)
- 0004604: [localization] There is a word missing. (Wanderer)
- 0004528: [localization] Error on logout page with language=auto (thraxisp)
- 0004383: [localization] Editing a note has language specific note at end of note (bpfennig)
- New Custom Function: auth_can_change_password - returns true if Mantis can change the password
- New Config: $g_display_errors - controls error handler display
- New Config: $g_reopen_bug_threshold - access level needed to re-open bugs
- New Config: $g_update_bug_assign_threshold - access level needed to show the Assign To: button bug_view*_page or the Assigned list in bug_update*_page.
- Removed config option ($g_show_notices, $g_show_warnings): subsumed into $g_display_errors
- Removed config option ($g_port): $if requried, g_hostname should supply the port e.g. localhost:3306
- Updated Korean,Finnish, Slovak, Norwegian, Serbian, Chinese Simplified, Portuguese Brazilian and Estonian translations.
- Added Korean-UTF8.
2004.09.12 - 0.19.0
This is a stable release that followed a couple of alpha releases + a release candidate. Compared to 0.18.3 this release has over 250 enhancements and fixes. These include some major additions to Mantis including issue relationships, sponsorships, advanced filters, changelog, workflow control, my-view, using ADODB as a database abstraction layer, "forgot password" support, more secure signup with captcha image, security fixes, and various other fixes and enhancements. All users of previous releases are encouraged to upgrade to this release.
- 0003896: [security] Change default value of $g_view_summary_threshold to MANAGER (vboctor)
- 0004478: [upgrade] database upgrade from 0.18.3 problem: upgrade-ID "filters-db1" does not work on mySQL4.1.3b-beta (jlatour)
- 0004435: [other] Auto-preview of attached images is broken (vboctor)
- 0004470: [other] Strange changes of "Resolution" value (thraxisp)
- 0004523: [filters] SYSTEM NOTICE: Undefined variable: t_target_field in view_filters_page.php (vboctor)
- 0004431: [relationships] Relationship removal is always "duplicate of" in history (masc)
- 0004426: [email] Email notifications to users with language set to "auto" causes errors (thraxisp)
- 0004448: [email] Custom severity and status shown in mail as code (thraxisp)
- 0004321: [localization] New german lang strings (bpfennig)
- 0004423: [localization] Parse error in strings_hungarian.txt line 974 (vboctor)
- 0004429: [localization] Slovene national characters not displayed correctly (jlatour)
- 0004445: [localization] New Spanish strings file (Wanderer)
- 0004458: [localization] Small fixes to the French file (Wanderer)
- 0004459: [localization] Typos in German and English strings (Wanderer)
- 0004498: [localization] Swedish translation updated for 0.19.0rc1 (Wanderer)
- 0004509: [localization] Request rather than "Provide Feedback to Issue" (thraxisp)
- 0004519: [localization] Updated the Italian language strings file to 0.19.0rc1 (Wanderer)
- 0004463: [graphs] pie chart of summary graph per category wrong when viewing allprojects) (thraxisp)
- 0004464: [graphs] Pie graphs display as error if no issue exist for a specific project (thraxisp)
- 0004481: [graphs] Query counts are incorrect in graphs (thraxisp)
- 0004507: [graphs] No time-line in the summary for cumulative by days (thraxisp)
- 0004511: [graphs] Summary Graph "Cumulative by Date" is blank (process expires) (thraxisp)
- 0004425: [bugtracker] Action group page exceeds max execution time (vboctor)
- 0004437: [bugtracker] Filenames of uploaded attached files are damaged (thraxisp)
- 0004479: [bugtracker] Reporters can't close or reopen issues they reported (thraxisp)
- 0004495: [bugtracker] Warning in bug_actiongroup_page.php when risolving (thraxisp)
- 0004480: [administration] admin/check.php - Check email failing. (thraxisp)
- Updated Italian, French, Portuguese Brazil, Lithuanian, Korean, Czech, Swedish, Spanish, German and Dutch translations
2004.08.28 - 0.19.0rc1
This is the first release candidate for 0.19.0, it requires database upgrade. We consider this release considerably more stable than the 0.19.0a2. This is a feature complete release, hence, 0.19.0 is not expected to include new features, but only bug fixes.
- 0002416: [security] Block Denied Access (masc)
- 0003540: [security] Arbitrary code execution through uploads (thraxisp)
- 0004062: [security] Multiple Cross Site Scripting Vulnerabilities (Victor Boctor)
- 0004063: [security] Possible E-Mail Bomber (masc)
- 0004183: [security] another xss issue (Narcissus)
- 0004239: [security] Remote PHP Code execution (Paul)
- 0004276: [security] cross site scripting issue (jlatour)
- 0004277: [security] cross site scripting issue (jlatour)
- 0000633: [feature] email lost password page (masc)
- 0003371: [feature] CVS Integration (patch included) (Victor Boctor)
- 0004137: [feature] Support a simple "view" URL (Victor Boctor)
- 0004145: [feature] Mantis pages should have descriptive titles (Victor Boctor)
- 0004266: [feature] Update project documentation file (jlatour)
- 0004122: [relationships] Upgrade script seems to swap the duplicate relationship (masc)
- 0004146: [relationships] Summary doesn't unescape(?) characters (masc)
- 0004161: [relationships] Relations to private issues must only appear to user with appropriate access level (masc)
- 0004083: [sponsorships] Users without email address must not be able to sponsor issues (thraxisp)
- 0004185: [customization] Support custom menu options (Victor Boctor)
- 0004236: [customization] Support of custom_strings_inc.php broken somehow (thraxisp)
- 0004248: [customization] mantis_project_file_table hardcoded in proj_doc_add.php (Paul)
- 0004009: [custom fields] New custom field type "multiple select" (Paul)
- 0004128: [custom fields] Custom field data lost on resolve and close of issue (Paul)
- 0004381: [custom fields] History updates when custom field unchanged. (Paul)
- 0003853: [filters] Filters sometime generate an invalid query (Victor Boctor)
- 0003880: [filters] Ordering doesnt take last_updated into account (Narcissus)
- 0003945: [filters] Give the ability to "Update Fixed in Version" in view_all_bug_page.php (Narcissus)
- 0004073: [filters] Edit filter page now too wide. 'Apply filter' button is drawn off screen (Narcissus)
- 0004093: [filters] Custom field values are a larger type size in view_all_bug_page (Narcissus)
- 0004108: [filters] "Use Date Filters" in advanced filters (Narcissus)
- 0004121: [filters] Filters saved while "All Projects" is the active project, should have all projects active (Narcissus)
- 0004125: [filters] Attempting to filter on issues fixed in version 0.19.0a2 does not work (Narcissus)
- 0004133: [filters] "Summary stats are links to filters for view_all_bugs" feature is broken (jlatour)
- 0004140: [filters] Unable to view closed issues in View Issues page (Narcissus)
- 0004142: [filters] Filter by category results in N pages with 1 issue in each page (Narcissus)
- 0004150: [filters] Custom field names are not localised in filters (Victor Boctor)
- 0004156: [filters] Sql error (Paul)
- 0004204: [filters] Lines per page field left empty (Narcissus)
- 0004207: [filters] Mantis forgets user filter after logout (Narcissus)
- 0004212: [filters] Default for Quantity is 0 -> N pages needed to display N issues (Victor Boctor)
- 0004260: [filters] APPLICATION ERROR #401 when searching (Victor Boctor)
- 0003344: [email] New Account Emails are being sent even when email notification is off (jlatour)
- 0003766: [email] status notifications are confused and confusing (thraxisp)
- 0003877: [email] Upgrade to PHPMailer 1.72 (Victor Boctor)
- 0004043: [email] Preference to exclude old bugnotes from notification (Bastian Pfennigschmidt)
- 0004107: [email] email w/o recipient sent (thraxisp)
- 0004111: [email] Notify admins when new account setup. (masc)
- 0004139: [email] SYSTEM NOTICE: Undefined index: email_bug_view_url (Paul)
- 0004147: [email] Receiving emails in foreign languages (thraxisp)
- 0004367: [email] E-mail notification on relationship deletion results in "relationship added" email (thraxisp)
- 0004164: [news] Announcement news don't remain on top (masc)
- 0001146: [bugtracker] PRE tags in text (thraxisp)
- 0002214: [bugtracker] When Viewing a Bug, window title should change (Paul)
- 0002861: [bugtracker] misleading 'copyright' at the pages' bottom (Victor Boctor)
- 0003689: [bugtracker] index.php is sending wrong HTTP header if not logged in. (jlatour)
- 0003710: [bugtracker] time stats in summary to use resolved (thraxisp)
- 0003760: [bugtracker] difficult to authenticate from command line script (Victor Boctor)
- 0003772: [bugtracker] Status updating should be different from bug updating (thraxisp)
- 0003822: [bugtracker] basedir restriction on some servers (Paul)
- 0003942: [bugtracker] print_options_page doesn't show real data about selected fields (jlatour)
- 0003948: [bugtracker] Will not jump to bug when following link in mail (Victor Boctor)
- 0003970: [bugtracker] Reopen issue logic was broken for ustom reopen statuses (thraxisp)
- 0003995: [bugtracker] My View: Clickable links for sections. (tazza70)
- 0004031: [bugtracker] Hiding/removing fixed_in_versions (thraxisp)
- 0004131: [bugtracker] Closing bugs when you're not allowed to. (thraxisp)
- 0004138: [bugtracker] Add validation / notifications hooks for issue create/update/delete (thraxisp)
- 0004154: [bugtracker] "Product version" and "Fixed in Version" do not get updated on rename (Victor Boctor)
- 0004157: [bugtracker] allow custom fields to be hidden when reporting/updating bugs (Paul)
- 0004175: [bugtracker] Links are not hyperlinked properly if containing '[' or ']' (Victor Boctor)
- 0004193: [bugtracker] Broaden the ldap features to work with (A.D.) - patch included (jlatour)
- 0004262: [bugtracker] Updating an issue shows the wrong status (thraxisp)
- 0004269: [bugtracker] cross site scripting issue (jlatour)
- 0004270: [bugtracker] Change status in mass treatment ignore defined workflow rules (thraxisp)
- 0004279: [bugtracker] My View makes bad use of available space (tazza70)
- 0004317: [bugtracker] "Report stay" should print out the submitted bug number together with the "report more bugs" (Bastian Pfennigschmidt)
- 0004342: [bugtracker] Developers unable to submit bugs (thraxisp)
- 0004376: [bugtracker] "assigned to" buttons don't obey $g_set_status_threshold (thraxisp)
- 0004386: [bugtracker] Changelog doesn't respect user rights (Victor Boctor)
- 0004397: [bugtracker] broken captcha if ttf not available (Paul)
- 0004348: [performance] Show queries with runtime (thraxisp)
- 0003938: [localization] Untranslatable string (jlatour)
- 0004136: [localization] Updated strings for Korean (Alex Netman)
- 0004141: [localization] Relationship strings have a useless '%id' string (Paul)
- 0004237: [localization] s_monitored_by must be in lang-files, otherwise empty string used (Alex Netman)
- 0004255: [localization] Wrong value of $g_language_auto_map (Victor Boctor)
- 0004259: [localization] Wrong value for $s_product_build (Alex Netman)
- 0004293: [localization] Lang variable names broken (thraxisp)
- 0004343: [localization] german string incorrect (Alex Netman)
- 0004355: [localization] Incorrect and incomplete Dutch translations (Alex Netman)
- 0004362: [localization] Section titles are not localized in My View page (Alex Netman)
- 0004374: [localization] Russian Language parse error (Alex Netman)
- 0004375: [localization] Russian Language parse error (Alex Netman)
- 0004402: [localization] String missing in lang/strings_dutch.txt (Alex Netman)
- 0003904: [sql] cache missing 'user pref' rows (thraxisp)
- 0004158: [sql] Sql Error in bug_copy (Paul)
- 0004222: [sql] Should mantis_project_category_table.user_id be UNSIGNED? (Victor Boctor)
- 0004311: [administration] User deletion confirm page should include user name (Bastian Pfennigschmidt)
- 0002220: [installation] usage of consistent naming schema for images (Victor Boctor)
- 0003307: [installation] check.php always checks mail() rather than the config (thraxisp)
- 0003483: [upgrade] some admin users permissions not completly upgraded from 0.17.5 to 0.18.0 (Victor Boctor)
- 0003714: [upgrade] Please add in a way to transfer attachments from the database to disk (thraxisp)
- 0004186: [upgrade] Some upgrade scripts do not read table names from config (jlatour)
- 0004357: [webpage] added issue ID to summary is a bit confusing (thraxisp)
- 0003787: [documentation] Stale reference in doc/INSTALL (Paul)
- 0004163: [other] Unreadable error messages in some languages (Victor Boctor)
- 0004182: [other] print_all_bug_page should show all issues matching current filter (Victor Boctor)
- 0004353: [other] "Select all issues" in some clicks (Bastian Pfennigschmidt)
- New Config: main_menu_custom_options (default empty) - Allow addition of custom menu options to main menu (vboctor)
- New Config: show_realname (default OFF) - show realname in all places instead of username (thraxisp)
- New Config: max_failed_login_count - Max. attempts to login using a wrong password before lock the account.
