]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Marc Schumann [Wed, 15 Feb 2012 17:53:56 +0000 (18:53 +0100)]
Test 1 fails if PERLLIB contains paths with whitespace.
Frédéric Buclin [Tue, 14 Feb 2012 22:03:37 +0000 (23:03 +0100)]
Bug 727240: The POD for Bug.attachments is wrong about the format of the returned data
Frédéric Buclin [Wed, 8 Feb 2012 15:55:03 +0000 (16:55 +0100)]
Bug 722161: Clickjacking is possible in "View All" with HTML attachments
Dave Lawrence [Tue, 31 Jan 2012 23:49:05 +0000 (18:49 -0500)]
Bump the version number post-release
Dave Lawrence [Tue, 31 Jan 2012 17:16:01 +0000 (12:16 -0500)]
Bumped to correct date
Dave Lawrence [Tue, 31 Jan 2012 16:43:19 +0000 (11:43 -0500)]
Bumped to version 4.0.4
Frédéric Buclin [Tue, 31 Jan 2012 16:03:30 +0000 (17:03 +0100)]
Bug 718319: (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can lead to CSRF (no victim's action required)
Frédéric Buclin [Tue, 31 Jan 2012 15:43:18 +0000 (16:43 +0100)]
Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email addresses, which could allow an attacker to be CC'ed to private bugs by accident
Dave Lawrence [Fri, 27 Jan 2012 22:04:01 +0000 (17:04 -0500)]
Bug 720752 - Release notes for Bugzilla 4.0.4
Matt Selsky [Sat, 21 Jan 2012 11:06:31 +0000 (12:06 +0100)]
Bug 469068: SMTP parameters not documented
Dave Lawrence [Thu, 12 Jan 2012 22:11:56 +0000 (17:11 -0500)]
Bug 715733 - When deleting a user account, related data in the profile_search table is not removed
A. Shimono [Wed, 11 Jan 2012 12:23:34 +0000 (13:23 +0100)]
Bug 591638: In the admin page, the link to edit field values is named 'Field Values', not 'Legal Values'
Dave Lawrence [Wed, 11 Jan 2012 06:01:19 +0000 (01:01 -0500)]
Bug 715650 - User auto-completion does not work in request.cgi for requester and requestee as expected
Frédéric Buclin [Tue, 10 Jan 2012 00:03:49 +0000 (01:03 +0100)]
Bug 716283: Clickjacking in the attachment "Details" page allows to bypass token checks
Matt Selsky [Fri, 6 Jan 2012 10:02:33 +0000 (11:02 +0100)]
Bug 319684: The documentation is unclear about how to disable quips
Matt Selsky [Fri, 6 Jan 2012 09:48:15 +0000 (10:48 +0100)]
Bug 641957: The documentation should mention that the voting system is now an extension
Frédéric Buclin [Fri, 6 Jan 2012 09:33:16 +0000 (10:33 +0100)]
Bug 715705: User auto-completion doesn't work for watched users in the email prefs tab
Frédéric Buclin [Fri, 6 Jan 2012 00:06:06 +0000 (01:06 +0100)]
Bug 714664: The content of the "emailregexpdesc" parameter is not escaped when displayed to the user
Frédéric Buclin [Thu, 5 Jan 2012 00:46:36 +0000 (01:46 +0100)]
Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due to non-backward compatibility
Dave Lawrence [Thu, 29 Dec 2011 17:58:14 +0000 (12:58 -0500)]
Bump the version number post-release
Dave Lawrence [Wed, 28 Dec 2011 23:09:51 +0000 (18:09 -0500)]
Bump version for 4.0.3
Frédéric Buclin [Wed, 28 Dec 2011 22:16:57 +0000 (23:16 +0100)]
Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account
Byron Jones [Wed, 28 Dec 2011 21:57:33 +0000 (16:57 -0500)]
Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode
Frédéric Buclin [Wed, 28 Dec 2011 16:44:20 +0000 (17:44 +0100)]
Bug 713345: Release notes for Bugzilla 4.0.3
Frédéric Buclin [Thu, 15 Dec 2011 15:19:10 +0000 (16:19 +0100)]
Bug 707428: Custom field values whose visibility depends on another field value do not remain selected after editing a bug
Frédéric Buclin [Thu, 8 Dec 2011 23:20:02 +0000 (00:20 +0100)]
Bug 644281: When the sort order of a buglist is modified, the "Show next bug in my list" user pref still uses the original sort order to decide which bug to display next
Frédéric Buclin [Thu, 8 Dec 2011 22:48:37 +0000 (23:48 +0100)]
Bug 707170: Several features about custom fields are missing in the documentation
