mantisbt - 2.28.0 Released 2025-12-29 Maintenance release including nearly 80 enhancements and bug fixes. Highlights: compatibility with PHP 8.4 and 8.5, improved documentation including an OpenAPI Description for the REST API, better Tags management, restored included pages functionality and many others. 0026740: [plug-ins] Improve documentation for plugin_require_api() and plugin_event_hook() (dregad) 0035227: [markdown] MantisBT is not compatible with Parsedown 1.8 (community) 0035258: [other] Use of PHPUnit::toString() sometimes causes errors in tests (dregad) 0034960: [api soap] SOAP: Update WSDL viewer to version 3.1.03 (dregad) 0035038: [ui] Text on the relationship and workflow graphs are rendered cropped (community) 0035082: [plug-ins] Allow plugin_file_path() to return the files directory and use the current plugin by default (community) 0035230: [code cleanup] Use generic language strings for Tags management pages (dregad) 0035070: [plug-ins] Unable to retrieve values of arbitrary fields from LDAP. (dregad) 0035229: [tagging] Allow direct editing of tags from Manage Tags page (dregad) 0005271: [other] Support NoFollow hyperlinks for external urls (community) 0035228: [tagging] View and Update tag pages are not integrated in the Manage Tags menu (dregad) 0035223: [other] MantisBT tests are not compatible with PHPUnit 11.5 (community) 0035208: [plug-ins] Improve error handling for invalid plugins (dregad) 0035210: [ui] Incorrect handling of relative URLs in helper_get_root_domain() function and caller one (dregad) 0035212: [tools] GetLinkAttributesTest does not reset html_make_links config after tests (dregad) 0035211: [bugtracker] Core should allow detecting whether a config is set in the database (dregad) 0035219: [tagging] Number of related tags is no longer limited (dregad) 0034876: [bugtracker] When moving issues, it should not be possible to select the current project as target (dregad) 0034848: [reports] MantisGraph: view all data values when hovering over line (dregad) 0034847: [reports] Upgrade chart.js library to 3.9.1 (dregad) 0034824: [performance] Multiple execution of the same query with Profile API functions (dregad) 0006803: [bugtracker] Allow adding a note when moving an Issue to another project (dregad) 0010027: [tagging] Switching project on the Update Tag page gives APPLICATION ERROR 200 (dregad) 0022607: [tagging] Clean up unused tags (dregad) 0035259: [code cleanup] Add namespaces to PHPUnit test suite (dregad) 0035260: [administration] Project names should be trimmed before project creation or update (vboctor) 0035425: [ui] Inconsistent display in navbar user menu (dregad) 0035439: [performance] Multiple loads of plugins on the manage_plugin_page (community) 0035525: [bugtracker] gpc_get_int() should not remove spaces in the middle of the string (dregad) 0035551: [administration] Improve output of log events when $g_log_destination = 'page' (dregad) 0035402: [html] Footer has the wrong size (community) 0035544: [db postgresql] Attempt to update the category in the “Edit Project Category” form results in an error (dregad) 0021113: [plug-ins] EVENT_LAYOUT_PAGE_HEADER no longer available (community) 0022098: [customization] Setting bottom_include_page does not include specified file (community) 0035568: [code cleanup] Calling layout_page_header() without parameters throws deprecation warning on PHP 8.1 (dregad) 0035561: [ui] "Access Denied" page has no layout for anonymous account (community) 0036438: [plug-ins] MantisCoreFormatting: Error when saving configuration (atrol) 0035552: [ui] Inline error messages are sometimes displayed behind the navbar (dregad) 0035583: [bugtracker] Delayed inline errors are not printed on login page (dregad) 0036614: [code cleanup] PHP 8.5 compatibility (dregad) 0036618: [db schema] Update ADOdb to 5.22.11 (dregad) 0036617: [code cleanup] PHP 8.5: Increment on non-numeric string is deprecated (dregad) 0036616: [code cleanup] PHP 8.5: case followed by semicolon deprecations (dregad) 0036615: [code cleanup] PHP 8.5: non-canonical cast deprecations (dregad) 0035647: [documentation] Outdated build status in README.md (atrol) 0035562: [ui] If user is anonymous, page footer overlaps with error message (community) 0035587: [administration] Access Denied page's Login button has Invalid