- New Config: notify_new_user_created_threshold_min - access level required to be notified when a new user has been created
- New Config: password_confirm_hash_magic_string - String used to generate the confirm_hash for the 'lost password' feature
- New Config: signup_use_captcha - use image to validate subscription
- New Config: system_font_folder - absolute path to folder which contains your TrueType-Font files
- New Config: font_per_captcha - font name used to create the captcha image
- New Config: lost_password_feature - enable lost password feature
- New Config: max_lost_password_in_progress_count - Max. simultaneous requests of 'lost password'
- Removed config option (to_mail): no longer required
- Removed config option (use_bcc): no longer required
- Updated German, French, Brazilian Portuguese, japanese_euc, japanese_sjis, Korean, Russian and japanese_utf8 language.
- Added Slovene language.
2004.07.20 - 0.19.0a2
This is the second alpha release for 0.19.0a, if there is not much issues with it then rc1 will probably follow. The main features in this release are issue relationships and simple workflow control. Also version handling was almost re-implemented to support released vs. future versions and also allow adding a description to versions.
- 0004018: [security] Real name field allows potentially dangerous HTML (int2str)
- 0004044: [security] Cross Site Scripting Vulnerability (int2str)
- 0003969: [feature] Issue Relationships Support (masc)
- 0003984: [feature] Support definining and enforcing custom workflow (thraxisp)
- 0004057: [feature] Add "notes" for versions (VictorBoctor)
- 0003974: [feature] Make Mantis issues searchable by Search Engine (int2str)
- 0004016: [feature] Automatic language selection based on browser preferences (int2str)
- 0004066: [feature] Support "future" versions and a description field (VictorBoctor)
- 0001210: [feature] Project Version could use some more details!!! (VictorBoctor)
- 0004120: [feature] Add issue id before summary in issue view pages (VictorBoctor)
- 0004104: [feature] Product Version Field in simple View (VictorBoctor)
- 0004118: [filters] Make filter display at top of View Issues collapsible (VictorBoctor)
- 0004071: [filters] advanced filtering with status=any fails (Narcissus)
- 0003804: [filters] Add ability to filter by view state (private/public) (Narcissus)
- 0003944: [filters] Give the ability to filter on : Fixed in Version value (Narcissus)
- 0003805: [filters] Add ability to filter on bugs monitored by a user (Narcissus)
- 0004027: [filters] Database query error in 0.19 alpha1 (Narcissus)
- 0004088: [filters] My View: Unassigned block shows assigned items (Narcissus)
- 0004021: [bugtracker] The filter section is duplicated on the print page (tazza70)
- 0003993: [bugtracker] String missing in strings_english.txt file (email title on updated bug) (VictorBoctor)
- 0003275: [bugtracker] Low priority is not marked in list of bugs (VictorBoctor)
- 0003996: [bugtracker] My View: how about monitored by me? (tazza70)
- 0004052: [bugtracker] Not all the buttons are marked as class="button" (VictorBoctor)
- 0004036: [bugtracker] Changelog should not display versions with no issues (VictorBoctor)
- 0004020: [bugtracker] Database field 'realname' not found after plain installation (VictorBoctor)
- 0004041: [sponsorships] Empty "Users sponsoring this issue" (VictorBoctor)
- 0004040: [sponsorships] Sponsorship timestamp is not displayed correctly in sponsorship list (VictorBoctor)
- 0004038: [sponsorships] Add icon to sponsorships to attract attention (VictorBoctor)
- 0004053: [localization] Italian - Missing $s_monitored_by (VictorBoctor)
- 0004014: [localization] Italian Version: Build Translated as Version (VictorBoctor)
- 0004017: [localization] Random translations popping up (int2str)
- 0004056: [custom fields] Displaying/Reporting Issue -> Application Warning - lang_exists() missing arg 2 (VictorBoctor)
- 0004081: [upgrade] mantis_upgrade_table.upgrade_id too small (VictorBoctor)
- 0004072: [webpage] Make sponsorships and relationships collapsible (int2str)
- 0004065: [other] Issues are not hyperlinked in Changelog if $g_bug_link_tag is not # (VictorBoctor)
- 0004064: [other] Links are not hyperlinked properly if containing '(' or ')' (VictorBoctor)
- 0004005: [other] signup for new account - invalid username generates crash (int2str)
- New Config: fallback_language (default 'english') - Fallback language for automatic language selection.
- New Config: status_enum_workflow (default disabled) - Defines the workflow to indicate what are the possible statuses based on the current one.
- Updated German, Italian, Russian, Czech and Brazilian Portuguese languages.
2004.07.07 - 0.19.0a1
This is an alpha version of 0.19.0, it is not recommended for production use. Users are encouraged to test it on a backup copy of their data and provide feedback to development team.
Users installing Mantis for the first time should sql/db_generate.sql to create the database, then run the http://www.example.com/mantis/admin and run the upgrade scripts. Already existing users will need to backup their database, then run upgrade.
* Enh #0000: Change of terminology, replaced "bug" with "issue" [first step in #2710].
* Enh #0000: Generate one email per user. Stage #2 (minor send mail optimization - used kept alive SMTP connection).
* Enh #0000: phpMailer 1.71 has been included to Mantis distribution, all the mails are sent now only by phpMailer.
* Enh #0000: Mass issue manipulation (move, delete, etc.) page now shows list of selected issues.
* Enh #2200: Add Version to simple bug pages.
* Enh #3152: Adding notes and documents to resolved bugs.
* Enh #3164: Added "fixed in version" field, set when resolving a bug.
* Enh #3300: Add global defaults for priotity and severity of new bugs.
* Enh #3302: Add global defaults for view state.
* Enh #3505: Add a Bugnote to a resolved bug.
* Enh #3519: Advanced filtering with multiple selections.
* Enh #3620: Redesigned filter interface.
* Enh #3633: Experimental support for MSSQL, PgSQL and other databases using ADODB.
* Enh #3638: The bugtracker should be able to produce a changelog.
* Enh #3662: Provide more config vars to control viewing/downloading/deleting bug attachments.
* Enh #3663: Remember filter settings for each project.
* Enh #3676: Use status threshold rather than hide resolved/closed in filter.
* Enh #3688: Add threshold for changing the bug/bugnote view status.
* Enh #3690: Request for directly setting reminders private.
* Enh #3713: Allow users to set severity levels along with email preferences.
* Enh #3735: New CSS class for HTML Form Buttons
* Enh #3739: Portal for viewing bug status lists and summaries after login.
* Enh #3765: Change title on bug details page to bug summary line.
* Enh #3801: Add "myself" meta filter options.
* Enh #3802: Auto-use filter selection on change.
* Enh #3808: Ability to sponsor (fund) a bug or feature request.
* Enh #3811: Allow private flag to be unset on resolved bugs.
* Enh #3841: Add real name ability to mantis.
* Enh #3867: Give the user control whether to open hyperlink in new or current window.
* Enh #3870: Support for custom functions which provides hooks for customizing behaviour.
* Enh #3881: Replace "Hide Status" with "Status" in advanced filter.
* Enh #3918: Allow restricting filter views to advanced or simple.
* Enh #3925: New bug group action: Copy.
* Fix #3094: Switching projects clears filter values.
* Fix #3159: Allow case of user name to be changed. Also fixed bug where database error was displayed when trying to create user "TeSt" when user "Test" already exists.
* Fix #3397: Delete notification should be off when deleting a project.
* Fix #3473: g_bug_resolved_status_threshold variable ignored.
* Fix #3504: project cookie not cleared at logout
* Fix #3567: Reminders can be added for a readonly bug.
* Fix #3578: Word 2000 reports "The dimensions after resizing are too small or too large." trying to open word document from Mantis
* Fix #3622: Tweak attachment SQL in print bug pages.
* Fix #3629: Duplicate Error ID.
* Fix #3641: 'Date submited' in reports is always '12-31-69'.
* Fix #3723: No ability to edit or even delete news is associated project was deleted.
* Fix #3781: Fixed external URL in admin/check.php
* Fix #3806: Timestamp in project management page (Version management section) isn't shown as configured
* Fix #3824: Private bug reports and bugnotes are sent out as notifications to everyone.
* Fix #3826: Allow case of project name to be changed.
* Fix #3837: Bugs can be edited after being closed.
* Fix #3840: Why strip the leading spaces from Description? (applied to all multi-line fields in issue + issue notes).
* Fix #3851: Ability to change the view status for a group of bugs
* Fix #3852: OK button in View Issues page is not localised
* Fix #3866: URLs that include bookmark are not hyperlinked correctly.
* Fix #3879: Empty entry in project select field can cause bugs to be moved to non-existing project.
* Fix #3886: Custom HTML page title not displayed.
* Fix #3920: Two missing graphs in advanced summary.
* Fix #3923: "By Developer" and "By Reporter" graphs rewritten to reduce SQL impact.
* Fix #3924: Graphs did not show query counts when flag was set.
* Fix #3937: Custom field filters now only show those values relevant to the selected project.
* Fix #3951: Add Bugnote - Link.
* Fix #3957: IIS had issues with serialised filters in redirects.
* Fix #4012: Problem with Custom Fields in Report.
* New Config: set_view_status_threshold (default REPORTER) - threshold needed to set the view status while reporting a bug / bugnote.
* New Config: change_view_status_threshold (default UPDATER) - threshold needed to update the view status while updating a bug / bugnote.
* New Config: view_handler_threshold (default VIEWER) - threshold needed to view the bug handler (now works for emails only).
* New Config: view_history_threshold (default VIEWER) - threshold needed to view the bug history (now works for emails only).
