Victor Boctor's Blog

Finally, after about a year since we switched main development to Mantis 1.0.0 and
after 8 alpha and candidate releases, the Mantis 1.0.0 stable release is out.

The implementation of 1.0.0 included over 400 issues, so it includes a lot of
new features, enhancements and security fixes. Although it is a 1.0.0 release,
it is the 65th Mantis release.

Some of the highlights of the release:

- Installation script
- Enhanced filters
- Sub-projects
- RSS feeds for issues
- Sticky issues
- Global Profiles
- Permissions Report
- My Sponsorships page
- Improved compatibility with PgSQL and MS-SQL
- Support for database configuration.
- Support for project specific, user specific, project and user specific configurations.
- Implemented GUI for some of the configuration options.
- Lots of security fixes

I'd like to thank everyone who contributed to the 65 Mantis releases. Without your
help we wouldn't be here today! Thanks to our users, developers, translators, contributors
and sponsors.

Now that Mantis 1.0.0 is released, we will switch our focus to Mantis 1.1. Hence, we will
be integrating new features and contributions that are in the bugtracker. As usual your
help and contributions are appreciated.

Please take a couple of minutes to register in Mantis User Directory.
http://www.mantisbugtracker.com/directory.php

Want to become a Mantis Sponsor?
http://www.mantisbugtracker.com/sponsors.php

Mantis Hosted - A hosted solution for Mantis
http://www.futureware.biz/blog/index.php?title=hosted_mantis&more=1&c=1&tb=1&pb=1

Mantis Blog
http://www.futureware.biz

Mantis Forums
http://forums.mantisbugtracker.com

MantisConnect - A webservice + a C#/Java client libraries
http://www.futureware.biz/mantisconnect

This is the 5th (and hopefully the last) candidate release for Mantis 1.0.0. All users of Mantis 1.0.x releases are encouraged to upgrade to this candidate release.

- 0006509: [security] Port: Additional XSS Vulnerabilities in Filter (thraxisp)
- 0006557: [security] XSS Vulnerability in manage_user (TKADV2005-11-002) (thraxisp)
- 0006563: [security] Port XSS Vulnerability in project documents (TKADV2005-11-002) (thraxisp)
- 0006569: [security] XSS Vulnerability in saved queries (TKADV2005-11-002) (thraxisp)
- 0006594: [bugtracker] config_flush_cache does not work correctly (thraxisp)
- 0006585: [documentation] don't see the documentation (thraxisp)
- 0006501: [filters] Categories can't be selected for filter-setting (thraxisp)

The release can be downloaded from here.

Regards,
Mantis Team

Timothy Trimble has written an informative Mantis review. Check it out if you need an overview of Mantis.

If you are after a short one, check out this quickie review.

As always, if you are interested in trying Mantis and don't have the time or the resources to do it, you can always go for the Mantis Hosted option.

If you are interested in both Mantis and dotProject, you may be interested to check out this document.

From the CaseySoftware site:

This document details the planned feature set and development priorities of the Integration Module. Sponsorship for this development will be opening on or around 26 September 2005.

Mantis 1.0.0rc4 is now available for download. This maintenance release includes the following fixes:

- 0006421: [security] Private bugs show up in public RSS feed (vboctor)
- 0006458: [security] Port #6457: SQL Injection in manage user page (TKADV2005-11-002) (vboctor)
- 0006461: [security] Port #6460: HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- 0006485: [security] XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
- 0006489: [security] Port Injection Vulnerabilities in Filters (TKADV2005-11-002) (thraxisp)
- 0006492: [security] Port #6453: Make note private has no effect when resolving bug (thraxisp)
- 0006432: [bugtracker] error processing does not work! (jlatour)
- 0006379: [filters] Filter returns private issues when it should not (thraxisp)
- 0006254: [localization] strings_korean_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006268: [localization] strings_chinese_simplified_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006304: [localization] [PATCH] Major overhaul of strings_dutch.txt (jlatour)
- 0006358: [localization] Updated Dutch localization (Wanderer)
- 0006474: [localization] Calls to htmlspecialchars should take into account the current charset (jlatour)

All 1.0.0ax / 1.0.0rcx users are encouraged to upgrade to this release.

I'd like to take this opportunity to thank tk at trapkit dot de for reviewing Mantis code and reporting most of the security issues that were fixed in this release.