]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
David Lawrence [Mon, 6 Oct 2014 15:24:58 +0000 (15:24 +0000)]
Bump version to 4.4.6
Simon Green [Mon, 6 Oct 2014 15:03:41 +0000 (15:03 +0000)]
Bug
1054702 : CSV export vulnerable to formulae injection
r=glob,a=glob
Simon Green [Mon, 6 Oct 2014 14:47:38 +0000 (14:47 +0000)]
Bug
1064140 : [SECURITY] Private comments can be shown to flagmail recipients who aren't in the insider group
r=glob,a=glob
Frédéric Buclin [Mon, 6 Oct 2014 14:35:25 +0000 (14:35 +0000)]
Bug
1074980 : Forbid the { foo => $cgi->param() } syntax to prevent data override
r=dkl,a=sgreen
Frédéric Buclin [Mon, 6 Oct 2014 14:27:01 +0000 (14:27 +0000)]
Bug
1075578 : [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
David Lawrence [Mon, 6 Oct 2014 14:16:24 +0000 (14:16 +0000)]
Bug
1072490 : Release notes for 4.4.6
r=LpSolit,a=sgreen
Simon Green [Wed, 1 Oct 2014 11:00:23 +0000 (21:00 +1000)]
Bug
1069760 - Cannot use 'component' in a template
r=gerv, a=justdave
Frédéric Buclin [Wed, 1 Oct 2014 10:07:34 +0000 (12:07 +0200)]
Fix bustage due to bug
1061247
Reed Loden [Wed, 1 Oct 2014 05:37:11 +0000 (22:37 -0700)]
Bug
1061247 - Successfully using a password change token should invalidate all other password change tokens for that user
r=gerv a=glob
Dylan William Hardison [Tue, 30 Sep 2014 22:01:38 +0000 (18:01 -0400)]
Bug
1070317 - Bugzilla::Flag's attribute modification_date is affected by the user's timezone and differs from the database copy after a call to $flag->update()
r=dkl, a=justdave
David Lawrence [Mon, 22 Sep 2014 13:58:37 +0000 (13:58 +0000)]
Bug
1069363 : "show user list again" link does not include is_enabled for showing previous results list
r=glob,a=glob
Vishant Gautam [Mon, 15 Sep 2014 16:06:23 +0000 (18:06 +0200)]
Bug 252555: Remove the ANSI mode when running MySQL
Matt Tyson [Wed, 10 Sep 2014 15:05:52 +0000 (23:05 +0800)]
Bug
1036242 : "TypeError: bug_status is undefined" when creating a bug
r=glob,a=sgreen
Frédéric Buclin [Mon, 8 Sep 2014 10:35:08 +0000 (12:35 +0200)]
Bug
1046213 : datetime_from() generates wrong dates if year < 1901
r=sgreen a=glob
Simon Green [Mon, 8 Sep 2014 03:51:42 +0000 (13:51 +1000)]
Bug 768892 - Specific Search without search words yields invalid_column_name message, complaining about sort order "relevance desc"
Dylan William Hardison [Thu, 4 Sep 2014 01:05:50 +0000 (21:05 -0400)]
Bug
1040728 - testserver.pl on Ubuntu 12.04 with Apache2 invalidly gives error 'Failed to find the GID for the 'httpd' process' due to truncated command name
r=gerv,a=sgreen
Simon Green [Sun, 24 Aug 2014 00:12:01 +0000 (10:12 +1000)]
Bug
1008766 - Fix typo in documentation
r=glob, a=sgreen
Frédéric Buclin [Tue, 19 Aug 2014 10:36:52 +0000 (12:36 +0200)]
Bug
1053802 : Groups used for the comment_taggers_group and debug_group parameters can be deleted
r=sgreen a=glob
Frédéric Buclin [Tue, 5 Aug 2014 23:44:20 +0000 (01:44 +0200)]
Bug
1046145 : It is no longer possible to cancel an email address change when this one has already been confirmed
r=dkl a=sgreen
David Lawrence [Thu, 24 Jul 2014 21:38:49 +0000 (21:38 +0000)]
Bump version post-release
David Lawrence [Thu, 24 Jul 2014 17:42:07 +0000 (17:42 +0000)]
Bump version to 4.4.5 (corrected)
Simon Green [Thu, 24 Jul 2014 17:34:12 +0000 (17:34 +0000)]
Bug
1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability
r=glob,a=sgreen
David Lawrence [Thu, 24 Jul 2014 17:02:01 +0000 (17:02 +0000)]