* New Config: view_attachments_threshold (default VIEWER). Access level needed to view bugs attachments. View means to see the file names sizes, and timestamps of the attachments.
* New Config: download_attachments_threshold (default VIEWER). Access level needed to download bug attachments.
* New Config: delete_attachments_threshold (default DEVELOPER). Access level needed to delete bug attachments.
* New Config: allow_view_own_attachments (default ON). Allow users to view attachments uploaded by themselves even if their access level is below view_attachments_threshold.
* New Config: allow_download_own_attachments (default ON). Allow users to download attachments uploaded by themselves even if their access level is below download_attachments_threshold.
* New Config: allow_delete_own_attachments (default OFF). Allow users to delete attachments uploaded by themselves even if their access level is below delete_attachments_threshold.
* New Config: default_bug_view_status (default VS_PUBLIC). Default view status for bugs.
* New Config: default_bugnote_view_status (default VS_PUBLIC). Default view status for bugnotes.
* New Config: default_reminder_view_status (default VS_PUBLIC). Default view status for reminders.
* New Config: stored_query_use_threshold (default REPORTER). Threshold needed to be able to use stored queries.
* New Config: stored_query_create_threshold (default DEVELOPER). Threshold needed to be able to create stored queries.
* New Config: stored_query_create_shared_threshold (default MANAGER). Threshold needed to be able to create shared stored queries.
* New Config: hide_status_default (default CLOSED). Default minimum status to hide in filters.
* New Config: enable_sponsorship (default OFF). Whether to enable/disable the whole issue sponsorship feature.
* New Config: sponsorship_currency (default US$). Currency used for all sponsorships.
* New Config: view_sponsorship_total_threshold (default VIEWER). Access level threshold needed to view the total sponsorship for an issue by all users.
* New Config: view_sponsorship_details_threshold (default VIEWER). Access level threshold needed to view the users sponsoring an issue and the sponsorship amount for each.
* New Config: sponsor_threshold (default REPORTER). Access level threshold needed to allow user to sponsor issues.
* New Config: handle_sponsored_bugs_threshold (default DEVELOPER). Access level required to be able to handle sponsored issues.
* New Config: assign_sponsored_bugs_threshold (default MANAGER). Access level required to be able to assign a sponsored issue to a user with access level greater or equal to 'handle_sponsored_bugs_threshold'.
* New Config: minimum_sponsorship_amount (default 5). Minimum sponsorship amount. If the user enters a value less than this, an error will be prompted.
* New Config: mantis_sponsorship_table (default mantis_sponsorship_table). Name of table containing issue sponsorship information.
* New Config: bug_readonly_status_threshold (default RESOLVED). Status threshold after which the issue is considered readonly.
* New Config: update_readonly_bug_threshold (default MANAGER). Status threshold after which the user is allowed to edit readonly issues.
* New Config: view_changelog_threshold (default VIEWER). Status threshold after which the user is allowed to view the changelog. The changelog will include private issues only if user has the approach access level.
* New Config: view_filters (default SIMPLE_DEFAULT) - Default filter view.
* New Config: default_home_page (default my view page): Default page after Login.
* New Config: my_view_bug_count (default 10): Number of bugs shown in each box.
* New Config: my_view_boxes: My view boxes to be shown and their order.
* Removed config option (use_phpMailer): phpMailer has always been used
* Removed config option (phpMailer_path): phpMailer has been included to Mantis distribution
* Removed config option (use_x_priority): phpMailer always puts X-Priority header
* Removed config option (hide_closed_default): Replaced by hide_status_default
* Languages: Updated German, Polish, Czech, Danish, Estonian, Japanese (EUC and SJIS), Serbian, Spanish, Italian, Brazilian Portuguese and Simplified Chinese localisations.
2004.05.12 - 0.18.3
* Sec #3660: Ability to execute arbitrary SQL statement if register_globals = ON.
* Sec #3661: A logged in user can download any bug attachment or project document.
* Enh #3262: CSV export does not export the category column.
* Enh #3264: CSV export should export the resolution.
* Enh #3287: Projectname on CSV export.
* Enh #3346: CSV extract should output more data, e.g., Date Submitted, other data that would allow better analysis of data trends.
* Fix #3259: Saving CSV file of bugs containning double quotes causes invalid csv.
* Fix #3635: status_resolved in email_api should be resolved.
* Fix #3646: Error in core/obsolete.php.
* Fix #3691: Parse error in Romanian localisation.
* Fix #3728: CSV export shows " instead of real quotes in bug title.
* Fix #3795: Resolve should not overwrite handler, if already set.
* Fix #0000: Re-generated the FAQ and fixed the hyperlinks (the contents of the FAQ may not be up to date)
2004.02.29 - 0.18.2
* Sec #3595: bug_view_page.php: restricted custom fields are shown.
* Sec #3596: print_bugnote_inc.php: private bugnotes are visible for not granted users (thanks to yarik123).
* Sec #3611: Mask passwords when printing detailed error information.
* Enh #1088: Formatting of text in bugnotes, description areas.
* Enh #1649: Replace 'Assign to Me' with 'Assign To:' and dropdown of developers.
* Enh #3362: Generic email notifications.
* Enh #3548: Support RSS for news syndication.
* Enh #3552: Improved layout of Summary page and added 'Reporter / Resolution', 'Developer / Resolution' and 'Reporter Effectiveness' reports. (thanks to Lincoln Maskey)
* Enh #3564: In anonymous mode, login should remember the current page.
* Enh #3609: Added new configuration variable $g_enable_project_documentation with default value ON to enable/disable project documentation feature.
* Fix #1479: Users receive foreign-language e-mail. Now it is used default language for all e-mails.
* Fix #3077: Inconsistency: "Assigned To" versus "Handler".
* Fix #3118: My Account: after update of password, wrong information is given.
* Fix #3135: Changing Print-Options does not work.
* Fix #3440: "Allowed File Types" is case sensitive (also applies to disallowed file types).
* Fix #3522: /news_update.php looks different from /main_page.php.
* Fix #3537: Rewriting custom values with 0 when updating a bug.
* Fix #3539: Simple view page shows advanced custom fields.
* Fix #3541: Link to documentation refers to old website.
* Fix #3568: Monitor deleted bugs? [monitor records are not deleted on bug deletion]
* Fix #3569: Wrong number of search results displayed
* Fix #3572: The summary_graph_imp_* pages have shortcut PHP tags.
* Fix #3577: Unselecting custom fields causes undesired break lines in Excel.
* Fix #3579: In the German localisation, $s_reset_request_msg was incorrectly terminated.
* Fix #3590: News displayed wrong in Firebird/Firefox.
* Fix #3594: Incorrect encoding for Turkish localization.
* Fix #3597: Custom fields names are not translated in email (thanks to yarik123).
* Fix #3598: Bug history: consuming custom fields or not?
* Fix #3602: Problems with Mantis 0.18.1 localization (partial fix).
* Languages: Added Lithuanian and Serbian localisations.
* Languages: Updated Chinese (simplified), Danish, French, German, Korean, Latvian, Norwegian, Portuguese, Spanish and Swedish localisations.
* Mantis website moved to http://www.mantisbt.org
2004.02.06 - 0.18.1
* Sec #3137: By default, every installation has an admin account with a known login cookie value. This value is now generated at installation time.
* Sec #3445: User see all information from all projects (if user has access to 0 projects)
* Enh #2811: Anonymous mode issues (auto login for anonymous users + other issues).
* Fix #2668: Proxy incorrectly presents cached output to other users.
* Fix #3028: Mailer produces errors if there are no recipients, and use_bcc is set to ON.
* Fix #3069: Proxy server incorrectly caches output of 'View All Bugs'
* Fix #3177: Switching project in advanced summary changes current page.
* Fix #3210: bug_view_advanced_page.php (and simple) doesn't show the project name.
* Fix #3324: Win32: Call to undefined function: getmxrr() [default to OFF].
* Fix #3396: Database upgrade scripts that tried to add a unique key failed if duplicate entries existed.
* Fix #3400: Reopen a 'closed' bug, the value of 'resolution' is 'reopen' and can't be changed (now resolution / duplicate id can be edited)
* Fix #3449: Database upgrade script fails to detect some existing columns.
* Fix #3450: Certain database upgrade scripts fail if table already exists.
* Fix #3467: Delete user ends up at user not found error.
* Fix #3475: Reopen bug to custom status possibility.
* Fix #3479: Reset account preferences of a user results in reset administrators (current) account.
* Fix #3493: Missing string $s_bug_deleted in German (and some other) translation
* Fix #3495: Warning even if administrator account is disabled.
* Fix #3501: No output for print_all_bug_page.php when status=closed, and Hide Status Closed is selected.
* Fix #3506: PHP error if "duplicate id" refers to a bug that does not exist.
* Fix #3525: Priority field incorrectly shown on Simple Report page.
* Fix #3526: Custom field regular expression doesn't prevent invalid bug entry.
* Fix #3530: Custom fields definitions are not validated.
* Opt #0000: Added an index on bug_id field in the mantis_bug_file_table.
* Opt #0000: Removed filtering code redundancy in print report pages (thanks to Lincoln Maskey)
* Languages: Updated Dutch localisation.
* Updated copyright to include 2004
2003.12.08 - 0.18.0
* Fix #3207: LDAP mail lookup was looking for the 'email' attribute instead of the 'mail' attribute.
* Enh #3335: Added Estonian Language (thanks to Villem Vannas).
* Fix #3310: Sorting of projects in menu bar.
* Fix #3330: "Required" fields on Account Profile page.
* Fix #3333: Support PHPMailer v1.7x.
* Fix #3334: Invalid links in bug reminder emails.
* Fix #3353: History not updated in bug deletion email.
* Fix #3389: Problems upgrading existing users to administrator.
* Fix #3417: Setting $g_manage_news_threshold to 'DEVELOPER' can't add new news.
* Fix #3421: Users except admin can 'see' the projects disabled on the project bar.
* Sec #0000: Various Cross-Site Scripting vulnerabilities fixed (thanks to Paul Richards).
* Languages: Updated French localisation.
2003.08.24 - 0.18.0rc1
* Enh #0000: New config option(user_login_valid_regex): regular expression used to validate new login names
* Enh #0000: Added error_proceed_url() to allow pages to give a url to proceed to after displaying the next error
* Enh #0000: Implemented parameterized error messages. Error strings are passed through sprintf() and are parameterized with the values given to error_parameters()
* Enh #0000: Allow spaces and hyphens in login names.
* Enh #0000: Optimized the database query in file_list_attachments() to improve performance of viewing bugs with large attachments.
* Enh #2377: Index user names in manage user page by letters (added config option default_manage_user_prefix).
* Enh #2517: Security Warnings [on login page if admin folder is accessible, administrator/root account enabled, or PLAIN passwords used].
* Enh #2981: Resolution in overview (show resolution in View Bugs page).
* Enh #3088: Show file attachment indicator on bug list page.
* Enh #3240: Show last login date in the main page.
* Enh #3242: Show bugnote add form before bugnotes to minimize the scroll needed to add a note.
* Enh #3244: Add bug status to the autogenerated bug view link tooltips.
* Enh #3272: Bugnote links in view_all_inc now are painted in a 'not visited' color when there are new notes.
* Security Fix #0000: All bugs were displayed if "All Projects" is selected and user has access to no projects.