Frédéric Buclin [Tue, 6 Dec 2011 12:00:50 +0000 (13:00 +0100)]
Bug 657290: Bug.add_attachment() stores truncated timestamps in the DB (seconds are missing)
Frédéric Buclin [Tue, 6 Dec 2011 11:51:39 +0000 (12:51 +0100)]
Bug 550299: User fields are left blank in buglists and whines when local user accounts are used (i.e. they have no @company.com suffix)
Matt Selsky [Mon, 5 Dec 2011 21:27:18 +0000 (22:27 +0100)]
Bug 692354: Incorrect parameter type in WebServices documentation for Bug.add_comment
Byron Jones [Mon, 5 Dec 2011 16:43:18 +0000 (00:43 +0800)]
Bug 707594: Fix broken account lockout notifications
Frédéric Buclin [Mon, 5 Dec 2011 16:15:26 +0000 (17:15 +0100)]
Bug 701350: Oracle crashes if the 'maxattachmentsize' parameter is set to a too small value
Frédéric Buclin [Fri, 2 Dec 2011 16:36:05 +0000 (17:36 +0100)]
Bug 591610: Custom field doc doesn't include 'Bug ID' type
Frédéric Buclin [Fri, 2 Dec 2011 16:31:35 +0000 (17:31 +0100)]
Bug 591636: "is mandatory" is not documented in the Custom Fields section
Frédéric Buclin [Tue, 29 Nov 2011 16:03:36 +0000 (17:03 +0100)]
Bug 706118: Session token not deleted during a bug mass-change
Frédéric Buclin [Sun, 27 Nov 2011 23:00:20 +0000 (00:00 +0100)]
Bug 277073: Make whining trap errors thrown by Search.pm
Gervase Markham [Tue, 1 Nov 2011 17:30:25 +0000 (17:30 +0000)]
Fix missing-space bugs in error messages. a=LpSolit.
David Lawrence [Mon, 24 Oct 2011 22:04:09 +0000 (18:04 -0400)]
Bug 685552 - Email auto-completion causes server to thrash
Alexei Volkov [Tue, 18 Oct 2011 21:37:05 +0000 (23:37 +0200)]
Bug 686860: Correctly calculate Hours Worked in buglists
Matt Selsky [Sat, 15 Oct 2011 13:30:28 +0000 (15:30 +0200)]
Bug 691243: Fix typo
Matt Selsky [Sat, 15 Oct 2011 12:39:27 +0000 (14:39 +0200)]
Bug 620694: MySQL is not 'required' RDBMS for Bugzilla
Matt Selsky [Sat, 15 Oct 2011 12:20:33 +0000 (14:20 +0200)]
Bug 445804: Suggested crontab configuration opens security hole
Frédéric Buclin [Fri, 7 Oct 2011 22:36:43 +0000 (00:36 +0200)]
Bug 691845: importxml.pl complains if an open bug has the resolution field set to ''
Frédéric Buclin [Tue, 4 Oct 2011 21:41:09 +0000 (23:41 +0200)]
$user->is_mover no longer exists, see bug 556422
Marc Schumann [Wed, 31 Aug 2011 13:21:56 +0000 (15:21 +0200)]
Bug 682203 - migrate.pl fails at requirements check.
Frédéric Buclin [Mon, 29 Aug 2011 23:18:50 +0000 (01:18 +0200)]
Bug 680780: Advanced Search: help for field Comment is missing a space
Frédéric Buclin [Mon, 29 Aug 2011 23:13:22 +0000 (01:13 +0200)]
Bug 682747: Wrong check in editusers.cgi
Frédéric Buclin [Sat, 27 Aug 2011 09:33:53 +0000 (11:33 +0200)]
Bug 622487: Product and component mismatch: a product without any component gets components of another product in the Advanced Search page
Frédéric Buclin [Tue, 16 Aug 2011 11:25:39 +0000 (13:25 +0200)]
Bug 678844: When trying to edit a non-existent classification, the error message has missing words
Frédéric Buclin [Tue, 16 Aug 2011 01:45:37 +0000 (03:45 +0200)]
Bug 678772: version.pm 0.92 and newer forbids negative values, making checksetup.pl to fail
Frédéric Buclin [Tue, 16 Aug 2011 01:33:23 +0000 (03:33 +0200)]
Bug 654496: Duplicate bug detection doesn't work when using Oracle
Frédéric Buclin [Tue, 16 Aug 2011 01:16:56 +0000 (03:16 +0200)]
Bug 582209: Bugzilla::DB::Oracle::adjust_statement() LIMIT code corrupts sub-selects
Max Kanat-Alexander [Tue, 16 Aug 2011 00:53:05 +0000 (17:53 -0700)]
Bug 460074: Make post_bug.cgi use should_set for the group field, so it
Frédéric Buclin [Tue, 9 Aug 2011 23:59:30 +0000 (01:59 +0200)]
Bug 677187: If the attachment filename contains a newline, an error is thrown when trying to download the attachment
Max Kanat-Alexander [Sat, 6 Aug 2011 00:14:42 +0000 (17:14 -0700)]
Bump version number post-release.
