Overview
Request 1033780 accepted
- MantisBT 2.25.5
Security and maintenance release
* security
- CVE-2022-33910: Unrestricted SVG File Upload leads to CSS Injection
- CVE-2022-33910: Stored XSS via SVG file upload
- Wrong bugnote_user_edit_threshold value used when checking
permissions to edit bugnote
- Upgrade guzzlehttp/guzzle from 6.5.5 to 6.5.8
* authorization
- APPLICATION ERROR #13 (access denied) while creating new user when
threshold configured as MANAGER in administration interface
- Update issue icon on "My View" page is displayed even without having
appropriate access rights
- Update issue icon on "View Issues" page is displayed even without
having appropriate access rights
* bugtracker
- Errors trying to load moment.js library from CDN
- $g_path incorrectly set in config_defaults_inc.php on PHP 5.6
- PHP 5.6 support broken
* filters
- Create Permalink - special characters handling
* installation
- Javascript error in browser console when upgrading
- Installer's Oracle-specific warning regarding identifiers' length
is shown initially for MySQL
* db-mssql
- APPLICATION ERROR 401 Database query failed. Error received from
database was #-52: SQLState: IMSSP
* documentation
- Impossibility of deleting attachment with form security validation
turned on
Request History
weberho created request
- MantisBT 2.25.5
Security and maintenance release
* security
- CVE-2022-33910: Unrestricted SVG File Upload leads to CSS Injection
- CVE-2022-33910: Stored XSS via SVG file upload
- Wrong bugnote_user_edit_threshold value used when checking
permissions to edit bugnote
- Upgrade guzzlehttp/guzzle from 6.5.5 to 6.5.8
* authorization
- APPLICATION ERROR #13 (access denied) while creating new user when
threshold configured as MANAGER in administration interface
- Update issue icon on "My View" page is displayed even without having
appropriate access rights
- Update issue icon on "View Issues" page is displayed even without
having appropriate access rights
* bugtracker
- Errors trying to load moment.js library from CDN
- $g_path incorrectly set in config_defaults_inc.php on PHP 5.6
- PHP 5.6 support broken
* filters
- Create Permalink - special characters handling
* installation
- Javascript error in browser console when upgrading
- Installer's Oracle-specific warning regarding identifiers' length
is shown initially for MySQL
* db-mssql
- APPLICATION ERROR 401 Database query failed. Error received from
database was #-52: SQLState: IMSSP
* documentation
- Impossibility of deleting attachment with form security validation
turned on
weberho accepted request
Works for me