* Fix #0000: Part of filenames with '-'s were being cut off.
* Fix #0000: Improved adherance to the XHTML standard.
* Fix #0000: A bug in the handling of the case where a user who does not have access to a private project, but has access level >= private_project_threshold.
* Fix #0000: Problem in filtering on reporter = 'any' in the print pages.
* Fix #2992: Unable to attach files to bugs on Windows servers with magic quotes ON.
* Fix #2999: Only administrators to can (to private) projects.
* Fix #3027: History summary a little bit too wide in emails.
* Fix #3064: View bug buttons in vertical column
* Fix #3072: Attached file should be opened up in a new browser window.
* Fix #3076: Bug reports are added to the "wrong" project.
* Fix #3079: Error when using phpMailer.
* Fix #3080: Project menu bar shows extra links.
* Fix #3089: Hide link to Profiles management on account page based on access level.
* Fix #3092: Problem changing printing prefs.
* Fix #3097: App Error 700 in project_api.php when viewing certain bugs.
* Fix #3108: No custom fields are shown in the details, if you are in "All Projects"
* Fix #3109: Error when adding protected users.
* Fix #3110: "Print reports" preview in explorer is not possible unless you select "Display selected only"
* Fix #3111: Bug links in bugnotes do not contain the FQDN as they do in the full reference.
* Fix #3115: manage_proj_cat_edit_page.php uses the wrong project id.
* Fix #3120: Missing "Assign To" field on "Report Bug" screen.
* Fix #3121: When creating a bug that has custom fields, the values for the custom fields are not sent out in the email.
* Fix #3124: view_bugs: a reporter has the drop-down box of actions, but doesn't have the checkboxes.
* Fix #3132: Email for feedback does not contain the last bugnote
* Fix #3140: attachment.png is corrupt in CVS.
* Fix #3143: Show a padlock instead of "p".
* Fix #3155: Field 'date_added' (for attachments) not correctly printed in print_bug_page.php.
* Fix #3175: Login fails when saved password is PLAIN and login_method is not PLAIN.
* Fix #3186: $t_protocol not set right (PHP 4.3.0/Netscape Enterprise 6.1/Linux installation with Mozilla client).
* Fix #3218: Version vs. Product version confusing (renamed Version to OS Version in advanced pages - English language).
* Fix #3219: Unnecesary DISTINCT SQL function call made the view_all_bugs query fail with older MySQL releases.
* Fix #3214: Private projects links get replaced by public project links.
* Fix #3225: Row with the "private" checkbox hasn't got a colspan of 6.
* Fix #3231: Redirect problem when user clicks on a bug link while not logged in.
* Fix #3230: German translation [corrections].
* Fix #3232: Signup or password reset emails were not being sent if email notifications were turned off
* Fix #3252: Category not selected on update if "&" is used in category name.
* Fix #3266: Possible patches against CVS (Not all changes were applied, see bug for details)
* Enh #3276: Add bugnote numbering and the ability to link to bugnotes directly using configured tags like with buglinks
* Fix #3292: Exporting csv results in "cannot modify header" error.
* Fix #3295: $g_limit_reporters doesn't work.
* Fix #3306: PHP error if unable to connect to database.
* Languages: Updated Italian, German, Spanish, Slovak, Swedish, French and Dutch localisations.
* Languages: Synchronised localisation files with English localisation.
* Added Mantis FAQ to documentation folder.
* Mantis Manual is now available online at http://mantisbt.sourceforge.net/manual/
2003.03.22 - 0.18.0a4
* Check whether other forms of compression are enabled before we turn on ob_gzhandler() in our output handler. This should hopefully avoid problems people have had with blank pages resulting from compression problems.
* Remove "show source" functionality which was a security hole and of little use
* Languages: Updated Italian and Dutch localisations.
* Languages: Added Slovak localisation.
* Languages: Synchronised localisation files with English localisation.
* Languages: Changed code page of Czech translation.
* Enhancement: Added bug summary by project on summary page (#1759).
* Enhancement: Reduced number of SQL queries on summary page (#3046).
* Enhancement: Field names in bug history are now localized.
* Enhancement: g_use_iis default value is now based on auto-detection of IIS servers. Before it was defaulted to OFF.
* Fix: 'Display selected only' on print bugs page fixed.
* Fix: 'Hide resolved' now also works for report printing and export.
* Fix: Do not call custom_field_set_value() in bug report and bug update if user has no write access.
* Fix: Printing context in case of errors is not working properly (a lot of notices are generated).
* Fix #2626: $g_primary_table_tags is documented and in config files but never used
* Fix #2839: 'Join incorrect in print_reporter_options and print_assign_to_option_list'
* Fix #2902: Project name is not printed on bug list report.
* Fix #2953: 'View all bugs page empty'. We now disabled compression if zlib isn't available to php. See notes in the config_defaults_inc.php for information on enabling zlib on Windows.
* Fix #3011: 'Hide resolved' flag is now preserved when re-sorting bug list.
* Fix #3019: Application Error 200 after updating a bug.
* Fix #3020: Error when deleting a bug with bugnotes.
* Fix #3021: Error when using phpMailer.
* Fix #3022: Add user to project form lists disabled users.
* Fix #3047: Manually assigned developers cannot resolve in All Projects view.
* Fix #3050: Setting Assigned To to null causes Status to change to assigned
* Fix #3055: (Non-email) URLs containing '@' characters are now linked correctly.
* Fix #3058: Clicking on view_all_bug_page.php results in 'file download' popup.
* Fix #3062: category, version option lists (and custom fields/reporter/assign to) populated from current project rather than bug category.
2003.02.26 - 0.18.0a3
* Behaviour change: allow bug IDs to get replaced when they are preceeded by any character that is not a letter, a number, or an underscore instead of requiring them to be preceeded by whitespace
* Enhancement: Added "Hide resolved" functionality to bug list page.
* Enhancement: When an enumeration is not found, display @<enumid>@ instead of @null@.
* Enhancement: Added file type icons next to project documents and bug file attachments. Also provided a set of standard icons.
* Enhancement: Added a section to the bug view pages that lists the users that are monitoring the current bug.
* Enhancement: Improved the layout of the "Send a reminder" form.
* Fix: META redirects were not XHTML-compliant
* Fix: $g_lang_current was not available to custom_strings_inc.php
* Fix: reduced the executed number of queries throughout the interface
* Fix: improved handling of bad cookies (you now get a chance to log in again)
* Fix: Added the removal of invalid history entries that were added due to escaping errors to the string escaping fixes.
* Fix: Improve speed of actions that trigger email sends by reducing the number of queries by 200x (20,000%). Queries when sending emails are now linear to the number of users receiving the email instead of the number of users in the system.
* Fix: error deleting bug files fixed
* Fix: display logical filename rather than file system filename for project documents in project document edit page.
* Fix #838: Show attached images as images instead of links.
* Fix #2075: Mantis does not correctly display images when they are clicked ( $g_file_upload_method = DATABASE ).
* Fix #2939: Confusing file names for uploaded project documents.
* Fix #2940: Error when uploading document with no upload path.
* Fix #2944: Project files are not deleted when project is deleted.
* Fix #2953: View all bugs page empty (temporary fix by disabling compression when running on an IIS server).
* Fix #2954: Bgcolor attribute on TD in view_all_bug_page (moved to TR) [optimisation]
* Fix #2956: db_insert_id() did not use mysql_insert_id(), but executed another query (which is probably slower)
* Fix #2961: A disabled project can not be the currently selected project
* Fix #2964: proj_doc_add.php is empty if document file already exists
* Fix #2967: Make bugnotes visible while updating bugs (updating, resolving, and closing)
* Fix #2968: Add query counts to action pages.
* Fix #2969: Bug not found error when deleting a bugnote.
* Fix #2970: Sending a reminder sends two notifications.
* Fix #2974: Message "APPLICATION WARNING #300" on main page.
* Fix #2975: 'date modified' column of bug history in email is to tight.
* Fix #2976: Incorrect handling of URLs.
* Fix #2978: URLs not hyperlinked in news_add page.
* Fix #2980: Escaping fixes are not applied to the bug history table.
* Fix #2982: Having email_set_category set to EMAIL_CATEGORY_PROJECT_CATEGORY erased various mail headers.
* Fix #2989: Allow managers to manage bugnotes.
* Fix #2992: Unable to attach files to bugs (or documents to projects) [applicable to Windows servers]
* Fix #2993: Read/Write access levels not checked in custom fields.
* Fix #2997: 'Trouble assigning a user to a project from the Manage Account'
* Fix #3001: Users cannot delete/edit their own bugnotes.
* Fix #3005: custom_field_api.php does not work with PHP 4.0.6.
* DB Upgrade: Added "id" primary key to bug history table (needed for #2980).
* Languages: Updated German localisation.
* Languages: Synchronised localisations with English
* Changed config option (default_notify_flags): remove 'admin', 'manager', and 'threshold' categories and add 'threshold_min' and 'threshold_max'
* New config option (bugnote_allow_user_edit_delete): controls whether users are allowed to edit or delete their own bugnotes.
* New config option (email_receive_own): controls whether users receive emails for changes they make
* New config option (display_project_padding): controls the level of padding on project ids
* New config option (display_bug_padding): controls the level of padding on bug ids
* New config option (display_bugnote_padding): controls the level of padding on bugnote ids
* New config option (file_type_icons): provides mapping between file extensions and icons to be used for file types.
* New config option (show_monitor_list_threshold): threshold needed to view the list of users monitoring a bug.
* New config option (document_files_prefix): prefix to be used for file system names for documents uploaded to projects (eg: doc-001-myprojdoc.zip when using prefix 'doc').
* New config option (preview_attachments_inline_max_size): Configure the maximum size for an attachment to be viewed inline. (needed by #838)
* Removed config option (bugnote_include_file): Used file path directly since there is no reason to make it configurable.
* Removed config option (bugnote_view_include_file): Used file path directly since there is no reason to make it configurable.
* Removed config option (bugnote_add_include_file): Used file path directly since there is no reason to make it configurable.
* Removed config option (history_include_file): Used file path directly since there is no reason to make it configurable.
* Removed config option (print_bugnote_include_file): Used file path directly since there is no reason to make it configurable.
* Removed config option (view_all_include_file): Used file path directly since there is no reason to make it configurable.
* Removed config option (bug_view_inc): Used file path directly since there is no reason to make it configurable.
* Removed config option (bug_file_upload_inc): Used file path directly since there is no reason to make it configurable.
2003.02.19 - 0.18.0a2
* Behaviour change: Project documentation is now sorted by title
* Enhancement: Project name is shown in print_bug_page
* Fix: #2938: 'Double quotes not handled correctly in manage_custom_field_edit_page'
* Fix: handle special characters correctly in the rest of the manage_custom_field_* pages
* Fix: #2937: 'Double quotes not handled correctly in version names'
* Fix: #2936: 'SYSTEM WARNING: ob_gzhandler() used twice'
* Fix: #2941: Checking that project upload path exists and is writable to webserver
* Fix: #2943: Document title should be mandatory
* Fix: #2949: News title and body should be mandatory.
* Fix: #2952: Email address of news poster always visible.