Bump version to 4.4.5
David Lawrence [Thu, 24 Jul 2014 16:42:44 +0000 (16:42 +0000)]
Bug
1042087 - Release notes for 4.4.5
r=glob
rojanu [Mon, 16 Jun 2014 23:24:19 +0000 (09:24 +1000)]
Bug
1024987 - contrib/bz_webservice_demo.pl fails after User Token login update
r=sgreen, a=justdave
Simon Green [Mon, 16 Jun 2014 23:11:05 +0000 (09:11 +1000)]
Bug 653597 - Reports with "Real Name" fields use foo_real_name in the url parameters for linked queries
Byron Jones [Wed, 11 Jun 2014 15:12:09 +0000 (23:12 +0800)]
Bug 978146: activity entry when setting flags isn't split across multiple rows
Byron Jones [Tue, 20 May 2014 05:50:48 +0000 (13:50 +0800)]
Bug
1009017 : users are unable to log in if their password needs to be
re-encrypted and their password does not match the current complexity
rule
r=dkl, a=glob
David Lawrence [Thu, 15 May 2014 21:42:37 +0000 (21:42 +0000)]
Bug
1011250 - Updates IRC notification text to include commit message and also send to #bugzilla
David Lawrence [Thu, 15 May 2014 02:50:07 +0000 (02:50 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Wed, 14 May 2014 20:47:16 +0000 (16:47 -0400)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
Byron Jones [Wed, 14 May 2014 05:28:41 +0000 (13:28 +0800)]
Bug
1006288 : add File::Slurp to the list of optional modules
r=dkl, a=glob
David Lawrence [Mon, 12 May 2014 19:14:53 +0000 (15:14 -0400)]
Backed out Bug
1001462 - Bug.search causes error when using simple token auth and specifying 'token' instead of 'Bugzilla_token'
Frédéric Buclin [Mon, 12 May 2014 17:29:10 +0000 (19:29 +0200)]
Bug
1003852 : Digest::SHA 5.82 and newer always croak on wide characters, preventing users with Unicode passwords from logging in
r/a=glob
David Lawrence [Mon, 12 May 2014 14:38:02 +0000 (14:38 +0000)]
Bug
1001462 - Bug.search causes error when using simple token auth and specifying 'token' instead of 'Bugzilla_token'
r/a=glob
David Lawrence [Thu, 8 May 2014 20:37:06 +0000 (20:37 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Wed, 7 May 2014 16:18:44 +0000 (16:18 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
Byron Jones [Mon, 5 May 2014 07:15:37 +0000 (15:15 +0800)]
Bug 999331: searching attachment data is very slow due to an unbounded
David Lawrence [Fri, 2 May 2014 20:33:08 +0000 (20:33 +0000)]
Bug 995209 - Create a Build.PL script using Module::Build for testing/installing/packaging of Bugzilla code
David Lawrence [Fri, 2 May 2014 15:56:22 +0000 (15:56 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Fri, 2 May 2014 15:55:33 +0000 (15:55 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
Dave Miller [Fri, 2 May 2014 02:12:25 +0000 (22:12 -0400)]
Bug 999296: Make checksetup.pl not complain about having added new
David Lawrence [Thu, 1 May 2014 20:54:55 +0000 (20:54 +0000)]
Bug 995209 - Create a Build.PL script using Module::Build for testing/installing/packaging of Bugzilla code
Frédéric Buclin [Tue, 29 Apr 2014 17:06:34 +0000 (19:06 +0200)]
Bug
1001846 : When editing cc_accessible using Bug.update, the method should always return is_cc_accessible as being changed
r=dkl a=justdave
Frédéric Buclin [Fri, 25 Apr 2014 20:19:43 +0000 (22:19 +0200)]
Bug
1001497 : User.login incorrectly returns id = 0 when the login or password is missing
r=dkl a=justdave
David Lawrence [Mon, 21 Apr 2014 21:03:59 +0000 (21:03 +0000)]
Bumped version post-release