URL when triggered from Admin pages (dregad) 0035874: [email] Update PHPMailer to 7.0.1 (dregad) 0036621: [plug-ins] Support moderation via plugins (vboctor) 0035646: [documentation] Wrong code example in Admin Guide (atrol) 0036624: [email] Changing email address is no longer possible (atrol) 0035645: [ui] Some widgets are not collapsible (community) 0035644: [ui] Extra page load due to dropzone stub tag (community) 0036786: [email] Calling email API functions from CLI triggers PHP warning (dregad) 0034649: [ui] Reorder group update actions in selection list (atrol) 0036765: [plug-ins] The plugin_get_current() function returns an incorrect value when executed from MantisPlugin::schema() (dregad) 0034928: [bugtracker] Date conversion fails using a non-US date format in VersionUpdateCommand.php (dregad) 0034938: [other] Update htmlpurifier to 4.19.0 (dregad) 0035756: [api rest] Update Guzzle to 7.10.0 (dregad) 0035540: [installation] A clean installation ends with Internal Server Error with no message/detail given (dregad) 0035207: [ui] Early inline warnings mess up with page layout (dregad) 0036510: [ui] Increase spacing before lock icon on relationship to private issue (dregad) 0035503: [html] The MantisBT web interface must pass HTML validation (part 2) (community) 0035288: [email] Support custom email sending providers (vboctor) 0036278: [email] Incorrect relationship type in email notifications (vboctor) 0035424: [code cleanup] Use new string_build_query() API function (community) 0035626: [ui] Main menu custom option with non-http absolute URL displayed incorrectly (community) 0006159: [documentation] Sticky Issues: document usage (dregad) 0014508: [documentation] Document usage of "Stick" Button in View Issue Details page (dregad) 0022250: [ui] Remove useless spacing in the footer (community) 0034823: [api rest] Create an OpenAPI Description for REST API (vboctor) 0035216: [code cleanup] PHP 8.4 compatibility (dregad) 0035217: [markdown] PHP 8.4 deprecation warnings in Parsedown 1.7.4 (dregad) 0035214: [code cleanup] PHP 8.4: fputcsv() empty $escape parameter is deprecated (dregad) 0035213: [code cleanup] PHP 8.4: E_STRICT is deprecated (dregad) 0035284: [api rest] Allow REST API to run on PHP 8.4 ignoring E_DEPRECATED notices (dregad) 0035215: [code cleanup] PHP 8.4: Implicitly nullable parameter types are deprecated (dregad) 0035283: [api soap] PHP 8.4: SOAP API throws SoapFault: Internal Service Error (dregad) mantisbt - 2.27.3 Released 2025-11-03 Hotfix release addressing a couple of regression issues affecting Admin Checks introduced by 2.27.2. 0036619: [administration] Most Admin Checks are disabled in 2.27.2 (dregad) 0036620: [administration] PHP Fatal error in Admin Checks of custom fields (atrol) mantisbt - 2.27.2 Released 2025-11-01 Maintenance and security release addressing 4 vulnerabilities, fixing several bugs and including a few minor improvements, Many thanks to Harry Sintonen / Reversec for CVE-2025-47776 (GHSA-4v8w-gg5j-ph37), Mazen Mahmoud for CVE-2025-46556 (GHSA-r3jf-hm7q-qfw5), Chaitanya Reddy for CVE-2025-55155 (GHSA-q747-c74m-69pr) and d3vpoo1 for CVE-2025-62520 (GHSA-g582-8vwr-68h2). 0035906: [db schema] Update ADOdb to 5.22.10 (dregad) 0036540: [bugtracker] Introduce a maximum PHP version (dregad) 0035915: [administration] Updating a global config yields incorrect error message (dregad) 0035893: [security] CVE-2025-46556: Denial-of-Service (DoS) via Excessive Note Length (dregad) 0036164: [administration] Impossible to delete a global config defined in the database (dregad) 0035668: [api rest] can't change issue category to "no category" via rest api (dregad) 0036269: [bugtracker] Collapsed status for "Users monitoring" section is not persisted (dregad) 0036265: [feature] Search with collapsed filter section expands it (dregad) 0036263: [administration] Error editing categories with PostgreSQL: APPLICATION ERROR 401 (dregad) 0036515: [administration] Hardcoded role instead of config in access level check on Manage Columns page (dregad) 0036542: [bugtracker] When editing a bugnote, a newline is appended to the text (dregad) 0036512: [other] Access Denied page returns HTTP status 200 (dregad) 0035854: [tools] PHPUnit assertObjectHasAttribute() method is deprecated (dregad) 0035853: [tools] PHPUnit tests