]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Dylan William Hardison [Wed, 19 Oct 2016 13:09:43 +0000 (09:09 -0400)]
Revert "Bug
1306534 - Crash when pasting UTF8 text as an attachment"
This reverts commit
89cb60fe38a7962c876bce18368db90cedda84eb.
Frédéric Buclin [Mon, 17 Oct 2016 21:43:31 +0000 (21:43 +0000)]
Bug
1310728 - editflagtypes.cgi crashes when classifications are enabled and the user hasn't global editcomponents privs
r/a=dkl
Matt Tyson [Tue, 11 Oct 2016 23:07:32 +0000 (19:07 -0400)]
Bug
1306534 - Crash when pasting UTF8 text as an attachment
r=dylan
Dylan William Hardison [Sat, 8 Oct 2016 17:09:18 +0000 (13:09 -0400)]
nit: wrong method call in Bugzilla::Migrate
Dylan William Hardison [Sat, 8 Oct 2016 17:01:39 +0000 (10:01 -0700)]
Bug
1300437 - DateTime::TimeZone::offset_as_string called incorrectly (#19)
Andrea Orsini [Mon, 19 Sep 2016 15:14:14 +0000 (11:14 -0400)]
Bug
1303702 - bug history table 'when' column shows 00:00 only using sqlite
r/a=dylan
David Lawrence [Wed, 7 Sep 2016 17:48:29 +0000 (13:48 -0400)]
- New CI docker image for testing
Gervase Markham [Fri, 5 Aug 2016 13:49:51 +0000 (14:49 +0100)]
Bug
1292510 - replace references to git.mozilla.org with references to github. r=dylan
Frédéric Buclin [Wed, 1 Jun 2016 10:52:15 +0000 (12:52 +0200)]
Fix the default API URL
Frédéric Buclin [Wed, 1 Jun 2016 08:17:46 +0000 (10:17 +0200)]
Bug
1269266 - API links for Bugzilla 5+ not working anymore
Frédéric Buclin [Thu, 19 May 2016 22:42:54 +0000 (00:42 +0200)]
Bug
1273846 - Checksetup fails to update chart storage during pre-3.6 -> 5.0 upgrade
r/a=dkl
David Lawrence [Mon, 16 May 2016 20:03:20 +0000 (20:03 +0000)]
Bumped version post-release
David Lawrence [Mon, 16 May 2016 18:43:56 +0000 (18:43 +0000)]
Bumped version to 5.0.3
Frédéric Buclin [Mon, 16 May 2016 18:23:43 +0000 (20:23 +0200)]
Bug
1253263 - (CVE-2016-2803) [SECURITY] XSS vulnerability in dependency graphs via bug summary
r/a=dkl
Frédéric Buclin [Fri, 13 May 2016 18:37:08 +0000 (20:37 +0200)]
Bug
1269388 - Release notes for Bugzilla 5.0.3
r=dkl
Dylan William Hardison [Fri, 13 May 2016 17:34:19 +0000 (13:34 -0400)]
Bug
1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
David Lawrence [Mon, 2 May 2016 14:30:07 +0000 (10:30 -0400)]
Add build.platform = linux64, machine.platform = linux64 to taskgraph.json to remove b2gtest from Treeherder results
Frédéric Buclin [Mon, 25 Apr 2016 21:39:02 +0000 (23:39 +0200)]
Bug
1259881 - CSV export vulnerable to formulae injection (again)
r=sgreen a=dkl
Albert Ting [Wed, 20 Apr 2016 01:50:44 +0000 (01:50 +0000)]
Bug 542239 - Accept pronouns everywhere in query.cgi
r=dkl,a=dkl