* Fix: at various places, the currently selected project (as specified by the cookie) was used instead of i.e. a bug's project
* Fix: lang_api did not load the user's preferred language
* Fix: obscure error when database connect failed
* Fix: error when deleting news items
* Fix: we no longer execute thousands of queries in view_all_bug_page when there are a lot of users in the database
* Fix: the sort direction in 'View all bugs' was passed directly to the query
* New config option (mail_priority): if use_x_priority is set to ON, what should the value of X-Priority be? The default is 3 (instead of 0 in previous version, which was misinterpreted by some MTAs)
* New config option (long_process_timeout): the number of seconds to give long executing pages (like database upgrades) to complete before aborting them (defaults to 0 which is unlimited)
* New config option (private_project_threshold): threshold needed to get into private project automatically
* Removed config option (mail_send_crlf): having this option off (default) violated RFC 822bis and there shouldn't be any server which required it to be set to off
* Languages: Updated Dutch, French, German and Italian localisations.
* Languages: Synchronized localisation files with the English localisation.
* Security enhancement: it is now impossible to 'fill in' forgotten language strings using GET/POST/COOKIE variables
2003.02.16 - 0.18.0a1
This release contains literally hundreds, if not thousands, of changes.
Upcoming releases will hopefully follow a *much* quicker release cycle now
that we are back on track.
This marks the first release of Mantis with a completely refactored API
library. All the API files are in the core/ directory should you wish to
examine them in more detail. The process of cleaning up the APIs and making
sure all the pages use them is still not quite complete, but we are getting
Listing every individual change would be unproductive but the key ones are
listed or summarized below:
* Behaviour change: made 'normal' the default priority for new bugs
* Behaviour change: Merged default/config_inc1.php and default/config_inc2.php in config_inc.php in the main directory
* Behaviour change: Removed f_ prefix from POST and GET field names
* Changed config options (*_color): now use $g_status_colors['<status color>'] array. For example, $g_new_color is replaced with $g_status_colors['new'].
* Changed config options (default_advanced_report, default_advanced_view, default_advanced_update): now ON/OFF instead of BOTH/SIMPLE/ADVANCED (they never worked the other way anyway)
* Changed config options (login_method): the constant CRYPT_FULL_SALT is now deprecated and should be replaced with CRYPT, which behaves exactly the same, or MD5
* Code cleanup: added validation checks for all inputs that are passed on to database queries
* Code cleanup: db_prepare_string(), db_prepare_int(), and db_prepare_bool() to be called on data before it goes into the database
* Code cleanup: modified input-checked variables to be prefixed by $c_
* Code cleanup: Moved admin_* scripts into admin/ directory
* Code cleanup: Moved core_* files into core/ directory, which can be moved out of the webroot
* Code cleanup: Replaced '/' with DIRECTORY_SEPARATOR throughout to make things cross-platform
* Code cleanup: Rewrote large parts of Mantis to improve security
* Copyright transfered by Kenzaburo Ito to 'Mantis Group', consisting of all of Mantis developers, as of 2002. All files have had their copyright notices changed to reflect this.
* Enhancement: added a button to copy categories from another project, in addition to the current 'copy to'
* Enhancement: added a direct link, with a small icon, on each bug row, so that users on a selected project can switch directly to the update bug page (simple/advanced depending on user preferences).
* Enhancement: added a remove link next to the edit link in the project categories and project versions to allow deleting without going into edit.
* Enhancement: added announcement flag to news. Announcements are always kept at the top of the news page.
* Enhancement: admin_check script moved to admin/check.php and rewritten to be more complete
* Enhancement: added links from the counters of bugs reported and assigned to logged in user to their corresponding filtered view
* Enhancement: added support for custom_constants_inc.php, if this file is found in main directory it gets included after constants_inc.php. It is useful to define constants for custom enumerations.
* Enhancement: added support for custom_strings_inc.php, if this file is found in main directory it gets included after lang/strings_xxxx.php to allow overriding of strings without modifying the language files. $g_active_language can be used to check the active language.
* Enhancement: added support for modifying the reporter of a bug
* Enhancement: Added Word2k and Excel export in print_all_bug_page.php. Users can choose the bugs to display/print, and the fields to export with the 'Printing Options' link.
* Enhancement: Administrators can now modify the preferences for all users that are not protected. Protected users need to be unprotected first.
* Enhancement: allow managers to update project information, change project user list, add/edit/delete categories and versions
* Enhancement: auto-assign bugs when a default user is specified for the category and a bug is not pre-assigned
* Enhancement: automatic defaults for $g_path and $g_absolute_path rather than dummy values. This should avoid the need of redefining these values in config_inc.php and also support multiple domains.
* Enhancement: bugs can be marked private
* Enhancement: bug change history
* Enhancement: caching of much DB data to prevent multiple requests for the same information
* Enhancement: Cleaned up file uploading with better error messages and hiding file upload when it's disabled in PHP
* Enhancement: confirm a lot of destructive actions before performing them
* Enhancement: email_api.php sends a content-type header in emails
* Enhancement: enter a bugnote when you update a bug
* Enhancement: html_api.php prints a META-tag defining the charset
* Enhancement: improved the behaviour of sorting the tables of users and projects in 'Manage'
* Enhancement: in the view all bugs page, when 'All Projects' is selected, the project name is now displayed in smaller font over the category
* Enhancement: include tabindexes in the form fields on the bug reporting pages
* Enhancement: look in environment variable MANTIS_CONFIG to find a config file to load after config_inc.php (useful for vhosts)
* Enhancement: make br, hr, li, img, selected, checked, and other html elements XHTML compliant
* Enhancement: more visual graph pages in summary_page.php. Caution, old versions of JPGraph may cause problems, use v1.6.3 or above if you can.
* Enhancement: news can now be made private
* Enhancement: offer multiple group bug actions in view_all_bug_page.php
* Enhancement: private bugnotes. At present these bugnotes are omitted from sent emails, a future release will put private bugnotes in emails to those who should see them.
* Enhancement: provide a notification when a bug is deleted
* Enhancement: reminder feature to let you send a message about a bug to a list of users
* Enhancement: reworked BCTimer class to be more useful for debugging
* Enhancement: send Bug History in e-mails
* Enhancement: added new database upgrade system to allow you to easily apply database schema changes when upgrading.
* Enhancement: support uploading attachments to an FTP server (so now there is DISK, DATABASE, and FTP). Recently uploaded/downloaded attachments are cached at the web server.
* Enhancement: User names are now auto-generated for accounts that no longer exists. The user names are prefixed by the string given in the config option prefix_for_deleted_users.
* Enhancement: user_api.php, login.php and login_page.php send the user back to the referring page after login
* Enhancement: warn the user if his browser does not support cookies, either because it's too old or because it was disabled
* Enhancement: you can add multiple categories in one step. This is done by separating category names by the pipe character '|'. For example to add category 'A' and 'B', add 'A|B'.
* Enhancement: you can monitor bugs even when not reporter or handler
* Enhancement: support for custom fields.
* Enhancement: you can now change the password encryption method by simply changing the configuration option - Mantis will change your passwords automatically as people login
* Fix: Account pruning now also removes profiles, preferences and such.
* Fix: all string files use single quotes instead of double quotes
* Fix: bug that let you change your username to that of an already existing user
* Fix: bug where upload paths with \'s in them kept getting escaped over and over
* Fix: defects with updating project categories and versions
* Fix: deleting the current project no longer gives an error (#2808)
* Fix: email address validation should be much more RFC 822 compliant (#2819)
* Fix: Made 'light grey' the default color for 'closed'
* Fix: make form elements standards compliant
* Fix: prevent an unauthorized user from deleting a bug by modifying the URL
* Fix: print_api.php escapes double quotes in text fields, instead of replacing them by single quotes
* Fix: problem deleting bugnotes
* Fix: problem in core_API.php where constants were used before declaration
* Fix: problem in email_api.php where an email could be sent to nobody at all, in rare cases
* Fix: problem in manage_proj_update.php which gave a warning when editing projects with empty upload file paths
* Fix: problem with ambiguous column names in queries when using the text search or applying filters
* Fix: problem with print_assign_to_option_list() not selecting the current user
* Fix: quoted various text values retrieved from a database and used in a database query.
* Fix: Removed special status of 'closed' concerning colors. 'View all bugs' will use the configured background color.
* Fix: Removed str_pad() we can use str_pad() from PHP4 now
* Fix: replace & in URLs with & to conform with standards
* Fix: use single quotes whenever possible if double quotes were unnecessary
* Fix: Use supervariables ($_SERVER, $_REQUEST, etc.) in PHP >= 4.1.0, since the old variables are deprecated
* Fix: when viewing all bugs for all projects you no longer see bugs from disabled projects
* Fix: Disabled user accounts no longer receive notification emails.
* Languages: Added $s_charset to all localization files.
* Languages: Added Chinese Simplified translation.
* Languages: Removed French2 localization (out of date, without HTML entities. Replaced by new French localization).
* Languages: removed HTML entities from all localization files
* Languages: Updated comments in all localization files to point to correct file names.
* Languages: Updated Hungarian, Russian, Romanian, German, Danish, Norwegian and Dutch localizations.
* New APIs: see all the files in core/ ending with _api
* New config option (allow_blank_email): allow blank email addresses (ie none specified)
* New config option (allow_reporter_close): allow reporters to close the bugs they reported
* New config option (allow_reporter_reopen): allows reporters to reopen closed bugs that they reported if they are unhappy with the resolution (defaults to ON) (see issue #2108)
* New config option (auto_set_status_to_assigned): automatically set the status to ASSIGNED when an issue is assigned. Default is ON.
* New config option (bug_reminder_threshold): the access level required to send reminders
* New config option (bug_resolved_status_threshold): To mark the status threshold for marking bugs as readonly. Default is RESOLVED.
* New config option (compress_html): optional compression of html output
* New config option (create_project_threshold): provide a threshold for users who can create projects
* New config option (custom_field_edit_after_create): new option to control whether a user is directed to edit a custom field after creating it
* New config option (custom_field_link_threshold): provide a threshold for users who can link and unlink custom fields but not delte, create, or modify them
* New config option (custom_headers): contains a list of headers to prepend to each outgoing HTTP response. This can be used for P3P policy headers among other things (see issue #2649)
* New config option (debug_email): allows debugging e-mail messages during development by only sending them to the specified e-mail while including the original to, cc, bcc in the message body (currently supported only when phpmailer is used).
* New config option (default_notify_flags and notify_flags): these replace $g_notify_developers_on_new, $g_notify_on_new_threshold, and $g_notify_admin_on_new. The old flags are no longer supported. The new ones provide full control on who should be notified on each event/action.
* New config option (delete_bugnote_threshold): the access level required to delete a bug
* New config option (delete_project_threshold): provide a threshold for users who can delete projects
* New config option (email_set_category): make Mantis set the category of the e-mail sent (via mail()/phpMailer). This is useful in organising e-mails better using clients like Microsoft Outlook.
* New config option (handle_bug_threshold): the access level required for a user to appear in the assign to list and be able to handle bugs
* New config option (history_default_visible): whether bug history should be visible by default or only when requested.
* New config option (html_make_links): Replaces allow_href_tags. When true, convert text links in strings into actual anchor tags.
* New config option (html_valid_tags): Replaces allow_html_tags and html_tags. Set it to a string containing a comma-separated list of tag names that should be allowed in messages.
