Bump version and update release notes for 1.2.18

mantisbt · Dec 5, 2014 · 5616fcf · 5616fcf
1 parent 54f9423
commit 5616fcf
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 5 deletions.
diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -14,7 +14,7 @@
 # You should have received a copy of the GNU General Public License
 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
 
-define( 'MANTIS_VERSION', '1.2.18dev' );
+define( 'MANTIS_VERSION', '1.2.18' );
 
 # --- constants -------------------
 # magic numbers

diff --git a/doc/RELEASE b/doc/RELEASE
@@ -1,6 +1,41 @@
 MantisBT Release Notes
 ======================
 
+1.2.18 Security Release (2014-12-06)
+-------------------------------------------------
+
+MantisBT 1.2.18 is an important security update for the stable 1.2.x branch.
+All installations that are currently running any 1.2.x version are strongly
+advised to upgrade to this release. Download it from [3].
+
+This release resolves a total of 43 issues, including fixes for 23 security-
+related bugs and vulnerabilities:
+
+- 7 Cross-Site Scripting (XSS) issues: #17297/CVE-2014-9272,
+  #17583/CVE-2014-9270, #17870/CVE-2014-8987, #17874/CVE-2014-9271,
+  #17876/CVE-2014-9281, #17889/CVE-2014-8986, #17890/CVE-2014-9269
+
+- 2 Code injection issues: #17725/CVE-2014-7146, #17875/CVE-2014-9280
+
+- 2 SQL injection (XSS) issues: #17812/CVE-2014-8554, #17841/CVE-2014-9089
+
+- 5 Information disclosure issues: #9885, #17744, #17877/CVE-2014-9279,
+  #17742/CVE-2014-8988, #17243/CVE-2014-8553
+
+- 7 Other security issues: #10966, #17338, #17640/CVE-2014-6387,
+  #17648/CVE-2014-6316, #17780/CVE-2014-8598, #17811/CVE-2014-9117, #17878
+
+Please refer to the changelog [1] on the MantisBT web site for complete details
+on each of these issues.
+
+We would like to thank the following individuals and organizations for their
+valued contribution in discovering and fixing these issues, in no particular
+order: Mati Aharoni from Offensive Security and their bug bounty program,
+Matthias Karlsson, Matthew Daley, Egidio Romano, Florian Fuchs, Shahee Mirza,
+Oleg K, Alejo Popovici, Edwin Gozeling, Paul Richards, Roland Becker,
+Victor Boctor and Damien Regad.
+
+
 1.2.17 Security Release (2014-03-04)
 -------------------------------------------------
 
@@ -396,6 +431,7 @@ There have also been many improvements to the codebase beyond adding features:
 
 [1] The changelog is split between multiple releases:
 
+	1.2.18     http://www.mantisbt.org/bugs/changelog_page.php?version_id=191
 	1.2.17     http://www.mantisbt.org/bugs/changelog_page.php?version_id=189
 	1.2.16     http://www.mantisbt.org/bugs/changelog_page.php?version_id=183
 	1.2.15     http://www.mantisbt.org/bugs/changelog_page.php?version_id=182
@@ -424,8 +460,7 @@ There have also been many improvements to the codebase beyond adding features:
 	including the official MantisBT repository and a MantisBT-plugins
 	organisation which is used to host repositories of community plugins.
 
-    https://github.com/mantisbt
-    https://github.com/mantisbt-plugins
+	https://github.com/mantisbt
+	https://github.com/mantisbt-plugins
 
-[3] MantisBT can be downloaded from SourceForge
-	http://sourceforge.net/projects/mantisbt/files/mantis-stable/
+[3] MantisBT can be downloaded from http://www.mantisbt.org/download.php