Frédéric Buclin [Fri, 15 Apr 2016 19:30:36 +0000 (21:30 +0200)]
Bug
1232171 - 'make clean' shouldn't delete rst/, images/ and Makefile, only generated files
r=gerv
Frédéric Buclin [Sun, 10 Apr 2016 00:12:18 +0000 (02:12 +0200)]
Email::MIME::Attachment::Stripper is no longer used, see bug 437076
Frédéric Buclin [Sat, 9 Apr 2016 16:06:21 +0000 (18:06 +0200)]
Fix an incorrect URL in the documentation
Frédéric Buclin [Fri, 8 Apr 2016 23:33:30 +0000 (01:33 +0200)]
Bug
1204957 - Locally compiled POD documentation is no longer accessible from docs/en/html/api/
r=dkl
Frédéric Buclin [Tue, 5 Apr 2016 23:54:54 +0000 (01:54 +0200)]
Bug
1246228 - Email addresses must not be encoded
r/a=dkl
Frédéric Buclin [Tue, 5 Apr 2016 15:22:25 +0000 (17:22 +0200)]
Bug
1261124: When deleting a component, this component is listed again
r/a=dkl
Frédéric Buclin [Fri, 1 Apr 2016 21:33:04 +0000 (23:33 +0200)]
Bug
1260027: Document how to compile the documentation on Windows
r=gerv
Frédéric Buclin [Fri, 1 Apr 2016 20:01:20 +0000 (22:01 +0200)]
Bug
1200010: The Quick Start doc should stop assuming Bugzilla is your single application
r=gerv
Frédéric Buclin [Sat, 26 Mar 2016 23:31:42 +0000 (00:31 +0100)]
Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry Perl
Frédéric Buclin [Mon, 21 Mar 2016 22:18:07 +0000 (23:18 +0100)]
Bug
1255619: CGI scripts should not send duplicated headers
r/a=dkl
Frédéric Buclin [Sat, 19 Mar 2016 16:33:48 +0000 (17:33 +0100)]
Bug
1230932: Providing a condition as an ID to the webservice results in a taint error
r/a=dkl
Frédéric Buclin [Tue, 15 Mar 2016 16:11:52 +0000 (17:11 +0100)]
Bug
1253267: Possible DOT injection vulnerability in dependency graphs if long bug summaries are wrapped
r/a=dkl
Thorsten Schöning [Wed, 9 Mar 2016 22:22:17 +0000 (23:22 +0100)]
Bug
1250908: "Use of uninitialized value" warning thrown when creating a new bug depending or blocking another one
r=LpSolit a=dkl
Frédéric Buclin [Wed, 9 Mar 2016 22:06:28 +0000 (23:06 +0100)]
Bug
1234977: Replace \d+ by [0-9]+ in critical validation places
r=dylan a=dkl
Frédéric Buclin [Sun, 6 Mar 2016 15:45:25 +0000 (16:45 +0100)]
IIS instructions work with Windows 10 too
Frédéric Buclin [Tue, 23 Feb 2016 22:50:26 +0000 (23:50 +0100)]
Bug
1250354: The "Forgot password" link should not be displayed if users are not allowed to change it
r/a=dkl
Frédéric Buclin [Mon, 22 Feb 2016 22:09:20 +0000 (23:09 +0100)]
Bug
1250264: Extensions have no easy way to override favicon.ico
r/a=dkl
David Lawrence [Mon, 22 Feb 2016 20:49:32 +0000 (20:49 +0000)]
- task.expires needs to be greater than artifacts.expires
David Lawrence [Mon, 22 Feb 2016 15:25:40 +0000 (15:25 +0000)]
- Update artifact expiration date
