]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
David Lawrence [Tue, 27 Jan 2015 20:12:28 +0000 (20:12 +0000)]
Bump version post-release
David Lawrence [Tue, 27 Jan 2015 16:27:51 +0000 (16:27 +0000)]
Bump version to 4.0.17
David Lawrence [Tue, 27 Jan 2015 16:23:01 +0000 (16:23 +0000)]
Bug
1090275 - WebServices modules should maintain a whitelist of methods that are allowed instead of allowing access to any function imported into its namespace
- Fixed regression from erroneous cut and paste
David Lawrence [Tue, 27 Jan 2015 15:40:59 +0000 (15:40 +0000)]
Bug
1125189 : Release notes for 4.0.16
r=justdave,a=dkl
David Lawrence [Fri, 23 Jan 2015 17:29:30 +0000 (17:29 +0000)]
Bug
1124716 : regression caused by bug
1090275 to whitelist webservice methods causes test failures with t/012throwables.t
r=dylan,a=glob
David Lawrence [Wed, 21 Jan 2015 22:31:52 +0000 (22:31 +0000)]
Bump version post-release
David Lawrence [Wed, 21 Jan 2015 21:17:28 +0000 (21:17 +0000)]
Bumped version to 4.0.16
David Lawrence [Wed, 21 Jan 2015 20:42:46 +0000 (20:42 +0000)]
Bug
1090275 : WebServices modules should maintain a whitelist of methods that are allowed instead of allowing access to any function imported into its namespace
r=dylan,a=glob
Gervase Markham [Wed, 21 Jan 2015 20:31:00 +0000 (20:31 +0000)]
Bug
1079065 : [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dylan,a=simon
Frédéric Buclin [Mon, 19 Jan 2015 21:16:30 +0000 (22:16 +0100)]
Fix typo
David Lawrence [Mon, 19 Jan 2015 20:37:52 +0000 (20:37 +0000)]
Bug
1118988 : Release notes for 4.0.16
r=LpSolit,a=glob
Frédéric Buclin [Mon, 5 Jan 2015 18:34:02 +0000 (19:34 +0100)]
Bug
1085182 : Bugzilla::Bug->check must check that a bug ID is defined when it gets a hashref
r=dkl a=glob
Frédéric Buclin [Wed, 19 Nov 2014 17:28:50 +0000 (18:28 +0100)]
Bug
1097798 : Do not display the resolution in the dependency tree for open bugs, nor the target milestone if usetargetmilestone is off
r=dkl a=glob
Byron Jones [Thu, 16 Oct 2014 07:31:39 +0000 (15:31 +0800)]
Bug
1082887 : comments made when setting a flag from the attachment details page are not included in the "flag updated" email
r=dkl,a=glob
David Lawrence [Mon, 6 Oct 2014 18:32:22 +0000 (18:32 +0000)]
Bump version post-release
David Lawrence [Mon, 6 Oct 2014 15:18:50 +0000 (15:18 +0000)]
Bump version to 4.0.15
Simon Green [Mon, 6 Oct 2014 14:59:17 +0000 (14:59 +0000)]
Bug
1054702 : CSV export vulnerable to formulae injection
r=glob,a=glob
Simon Green [Mon, 6 Oct 2014 14:40:46 +0000 (14:40 +0000)]
Bug
1064140 : [SECURITY] Private comments can be shown to flagmail recipients who aren't in the insider group
r=glob,a=glob
Frédéric Buclin [Mon, 6 Oct 2014 14:32:29 +0000 (14:32 +0000)]
Bug
1074980 : Forbid the { foo => $cgi->param() } syntax to prevent data override
r=dkl,a=sgreen
Frédéric Buclin [Mon, 6 Oct 2014 14:22:46 +0000 (14:22 +0000)]
Bug
1075578 : [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
David Lawrence [Mon, 6 Oct 2014 14:13:06 +0000 (14:13 +0000)]
Bug
1072494 : Release notes for 4.0.15
r=LpSolit,a=sgreen
David Lawrence [Thu, 24 Jul 2014 21:42:13 +0000 (21:42 +0000)]
Bump version post-release
David Lawrence [Thu, 24 Jul 2014 17:14:45 +0000 (17:14 +0000)]
