diff --git a/core/constant_inc.php b/core/constant_inc.php index 800c949ff5..8330481779 100644 --- a/core/constant_inc.php +++ b/core/constant_inc.php @@ -14,7 +14,7 @@ # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see . -define( 'MANTIS_VERSION', '1.2.18dev' ); +define( 'MANTIS_VERSION', '1.2.18' ); # --- constants ------------------- # magic numbers diff --git a/doc/RELEASE b/doc/RELEASE index b83e2778f8..62907d4b9c 100644 --- a/doc/RELEASE +++ b/doc/RELEASE @@ -1,6 +1,41 @@ MantisBT Release Notes ====================== +1.2.18 Security Release (2014-12-06) +------------------------------------------------- + +MantisBT 1.2.18 is an important security update for the stable 1.2.x branch. +All installations that are currently running any 1.2.x version are strongly +advised to upgrade to this release. Download it from [3]. + +This release resolves a total of 43 issues, including fixes for 23 security- +related bugs and vulnerabilities: + +- 7 Cross-Site Scripting (XSS) issues: #17297/CVE-2014-9272, + #17583/CVE-2014-9270, #17870/CVE-2014-8987, #17874/CVE-2014-9271, + #17876/CVE-2014-9281, #17889/CVE-2014-8986, #17890/CVE-2014-9269 + +- 2 Code injection issues: #17725/CVE-2014-7146, #17875/CVE-2014-9280 + +- 2 SQL injection (XSS) issues: #17812/CVE-2014-8554, #17841/CVE-2014-9089 + +- 5 Information disclosure issues: #9885, #17744, #17877/CVE-2014-9279, + #17742/CVE-2014-8988, #17243/CVE-2014-8553 + +- 7 Other security issues: #10966, #17338, #17640/CVE-2014-6387, + #17648/CVE-2014-6316, #17780/CVE-2014-8598, #17811/CVE-2014-9117, #17878 + +Please refer to the changelog [1] on the MantisBT web site for complete details +on each of these issues. + +We would like to thank the following individuals and organizations for their +valued contribution in discovering and fixing these issues, in no particular +order: Mati Aharoni from Offensive Security and their bug bounty program, +Matthias Karlsson, Matthew Daley, Egidio Romano, Florian Fuchs, Shahee Mirza, +Oleg K, Alejo Popovici, Edwin Gozeling, Paul Richards, Roland Becker, +Victor Boctor and Damien Regad. + + 1.2.17 Security Release (2014-03-04) ------------------------------------------------- @@ -396,6 +431,7 @@ There have also been many improvements to the codebase beyond adding features: [1] The changelog is split between multiple releases: + 1.2.18 http://www.mantisbt.org/bugs/changelog_page.php?version_id=191 1.2.17 http://www.mantisbt.org/bugs/changelog_page.php?version_id=189 1.2.16 http://www.mantisbt.org/bugs/changelog_page.php?version_id=183 1.2.15 http://www.mantisbt.org/bugs/changelog_page.php?version_id=182 @@ -424,8 +460,7 @@ There have also been many improvements to the codebase beyond adding features: including the official MantisBT repository and a MantisBT-plugins organisation which is used to host repositories of community plugins. - https://github.com/mantisbt - https://github.com/mantisbt-plugins + https://github.com/mantisbt + https://github.com/mantisbt-plugins -[3] MantisBT can be downloaded from SourceForge - http://sourceforge.net/projects/mantisbt/files/mantis-stable/ +[3] MantisBT can be downloaded from http://www.mantisbt.org/download.php