David Lawrence [Fri, 18 Apr 2014 22:13:17 +0000 (22:13 +0000)]
Bump version to 4.4.4
Frédéric Buclin [Fri, 18 Apr 2014 21:48:10 +0000 (23:48 +0200)]
Bug 998484: Release notes for Bugzilla 4.4.4
David Lawrence [Fri, 18 Apr 2014 21:06:10 +0000 (21:06 +0000)]
Bug 998323 - URLs pasted in comments are no longer displayed
David Lawrence [Thu, 17 Apr 2014 21:21:36 +0000 (21:21 +0000)]
Bumped version post-release
David Lawrence [Thu, 17 Apr 2014 17:10:38 +0000 (17:10 +0000)]
Bump version to 4.4.3
Manish Goregaokar [Thu, 17 Apr 2014 16:30:14 +0000 (18:30 +0200)]
Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text
Frédéric Buclin [Thu, 17 Apr 2014 16:18:12 +0000 (18:18 +0200)]
Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protection
Frédéric Buclin [Tue, 15 Apr 2014 21:51:38 +0000 (23:51 +0200)]
Bug 996164: Release notes for Bugzilla 4.4.3
Quannah Gibson-Mount [Tue, 15 Apr 2014 18:17:20 +0000 (14:17 -0400)]
Bug 925181: contrib/jb2bz.py was out of date
Simon Green [Tue, 15 Apr 2014 01:28:32 +0000 (11:28 +1000)]
Bug 995873 - Don't use replaceState if it would result in an invalid URL
Frédéric Buclin [Mon, 14 Apr 2014 19:39:40 +0000 (21:39 +0200)]
Bug 987205: Bugzilla crashes because it tries to import a non-exported login_token() subroutine from Bugzilla::Auth::Login::Cookie
David Lawrence [Fri, 14 Mar 2014 18:14:56 +0000 (18:14 +0000)]
Copied over .bzrignore to .gitignore
Matt Selsky [Tue, 4 Mar 2014 20:35:39 +0000 (20:35 +0000)]
Bug 365050 - removal notice doesn't use English correctly (lists: =and)
Matt Selsky [Tue, 4 Mar 2014 20:28:23 +0000 (20:28 +0000)]
Bug 365057 - messages.html.tmpl file bareword should be tagged in <code> or something
Frédéric Buclin [Fri, 28 Feb 2014 10:11:12 +0000 (11:11 +0100)]
Bug 863093: The usermatchmode parameter no longer exists. The POD for User.get must be fixed accordingly
Dave Miller [Thu, 27 Feb 2014 08:42:00 +0000 (09:42 +0100)]
Bug 893595: The pink colour of private comment will turn to white after refreshing the page
Dave Lawrence [Wed, 26 Feb 2014 16:33:43 +0000 (16:33 +0000)]
Bug 893195 - Allow token based authentication for webservices
Dave Lawrence [Tue, 25 Feb 2014 23:21:14 +0000 (23:21 +0000)]
Backout Bug 893195 - Allow token based authentication for webservices
Dave Lawrence [Tue, 25 Feb 2014 22:33:46 +0000 (22:33 +0000)]
Bug 893195 - Allow token based authentication for webservices
Dave Lawrence [Tue, 25 Feb 2014 21:42:06 +0000 (21:42 +0000)]
Bug 962060 - User.get ignores the "maxusermatches" parameter and allows listing all email addresses
Frédéric Buclin [Tue, 25 Feb 2014 20:37:32 +0000 (21:37 +0100)]
Bug 967883: modify_keywords() shouldn't throw an error when an unprivileged user doesn't alter the keywords list
Frédéric Buclin [Fri, 14 Feb 2014 23:29:15 +0000 (00:29 +0100)]
Bug 966676: The 'sudo' cookie should not be accessible from JavaScript
Byron Jones [Tue, 11 Feb 2014 05:03:47 +0000 (13:03 +0800)]
Bug 970184: "possible duplicates" shouldn't truncate words at the first non-word character
Frédéric Buclin [Mon, 10 Feb 2014 17:38:36 +0000 (18:38 +0100)]
Bug 926085: Forbird single quotes to delimit URLs (no <a href='...'>)
Byron Jones [Mon, 10 Feb 2014 08:06:15 +0000 (16:06 +0800)]
Bug 961789: large dependency trees with lots of resolved bugs are very slow to load
Gervase Markham [Fri, 7 Feb 2014 11:53:27 +0000 (11:53 +0000)]
Clarify "delete groups" warning for groups on products. r=LpSolit, a=justdave.
