]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Frédéric Buclin [Wed, 16 Oct 2013 17:19:12 +0000 (19:19 +0200)]
Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized when editing flag types if categoryAction-foo is set
Frédéric Buclin [Wed, 16 Oct 2013 17:08:20 +0000 (19:08 +0200)]
Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachments
Dave Lawrence [Wed, 16 Oct 2013 16:27:00 +0000 (12:27 -0400)]
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
Dave Lawrence [Wed, 16 Oct 2013 16:14:11 +0000 (12:14 -0400)]
Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
Dave Lawrence [Wed, 16 Oct 2013 16:05:10 +0000 (12:05 -0400)]
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
Frédéric Buclin [Fri, 11 Oct 2013 22:13:42 +0000 (00:13 +0200)]
Bug 912640: Release notes for Bugzilla 4.2.7
Frédéric Buclin [Thu, 26 Sep 2013 23:22:30 +0000 (01:22 +0200)]
Bug 914262: KHTML-based browsers such as Konqueror do not support the Server-Push technology
Jiří Netolický [Mon, 23 Sep 2013 15:44:20 +0000 (17:44 +0200)]
Bug 919475: [Oracle] Crash when non-mandatory free text custom fields are left empty on bug creation
Mateusz Kuśmierczyk [Tue, 3 Sep 2013 09:45:44 +0000 (11:45 +0200)]
Bug 848063: [Oracle] importxml.pl fails with ORA-01830: comment timestamps are not correctly formatted
Frédéric Buclin [Sat, 10 Aug 2013 00:45:28 +0000 (02:45 +0200)]
Back out bug 868330 for the 4.2 branch. This is not a security fix
Frédéric Buclin [Fri, 9 Aug 2013 09:30:58 +0000 (11:30 +0200)]
Bug 902515: Internet Explorer 11 receives multipart/x-mixed-replace content from buglist.cgi
Sunil Joshi [Fri, 9 Aug 2013 04:02:41 +0000 (14:02 +1000)]
Bug 868330 - Password creation directions incomplete
Simon Green [Fri, 9 Aug 2013 03:57:38 +0000 (13:57 +1000)]
Bug 897264 - letters_numbers_specialchars password restriction is incorrect
Sunil Joshi [Wed, 7 Aug 2013 05:29:13 +0000 (15:29 +1000)]
Bug 901620 - Grammar error in the documentation
Dave Lawrence [Wed, 24 Jul 2013 14:19:05 +0000 (10:19 -0400)]
Bug 880653 - Add POD for Bug.possible_duplicates webservice
Dave Lawrence [Mon, 15 Jul 2013 03:47:22 +0000 (23:47 -0400)]
Bug 787328 - xmlrpc.cgi doesn't send any security-related headers
Dave Lawrence [Wed, 22 May 2013 20:09:47 +0000 (16:09 -0400)]
Bump version post-release
Dave Lawrence [Wed, 22 May 2013 18:46:58 +0000 (14:46 -0400)]
Bump version to 4.2.6
Byron Jones [Wed, 22 May 2013 17:03:13 +0000 (01:03 +0800)]
Bug 828344: add missing xt broken tests
Byron Jones [Mon, 20 May 2013 17:54:06 +0000 (01:54 +0800)]
Bug 828344: "contains all of the words" no longer looks for all words within the same comment or flag
Frédéric Buclin [Sat, 18 May 2013 14:06:25 +0000 (16:06 +0200)]
Bug 870701: Release notes for Bugzilla 4.2.6
Frédéric Buclin [Sun, 5 May 2013 21:35:46 +0000 (23:35 +0200)]
Bug 212471: Tabular reports do not link bug counts involving the empty resolution correctly
Dave Lawrence [Fri, 3 May 2013 22:23:50 +0000 (18:23 -0400)]
Bug 859118 - Bug.search called with no arguments returns all visible bugs, ignoring max_search_results and search_allow_no_criteria
Frédéric Buclin [Sun, 28 Apr 2013 11:51:50 +0000 (13:51 +0200)]
Bug 848635: Old queries based on tags are no longer listed in the page footer by default when upgrading from 4.0 or older to 4.2
Frédéric Buclin [Sun, 28 Apr 2013 11:40:12 +0000 (13:40 +0200)]
Bug 858909: When running checksetup.pl for the first time using Oracle as DB server, you get an "uninitialized value" warning
Frédéric Buclin [Wed, 17 Apr 2013 23:26:19 +0000 (01:26 +0200)]
Bug 858911: Oracle fails with "ORA-04043: object T_GROUP_CONCAT does not exist" when installing Bugzilla for the first time
Byron Jones [Wed, 17 Apr 2013 17:38:22 +0000 (01:38 +0800)]