* New config option (limit_email_domain): only allow emails in the given domain
* New config option (manage_custom_fields_threshold): controls who may make changes to custom fields
* New config option (manage_news_threshold): threshold needed to manage news postings
* New config option (manage_user_threshold): access level required to modify/create/delete users
* New config option (notify_admin_on_new): enable/disable notifications to admins on arrival of new bugs
* New config option (notify_on_new_threshold): the access level above which users will be notified of new bugs
* New config option (project_user_threshold): access level required to add/remove users to/from a project
* New config option (reminder_recipents_monitor_bug): To automatically add recipients of bug reminders to the monitor list of the defect. This is done if the access level is greater than or equal to monitor threshold and the recipient is not the handler or the reporter.
* New config option (show_detailed_errors):
* New config option (show_notices):
* New config option (show_project_menu_bar): adds a menu bar with all the projects as links
* New config option (show_queries_count and show_queries_list): track the executed queries and display their total count, unique queries count, and the actual list of queries executed
* New config option (show_warnings):
* New config option (smtp_password): password to use when connection to an smtp server with phpMailer
* New config option (smtp_username): username to use when connection to an smtp server with phpMailer
* New config option (store_reminders): controls whether to store sent reminders as a bugnote
* New config option (summary_category_include_project): display "[project] category" rather than "category" only in summary for "All Projects"
* New config option (update_bug_threshold): the access level required to update a bug
* New config option (upload_project_file_threshold, upload_bug_file_threshold, allow_reporter_upload): control what users may upload what kinds of files
* New config option (view_attachments_threshold): the access level required to view attachments. This is useful when there is a need to share the knowledge about the defects, but to secure customer data.
* New config option (view_summary_threshold): the access level required for viewing the summary page
* New file (obsolete.php): checks for obsolete variables and tells the operator
* Removed config option (allow_href_tags): see new option html_make_links
* Removed config option (allow_html_tags): see new option html_valid_tags
* Removed config option (html_tags): see new option html_valid_tags
* Removed config option (register_globals): just check the actual value of the PHP config variable
* Removed config option (php): this variable containing the file extensions (php3 of php) was only used in config, so do a search and replace if you need it
* Renamed config option: allow_bug_delete_access_level to delete_bug_threshold
* Renamed config option: bug_move_access_level to move_bug_threshold
* Renamed file: manage_create_new_user.php to manage_user_create.php
* Renamed file: manage_create_new_user_page.php to manage_user_create_page.php
* Renamed file: report_add.php to bug_add.php
* Renamed file: report_bug_advanced_page.php to bug_add_advanced_page.php
* Renamed file: report_bug_page.php to bug_add_page.php
* Security fix: Mantis no longer relies on register_globals being turned on
2002.08.23 - 0.17.5
* Corrected bug_delete.php and bug_delete_page.php, which ignored the $g_allow_bug_delete_access_level setting.
* Corrected bug_close.php and bug_close_page.php, which ignored the $g_close_bug_threshold setting.
* Corrected bug_reopen.php and bug_reopen_page.php, which ignored the $g_reopen_bug_threshold setting.
* Fixed problems in bug_update_advanced_page.php, bug_update_page.php, view_bug_advanced_page.php and view_bug_page.php which allowed users to view private bugs. It does that icky logout thing again, which will be replaced with a nice message in 0.18.0.
* Fixed a problem in view_all_bug_page.php which allowed users to see public bugs in private projects when all projects were marked private.
2002.08.19 - 0.17.4a
* Fixed the fix of the ambigious column problem
* Fixed the 'second line of defense' against the arbitrary-code-execution vulnerability
2002.08.18 - 0.17.4
* This is a maintenance release. It patches up several vulnerabilities in 0.17.3. No features have been added.
* Fixed a problem in config_inc2.php, which would allow a malicious user to execute arbitrary code and view any local file available to the webserver-user.
* Fixed a problem in summary_graph_functions.php, which just allowed a malicious user to execute arbitrary code.
* Fixed a problem in print_all_bug_page.php, which allowed reporters to see bugs they hadn't reported, even when $g_limit_reporters is set to ON.
* Fixed a problem in view_all_bug_page.php, which allowed any user to see the summaries of public bugs in private projects, by manipulation of the project cookie.
* Modified admin_check.php to prevent use by spammers.
* Modified the database upgrade script to prevent someone from accidentally or intentionally running the scripts on an updated database.
* Fixed a problem in core_user_API.php, which probably caused the infinite-redirect problem in Mozilla/Opera browsers.
* Fixed a problem with ambigious columns in view_all_bug_page.php
2002.05.19 - 0.17.3
* Bumped version number.
* Fixed problem with CSV not downloading.
* Fixed no colors when using non-English languages (temporary fix).
* Fixed bug_close to add bugnote.
* Fixed file uploads to not show up for VIEWERS.
* Modified core_API.php to always turn magic_quotes_runtime OFF.
* Modified disk uploads to use the file_download.php script.
* Modified bugnote last_modified query slightly.
* Modified reporter and assign_to option lists.
* Updated PHP and MySQL requirements.
* Updated Norwegian, Russian, Danish and Dutch translations.
* Added die to print_header_redirect().
* Added russian_koi8 translation.
* Added HTTP_POST_FILES to core_API.php.
* Added check for empty bugnotes.
* Removed view_csv_export_inc.php (unused).
* Removed print_user_option_list() (unused).
* Closed a security problem in account_update.php.
2002.05.12 - 0.17.2
* Fixed error in set_project where setting a project would result in a loop.
* Fixed account profiles to check for blank inputs.
* Fixed some problems with BASIC_AUTH.
* Fixed problems with documentation links.
* Fixed a few documentation errors in configuration.html.
* Fixed bug_update to no longer cut off steps_to_reproduce if it has quotation marks.
* Fixed # bug links in emails.
* Fixed bugnote update to redirect properly after update.
* Fixed bugnote update to check for proper access.
* Fixed bug_file_upload_inc to user $g_max_file_size.
* Fixed CSV exporting to not have SPAN tags.
* Fixed CSV export MIME type.
* Fixed potential variable warning in main_page.
* Fixed signup to detect empty usernames.
* Fixed user creation to detect empty usernames.
* Fixed bug file upload error. Error message was misreported.
* Fixed project doc upload error. Error message was misreported.
* Fixed problem with bottom page menu not displaying when turned on.
* Fixed warning message on report. Warning: Undefined variable: f_file_name ...
* Fixed edit bugnote to allow the correct users to edit and update.
* Fixed g_limit_reporters to work properly for project users.
* Modified accounts so that protected accounts are not accessible by the user.
* Modified report page formating.
* Modified file size reports to show up as bytes.
* Modified email string padding and line separation characters.
* Modified account page to show default and current project access levels.
* Modified news posting to properly limit project lists for non Administrators.
* Modified reset password functionality to use g_send_reset_password to determine whether a password is set to blank or emailed to the user.
* Modified color legend is now generated form the $g_status_enum_string variable.
* Modified print_enum_string_option_list() to work better.
* Modified bug_update_advanced to allow for more fields to be updated.
* Modified email subject links to match standard Mantis email format.
* Modified view bug pages to show bug status via color.
* Modified more pages to show bug status via color.
* Modified setcookie() to use paths.
* Modified fopen() to open with rb instead of r.
* Modified language files to use long php tags.
* Modified tr bgcolor elements and moved them into td bgcolor blocks to help MacOS IE color table cells properly.
* Modified view_all_bug_page to use view_all_set as a pure script to set cookies.
* Modified g_hide_user_email to be g_show_user_email and have different usage modes.
* Modified phpmailer AddAddress in email sending to allow for multiple to recipients.
* Modified project user adding to use a multi-select list box.
* Modified get_enum_string to use the g_ enum string value instead of the s_ enum string value.
* Modified br tags to be new xml style tags.
* Modified time stats in summary to use CLOSED instead of resolved.
* Modified setcookie() to use g_cookie_path when unsetting.
* Modified set_project.php to avoid double refresh when using IIS.
* Modified project user module behavior.
* Modified delete file attachments to chmod( 0775 ) so write permissions are granted.
* Modified get_view_redirect_url() call on bug_assign.php to handle redirects better.
* Modified search to look in bugnotes.
* Modified is_duplicate_category(). Reversed the arguments.
* Modified to use core_project_API.php.
* Modified to use core_version_API.php.
* Modified print_all_bug_page.php to seach bugnotes.
* Modified print_reporter and assign_to option_lists() to display lists properly.
* Added Hungarian translation.
* Added Japanese translation.
* Added Czech translation.
* Added g_bug_link_tag to let users customize how to create bug links.
* Added a "jump to bugnotes" quicklink at the top of the view bug pages.
* Added a global option to control what access levels can delete bugs.
* Added g_bug_move_access_level to control what access level can move bugs to other projects.
* Added extra link after a bug report to go directly to the new bug.
* Added g_close_bug_threshold for closing a bug.
* Added print report link to view all bug page.
* Added g_allowed_files and g_disallowed_files to control what files types may be uploaded.
* Added user to project multi-select listbox in manage section.
* Added list of projects a user is assigned to to the account page.
* Added print bug view.
* Added jump to bug form.
* Added core_proj_user_API.php.
* Added make_lf_crlf() to remove bare line feeds.
* Added g_strip_bare_lf to toggle use of make_lf_crlf().
* Added priority reporting on the report form for developers.
* Added project category copy.
* Added CRYPT_FULL_SALT authentication.
* Added page timer.
* Added mt_srand() call in core_API.php.
* Added g_register_globals global for installations where register_globals is Off.
* Removed access_min and access threshold concepts from the user and project management.
* Removed extra "echo" in news archive page.
* Removed proj_user_delete_page.php.
* Removed dependency on s_ enum strings. Use g_ enum strings instead.
* Updated Copyright to 2002.
2002.03.15 - 0.17.1
* Fixed missing closing span tag in view_bug_*page.php.
* Fixed advanced summaries (jpgraph) for general statistics for all projects.
* Fixed small problem in all localization files (for $s_reset_request_msg).
* Fixed summary stats for developers when they are assigned with "developer" rights at a project and do not have default profile >="developer".
* Fixed reporter poplist filter in buglist when users are assigned >="reporter" at a project and do not have default profile >="reporter".
* Fixed summary page for "All projects" option
* Fixed printable buglist for "All projects" option
* Fixed document links (ChangeLog, README, etc.)
* Fixed problem where portuguese_brazil localization did not appear correctly.
* Fixed several minor CSS class consistency issues.
* Fixed file download links to use rawurlencode().
* Fixed admin_check.php to check for Windows style \.
* Fixed file dates to display correctly.
* Fixed bug update button to go to proper simple or advanced page.
* Fixed a problem where users could not report bugs if uploading was disabled.
* Fixed a minor problem in the print_reporters_option_list().
* Fixed more CSS issues.
* Fixed file uploads to not allow duplicate files when using DISK.
* Fixed file upload switch with break statements.
* Fixed print_assign_to_option_list() to accurately reflect settings.
* Fixed print_reporter_option_list() to accurately reflect settings.
* Fixed the access level checks to be more accurate.
* Fixed summary by category to work when categories have single quotes.
* Removed site_settings link in print_manage_doc_menu().
* Removed action confirmations in Account pages.
* Removed action confirmations in Bug/Bugnote pages.
* Removed action confirmations in Login/Logout pages.
* Removed some action confirmations in Manage pages.
* Removed some action confirmations in News pages.
* Removed some action confirmations in Project Doc pages.
* Removed action confirmation in set_project page.
* Removed $g_quick_proceed. It is no longer used.