Frédéric Buclin [Wed, 17 Feb 2016 11:33:03 +0000 (12:33 +0100)]
Bug
1242263: The web server and SQL server sections are not correctly referenced in the documentation
r=gerv
David Lawrence [Mon, 8 Feb 2016 18:38:03 +0000 (18:38 +0000)]
Travis CI config file no longer necessary
Frédéric Buclin [Mon, 8 Feb 2016 18:31:27 +0000 (19:31 +0100)]
Bug
1246531: REST_DOC should point to bugzilla.readthedocs.org instead of bugzilla.org
r/a=dkl
Frédéric Buclin [Mon, 8 Feb 2016 18:27:33 +0000 (19:27 +0100)]
Bug
1046241: All links to the documentation displayed besides error messages are broken
r=gerv a=dkl
David Lawrence [Tue, 26 Jan 2016 15:17:18 +0000 (15:17 +0000)]
Bug
1240752 - Attachment data submitted via REST API must always be base64 encoded
r=gerv,a=dkl
Frédéric Buclin [Fri, 8 Jan 2016 18:53:11 +0000 (19:53 +0100)]
Bug
1235271: Remove .htaccess from .gitignore
r/a=dkl
Frédéric Buclin [Thu, 7 Jan 2016 20:45:23 +0000 (21:45 +0100)]
Bug 402039: Exporting CSV from chart.cgi doesn't set mimetype, content_disposition, or filename
r/a=dkl
Frédéric Buclin [Thu, 7 Jan 2016 20:37:36 +0000 (21:37 +0100)]
Bug 324242: Unsetting shutdownhtml requires too much intimate knowledge
r/a=dkl
Frédéric Buclin [Thu, 7 Jan 2016 00:45:27 +0000 (01:45 +0100)]
Addl. fix for bug
1089448: also detaint $ENV{WINDIR} on Windows
Mahdi Mokhtari [Tue, 5 Jan 2016 14:06:16 +0000 (15:06 +0100)]
Bug
1235270: Set submitter_id before calling _check_data()
r=LpSolit a=dkl
Frédéric Buclin [Tue, 5 Jan 2016 13:47:05 +0000 (14:47 +0100)]
Bug
1045782: Existing URLs in the See Also field should not throw an error when the bug is displayed
r/a=dkl
Frédéric Buclin [Mon, 4 Jan 2016 22:51:02 +0000 (23:51 +0100)]
Bug
1191706: When editing flag types, components do not match the selected product when classifications are enabled
r/a=dkl
Dylan Hardison [Sat, 2 Jan 2016 23:54:48 +0000 (18:54 -0500)]
Bug
1235395 - whine.pl broken due to a missing generate_email() routine
r=lpsolit,a=dylan
Frédéric Buclin [Tue, 29 Dec 2015 00:42:43 +0000 (01:42 +0100)]
Bug
1235271: Remove .htaccess from .gitignore
r/a=dkl
Frédéric Buclin [Mon, 28 Dec 2015 18:31:00 +0000 (19:31 +0100)]
Bug
1235415: Use "AllowOverride All" everywhere
David Lawrence [Tue, 22 Dec 2015 21:51:31 +0000 (21:51 +0000)]
Bumped version post-release
David Lawrence [Tue, 22 Dec 2015 21:03:32 +0000 (21:03 +0000)]
Revert "Add missing use List::MoreUtils"
This reverts commit
d4470f34b627bb5a15a0af496db67185a922f4f5.
David Lawrence [Tue, 22 Dec 2015 21:01:15 +0000 (21:01 +0000)]
Revert "Bug
1230932 - Providing a condition as an ID to the webservice results in a taint error"
This reverts commit
396ae88235ef68ed45978dfb36774c5fe9a2d699.