Dave Lawrence [Tue, 28 Jan 2014 00:24:34 +0000 (00:24 +0000)]
Bumped version post-release
Dave Lawrence [Mon, 27 Jan 2014 20:50:40 +0000 (20:50 +0000)]
Bump version to 4.4.2
Frédéric Buclin [Mon, 27 Jan 2014 18:16:49 +0000 (19:16 +0100)]
Bug 964113: Digest::SHA 5.82 and newer always croak on wide characters, preventing saved searched from being displayed
Frédéric Buclin [Sun, 26 Jan 2014 19:34:17 +0000 (20:34 +0100)]
Bug 947150: improve relnotes to mention that the 'version' module must now be installed
GavinS [Sat, 25 Jan 2014 14:37:16 +0000 (15:37 +0100)]
Bug 959732: The guided bug entry form lists components disabled for new bug reports
Frédéric Buclin [Fri, 24 Jan 2014 16:39:28 +0000 (17:39 +0100)]
Bug 947150: Release notes for Bugzilla 4.4.2
Frédéric Buclin [Wed, 8 Jan 2014 23:05:06 +0000 (00:05 +0100)]
Bug 360231: importxml.pl ignores the maxattachmentsize and maxlocalattachment parameters when importing attachments
Frédéric Buclin [Thu, 2 Jan 2014 23:04:03 +0000 (00:04 +0100)]
Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric field
Frédéric Buclin [Thu, 2 Jan 2014 22:55:16 +0000 (23:55 +0100)]
Bug 895813: Mandatory custom fields whose visibility depends on a component are not required on bug creation
Simon Green [Thu, 2 Jan 2014 22:24:25 +0000 (08:24 +1000)]
Bug 946565 - Bug Mail does not correct notify when two people have made changes
Frédéric Buclin [Wed, 25 Dec 2013 08:59:34 +0000 (09:59 +0100)]
Bug 870369: An error about longdescs.comment_id is thrown by MySQL 5.1 and older when upgrading to 4.4 if sql_auto_is_null = 1
Frédéric Buclin [Sat, 21 Dec 2013 16:44:04 +0000 (17:44 +0100)]
Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method
Frédéric Buclin [Tue, 17 Dec 2013 00:52:21 +0000 (01:52 +0100)]
Bug 905511: When creating a new bug, the version select field is not highlighted
Simon Green [Thu, 12 Dec 2013 12:14:20 +0000 (22:14 +1000)]
Bug 947766 - Poorly worded error message when attempting to attach a file that is too large
Frédéric Buclin [Thu, 5 Dec 2013 22:42:14 +0000 (23:42 +0100)]
Bug 942599: Documentation about possible_duplicates() lists 'products' as argument instead of 'product'
Simon Green [Mon, 2 Dec 2013 22:45:15 +0000 (08:45 +1000)]
Bug 944583 - sendunsentbugmail.pl has bad SQL
Frédéric Buclin [Mon, 2 Dec 2013 16:06:12 +0000 (17:06 +0100)]
Bug 938300: vers_cmp() incorrectly compares module versions
Frédéric Buclin [Thu, 14 Nov 2013 16:59:47 +0000 (17:59 +0100)]
Bug 938161: sql_date_format() method for SQLite has an incorrect default format
Frédéric Buclin [Wed, 13 Nov 2013 15:17:12 +0000 (16:17 +0100)]
Bug 843457: PROJECT environment variable is not honored when mod_perl is enabled
Simon Green [Wed, 13 Nov 2013 05:00:38 +0000 (15:00 +1000)]
Bug 937991 - Fix typo in Bugzilla::Component documentation
Simon Green [Fri, 8 Nov 2013 00:40:56 +0000 (10:40 +1000)]
Bug 916633 - join_activity_entries doesn't reconstitute text with commas correctly.
Frédéric Buclin [Mon, 4 Nov 2013 18:55:45 +0000 (19:55 +0100)]
Bug 926952: Possible race conditions when editing or deleting a milestone or a version
Frédéric Buclin [Thu, 24 Oct 2013 22:24:12 +0000 (00:24 +0200)]
Bug 928092: Add OS detection for Windows 8.1
Byron Jones [Thu, 24 Oct 2013 05:19:58 +0000 (13:19 +0800)]
Bug 930013: fall back to the bug's current delta_ts when validating a token if one is not provided to process_bug.cgi
Dave Lawrence [Thu, 17 Oct 2013 15:11:57 +0000 (11:11 -0400)]
Bump version post-release
Byron Jones [Thu, 17 Oct 2013 10:29:39 +0000 (12:29 +0200)]
Bug 927736: "invalid token" error if someone else changes the CC list while viewing a bug
Byron Jones [Thu, 17 Oct 2013 05:59:32 +0000 (13:59 +0800)]
Bug 927570: mid-air conflict fails to check all changed fields
Dave Lawrence [Wed, 16 Oct 2013 20:42:00 +0000 (16:42 -0400)]
Bump version to 4.4.1
projects / thirdparty / bugzilla.git / log