* Renamed doc/CONFIGURATION to doc/CUSTOMIZATION.
* Modified edit user links to use the username instead of the  link.
* Modified edit project links to use the project name instead of the  link.
* Modified default/config_inc1.php to have more more css global variables.
* Modified wordwrap to use built-in php function if available.
* Modified bug_assign and bug_close to use g_quick_proceed.
* Modified bug_resolve to use only one form.
* Modified bug_close to allow a bugnote to be added when closing.
* Modified bug_reopen to allow a bugnote to be added when reopening.
* Added project name as supplementary info next to bug id in buglist for "All projects" option
* Added Basic Authentication patch.
* Added CSV Export patch.
* Added Anonymous Login patch.
* Added CVS linking patch.
* Added g_hide_closed_default for filter defaults.
* Added g_show_bug_project_links to toggle project links in All Project mode.
* Added mime_encode() to process the email subject text.
* Added blank category check when adding project category.
* Added blank version check when adding project version.
2002.01.23 - 0.17.0
* Fixed potential problems with proxies and HTTP_REFERER not being properly sent.
* Fixed bugnote editing to be unavailable when bug is resolved or closed.
* Fixed viewing bugs to automatically switch projects if you view a bug from another project (often done through a link).
* Fixed file uploads to report an error when a blank file is uploaded.
* Fixed database and file to no longer use TIMESTAMPS.
* Fixed password reset to blank to work for other encryption types.
* Fixed admin_upgrade.php to honor the $g_php global.
* Fixed access checks to see if viewer has permission to view the bug.
* Fixed project list drop down to work even if project user list is empty.
* Fixed advaced summary compatibility with the latest JPGraph release (1.4)
* Modified many files for extensive use of CSS.
* Modified BLOB field to LONGBLOB.
* Modified bug action buttons to be more consistent.
* Modified version string to be longer.
* Modified html functions to consolidate code.
* Modified confirm messages to consolidate localization strings.
* Modified comments to use one # instead of ### (save space)
* Modified alternate_colors() to have default parameters.
* Modified all files to use < ? p h p instead of < ?
* Modified error messages to use $MANTIS_ERROR array.
* Modified code to update last_updated/last_modified fields for bugs, bugnotes, and news.
* Modified core_API.php and config_inc.php to use a default/ directory in
addition to a config_inc.php placed in the root directory.
* Added view by page feature.
* Added edit new link in news update page.
* Added file upload into database.
* Added a link to Mantis at the bottom of the pages.
* Added support for date_order field for version.
* Added delete file capability.
* Added view all projects capability.
* Added support to move bugs from one project to another.
* Added email check to admin_check.php3
* Added a check to make sure the cookie_string really is unique.
* Added a check for a duplciate user in the manage create user page.
* Added Romanian translation.
* Added g_allow_account_delete global to prevent self account deletion.
* Added file upload check to see if directory exists.
* Removed site_settings pages.
* Removed unused cookie variables.
* Removed sql_to_unix_time() function. Unecessary with removal of TIMESTAMPS.
* Removed menu_inc.php file and related variable. Moved this into print_menu().
* Removed print_mantis_version(). Moved it into print_foooter().
* Removed some unused code.
* Removed get_project_name() function. Replaced with a more general get_project_field().
* Renamed g_store_file_to to g_file_upload_method.
* Renamed files to .php
* Removed admin_cookiecheck.php3
* Moved documents into doc/ subdirectory.
* Moved language files into lang/ subdirectory.
2001.12.01 - 0.16.1
* Fixed SQL error when reporting bug in a private project.
* Fixed problem where upgrade scripts were not executed for 0.16.0 upgrade.
* Fixed problem with $g_limit_reporters limiting all users instead of just reporters and below
* Modified admin_check.php3 to be more informative and useful.
* Modified upgrade script to preserve timestamp fields.
* Modified db_generate to enable projects by default.
* Modified account_page.php3 to remove EOF usage.
* Updated upgrade script to be more informative.
* Updated French localization.
* Added $g_allow_close_immediately to toggle "close immediately" option when resolving a bug.
2001.11.27 - 0.16.0
* Fixed minor HTML errors in core_html_API.php.
* Fixed the view, report, and update pages to honor the forces advanced/simple modes.
* Fixed problem with extra br tags being inserted in project descriptions
* Fixed table names in the proj_doc_* pages to use variables instead of hardcoded names.
* Fixed table names in bug_file_add.php3, report_add.php3, view_bug_advanced_page.php3, view_bug_page.php3 to use variables instead of hardcoded names.
* Fixed a problem with bug updates making the status hard to deal with.
* Fixed the emailing method to honor the private access threshold.
* Fixed problem where reporters could assign bugs in advanced report page.
* Fixed problem where not all proj_doc* pages had the top of page include.
* Modified the mantis_bug_table.build field to be a VARCHAR(32).
* Modified the mantis_bug_table.votes field to be an INT(4).
* Modified the mantis_bug_table.os_build field to a VARCHAR(32).
* Modified the mantis_user_profile_table.os_build field to a VARCHAR(32).
* Modified the mantis_user_pref_table.language field to a VARCHAR(32).
* Modified config_inc.php to properly support all localized langauges.
* Updated Korean localization.
* Updated Polish localization.
* Updated Spanish localization.
* Updated TROUBLESHOOTING file.
* Added file_type field to mantis_bug_file_table and mantis_project_file_table.
* Added LDAP login support.
* Added ability to limit reporters to see only their bugs. Security will need to be tightened later.
* Added a legend for the status colors.
* Added a empty string check before the AddBCC function when buidling the bcc list
* Added a check to automatically add the trailing slash to the file path.
2001.11.04 - 0.15.12
* Added Swedish localization
* Added print bugs feature
* Fixed error where MD5 wasn't actually being used.
* Fixed problem with the same password being generated over and over.
* Fixed problem with the same cookie being generated over and over.
2001.10.28 - 0.15.11
* Modified advanced report's "assign to" drop down to sort alphabetically
* Modified bug_update script to send emails and behave better
* Modified file upload size down to 60 to help out page layout in Netscape
* Modified view_all_bug_page refresh to include f_offset
* Fixed the post-report forms to redirect properly even if a proxy clears the HTTP_REFERER
* Added g_use_iis global to workaround an IIS bug with header/Location calls
2001.10.28 - 0.15.10
* Fixed problem with not being able to uncheck "hide closed" bugs filter checkbox
* Fixed error with warnings on sending email
* Fixed problem with being kicked out when editing bugnote
2001.10.27 - 0.15.9
* Fixed problem with warning on view filters.
2001.10.26 - 0.15.8
* Fixed problem with $g_manage_cookie not being unset on logout
* Fixed error in db_upgrade.sql ( nul; should be null; )
* Fixed serveral localization errors
* Fixed email to only send to devlopers and higher for a given project
* Fixed potential security hole with uploaded file permissions
* Added ALT fields to IMG tags
* Added edit bugnote capability
* Added Polish localization
* Added Russian localization
* Added umask call to prevent uploaded files from being executed remotely.
* Added Plain Text authentication
* Added MD5 authentication
* Added option to view priority as text
* Updated Italian localization
* Updated Korean localization
* Updated Spanish localization
* Modified User section so users with automatic access are listed
* Modified view all filters to consolidate functionality
* Modified view all filters to remember sort field and order
* Modified authentication system to no longer require crypt()
* Modified email formatting to work better with other languages
* Modified set project to clear view filters when changing projects
* Modified the report_bug pages to properly honor $g_show_report
* Removed email_bug_info_to_address()
* Removed print_handler_option_list()
* Removed view_all_assigned/unassigned/report_bug_page and associated variables.
2001.08.28 - 0.15.7
* Fixed problem with account prefs not being updated.
2001.08.27 - 0.15.6
* Fixed potential security hole with file uploads. Users can potentially
copy files on server to be available via the browser. This requires
PHP 3.0.17 and higher. Please consider disabling file uploads to disk
if you cannot upgrade versions.
2001.08.26 - 0.15.5
* Fixed sort problems on view_all_bugs_page.php3
* Fixed hide inactive problem in manage_page.php3
* Fixed mysterious problem with global variables being set to ""
* Fixed redirect problem when bug report not correctly filled out.
* Added commented out examples for alternate links in css_inc.php
* Added closing option tags.
* Email prefs do not display when $g_enable_email_notification is 0.
* Added Danish localization.
* Fixed where updaters could assign to themselves.
* Fixed where updaters could delete bugs.
* Fixed where search result numbers correctly displayed.
* Raised access required to ADMINISTRATOR for many manage_* pages.
* Fixed error where default_profiles were not being picked up properly.
* Fixed email subjects to unfilter url links properly.
* Fixed simple search to correctly compare between bug_table and bug_text_table.
* Added subject to emails when clicked on in the view_bug page.
* Fixed "Assign To" drop down lists to reflect project user mappings.
2001.08.19 - 0.15.4
* Added pre-selecting project. Hint: login_page.php3?f_project_id=0000001
* Fixed Warning: Missing argument 5 for print_manage_user_sort_link() in core_print_API.php
* Fixed sorting in buglist is now preserved when going to next or prev page.
* Fixed sorting in buglist. Bugs with high priority is now always first.
* Replaced header( "Location: " ) calls with print_header_redirect().
* Fixed error in simple bug search.
* Added phpMailer support.
* Fixed email error regarding devleoper notification on bug submissions.
* Updated configuration document.
2001.07.29 - 0.15.3
* Added wordwrap() to text formatting in email messages. Affects description and bugnotes.
* Added new function process_plain_password(). Not used yet.
* Added N/A to reproducibility
* Added PHP version check to admin_check.php3
* Added simple text search field to all view_all* pages. This can also be used to lookup a bug by id
* Added user count values to the manage page
* Added $g_hide_user_email to toggle automatic mailto: linking of usernames.
* Added prelimnary support for jpgraphs support.
* Fixed bug in displaying date_submitted in emails
* Fixed "Hide Inactive" checkbox in manage_page.php3
* Fixed access check error where Viewers could add bugnotes
* Ran a perl one-liner to try to remove all extra ^Ms from files
* Renamed $f_show_changed to $f_highlight_changed
* Removed get_bug_link_email - unused
* Removed extra $v_summary = string_display() line in view_all_inc.php
* Cleaned up email validation code
2001.07.13 - 0.15.2
* Fixed explode() error in view_all_unassign_bug.php3
* Fixed variable error in report_bug_page.php3. Affected report stay checkbox.
* Fixed bug_delete.php3 error. Removes uploaded file entries properly.
* Fixed bug where news could not be edited to be Sitewide.
* Fixed private projects being viewable by non-privileged users.
* Modified set_project.php3 to redirect back to the same page if a view_all* page or the summary page.
* Added wrap="virtual" tags to < textarea> for old browser users.
