|
BugTracker.NET is a free open source web-based bug tracking system and customer support issue tracking system. It was created by Corey Trager starting in 2002, using ASP.NET, , and Microsoft SQL Server. BugTracker.NET is free software, licensed under the terms of the GNU General Public License (GPL). It is built on other open source software including the full text search engine Lucene.NET, the rich text editor CKEditor, the JavaScript library jQuery, and the MIME parser SharpMimeTools. It supports version control integration with the open source version control systems Subversion, Git, and Mercurial. Security Version 3.5.6 2012/02/23 (SVN revision 653) Fixed security hole whereby BugTracker.NET user belonging to an organization marked "external" could view posts marked "Visible to internal users only". Thanks to Jaroslav Kabrt for finding this. Version 3.5.1 2011/06/11 (SVN revision 619) An injection vulnerability was found in one of the installation files, however if followed the guideline to set up the tool no installation should be vulnerable since the vulnerable file should be deleted. Version 3.4.5 2010/11/29 (SVN revision 578) Core security technologies found some serious security vulnerabilities. If the bugs.aspx was publicly available to the Internet or not trusted visitors. Version 3.4.4 2010/08/21 (SVN revision 566) There's only one change, a fix to an SQL injection vulnerability in search.aspx. Thanks to Mark van Tilburg for letting me know. This vulnerability is several years old. This security issue only occurs if custom fields are used, if no custom fields are used this vulnerability cannot be misused. The last known critical vulnerability for BugTracker.NET was in 2005, when Secunia warned of SQL injection vulnerabilities in version 2.0. This was fixed in version 2.02. In January 2008, Secunia issued a less critical advisory concerning cross-site request forgery and cross-site scripting vulnerabilities for versions prior to 2.72. As of 2009-06-11, no new security vulnerabilities have been reported by Secunia
|
|
|