Max Kanat-Alexander [Fri, 5 Aug 2011 00:08:17 +0000 (17:08 -0700)]
Bump version number for 4.0.2.
Byron Jones [Thu, 4 Aug 2011 20:46:53 +0000 (22:46 +0200)]
Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts user-modifiable field for obtaining current e-mail address
Byron Jones [Thu, 4 Aug 2011 20:35:37 +0000 (22:35 +0200)]
Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause XSS on this domain in IE 6-8 and Safari
Frédéric Buclin [Thu, 4 Aug 2011 20:23:31 +0000 (22:23 +0200)]
Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are not deleted on Windows
Frédéric Buclin [Thu, 4 Aug 2011 20:10:54 +0000 (22:10 +0200)]
Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug
Reed Loden [Thu, 4 Aug 2011 19:21:36 +0000 (12:21 -0700)]
Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containing newline are corrupt
Frédéric Buclin [Thu, 4 Aug 2011 10:49:44 +0000 (12:49 +0200)]
Bug 676237: The traceback in code-error.html.tmpl is displayed on a single line
Frédéric Buclin [Wed, 3 Aug 2011 07:59:41 +0000 (09:59 +0200)]
Bug 655910: When calling ./install-module.pl --all, install LWP before XML::Twig, else arguments passed to build XML::Twig are propagated to Net::HTTP which then fails
Frédéric Buclin [Wed, 3 Aug 2011 01:55:05 +0000 (03:55 +0200)]
Bug 675754: Release notes for Bugzilla 4.0.2
Frédéric Buclin [Mon, 1 Aug 2011 08:36:48 +0000 (10:36 +0200)]
Bug 634812: Having a very large number of custom fields can make displaying show_bug.cgi slow
Bodo-Merle Sandor [Sun, 31 Jul 2011 12:16:14 +0000 (14:16 +0200)]
Bug 673702: Undefined get_add_fk_sql in Bugzilla/DB/Schema.pm
Frédéric Buclin [Sun, 31 Jul 2011 11:56:13 +0000 (13:56 +0200)]
Bug 655912: install-module.pl is unable to install LWP::UserAgent on Perl <5.8.8, because LWP 6.0 now requires 5.8.8 as a minimum
Frédéric Buclin [Tue, 26 Jul 2011 09:16:15 +0000 (11:16 +0200)]
Bug 673976: Style for #somebugs is duplicated in create-guided.html.tmpl
Frédéric Buclin [Tue, 26 Jul 2011 09:08:44 +0000 (11:08 +0200)]
Bug 647158: The Error Console in Firefox reports
Tiago Mello [Tue, 26 Jul 2011 00:22:30 +0000 (21:22 -0300)]
Bug 674089: Add a new hook 'end_object_name' in user-error.html.tmpl template
Tiago Mello [Mon, 25 Jul 2011 23:50:08 +0000 (20:50 -0300)]
Bug 674117: Add a new hook 'auth_failure_object' in user-error.html.tmpl template
Frédéric Buclin [Mon, 25 Jul 2011 18:34:10 +0000 (20:34 +0200)]
Remove an extra comma which makes the W3C CSS validator to complain
Frédéric Buclin [Mon, 25 Jul 2011 16:35:38 +0000 (18:35 +0200)]
Bug 642388: Description of field days_elapsed missing from global/field-descs.none.tmpl
David Lawrence [Mon, 25 Jul 2011 05:29:43 +0000 (01:29 -0400)]
Bug 652663 - When using bug_format_comment hook some replacements can happen more than once causing broken links
David Lawrence [Fri, 22 Jul 2011 15:19:06 +0000 (11:19 -0400)]
Bug 670670 - New hook for requests.cgi that allows for additional links after attachment descriptions.
