]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Max Kanat-Alexander [Tue, 25 Jan 2011 02:27:44 +0000 (18:27 -0800)]
Bug 621597: Make mod_perl.pl automatically include the lib/ directory and
Max Kanat-Alexander [Tue, 25 Jan 2011 01:48:36 +0000 (17:48 -0800)]
Bump the version number post-release.
Max Kanat-Alexander [Mon, 24 Jan 2011 23:32:04 +0000 (15:32 -0800)]
Bump the version number for 3.6.4.
Max Kanat-Alexander [Mon, 24 Jan 2011 21:48:17 +0000 (13:48 -0800)]
Bug 619594: (CVE-2010-4568) [SECURITY] Improve the randomness of
David Lawrence [Mon, 24 Jan 2011 19:22:37 +0000 (14:22 -0500)]
Bug 621105 - [SECURITY] Voting lacks CSRF protection
Frédéric Buclin [Mon, 24 Jan 2011 18:36:51 +0000 (19:36 +0100)]
Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace
Reed Loden [Mon, 24 Jan 2011 18:14:09 +0000 (10:14 -0800)]
Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to header-injection due to use of |print "Location:"| instead of $cgi->redirect
Frédéric Buclin [Mon, 24 Jan 2011 17:28:07 +0000 (18:28 +0100)]
Bug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF protection
Frédéric Buclin [Mon, 24 Jan 2011 17:15:40 +0000 (18:15 +0100)]
Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection
Max Kanat-Alexander [Mon, 24 Jan 2011 04:08:34 +0000 (20:08 -0800)]
Bug 627923 - Release Notes for Bugzilla 3.6.4
David Lawrence [Fri, 21 Jan 2011 21:44:10 +0000 (16:44 -0500)]
Bug 627854: Add 'form' hook to create-guided.html.tmpl similar to create.html.tmpl
Reed Loden [Fri, 21 Jan 2011 21:16:42 +0000 (13:16 -0800)]
Bug 591165: (CVE-2010-4411) [SECURITY] Bump minimum required version of CGI.pm to v3.51 in order to address header injection vulnerability.
David Lawrence [Fri, 21 Jan 2011 05:09:28 +0000 (00:09 -0500)]
Bug 623608 - Add intro/outro extension hooks to footer.html.tmpl
Frédéric Buclin [Fri, 7 Jan 2011 12:36:12 +0000 (13:36 +0100)]
Bug 255524: The duplicates table inherits no CSS classes when viewed in simple format
Gervase Markham [Wed, 5 Jan 2011 10:37:53 +0000 (10:37 +0000)]
Bug 622822 - add additional_links hook to front page. r,a=mkanat.
David Lawrence [Thu, 30 Dec 2010 16:50:29 +0000 (11:50 -0500)]
Bug 622105 - Misspelling in setting_info_invalid error message
timeless [Mon, 27 Dec 2010 21:55:37 +0000 (22:55 +0100)]
Bug 588013: Fix typo
Frédéric Buclin [Wed, 8 Dec 2010 20:16:46 +0000 (21:16 +0100)]
Bug 617684: Values starting with a dot or an underscore are no longer hidden in reports
Frédéric Buclin [Sat, 27 Nov 2010 21:04:55 +0000 (22:04 +0100)]
Bug 416784: In PostgreSQL 8.1 and newer, createuser takes the argument -R instead of -A
Frank Becker [Sun, 14 Nov 2010 19:14:41 +0000 (20:14 +0100)]
Bug 610217: config.cgi?ctype=rdf should include product.allows_unconfirmed
Sam Morris [Sun, 14 Nov 2010 19:07:00 +0000 (20:07 +0100)]
Bug 611974: collectstats.pl --regenerate fails with PostgreSQL 8.4.x (sql_from_days() doesn't accept integers as argument)
Frédéric Buclin [Sat, 13 Nov 2010 00:13:27 +0000 (01:13 +0100)]
Bug 611623: The alias is not filtered in QuickSearch when passed to show_bug.cgi
Reed Loden [Thu, 11 Nov 2010 02:11:10 +0000 (18:11 -0800)]
Bug 591165: (CVE-2010-2761) [SECURITY] Bump minimum required version of CGI.pm to v3.50 in order to address header injection vulnerability.
Frédéric Buclin [Wed, 10 Nov 2010 23:42:59 +0000 (00:42 +0100)]
Bug 611129: Quicksearch fails in 3.6.3 if List::MoreUtils is not installed
Frédéric Buclin [Thu, 4 Nov 2010 17:14:25 +0000 (18:14 +0100)]
Bug 596611: Add a hook to email_in.pl
Frédéric Buclin [Thu, 4 Nov 2010 16:48:50 +0000 (17:48 +0100)]
Bug 474766: The [details] string is duplicated when replying to a comment containing a link to an attachment
Max Kanat-Alexander [Wed, 3 Nov 2010 02:34:31 +0000 (19:34 -0700)]
Fix the 3.6 release notes to accurately describe the "form field longdesclength"
Max Kanat-Alexander [Wed, 3 Nov 2010 01:35:24 +0000 (18:35 -0700)]
Bump the version number post-release.