RestFiltersTest fail when anonymous access is disabled (dregad) 0035852: [api rest] REST API GET /filters throws deprecation warning on PHP 8.1 (dregad) 0036503: [bugtracker] Ability to change the default project of a user (dregad) 0036257: [bugtracker] Deleted notes not showing in bug history (dregad) 0036535: [code cleanup] Custom Field admin checks refactoring (dregad) 0021675: [ui] Incorrect positioning of "View Issue Details" when recalled from "Direct link to note" (dregad) 0035967: [authentication] CVE-2025-47776: Authentication bypass for some passwords due to PHP type juggling (dregad) 0036005: [security] CVE-2025-55155: Lack of verification when changing a user's email address (dregad) 0036502: [security] CVE-2025-62520: Ability to copy private project configurations (Columns) (atrol) mantisbt - 2.27.1 Released 2025-03-01 Maintenance release, fixing a few regressions introduced with 2.27.0 as well as many other issues including improved PHP 8 compatibility. 0027960: [tools] Continuous Integration: moving off TravisCI (dregad) 0034503: [administration] t_admin_dir_is_accessible check is wrong (dregad) 0034826: [preferences] Error when clearing default profile (atrol) 0034828: [other] HTTP response code not set on errors when using FastCGI (dregad) 0034813: [bugtracker] Schema: Release marker missing (atrol) 0034845: [email] Update PHPMailer to 6.9.3 (dregad) 0034854: [administration] Error when creating global profiles (atrol) 0034887: [db mysql] MySQL version 9.0 and 9.1 are not defined in Admin Checks (dregad) 0034916: [db postgresql] PostgreSQL versions 16 and 17 are not defined in Admin Checks (dregad) 0034917: [administration] Admin check for Graphviz tools broken on Windows (atrol) 0034959: [api soap] Due date is deleted when the caller have no permission to modify it (community) 0035198: [performance] Caching language loading can be more efficient. (dregad) 0035011: [installation] tokenizer php module is required, but not checked for and not documented as such (dregad) 0035262: [localization] 'en-gb' language is not defined warning for Gravatar plugin (dregad) 0035248: [db postgresql] Postgresql Error - db_stats.php - relation "sql_parts" does not exist (dregad) 0035257: [db schema] Update ADOdb to 5.22.8 (dregad) 0035255: [plug-ins] Unknown named parameter $bug_id (dregad) 0006264: [administration] In manage_proj_edit_page.php, the "Project" popup at the top of the window is ignored (community) 0035431: [installation] When installing on mysql with log queries, SET NAMES=UTF8 is not logged (dregad) 0035307: [documentation] Improve documentation for $g_phpMailer_method (community) 0035312: [rss] RSS Builder PHP deprecation warnings on PHP 8.1+ (community) 0035314: [printing] Printed reports on the page in "doc" format includes javascript from the server (community) 0035322: [html] Incorrect absolute URL in the tab menu (community) 0035403: [html] The avatar.png is a big JPEG actually (community) 0035233: [api rest] REST API fail external authentication (community) 0035209: [plug-ins] An invalid plugin can cause errors in other plugins' files (dregad) 0035200: [ui] Plug-in listing error during the language test process. (dregad) 0035199: [performance] Improvement of the file_get_mime_type() function (community) 0035432: [bugtracker] Issue's last updated date is not modified when a note is deleted (dregad) 0035064: [administration] Constant error 500 after deleting user option on adm_config_report.php page. (dregad) 0035039: [reports] The GraphViz tool is almost impossible to customise for Windows (dregad) 0034783: [installation] Checking URL to installation is failing (dregad) 0035428: [code cleanup] Calling gpc_get_int() with null default throws deprecation warning on PHP 8.1 (dregad) 0035471: [ui] Incorrect styling of Plugin Filter Fields (dregad) 0035493: [ui] Inactive buttons of project navigation bar are not clickable (community) 0035302: [authentication] Deprecation warning in Securimage captcha with PHP 8.2 (dregad) 0035291: [filters] Filters including date custom fields don't work on PHP 8.0 (dregad) 0035180: [html] The MantisBT web interface must pass HTML validation (community) 0035179: [filters] Could not use plugins filters with "Permalink" (dregad) 0023593: [ui] Username does not fit in navbar user menu (community)