Security issues in Mantis are not public because of the delicate nature of such issues. The information in these issues could be used to attack or compromise installations that are not patched yet. Therefore access to these issues is restricted to the people involved in the remediation process (developers, technical board, security group, etc.). This restriction has nothing to do with money.
We currently do not fully disclose security issues publicly. We do however list fixed security issues in the release notes of new versions. There we try not to be too specific for the same reasons: There are a lot of installations that are not patched regularily and we do not want to increase the danger for these installations.
I understand that you are looking for more information on these security issues for good reasons. Unfortunately we also have to assume that not all people looking for these kinds of information have good intentions. I hope you understand this reasoning.
(Disclaimer: I am currently a member of the ILIAS Security Group, however this response is not meant as an "official statement" but merely my attempt to clarify the reasoning behind the restricted access you inquired about)
We currently do not fully disclose security issues publicly. We do however list fixed security issues in the release notes of new versions. There we try not to be too specific for the same reasons: There are a lot of installations that are not patched regularily and we do not want to increase the danger for these installations.
I understand that you are looking for more information on these security issues for good reasons. Unfortunately we also have to assume that not all people looking for these kinds of information have good intentions. I hope you understand this reasoning.
(Disclaimer: I am currently a member of the ILIAS Security Group, however this response is not meant as an "official statement" but merely my attempt to clarify the reasoning behind the restricted access you inquired about)