2001.07.05 - 0.15.1
* Added configuration.html
* Fixed error in print_footer()
* Fixed localization error in proj_doc_delete_page.php3
* Fixed localization error in proj_users_menu_page.php3
* Fixed localization error in view_all_inc.php
* Fixed localization error in manage_page.php3
* Fixed localization error in summary_page.php3
* Fixed localization error in menu_inc.php3
2001.07.02 - 0.15.0
* Renamed span.bugnote_delete to span.bugnotedelete for css conformance
* Added "" around all width and bgcolor tags for standards compliance
* Split core_API.php into multiple files
* Renamed many files to shorten filename length (for MacOS)
* Added new functions for news_API
* Switched from TIMESTAMP to DATETIME in the date_created/date_posted fields,
made appropriate changes in code
* Switched from ENUM to INT(2). Now use hash to map from id to text
* Reworked authentication check at top of pages
* Fixed several places where manager was omitted when it should have been
* Fixed error in documentation.html tags
* Changed duplicate bug option list to text
* Added SQL queires to make sure date() runtime errors disappear
* Added str_pad() function to pad IDs with "0"
* Removed show_source capability for anyone but admins
* Removed strtotime() from all bug view_all* pages
* Added better messages for when adding and updating duplicate categories
* Added count details to view_all* pages
* Moved bugnote_add page into standard bugnote page
* Added icon support
* Added core_icon_API.php
* Fixed sort errors in manage_project page
* Improved sort category links
* Added hypertest links for bugs formatted by #IDNUM (eg. #234)
* Added new status CLOSED
* Added more bug counts in various places
* Added phpinfo() page in manage documantation section
* Added news list/archive view mode
* Added ability to edit text of bug details
* Added checks to prevent accessing of non-existant bugs
* Fixed error where "does not exist" was incorrectly reported as the handler
* Modified repot_bug to allow a user to choose to add more bugs or return
to view bug page
* Added View Unassigned mode
* Added urlencode/decode for project category and versions
* Added prune functionality for old accounts that have never been logged into
* Added file upload support
* Added capability to let users choose site language
* Added more information to bug_resolve2 page
* Added more user preferences
* Added more existance checks for bugs and users
* Modified view by reporter to not show viewers
* Fixed security problem where anyone could delete/edit any non-protected account
* Fixed security problem where anyone could delete/edit any profile
* Fixed misspelling in email_reopen
* Added view site settings page for admin
* Added check for duplicate project error message when adding new projects
* Many Many more... (sorry, I can't remember all of them)
2001.03.06 - 0.14.8
* Fixed password matching problem with manage create new user
* Fixed email bug for assigning bug
* Fixed warning in view all pages
* Fixed duplicate top_include_pages on view_bug_page
* Improved g_show_project_in_title
* Updated portuguese trnaslation to handle email text better
2001.03.05 - 0.14.7
* Added Dutch translation
* Added Norwegian translation
* Added g_show_project_in_title to allow project name title display
* Added login check on login_page.php3
* Added better email localization
* Added email to developers and up when new bug reported
* Added access_level check for bug delete
* Added simple check for non-matching password in manage ccount create
* Improved email message
* Modified view bug listings to sort by last_updated by default
* Numerous small fixes to remove warnings
* Fixed bug where bug text were not being deleted
* Fixed bug where new account prefs were not being created
* Fixed css : font bug (Netscape)
* Fixed product version not being logged in bug report
* Fixed SQL error link not having "mailto:"
2001.02.23 - 0.14.6
* Added Italian translation
* Added French translation
* Added project name in email
* Added g_reopen_bug_threshold to prevent unprivileged users from reopening
* Fixed error with version editing
* Fixed error with direct assign to user not working on report
* Fixed error with string $s_add_project_button in Portuguese
* Modified Portuguese s_view_status
* Changed = in css_inc.php to : (specifically for font sizes)
2001.02.19 - 0.14.5
* Added updated German translation
* Modified news add and news update to behave better
* Fixed string s_add_profile_title
* Fixed error on category update
* Fixed error in password reset
* Renamed g_view_bug_all_page, g_view_user_reported_bug_page,
* Removed duplicate global page references
* Updated all translations with some missing localization strings
2001.02.17 - 0.14.4
* Fixed erroneous error message when signing up for new account
* Fixed error with warning in project_menu_page
* Fixed error in email bugnotes where slashes weren't showing up
* Fixed some possible display errors in Netscape
* Fixed extra slahes in email subject
* Added protection around cookie_val variables to prevent unnecessary warnings
* Added direct link to bug in email
* Added email to assignee upon assignment
* Added support for report form to remember input if error occurs
* Added crude test file to check database connection and config settings
* Added some integration with the documentation and the report form
* Added include for top and bottom of page. This lets users add
* Added Spanish and Portuguese localization
* Renamed g_login_url to g_mantis_url
* Renamed string files to have .txt extension
* Obsoleted s_hit_back_msg
2001.02.14 - 0.14.3
* Fixed error in upgrade.php3 (date_submitted in mantis_user_table query
should be date_created)
2001.02.14 - 0.14.2
* Fixed default category in update mode to display correctly
* Fixed parse error in manage_user_reset.php3
* Fixed view pages to properly show selected category
* Altered is_valid_email to check for DNSs w/o MX records
* Added option to disable email validation (g_validate_email)
* Added project name and bugid in email subject
2001.02.12 - 0.14.1
* Fixed error where duplicate categories were added
* Fixed error in advanced_bug_view where bug delete had no confirmation
* Fixed error in view pages for sort by category
2001.02.10 - 0.14.0
* Fixed error in print_html_bottom
* Fixed error in db_upgrade.sql, changed "need info" to "feedback"
* Fixed bug_update where resolution was being set to blank
* Added TROUBLESHOOTING file
* Added multiple project support
* Added summary by assignee
* Added one click "Assign to Me"
* Added corresponding bug_assign.php3 file, global, and string variables
* Added $g_content_expire for META tag
* Added direct "assign to" in advanced bug report
* Added view by assignee
* Added view by reporter
* Added method for users to create their own accounts
* Added better error handling for db_connect and db_result
* Added remember view settings
* Added bold indicator when a bugnote has been added
* Added maxlength= to all input types
* Added some bug info at the top of the bugnote add page
* Added login_count field to user_table
* Added project_category manage area
* Added project_version manage area
* Added manager access_level
* Left aligned Summary field
* Reset password now emails a randomly generated password to user
* Created date format global variables
* is echoed when the bugnote count is 0 (Netscape problem)
* Reworked project category and version management
* Tweaked manage menu
* Tweaked css_inc.php
* Tweaked the bug list view for better indication of which view the user
* Removed cols=7 in the view bug in list form pages (Netscape problem)
* Removed mysql_error_page and references
* Determined that suspected mysql bug about date updating was proper behavior
2000.12.26 - 0.13.1
* Fixed bug in bug_delete_page.php3 and manage_user_delete_page.php3
2000.12.25 - 0.13.0
* Fixed bug in vote adding with incorrect variable name.
* Fixed bug where bugnote text not properly deleted when bug deleted
* Fixed manage product versions update redirect
* Fixed another problem with the date created being updated improperly when
dealing with bugnotes.
* Fixed show source problem
* Fixed problem with advanced view showing the wrong dates
* Uncluttered large portions of code
* Reordered the config_inc.php file items
* Made view reported by and assigned to pages use variables.
* English localization completed in strings_english.php
* Added a logout redirect page variable for the logout page
* Added reopen bug dialog
* Added $g_bug_reopen_page and removed $g_bug_reopen
* Added bug_reopen_page.php3 and removed bug_reopen.php3
* Added resolve bug dialog
* Added $g_bug_resolve_page and bug_resolve_page.php3
* Added $g_bugnote_order to allow custom bugnote ordering
* Modified the appearance of the advanced view and update
* Updated documentation.html
* Split the account pref modifications into two separate files:
account_prefs_update.php3 and account_prefs_reset.php3
* Removed get_current_user_id() and replaced with calls to
get_current_user_field( "id" )
* Removed db_mysql_error()
* Renamed all mysql_ functions to db_ functions (prepping for db_abstraction)
* Removed $g_required_field_color and replaced it with a span element in
* Removed all FONT tags and replaced them with SPAN and CSS formatting
* Removed print_footer() call on logout_page.php3
2000.12.20 - 0.12.0
* Fixed problem with viewing filters not working with Netscape
* Tweaked the string_edit() function
* Added $g_show_login_date_info and the ability to show who is logged in and
the current time
* Modified bugnotes to be ordered by date_submitted
* Added protection to prevent anyone from deleting bugnotes
* Used LAST_INSERT_ID() to ensure that bug and bugnote insertion is correct
* Reporting a bug now stores a link to the account profile (if chosen)
* The information from the profile is displayed (if chosen at report time) in
the advanced bug view
* Added a hide resolved viewing filter option
* Summary shows time statistics for resolved bugs
* Added support to show bugs reported by and assigned to the logged in user.
* Added view_user_assigned_bug_page.php3 and view_user_reported_bug_page.php3
and the corresponding global variables
* Tweaked the bug update and bugnote update and delete functions to redirect
to the user chosen default viewing level page
2000.12.15 - 0.11.1
* Added projection and eta to be passed as hidden info by the simple update
* Fixed a missing < /TD> tag on the report bug pages. Messed up old 4.x unix
* Modified the priority to print counts of all bugs.
* Wrapped the global cookie _val variables in if (isset()) blocks. Seemed to
cause some troubles on some setups.
2000.12.12 - 0.11.0
* Profiles can be used for advanced bug submission
* Added summary by date
* Added priority on the summary page
* Added profile management
* Added a confirmation before an admin can delete an account
* Added several ; in core_API.php that caused errors on some servers
* Added view next/prev XYZ bugs on bug viewing page
* Added a string_display() function to prevent HTML tags from screwing up
* Added version editing capability
* Added account preferences
* Added changed in last X hours option
* Added show source debug capability - requires PHP4
* Added 'feedback' status - indicates that it requires more information
* Added show Mantis version capability
* Added string_display_with_br() for displaying text with line breaks
* Added userland documentation (documentation.html)
* Added $g_usage_doc_page for userland documentation
* Added Docs to the menu
* Fixed bug with Bugnote Add button showing up in the wrong places
* Fixed bug with SQL queries updating both submitted and last updated dates on
* Fixed bug with SQL queries updating both submitted and last access dates on
* Modified version to be an enum.
* Modified ordering methods in manage account
* Modified viewing preferences
* Made enum displays (category, status, etc) easier to maintain via
* Renamed access_level_check_greater() to
* Renamed $g_bug_view_all_page $g_bug_view_all_page $g_bug_view_all_page
to $g_view_bug_all_page $g_view_bug_page $g_view_bug_advanced_page
* Renamed corresponding .php3 files
* Refined view next/prev bugs and news items
* Split manage user actions into separate files
* Removed the destructive DROP table in db_generate.sql
* Removed view_prefs_page.php3 and view_prefs_update.php3 and corresponding
2000.12.06 - 0.10.2
* Fixed Reporter Field on update page
* Fixed variable error preventing Bugnote addition
* Fixed minor viewing bugs related to \ characters
* Added documentation section
* Summary is now useful
* Fixed a few issues with the Advanced bug view
* Tidied up most of the code
* Temporarily 'solved' (mostly) a serious issue with consistency on
bugnote and bug report additions
2000.12.03 - 0.10.1
* Fixed some category bugs
2000.12.03 - 0.10.0
* Moved constant config settings to config_inc.php3
* Better news formatting
* Added protected flag for accounts
* Color values controlled by variables
* Page variables controlled by variables
* Fixed error with emails not displaying in link on main page
* Edit categories from Manage section
* Viewing filters
* supports php and php3 extensions (php3/php4)
2000.12.01 - 0.9.1
* Fixed a link
* Fixed reporter not showing up properly
* The "enabled" flag on accounts works
2000.12.01 - 0.9.0
* User management
* Account maintenance
* Access levels
* News system
* Basic functionality