Bump version to 4.0.14 (corrected)
Simon Green [Thu, 24 Jul 2014 17:09:33 +0000 (17:09 +0000)]
Bug
1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability
r=glob,a=sgreen
David Lawrence [Thu, 24 Jul 2014 16:49:21 +0000 (16:49 +0000)]
Bump version to 4.0.14
David Lawrence [Thu, 24 Jul 2014 16:41:31 +0000 (16:41 +0000)]
Bug
1042091 - Release notes for 4.0.14
r=glob
David Lawrence [Thu, 15 May 2014 21:44:48 +0000 (21:44 +0000)]
Bug
1011250 - Updates IRC notification text to include commit message and also send to #bugzilla
David Lawrence [Thu, 15 May 2014 02:48:05 +0000 (02:48 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Wed, 14 May 2014 20:50:16 +0000 (16:50 -0400)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Thu, 8 May 2014 20:40:28 +0000 (20:40 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Wed, 7 May 2014 16:16:13 +0000 (16:16 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Wed, 7 May 2014 16:13:03 +0000 (16:13 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Fri, 2 May 2014 20:34:46 +0000 (20:34 +0000)]
Bug 995209 - Create a Build.PL script using Module::Build for testing/installing/packaging of Bugzilla code
David Lawrence [Fri, 2 May 2014 16:08:35 +0000 (16:08 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Thu, 1 May 2014 20:58:41 +0000 (20:58 +0000)]
Bug 995209 - Create a Build.PL script using Module::Build for testing/installing/packaging of Bugzilla code
David Lawrence [Mon, 21 Apr 2014 21:06:28 +0000 (21:06 +0000)]
Bumped version post-release
David Lawrence [Fri, 18 Apr 2014 22:08:41 +0000 (22:08 +0000)]
Bump version to 4.0.13
Frédéric Buclin [Fri, 18 Apr 2014 21:50:29 +0000 (23:50 +0200)]
Bug 998484: Release notes for Bugzilla 4.0.13
David Lawrence [Fri, 18 Apr 2014 20:58:38 +0000 (20:58 +0000)]
Bug 998323 - URLs pasted in comments are no longer displayed
David Lawrence [Thu, 17 Apr 2014 21:28:09 +0000 (21:28 +0000)]
Bumped version post-release
David Lawrence [Thu, 17 Apr 2014 17:31:19 +0000 (17:31 +0000)]
Bumped version to 4.0.12
Manish Goregaokar [Thu, 17 Apr 2014 16:46:39 +0000 (18:46 +0200)]
Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text
Frédéric Buclin [Thu, 17 Apr 2014 16:44:40 +0000 (18:44 +0200)]
Fix POD to make tests happy
Frédéric Buclin [Tue, 15 Apr 2014 21:55:07 +0000 (23:55 +0200)]
Bug 996169: Release notes for Bugzilla 4.0.12
David Lawrence [Fri, 14 Mar 2014 18:17:41 +0000 (18:17 +0000)]
Copied over .bzrignore to .gitignore
Frédéric Buclin [Thu, 5 Dec 2013 22:44:44 +0000 (23:44 +0100)]
Bug 942599: Documentation about possible_duplicates() lists 'products' as argument instead of 'product'
Dave Lawrence [Thu, 17 Oct 2013 15:09:02 +0000 (11:09 -0400)]
Bump version post-release
Dave Lawrence [Wed, 16 Oct 2013 20:35:16 +0000 (16:35 -0400)]
Bump version to 4.0.11
Frédéric Buclin [Wed, 16 Oct 2013 17:20:36 +0000 (19:20 +0200)]
Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized when editing flag types if categoryAction-foo is set
Frédéric Buclin [Wed, 16 Oct 2013 17:10:42 +0000 (19:10 +0200)]
Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachments
Dave Lawrence [Wed, 16 Oct 2013 16:25:10 +0000 (12:25 -0400)]