Max Kanat-Alexander [Wed, 3 Nov 2010 00:37:30 +0000 (17:37 -0700)]
Bump the version number for 3.6.3.
Byron Jones [Tue, 2 Nov 2010 23:21:42 +0000 (00:21 +0100)]
Bug 600464: (CVE-2010-3172) [SECURITY] Content/Header injection due to non-random multipart/x-mixed-replace boundary
Frédéric Buclin [Tue, 2 Nov 2010 23:10:15 +0000 (00:10 +0100)]
Bug 419014: (CVE-2010-3764) [SECURITY] Old charts are not project specific, and product names are viewable in graphs/
Max Kanat-Alexander [Sun, 31 Oct 2010 23:29:11 +0000 (16:29 -0700)]
Bug 608188 - Release Notes for Bugzilla 3.6.3
Frédéric Buclin [Thu, 28 Oct 2010 15:27:58 +0000 (17:27 +0200)]
Bug 607966: Use of qw(...) as parentheses is deprecated since Perl 5.13.5
Max Kanat-Alexander [Tue, 26 Oct 2010 21:08:21 +0000 (14:08 -0700)]
Bug 607083: Improve the error message that install-module.pl prints when
Frédéric Buclin [Tue, 26 Oct 2010 18:21:11 +0000 (20:21 +0200)]
Bug 607361: Creating an attachment without a "comment" param in the URL causes an internal error
Frédéric Buclin [Fri, 22 Oct 2010 13:01:35 +0000 (15:01 +0200)]
Bug 413648: Attachment mime type handling should strip leading and trailing spaces
Frédéric Buclin [Wed, 20 Oct 2010 23:13:27 +0000 (01:13 +0200)]
Bug 605425: Non-english templates are no longer precompiled by checksetup
Frédéric Buclin [Wed, 20 Oct 2010 12:09:02 +0000 (14:09 +0200)]
Bug 605693: Make config.cgi?ctype=rdf faster
Frédéric Buclin [Wed, 20 Oct 2010 00:33:33 +0000 (02:33 +0200)]
Bug 553266: config.cgi?ctype=rdf spends most of its time loading flagtypes from the database (partial backport)
Frédéric Buclin [Mon, 18 Oct 2010 09:37:19 +0000 (11:37 +0200)]
Bug 339270: When editing a simple search, the bug status is lost
Frédéric Buclin [Fri, 15 Oct 2010 01:05:25 +0000 (03:05 +0200)]
Bug 604107: The link to delete the value 0 of custom fields is broken
Frédéric Buclin [Fri, 15 Oct 2010 00:13:34 +0000 (02:13 +0200)]
Bug 604522: t/012throwables.t doesn't catch new user errors correctly
Frédéric Buclin [Thu, 14 Oct 2010 00:43:05 +0000 (02:43 +0200)]
Bug 575947: Users with passwords length less than 6 characters can't login after migration from 3.4.x or older to 3.6 or newer
Frédéric Buclin [Wed, 13 Oct 2010 22:34:50 +0000 (00:34 +0200)]
Bug 599953: Editing an advanced search doesn't remember values passed to discrete custom fields added by extensions
Reed Loden [Tue, 5 Oct 2010 04:31:13 +0000 (21:31 -0700)]
s/Extensionn/Extension/ (no bug).
Guy Pyrzak [Sun, 3 Oct 2010 01:10:24 +0000 (18:10 -0700)]
Bug 601142: useless horizontal scrollbar always visible on show_bug.cgi in Classic skin
Christian Legnitto [Tue, 28 Sep 2010 03:32:21 +0000 (20:32 -0700)]
Bug 598213: Change the color of the border on the header so that the header
Frédéric Buclin [Thu, 23 Sep 2010 18:45:46 +0000 (20:45 +0200)]
Bug 599023: importxml.pl fails if UNCONFIRMED is the single bug status allowed when reporting a new bug
Frédéric Buclin [Thu, 23 Sep 2010 18:39:01 +0000 (20:39 +0200)]
Bug 595712: Return to bug page after login doesn't work with javascript disabled
Frédéric Buclin [Wed, 22 Sep 2010 11:59:08 +0000 (13:59 +0200)]
Bug 598147: Can't call method "isa" without a package or object reference
Frédéric Buclin [Tue, 21 Sep 2010 17:49:18 +0000 (19:49 +0200)]
Bug 585028: Advanced Shortcut for Priority (P1-5 as search word) broken
A. Shimono (himorin) [Sun, 19 Sep 2010 00:10:10 +0000 (02:10 +0200)]
Bug 589547: Wrong description for editing a flag
Max Kanat-Alexander [Sat, 18 Sep 2010 23:59:45 +0000 (16:59 -0700)]
Add a missing "FILTER html" to the bug_url_invalid error message.
