Released 2022-04-13

Security and maintenance release, fixing vulnerabilities in CSV Export (CVE-2021-43257) and Plugins management pages (CVE-2022-26144), as well as in bundled libraries guzzlehttp/psr7 (CVE-2022-24775) and moment.js (CVE-2022-24785). It also addresses several PHP 8.1 compatibility issues.

  • 0022784: [markdown] Markdown formatting doesn't take effect on summary field in View Issues page (dregad)
  • 0029130: [security] CVE-2021-43257: CSV Injection with CSV Export Feature (dregad)
  • 0029848: [security] Update guzzlehttp/psr7 to 1.8.5 (dregad)
  • 0029846: [bugtracker] Passing null to parameter of type XXX is deprecated (dregad)
  • 0029849: [security] Update moment.js to 2.29.2 (dregad)
  • 0029485: [security] Update ADOdb to 5.20.21 (dregad)
  • 0029034: [api soap] SOAP call mc_project_get_id_from_name fails when there is no matching project in PHP 7.2 (community)
  • 0028927: [api rest] Slim Application Error when RestFault generated (community)
  • 0029845: [bugtracker] Constant FILTER_SANITIZE_STRING is deprecated (dregad)
  • 0029144: [attachments] Adding an attachment with a long filename causes "Data too long for column 'filename'" application error (dregad)
  • 0029181: [bugtracker] 'format_issue_summary' custom function not called from View Issue Details page (dregad)
  • 0029416: [ui] Missing closing div tag causes incorrect page footer display (dregad)
  • 0029462: [installation] Unable to install (dregad)
  • 0029413: [custom fields] APPLICATION ERROR 1300 Custom field not found with case-sensitive database (dregad)
  • 0029688: [security] CVE-2022-26144: XSS in manage_plugin_page.php and manage_plugin_uninstall.php (dregad)
15 issues View Issues