home.social

#mantisbt — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mantisbt, aggregated by home.social.

  1. Hmm I'm now looking at self-hosted Gitlab instead of MantisBT for small projects. Just for issue-tracking.

    #Gitlab #MantisBT

  2. Ah it looks like there is an existing dark mode plugin that seems to work and there is an internal event it hooks to called EVENT_LAYOUT_RESOURCES where you can just fire a callback to add an additional CSS file that can overwrite the native CSS file that's being loaded.

    For customizing the theme colors and fonts it looks like that might be enough. Hmmm

    #MantisBT

  3. Ugh. Looks like the MantisBT hooks are limited and haven't been updated in a while. Also there aren't any good plugins for theme customization. :( Not enough community support.

    mantisbt.org/forums/viewforum.

    #MantisBT

  4. I wish there was more active community development for #MantisBT. It could use more themes.

  5. …and for those who wondered about the recurring MantisBT example in the screenshots - that is one of my end-to-end scenarios I use to test the practical viability of the Reconcile Engine, including things like volume management.

    The scope is deliberately host-centric. It is not a cluster-wide deployment model like Kubernetes, but always framed around something like a sovereign home server, where I simply want to manage and operate my services in a clean and structured way.

    For example, running a bug tracker with its database and reverse proxy - or something entirely different, like a Luanti game server for my son.

    Some documentation has also started to emerge, because at this point it can no longer really be explained in a one-pager:

    netbsd-cells.petermann-digital

    netbsd-cells.petermann-digital

    #netbsd #devops #modernretrocomputing #luanti #mantisbt #selfhosted #clt2026

  6. Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776).

    Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access.

    The root cause of this bug is the incorrect use of == to match the password hash:

    if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )

    The fix is to use === for the comparison.

    This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability. mantisbt.org/download.php

    #CVE_2025_47776 #infosec #cybersecurity

  7. Filed an issue at #MantisBT in 2010. Got a response today. Time flies.

  8. I see that there's a new release for MantisBT with a security fix. Update now 🚀

    mantisbt.org/blog/archives/man

  9. Das aktuelle Release des auf PHP basierenden Bug Tracker wird das letzte sein, das PHP 5 unterstützt. Künftig ist mindestens PHP 7.0 erforderlich.
    MantisBT 2.25.0 nimmt Abschied von PHP 5