Teemu Mannermaa [Wed, 20 Jul 2011 16:48:06 +0000 (09:48 -0700)]
Bug 600810: Use XMLRPC::Transport::HTTP:Apache as base class under mod_perl
Tiago Mello [Wed, 20 Jul 2011 04:18:42 +0000 (01:18 -0300)]
Bug 669223: Add a new hook 'before_table' in list-classifications.html.tmpl template
Frédéric Buclin [Mon, 18 Jul 2011 00:35:05 +0000 (02:35 +0200)]
Bug 561170: Fix various warnings thrown with Perl 5.12
Frédéric Buclin [Mon, 18 Jul 2011 00:29:12 +0000 (02:29 +0200)]
Bug 670128: Missing explicit exit after calls to $cgi->redirect(), making the rest of the scripts to be executed
Peter Gyongyosi [Wed, 6 Jul 2011 09:54:17 +0000 (11:54 +0200)]
Bug 657561: Invalid XMLRPC response generated if an optional custom integer field is empty
David Lawrence [Wed, 6 Jul 2011 05:10:33 +0000 (01:10 -0400)]
Bug 652410 - 500+ consecutive lines of markup whitespace in show_bug.cgi flags table, depending on flag states
David Lawrence [Tue, 5 Jul 2011 21:12:45 +0000 (17:12 -0400)]
Bug 658929 - User autocomplete is very slow when there are lots of users in the profiles table
David Lawrence [Tue, 5 Jul 2011 04:52:08 +0000 (00:52 -0400)]
Bug 666695 - Voting Extension templates have unfiltered directives
David Lawrence [Tue, 5 Jul 2011 04:09:31 +0000 (00:09 -0400)]
Bug 666699 - Example extension templates have unfiltered directives
Frédéric Buclin [Fri, 1 Jul 2011 15:53:21 +0000 (17:53 +0200)]
Revert wrong indentation, see bug 652427
Guy Pyrzak [Wed, 29 Jun 2011 05:06:28 +0000 (22:06 -0700)]
Bug 652427: Going back to the new bug page loses the description if possible duplicates have been searched for
David Lawrence [Tue, 28 Jun 2011 20:53:21 +0000 (16:53 -0400)]
Bug 666781 - t/008filter.t should not require filterexceptions.pl when one does not exist especially with extensions
David Lawrence [Wed, 15 Jun 2011 19:33:22 +0000 (15:33 -0400)]
Bug 658929 - User autocomplete is very slow when there are lots of users in the profiles table
Byron Jones [Tue, 14 Jun 2011 09:58:22 +0000 (17:58 +0800)]
Bug 656769: Fix bz_fireEvent for IE9
Tiago Mello [Mon, 13 Jun 2011 01:49:48 +0000 (22:49 -0300)]
Bug 663696: Remove 'config' hook example from the Example extension
Frédéric Buclin [Sat, 11 Jun 2011 01:31:58 +0000 (03:31 +0200)]
Bug 663208: Recursive "Verify new product details" page when attempting to move multiple bugs to another product
Matt Selsky [Mon, 6 Jun 2011 20:20:28 +0000 (16:20 -0400)]
Bug 649281 - Add ircs:// to url protocols for external links in comment
Byron Jones [Mon, 30 May 2011 08:20:32 +0000 (16:20 +0800)]
Bug 659816: Fix url_decoding of utf8 strings
Frédéric Buclin [Tue, 24 May 2011 06:48:33 +0000 (08:48 +0200)]
Bug 659185: html_quote() escapes @ causing mailto links to not be processed
David Lawrence [Mon, 23 May 2011 21:33:52 +0000 (17:33 -0400)]
Bug 659124 - New template hook in bug/show-header.html.tmpl to allow manipulating header information for show_bug.cgi
Frédéric Buclin [Mon, 23 May 2011 17:00:37 +0000 (19:00 +0200)]
Bug 658905: flag_handler() gets arguments in the wrong order in importxml.pl
Frédéric Buclin [Mon, 23 May 2011 16:57:14 +0000 (18:57 +0200)]
Bug 657707: importxml.pl crashes when importing keywords
Frédéric Buclin [Sun, 22 May 2011 22:48:48 +0000 (00:48 +0200)]
Bug 648096: UWinnipeg (theory PPM repo) instructions are not necessary with recent ActiveState releases
David Lawrence [Wed, 18 May 2011 22:03:38 +0000 (18:03 -0400)]
Bug 658056 - Improper HTML on show_bug.cgi page when user is logged out
David Lawrence [Tue, 7 May 2013 21:08:55 +0000 (17:08 -0400)]
Bug 653659 - Cannot shrink-back attachment description textarea on detailed edit
projects / thirdparty / bugzilla.git / log
