Yet another set of vulnerabilities have been discovered with PHP and register_globals. More details can be found at http://www.hardened-php.net/advisory_202005.79.html
.
Mantis has not required this setting to be on since version 0.18. The system check also flags it as a questionable practice.
If you are on a hosted site, or have applications that require this setting, you may not have complete control over this. You can, however, set this on a per directory basis, if you are using Apache. If you create a .htaccess file in your Mantis directory with the following content, the setting can be altered.
php_flag register_globals 0
Note that the directory's entry in httpd.conf MUST contain "AllowOverride All" or at least "AllowOverride Options" to read PHP settings from the .htaccess file.