A. Shimono (himorin) [Sat, 18 Sep 2010 23:58:45 +0000 (01:58 +0200)]
Bug 589525: fix typo
GavinS [Sat, 18 Sep 2010 23:50:12 +0000 (01:50 +0200)]
Bug 582339: fix typo
Max Kanat-Alexander [Sat, 18 Sep 2010 23:49:21 +0000 (16:49 -0700)]
Bug 593170: Disallow urls like "show_bug.cgi?id=2323" (with no domain) in
Max Kanat-Alexander [Sat, 18 Sep 2010 23:19:24 +0000 (16:19 -0700)]
Bug 577835: Improve the error message displayed when you put an invalid
Artem Anisimov [Tue, 14 Sep 2010 18:51:49 +0000 (20:51 +0200)]
Bug 595664: Maximum password length is hardcoded in the UI when editing user accounts
Frédéric Buclin [Tue, 14 Sep 2010 15:33:21 +0000 (17:33 +0200)]
Bug 596038: The before_table hook needs to be moved before tableheader
Tiago Mello [Wed, 8 Sep 2010 02:34:32 +0000 (23:34 -0300)]
Bug 594038 - Add new hook 'end' in footer.html.tmpl
Max Kanat-Alexander [Wed, 8 Sep 2010 01:34:19 +0000 (18:34 -0700)]
Bug 584414: Searching for bugs with "at least X votes" was broken in 3.6 only.
Frédéric Buclin [Thu, 2 Sep 2010 18:58:05 +0000 (20:58 +0200)]
Bug 590144: The deadline is not kept in saved searches when set to 'Now'
Christian Legnitto [Wed, 1 Sep 2010 22:57:56 +0000 (15:57 -0700)]
Bug 587793: Add a new "object_end_of_create" hook so that extensions can
Guy Pyrzak [Sun, 29 Aug 2010 21:31:37 +0000 (14:31 -0700)]
Bug 580217: Starting a bug summary with ">" would make it purple
Reed Loden [Sat, 28 Aug 2010 08:38:08 +0000 (01:38 -0700)]
Bug 591218 - Add missing 'longdesclength' form field to fix problem when receiving a mid-air after selecting "Submit only my new comment" on mid-air page.
Reed Loden [Tue, 10 Aug 2010 03:57:40 +0000 (22:57 -0500)]
Bug 585852 - Fix error message for 'file_too_large' to not mention "non-patch attachments", as that distinction was removed in 3.6+.
Reed Loden [Fri, 6 Aug 2010 06:11:59 +0000 (01:11 -0500)]
s/where missing/were missing/ (no bug)
Max Kanat-Alexander [Fri, 6 Aug 2010 02:30:01 +0000 (19:30 -0700)]
Bump version number post-release.
Max Kanat-Alexander [Fri, 6 Aug 2010 01:12:58 +0000 (18:12 -0700)]
Bump the version number for 3.6.2.
Frédéric Buclin [Wed, 4 Aug 2010 22:14:19 +0000 (00:14 +0200)]
Bug 583690: (CVE-2010-2759) [SECURITY][PostgreSQL] Bugzilla crashes when viewing a bug if a comment contains 'bug <num>' or 'attachment <num>' where <num> is greater than the max allowed integer
Frédéric Buclin [Wed, 4 Aug 2010 21:56:43 +0000 (23:56 +0200)]
Bug 577139: (CVE-2010-2758) [SECURITY] request.cgi and duplicates.cgi let you know whether a product exists or not
Frédéric Buclin [Wed, 4 Aug 2010 21:44:30 +0000 (23:44 +0200)]
Bug 450013: (CVE-2010-2757) [SECURITY] Can sudo a user without sending email
Frédéric Buclin [Wed, 4 Aug 2010 21:31:21 +0000 (23:31 +0200)]
Bug 417048: (CVE-2010-2756) [SECURITY] Boolean charts let me query for users being in any given group
Max Kanat-Alexander [Wed, 4 Aug 2010 18:08:12 +0000 (11:08 -0700)]
Bug 583649: Release Notes for Bugzilla 3.6.2
Frédéric Buclin [Wed, 4 Aug 2010 00:32:51 +0000 (02:32 +0200)]
Bug 584036: _sync_fulltext() not called when (un)setting an existing comment as private
Frédéric Buclin [Wed, 4 Aug 2010 00:11:03 +0000 (02:11 +0200)]
Bug 584018: @foo= bar in email_in.pl is not parsed correctly, due to a missing whitespace before "="
Frédéric Buclin [Mon, 2 Aug 2010 02:05:34 +0000 (04:05 +0200)]
Bug 553884: Quicksearch incorrectly treats "-" in quotes as negation
