blog_1_3_0.md

New Features and Improvements

• Timeline feature
• Memo custom fields
• jQuery and jQueryUI are now included in core
• PHP version compatibility up to PHP 5.5
• Better generated HTML, relying on CSS instead of inline styles and reducing use of tables for layout
• HTML5 doctype
• Various performance improvements
• Out-of-the-box support for Oracle (oci8)
• Greatly enhanced support for PostgreSQL and MSSQL
• Update dependencies (phpmailer, adodb, disposable email checker, etc).
• Improved installation and admin utilities (system check, tools)
• Mechanism to prevent concurrent updates to the same issue
• Detailed filters hidden by default
• Improved XmlImportExport core plugin
• Bigger e-mail and realname fields (now 255 chars)
• Improved documentation, migrated to Publican
• 200+ issues

Configuration

• SOAP API better integrated with core (no more distinct config)
• All custom config files moved to dedicated folder to facilitate maintenance and upgrade process (under config folder)

Security

• Use of Content Security Policy
• Removal of all inline JavaScript (use external scripts)

Anti-spam

• New captcha with audio-output support.
• Rate limiting - For MantisBT instances that enable signup, using captchas protects against bots. However, a human can create an account that then can be used to spam a bug tracker and its users. In this release, we have applied limits to # of changes per hour for actions like create issues, create notes, add tags and upload files. These limits are only applied for instances that have signup enabled and for users who have the default signup access level or below.

Extensibility

Added the following events (see manual for details):

• EVENT_MANAGE_PROJECT_DELETE
• EVENT_MANAGE_VERSION_DELETE
• EVENT_VIEW_BUG_ATTACHMENT
• EVENT_UPDATE_BUG_DATA
• EVENT_UPDATE_BUG

Deprecated Features

• Custom Functions in favor of Plugins
• News feature - already deprecated
• Time tracking - already deprecated
• Project Docs - already deprecated
• Sponsorships - already deprecated

Removed Features

• Built-in source code integration support
• FTP for attachments
• Remove nusoap in favor of native php soap extension
• DB2 support

Improvements

• Highlight changed filter fields (8276)

New Captcha (0016565) - what value does this add compared to old one?

Audio output

Sub-projects - should we deprecate it?

Would help to make implementation easier and faster.
Not sure how many users are using the inherit functionality for categories and versions.
We should start a survey for it.

DBMSes - do we want to deprecate any of them?

Does it make sense to support a database which none of the core developers is using?
Survey?

Sub-projects - should we deprecate it?

I think this is being used , at least I saw it at least a couple of times. But mostly for ordering projects visually, not necessarily for inheriting metadata.

New Plugin Events

I wouldn't put this in its own section, and for sure not before Improvements as it's giving the new events too much importance IMO. Suggest to use a bullet under the next section instead

• New Plugin Events
  • EVENT_MANAGE_PROJECT_DELETE
  • EVENT_MANAGE_VERSION_DELETE
  • EVENT_VIEW_BUG_ATTACHMENT
  • EVENT_UPDATE_BUG_DATA
  • EVENT_UPDATE_BUG

The above list is extracted from a diff of events_inc.php between 1.2.x (884aebb7) and master (f0235b79).

Improvements

• HTML / CSS? - how do we describe the work done here?

• Better generated HTML, relying on CSS instead of inline styles and reducing use of tables for layout
• HTML5 doctype

• New Captcha (0016565) - what value does this add compared to old one?

Audio, as mentioned by atrol, and also a more secure implementation (see recent CVEs)

• DB Fixes for non-mysql? (sorted by # of fixes oracle, mssql and postgresql)

• Database support
  • Out-of-the-box support for Oracle (oci8)
  • Greatly enhanced support for PostgreSQL and MSSQL
  • deprecated DB2 support (maybe better to put this in the deprecated section)

• 200+ issues - seem to be include a lot of fixes of bugs introduced in 1.3.0dev
• ?? security issues

I would suggest creating a "bug fixes" section, maybe highlighting a few critical bugs and referring to the changelog for full details.

I don't think any of the security issues are specific to 1.3 since I generally backport them to 1.2, so maybe not worth mentioning specifically.

On the subject of security, I would advertise

• the introduction of Content Security Policy
• removal of all inline JavaScript (use external scripts)

• jQuery (is now included in core and can be leveraged by plugins without requiring a jquery plugin)

• jQuery and jQueryUI are now included in core

I would also mention

• Improved installation and admin utilities (system check, tools)
• SOAP API better integrated with core (no more distinct config)
• all custom config files moved to dedicated folder to facilitate maintenance and upgrade process
• Mechanism to prevent concurrent updates to the same issue #5466
• Detailed filters hidden by default
• various performance improvements

A few more...

• Core plugins: Improved XmlImportExport
• bigger e-mail and realname fields (now 255 chars)

Not sure if it's worth mentioning, but...

• Improved documentation, migrated to Publican