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
Dave Lawrence [Wed, 16 Oct 2013 16:12:27 +0000 (12:12 -0400)]
Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
Dave Lawrence [Wed, 16 Oct 2013 16:00:39 +0000 (12:00 -0400)]
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
Frédéric Buclin [Fri, 11 Oct 2013 22:11:07 +0000 (00:11 +0200)]
Bug 912639: Release notes for Bugzilla 4.0.11
Frédéric Buclin [Fri, 9 Aug 2013 09:32:56 +0000 (11:32 +0200)]
Bug 902515: Internet Explorer 11 receives multipart/x-mixed-replace content from buglist.cgi
Sunil Joshi [Wed, 7 Aug 2013 05:29:21 +0000 (15:29 +1000)]
Bug 901620 - Grammar error in the documentation
Dave Lawrence [Wed, 24 Jul 2013 14:21:16 +0000 (10:21 -0400)]
Bug 880653 - Add POD for Bug.possible_duplicates webservice
Dave Lawrence [Mon, 15 Jul 2013 03:54:57 +0000 (23:54 -0400)]
Bug 787328 - xmlrpc.cgi doesn't send any security-related headers
Frédéric Buclin [Mon, 15 Apr 2013 21:28:14 +0000 (23:28 +0200)]
Bug 861528: $user->can_enter_product() now returns the product object instead of 1
Christopher Trom [Tue, 9 Apr 2013 10:28:20 +0000 (12:28 +0200)]
Bug 355620: Lines enclosed in <simplelist> do not wrap in the PDF version of the Bugzilla Guide
Frédéric Buclin [Tue, 26 Mar 2013 11:10:46 +0000 (12:10 +0100)]
Bug 854074: Remove all references to the uwinnipeg.ca PPM repository as it is no longer available
Frédéric Buclin [Wed, 20 Mar 2013 12:12:42 +0000 (13:12 +0100)]
Bug 852560: Bugzilla cannot be installed with MySQL 5.6, because the have_innodb variable no longer exists
Dave Lawrence [Wed, 20 Feb 2013 01:16:16 +0000 (20:16 -0500)]
Bump version post-release
Dave Lawrence [Tue, 19 Feb 2013 18:40:55 +0000 (13:40 -0500)]
Bumped current year
Dave Lawrence [Tue, 19 Feb 2013 17:35:34 +0000 (12:35 -0500)]
Bump version to 4.0.10
Frédéric Buclin [Tue, 19 Feb 2013 17:29:14 +0000 (18:29 +0100)]
Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an invalid page format
Simon Green [Tue, 19 Feb 2013 17:16:28 +0000 (18:16 +0100)]
Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence of products and components you cannot access
Frédéric Buclin [Tue, 19 Feb 2013 08:50:32 +0000 (09:50 +0100)]
Bug 832265: Release notes for Bugzilla 4.0.10
Frédéric Buclin [Mon, 21 Jan 2013 12:29:10 +0000 (13:29 +0100)]
Bug 771100: Attaching a file to a bug with Perl 5.16 fails
Frédéric Buclin [Sat, 5 Jan 2013 23:27:35 +0000 (00:27 +0100)]
Bug 826678: Disable warnings about the deprecated Return::Value module when loading Email::Send
Matt Selsky [Thu, 3 Jan 2013 12:27:27 +0000 (13:27 +0100)]
Bug 824616: The urlbase field in global/header.html.tmpl must be filtered
Hugo [Thu, 29 Nov 2012 19:21:19 +0000 (14:21 -0500)]
Bug 579189 - New methods added to Bugzilla/User.pm by bug 24896 have no POD
Dave Miller [Tue, 20 Nov 2012 19:08:58 +0000 (14:08 -0500)]
Bug 640756 - Make the documentation clearer that attachments created with Bug.add_attachment must by of type 'base64' when non-ASCII
Dave Lawrence [Tue, 13 Nov 2012 23:28:42 +0000 (18:28 -0500)]
Bump version post-release
Dave Lawrence [Tue, 13 Nov 2012 19:55:40 +0000 (14:55 -0500)]
Bump version to 4.0.9
Frédéric Buclin [Tue, 13 Nov 2012 17:42:46 +0000 (18:42 +0100)]