Frédéric Buclin [Mon, 2 Aug 2010 01:37:55 +0000 (03:37 +0200)]
Bug 583622: email_in.pl doesn't let me set timetracking fields
Max Kanat-Alexander [Mon, 2 Aug 2010 01:17:21 +0000 (18:17 -0700)]
Bug 578494: We can't use "shellwords" to split words for sql_fulltext on Pg,
Frédéric Buclin [Sun, 1 Aug 2010 23:22:25 +0000 (01:22 +0200)]
Bug 581622: When a quicksearch includes the "content" field, it is limited to 200 bugs
Frédéric Buclin [Sun, 1 Aug 2010 23:05:15 +0000 (01:05 +0200)]
Bug 547748: Wrong parsing of email_in emails if some @field has no data
Frédéric Buclin [Sun, 1 Aug 2010 22:33:29 +0000 (00:33 +0200)]
Bug 526272: Do not duplicate the 'File a new bug in the "Foo" product' link when the buglist is empty
Max Kanat-Alexander [Mon, 26 Jul 2010 21:44:44 +0000 (14:44 -0700)]
Bugzilla/Hook.pm: Remove an internal POD link to object_validators, which
Max Kanat-Alexander [Fri, 23 Jul 2010 11:44:18 +0000 (04:44 -0700)]
Bug 581311: Bring the documentation of various hooks in Bugzilla::Hook
Reed Loden [Fri, 23 Jul 2010 01:56:16 +0000 (20:56 -0500)]
Bug 578240 - Re-add "owner" as a quicksearch alias for searching for "assigned_to"
Max Kanat-Alexander [Fri, 23 Jul 2010 01:50:20 +0000 (18:50 -0700)]
Bug 578494: When doing a QuickSearch on a phrase, pass the phrase quoted
Max Kanat-Alexander [Fri, 23 Jul 2010 01:35:59 +0000 (18:35 -0700)]
Bug 577054: Field::Choice was denying the deletion of any value if
byron jones (glob) [Thu, 15 Jul 2010 17:28:57 +0000 (19:28 +0200)]
Bug 521416: Some web servers fail to set the QUERY_STRING parameter
Frédéric Buclin [Thu, 15 Jul 2010 11:06:33 +0000 (13:06 +0200)]
Bug 455585: Installation docs should recommend using package management instead of CPAN
Frédéric Buclin [Thu, 15 Jul 2010 10:49:39 +0000 (12:49 +0200)]
Bug 193193: Better explain what the checkboxes in Edit Users-Group Access/Privileges are for
Frédéric Buclin [Thu, 15 Jul 2010 10:33:15 +0000 (12:33 +0200)]
Bug 472452: Rephrase documentation about deleting custom fields
Max Kanat-Alexander [Wed, 14 Jul 2010 03:52:31 +0000 (20:52 -0700)]
The changes to accept positional parameters in XML-RPC meant that sometimes
Frédéric Buclin [Tue, 13 Jul 2010 23:09:33 +0000 (01:09 +0200)]
Bug 536183: Docs claim bug lifecycle is "hard-coded" despite that's no longer true
Max Kanat-Alexander [Tue, 13 Jul 2010 23:06:04 +0000 (16:06 -0700)]
Bug 577765: Allow XML-RPC to accept multiple positional parameters
Max Kanat-Alexander [Tue, 13 Jul 2010 23:03:47 +0000 (16:03 -0700)]
Bug 576060: Make bzr not be readable by the webserver
Frédéric Buclin [Tue, 13 Jul 2010 08:22:57 +0000 (10:22 +0200)]
Bug 236651: Remove obsolete instructions from the "2.1.5 Perl Modules" section
Frédéric Buclin [Tue, 13 Jul 2010 08:11:49 +0000 (10:11 +0200)]
Bug 578007: Requests queue page has a broken table layout for various groupings
Frédéric Buclin [Mon, 12 Jul 2010 23:18:42 +0000 (01:18 +0200)]
Bug 578003: E-mail notifications are missing datetime for comments
Reed Loden [Mon, 12 Jul 2010 17:43:06 +0000 (12:43 -0500)]
Bug 577881 - Add missing space before 'class' parameter in global/textarea.html.tmpl so class and previous parameters don't run into each other.
Frédéric Buclin [Sun, 11 Jul 2010 17:11:41 +0000 (19:11 +0200)]
Bug 563894: Milestone URL needs to be removed from documentation
projects / thirdparty / bugzilla.git / log