Dylan Hardison [Tue, 22 Dec 2015 20:42:31 +0000 (15:42 -0500)]
Add missing use List::MoreUtils
David Lawrence [Tue, 22 Dec 2015 19:16:45 +0000 (19:16 +0000)]
Bumped version to 5.0.2
Dylan Hardison [Tue, 22 Dec 2015 18:34:38 +0000 (13:34 -0500)]
Bug
1232785 - [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers
r=dkl,a=dkl
Frédéric Buclin [Tue, 22 Dec 2015 17:58:16 +0000 (18:58 +0100)]
Bug
1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying the bug summary
r=gerv a=dkl
Dylan Hardison [Tue, 22 Dec 2015 17:08:32 +0000 (12:08 -0500)]
Bug
1230932 - Providing a condition as an ID to the webservice results in a taint error
r=dkl,a=dkl
Frédéric Buclin [Tue, 22 Dec 2015 15:50:01 +0000 (16:50 +0100)]
Update release notes
Frédéric Buclin [Mon, 21 Dec 2015 15:54:40 +0000 (16:54 +0100)]
Bug
1234056: The "Create Comments" documentation incorrectly mentions that you can add a comment to several bugs at once
r/a=dkl
Frédéric Buclin [Mon, 21 Dec 2015 00:31:10 +0000 (01:31 +0100)]
Need to uncomment another line in httpd.conf, see bug
1207582
Frédéric Buclin [Fri, 18 Dec 2015 11:53:50 +0000 (12:53 +0100)]
Bug
1232190: FlagType.create should require the user to be logged in
r/a=dkl
Frédéric Buclin [Wed, 16 Dec 2015 21:25:29 +0000 (22:25 +0100)]
Bug
1232578: Don't save hashed passwords in audit_log
r/a=dkl
Frédéric Buclin [Wed, 16 Dec 2015 11:22:55 +0000 (12:22 +0100)]
Product.get_products is no longer supported, see bug
1160394
Dylan Hardison [Wed, 16 Dec 2015 01:21:08 +0000 (20:21 -0500)]
Bug
1232180 - Incorrect regexp used to filter bug IDs in Bugzilla::WebService::BugUserLastVisit
r=dkl,a=dkl
Dylan Hardison [Wed, 16 Dec 2015 00:52:37 +0000 (19:52 -0500)]
Bug
1169181 - The bug_user_last_visit method returns an empty array for old bugs
r=dkl,a=dkl
Matt Tyson [Wed, 16 Dec 2015 00:36:32 +0000 (00:36 +0000)]
Bug
1160394 - Products.get_products is missing from PUBLIC_METHODS (for backwards compatibility)
r=dkl,a=dkl
Frédéric Buclin [Fri, 11 Dec 2015 18:46:45 +0000 (19:46 +0100)]
Release notes for Bugzilla 5.0.2
r=dkl
Frédéric Buclin [Thu, 10 Dec 2015 19:05:47 +0000 (20:05 +0100)]
Email::Send is no longer used
Alex Schuilenburg [Wed, 2 Dec 2015 12:51:39 +0000 (13:51 +0100)]
Bug
1219276: Creating a new group fails if a custom extension adds entries to group_control_map and "insertnew" is selected
r=LpSolit a=dkl
Frédéric Buclin [Wed, 2 Dec 2015 12:01:36 +0000 (13:01 +0100)]
Back out bug
1138463 - data/assets/.htaccess must be fixed too
Frédéric Buclin [Tue, 1 Dec 2015 23:13:32 +0000 (00:13 +0100)]
Back out bug
1138463. This fix is actually incorrect and the bug was correctly fixed by bug
1223790
a=dkl on IRC
Pami Ketolainen [Wed, 25 Nov 2015 17:24:32 +0000 (17:24 +0000)]
Bug
1227455 - Multiselect parameters (type 'm') are not read correctly from the new JSON storage format
r/a=dkl
Frédéric Buclin [Thu, 19 Nov 2015 23:19:56 +0000 (00:19 +0100)]
Bug
1223790: "AllowOverride AuthConfig" is required to use the "Require" directive in .htaccess
r=gerv a=dkl
Frédéric Buclin [Thu, 19 Nov 2015 21:21:20 +0000 (22:21 +0100)]
Bug
1196126: Long lines in custom non-editable textarea fields should wrap
