Search Criteria
Package Details: mantisbt 2.25.4-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/mantisbt.git (read-only, click to copy) |
---|---|
Package Base: | mantisbt |
Description: | Web-based issue tracking system |
Upstream URL: | https://www.mantisbt.org/ |
Keywords: | bugs php tracker |
Licenses: | GPL2 |
Submitter: | alucryd |
Maintainer: | dvzrv |
Last Packager: | dvzrv |
Votes: | 3 |
Popularity: | 0.000002 |
First Submitted: | 2016-08-20 20:18 (UTC) |
Last Updated: | 2022-05-19 18:58 (UTC) |
Dependencies (8)
- php (php7-symlinks, php7-meta, php-zts, php56)
- curl (curl-minimal-git, curl-git) (optional) – interface Twitter
- mariadb (mysql55, mysql56, mysql57, mysql, mytop-git, percona-server) (optional) – use local MySQL server
- php-fpm (php-zts-fpm, php56-fpm) (optional) – run in fastCGI process manager
- php-gd (php-zts-gd, php56-gd) (optional) – generate captcha
- php-pgsql (php-zts-pgsql, php56-pgsql) (optional) – use PostgreSQL database backend
- postgresql (pipelinedb, agensgraph-git, postgresql-1c, postgresql-9.5, postgresql-9.4, postgresql-src-beta, postgresql-9.6, postgresql-11, postgresql-10, postgresql13, postgresql-lts, postgresql-12, postgresql-src) (optional) – use local PostgreSQL database
- uwsgi-plugin-php (optional) – run as application container
Latest Comments
dvzrv commented on 2019-06-14 22:26 (UTC)
The upgrade to 2.21.1 requires mantisbt to be run as its own user/group: mantisbt.
I haven't gotten around updating the wiki page (in a long time), but will do that soonish and most likely also move mantisbt back to [community] after that.
If you need configuration inspiration, you can have a look at the wiki pages for cacti and postfixadmin, where I added a lot of info on how running php webapps as a separate user can/should be achieved.
Kunda commented on 2019-04-29 12:21 (UTC)
https://mantisbt.org/blog/archives/mantisbt/627
Please update to 2.21
dvzrv commented on 2019-01-24 18:32 (UTC)
@jamespharvey20: you're absolutely right. will change that asap. haven't been paying too much attention to this PKGBUILD (got busy with [community]).
jamespharvey20 commented on 2019-01-24 02:01 (UTC) (edited on 2019-01-24 02:09 (UTC) by jamespharvey20)
The configuration files are world readable, which is a security issue since they contain passwords for the database, potentially smtp, and the salt.
I think it would be a good idea if the PKGBUILD set ownership to all /etc/webapps/mantisbt/ files to http:http, permissions 600.
EDIT: I think this will also have the side effect of the initial installation being able to write config_inc.php rather than having it give a write error, which although easier, is a double edged sword because it would probably make a much shortened version potentially leaving out some of the helpful options and comments that are in upstream's config.inc.php.sample which is copied to config_inc.php by the PKGBUILD.
dvzrv commented on 2017-01-26 10:18 (UTC)
dvzrv commented on 2016-09-22 17:58 (UTC)