mantisbt · Apr 11, 2013 · Apr 11, 2013 · Apr 11, 2013
Showing with 73 additions and 40 deletions.

+1 −1 core/constant_inc.php

+39 −36 doc/CREDITS

+33 −3 doc/RELEASE
diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -14,7 +14,7 @@
 # You should have received a copy of the GNU General Public License
 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
 
-define( 'MANTIS_VERSION', '1.2.15dev' );
+define( 'MANTIS_VERSION', '1.2.16dev' );
 
 # --- constants -------------------
 # magic numbers

diff --git a/doc/CREDITS b/doc/CREDITS
@@ -80,70 +80,73 @@ rufinus
 David Newcomb
 jhuggins
 yarick123
-jotel
 robertjf
+jotel
 Frank Rodgers
-Chris Fitch
 Johan Guilbaud
-davidu
 planser
-Franck Villaume
-Véronique Maginot
-myplacedk
+Chris Fitch
+davidu
 smhanson
+Franck Villaume
 vwegert
-Daniel Tschinder
+myplacedk
+Véronique Maginot
 Vincent Sels
-Jim Hanley
+Daniel Tschinder
 Kirill Krasnov
+Jim Hanley
 Stéphane Veyret
 cyclespersecond
 scoates
 torija
-Alexander Menk
-Christian Weiske
-Tarik Sedlarevic
 puklos
-Andreas Schopper
-Benjamin Renard
-Bill Stidham
-Brian Wrightson
-Carlos Proensa
-Cyrille Giquello
-Dan Moore
-Daniel N
-David W. Juntgen
-Dawit Ayalew
-Dominik Blunk
-Edward Rudd
-Jacky Alcine
-Jacob Hoover
-Jonas Nockert
-Markus Schneider
-Matt McCutchen
-MatthieuR
-Michael Lorer
-Michael Weibel
-Olivier Mengué
-Pier-Luc Duchaine
-Raul Baldner junior
-Rolf Kleef
+Tarik Sedlarevic
+Christian Weiske
+Alexander Menk
 Ross Nelson
 SL-Gundam
 Sebastian Kayser
 Sergio Del Franco
+Dominik Blunk
+Jonas Nockert
 Todd Whitesel
 Tomasz Krawczyk
+Dawit Ayalew
+MatthieuR
+Matt McCutchen
 Werner Karl
+David W. Juntgen
+Jacob Hoover
+cybd
+watergad
 davethegr8
 dwethell
 gcompagnon
 greenius
+Daniel N
+Dan Moore
 jeckyll
+Cyrille Giquello
 mbaranski
+Markus Schneider
 petertc
+Carlos Proensa
+Brian Wrightson
+Bill Stidham
+Benjamin Renard
+Andreas Schopper
+Marco Dings
 tfromm
-watergad
+Karl Wiggisser
+Michael Weibel
+Olivier Mengué
+Jacky Alcine
+Raul Baldner junior
+Pier-Luc Duchaine
+Michael Lorer
+Edward Rudd
+Rolf Kleef
 
 
 Other Contributors

diff --git a/doc/RELEASE b/doc/RELEASE
@@ -1,7 +1,36 @@
 MantisBT Release Notes
 ======================
 
-1.2.14 Security Release (2012-01-29)
+1.2.15 Security Release (2013-04-12)
+-------------------------------------------------
+
+MantisBT 1.2.15 is a security update for the stable 1.2.x branch. All
+installations that are currently running any 1.2.x version are strongly advised
+to upgrade to this release.
+
+The following security issues were resolved:
+
+ - Any malicious user could use the view issues page (search.php) to execute a
+   filter that could bring down the site by overloading the database server
+   (CVE-2013-1883). Affects MantisBT 1.2.12 and later.
+   Refer to issue #15573 for detailed information.
+
+ - A cross site scripting (XSS) vulnerability allowed execution of arbitrary
+   JavaScript code when deleting a version. Affects MantisBT 1.2.14 and later.
+   Refer to issue #15511 for detailed information.
+
+ - In some cases, the 'Close' button would be available to unauthorized users,
+   allowing them to close issues at will, bypassing the workflow settings.
+   Affects MantisBT 1.2.12 and later.
+   Refer to issue #15453 for detailed information.
+
+This release also includes several bug fixes and enhancements to the tracker
+and the SOAP api, as well as updated translations in many languages.
+
+A full changelog for the 1.2.x series can be found on the official site. [1]
+
+
+1.2.14 Security Release (2013-01-29)
 -------------------------------------------------
 
 MantisBT 1.2.14 is a security update for the stable 1.2.x branch. All
@@ -12,7 +41,7 @@ Four cross site scripting (XSS) vulnerability issues were discovered and
 resolved:
 
  - A malicious person could trick a target user's browser into executing
-   arbitrary JavaScript code (CVE-2013-0197). This vulnerability iscritical,
+   arbitrary JavaScript code (CVE-2013-0197). This vulnerability is critical,
    due to the affected page (search.php) being usable anonymously on public-
    facing installations (i.e. without the need for a user login).
    Affects MantisBT 1.2.12 only (earlier versions are not impacted)
@@ -52,7 +81,7 @@ release also includes several bug fixes and enhancements:
 A full changelog for the 1.2.x series can be found on the official site. [1]
 
 
-1.2.13 Security Release (2012-01-22)
+1.2.13 Security Release (2013-01-22)
 -------------------------------------------------
 
 This version had to be withdrawn shortly after release, as it introduced a bug
@@ -322,6 +351,7 @@ There have also been many improvements to the codebase beyond adding features:
 
 [1] The changelog is split between multiple releases:
 
+	1.2.15     http://www.mantisbt.org/bugs/changelog_page.php?version_id=182
 	1.2.14     http://www.mantisbt.org/bugs/changelog_page.php?version_id=181
 	1.2.13     http://www.mantisbt.org/bugs/changelog_page.php?version_id=180
 	1.2.12     http://www.mantisbt.org/bugs/changelog_page.php?version_id=150