(In reply to comment #5)
> I guess it's relevant to note the default apache configuration provided with
> the mantis package includes the following.
>
>
> # Admin directory access is disabled by default; do not change this unless
> # you are performing the first installation or a database schema update.
> # See README.Fedora for more details
Based on the above comments decreased severity of the issues
to moderate. But we should still address them (to sanitize /
protect also not so likely configurations).
Gianluca, David, thank you for the comments: /bugzilla. redhat. com/show_ bug.cgi? id=663230# c5 /bugzilla. redhat. com/show_ bug.cgi? id=663230# c6
https:/
https:/
(In reply to comment #5)
> I guess it's relevant to note the default apache configuration provided with
> the mantis package includes the following.
>
>
> # Admin directory access is disabled by default; do not change this unless
> # you are performing the first installation or a database schema update.
> # See README.Fedora for more details
Based on the above comments decreased severity of the issues
to moderate. But we should still address them (to sanitize /
protect also not so likely configurations).