Bug 808845 (CVE-2012-5475): [SECURITY] Security vulnerability in YUI's swfstore.swf in YUI 2.8.2 and 2.9.0
Frédéric Buclin [Tue, 13 Nov 2012 17:37:32 +0000 (18:37 +0100)]
Bug 781850 (CVE-2012-4198): [SECURITY] Do not leak the existence of groups when using User.get()
Frédéric Buclin [Tue, 13 Nov 2012 17:24:24 +0000 (18:24 +0100)]
Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsolete can disclose its description
Frédéric Buclin [Tue, 13 Nov 2012 17:10:31 +0000 (18:10 +0100)]
Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and component names that the user is not allowed to see
Frédéric Buclin [Fri, 2 Nov 2012 12:57:27 +0000 (13:57 +0100)]
Fix typo
Koosha Khajeh Moogahi [Fri, 2 Nov 2012 12:47:00 +0000 (13:47 +0100)]
Bug 807937: Fix POD
Frédéric Buclin [Tue, 30 Oct 2012 21:28:12 +0000 (22:28 +0100)]
Bug 805649: Release notes for Bugzilla 4.0.9
Frédéric Buclin [Sat, 13 Oct 2012 21:23:04 +0000 (23:23 +0200)]
Fix typo
Frédéric Buclin [Thu, 4 Oct 2012 15:55:48 +0000 (17:55 +0200)]
Bug 790909: Editing dependencies from the "Change Several Bugs at Once" page does not work as expected (bug IDs are incorrectly parsed)
Frédéric Buclin [Wed, 3 Oct 2012 17:40:17 +0000 (19:40 +0200)]
Bug 757935: Bugs with resolution MOVED cannot be edited
Reed Loden [Tue, 11 Sep 2012 19:17:35 +0000 (12:17 -0700)]
Bug 790215 - Flag names are not properly escaped when displayed on confirm user match page
Dave Lawrence [Thu, 30 Aug 2012 20:24:09 +0000 (16:24 -0400)]
Bumped version post-release
Dave Lawrence [Thu, 30 Aug 2012 19:01:53 +0000 (15:01 -0400)]
Bump version to 4.0.8
Reed Loden [Thu, 30 Aug 2012 18:28:58 +0000 (20:28 +0200)]
Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead to LDAP injection
Frédéric Buclin [Thu, 30 Aug 2012 18:18:44 +0000 (20:18 +0200)]
Bug 785522: [SECURITY] Block access to templates in extensions/
Frédéric Buclin [Wed, 29 Aug 2012 14:43:00 +0000 (16:43 +0200)]
Bug 786352: Release notes for Bugzilla 4.0.8
Frédéric Buclin [Mon, 27 Aug 2012 18:18:58 +0000 (20:18 +0200)]
Bug 785917: Custom field descriptions are not properly escaped when displayed as bug list column headers
Koosha Khajeh Moogahi [Fri, 3 Aug 2012 16:45:20 +0000 (12:45 -0400)]
Bug 682317 - Bug.create is incorrectly documented as ignoring invalid fields; it should say it produces an error
Dave Lawrence [Thu, 26 Jul 2012 22:45:48 +0000 (18:45 -0400)]
Bumped version post release
Dave Lawrence [Thu, 26 Jul 2012 21:31:09 +0000 (17:31 -0400)]
Bump version to 4.0.7
Frédéric Buclin [Thu, 26 Jul 2012 21:07:23 +0000 (23:07 +0200)]
Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is still visible to unauthorized users when mentioned in a comment
Frédéric Buclin [Thu, 26 Jul 2012 13:51:38 +0000 (15:51 +0200)]
Bug 777675: Release notes for Bugzilla 4.0.7
Koosha Khajeh Moogahi [Wed, 25 Jul 2012 21:39:46 +0000 (17:39 -0400)]
Bug 776103 - Syntax error in Bugzilla::User::Setting API doc
Frédéric Buclin [Wed, 27 Jun 2012 16:13:39 +0000 (18:13 +0200)]
Bug 768870: The "Un-forget the search" link has no token
Reed Loden [Tue, 29 May 2012 14:46:23 +0000 (07:46 -0700)]
Bug 754561 - Escape HTML in keywords in the auto-complete form
projects / thirdparty / bugzilla.git / log