r/a=dkl
Alex Schuilenburg [Fri, 6 Nov 2015 17:07:01 +0000 (18:07 +0100)]
Bug
1222416: The group list must use 'class' instead of 'align'
r/a=justdave
Frédéric Buclin [Fri, 23 Oct 2015 13:25:19 +0000 (15:25 +0200)]
Bug 714724: Correctly encode emails as quoted-printable
r=dkl a=sgreen
Frédéric Buclin [Wed, 21 Oct 2015 17:51:07 +0000 (19:51 +0200)]
The correct name of the parameter is cookiepath, not cookiebase
Frédéric Buclin [Wed, 21 Oct 2015 17:29:47 +0000 (19:29 +0200)]
Bug
1200604: The URL Rewrite extension for IIS is needed to use the rest/ shortcut in URLs (instead of rest.cgi/)
r=gerv
Frédéric Buclin [Wed, 21 Oct 2015 13:57:53 +0000 (15:57 +0200)]
XMLRPC works with IIS, see bug 708252
Frédéric Buclin [Mon, 19 Oct 2015 16:41:34 +0000 (18:41 +0200)]
Bug
1207582: Update instructions to install Apache on Windows (the Apache MSI no longer exists)
r=gerv
Frédéric Buclin [Mon, 19 Oct 2015 16:28:45 +0000 (18:28 +0200)]
Bug
1209926: Document that Strawberry Perl fully works with Bugzilla 5.0.2 and newer
r=gerv
Frédéric Buclin [Wed, 30 Sep 2015 18:27:44 +0000 (20:27 +0200)]
Bug 987742: Strawberry Perl requires C:\strawberry\c\bin\ to be in $ENV{PATH} to correctly load XS modules
r=gerv a=dkl
Frédéric Buclin [Fri, 25 Sep 2015 18:35:20 +0000 (20:35 +0200)]
Bug
1089448: Strawberry Perl throws a "Insecure dependency in sysopen" error when attaching a file
r=gerv a=dkl
Colin Joy [Thu, 24 Sep 2015 16:07:03 +0000 (16:07 +0000)]
Bug
1201809: The default value for user settings cannot be false
r/a=dkl
Colin Joy [Thu, 24 Sep 2015 14:30:22 +0000 (15:30 +0100)]
Bug
1202588: Custom preference multiselect widget - size gets set to null. r=gerv
Matt Tyson [Wed, 23 Sep 2015 21:21:36 +0000 (23:21 +0200)]
Bug
1184431: Bug searching is slow on PostgreSQL
r=LpSolit a=dkl
Pat Thoyts [Wed, 23 Sep 2015 21:14:46 +0000 (23:14 +0200)]
Bug 708252: The XMLRPC API doesn't work with IIS
r=LpSolit a=dkl
Frédéric Buclin [Wed, 16 Sep 2015 16:44:00 +0000 (18:44 +0200)]
Bug 714724 missed Bugzilla 5.0.1
Gervase Markham [Tue, 15 Sep 2015 15:20:57 +0000 (16:20 +0100)]
Bug
1188824 - add 'require all granted' to <Directory> block for Windows Apache instructions
Frédéric Buclin [Tue, 15 Sep 2015 13:29:51 +0000 (15:29 +0200)]
Bug
1204862: backout the link to view_job_queue.cgi. This script only exists in master
David Lawrence [Thu, 10 Sep 2015 21:42:55 +0000 (17:42 -0400)]
Bumped version post-release
David Lawrence [Thu, 10 Sep 2015 17:48:22 +0000 (13:48 -0400)]
Bumped version to 5.0.1
Byron Jones ‹:glob› [Thu, 10 Sep 2015 17:30:04 +0000 (13:30 -0400)]
Bug
1202447: [SECURITY] The email address is not properly validated during registration if longer than 127 characters
r=LpSolit,a=justdave
Frédéric Buclin [Wed, 9 Sep 2015 22:01:42 +0000 (00:01 +0200)]
Bug
1191924: Release notes for Bugzilla 5.0.1
r=dkl
Frédéric Buclin [Wed, 9 Sep 2015 13:51:45 +0000 (15:51 +0200)]
Aliases can now be 40 characters long, see bug
1012506
Frédéric Buclin [Mon, 7 Sep 2015 18:08:41 +0000 (20:08 +0200)]
Bug
1201041: Allow OpenType fonts as well as TrueType (.otf as well as .ttf) for graphs
r=gerv a=justdave