revert commit for bug 828344
Byron Jones [Wed, 17 Apr 2013 17:18:03 +0000 (01:18 +0800)]
Bug 828344: Make "contains all of the words" look for all words within the same comment or flag
Pami Ketolainen [Tue, 16 Apr 2013 10:14:23 +0000 (12:14 +0200)]
Bug 782210: If a custom field depends on a product, component or classification, the "mandatory" bit is ignored on bug creation
Frédéric Buclin [Mon, 15 Apr 2013 21:27:10 +0000 (23:27 +0200)]
Bug 861528: $user->can_enter_product() now returns the product object instead of 1
Pami Ketolainen [Thu, 11 Apr 2013 13:18:07 +0000 (15:18 +0200)]
Bug 860723: Custom fields are shown twice in report axis selectors
Christopher Trom [Tue, 9 Apr 2013 10:26:06 +0000 (12:26 +0200)]
Bug 355620: Lines enclosed in <simplelist> do not wrap in the PDF version of the Bugzilla Guide
Frédéric Buclin [Fri, 5 Apr 2013 20:00:12 +0000 (22:00 +0200)]
Bug 857562: ajax_user_autocompletion param ignored on Search by People fields
Frédéric Buclin [Fri, 5 Apr 2013 19:54:25 +0000 (21:54 +0200)]
Bug 855258: The dependency graph always uses urlbase, even when sslbase is in use
Frédéric Buclin [Tue, 26 Mar 2013 11:07:25 +0000 (12:07 +0100)]
Bug 854074: Remove all references to the uwinnipeg.ca PPM repository as it is no longer available
Frédéric Buclin [Wed, 20 Mar 2013 12:07:04 +0000 (13:07 +0100)]
Bug 852560: Bugzilla cannot be installed with MySQL 5.6, because the have_innodb variable no longer exists
Hugo Seabrook [Sat, 16 Mar 2013 16:21:37 +0000 (17:21 +0100)]
Bug 827983: "[reply]" link besides the original description will insert ("in reply to comment #N+1") when the comments order is "Newest to Oldest, but keep Descritption at the top"
Reed Loden [Tue, 12 Mar 2013 17:06:32 +0000 (10:06 -0700)]
Bug 850126 - 'token' id defined twice on logged-out pages (in header and footer)
Frédéric Buclin [Fri, 8 Mar 2013 11:55:02 +0000 (12:55 +0100)]
Bug 848250: Bug summary tooltip now includes "---" for unresolved bugs
Dave Lawrence [Wed, 20 Feb 2013 01:16:57 +0000 (20:16 -0500)]
Bump version post-release
Dave Lawrence [Tue, 19 Feb 2013 18:42:23 +0000 (13:42 -0500)]
Bumped current year
Dave Lawrence [Tue, 19 Feb 2013 17:42:30 +0000 (12:42 -0500)]
Bump version to 4.2.5
Frédéric Buclin [Tue, 19 Feb 2013 17:27:50 +0000 (18:27 +0100)]
Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an invalid page format
Simon Green [Tue, 19 Feb 2013 17:14:59 +0000 (18:14 +0100)]
Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence of products and components you cannot access
Frédéric Buclin [Tue, 19 Feb 2013 08:58:54 +0000 (09:58 +0100)]
Bug 832264: Release notes for Bugzilla 4.2.5
Matt Tyson [Sun, 17 Feb 2013 01:19:08 +0000 (02:19 +0100)]
Bug 839950: Cannot search by Change History on multi-select fields
Simon Green [Sat, 16 Feb 2013 21:58:00 +0000 (22:58 +0100)]
Bug 840824: It is possible to create a new bug with a non active target milestone, version or component
Dave Lawrence [Thu, 17 Jan 2013 17:49:28 +0000 (12:49 -0500)]
Bug 752946 - Fixed uninitialized error
Dave Lawrence [Thu, 17 Jan 2013 16:29:07 +0000 (11:29 -0500)]
Bug 752946 - Moving a bug into another product lists inactive components, milestones and versions
Frédéric Buclin [Mon, 14 Jan 2013 17:53:09 +0000 (18:53 +0100)]
Bug 829939: Only build default_authorizer on request
Frédéric Buclin [Sat, 5 Jan 2013 23:26:36 +0000 (00:26 +0100)]
Bug 826678: Disable warnings about the deprecated Return::Value module when loading Email::Send
Matt Selsky [Thu, 3 Jan 2013 12:25:57 +0000 (13:25 +0100)]
Bug 824616: The urlbase field in global/header.html.tmpl must be filtered
Sunil Joshi [Wed, 2 Jan 2013 00:42:35 +0000 (01:42 +0100)]
Bug 825524: When cloning a bug, the "We've made a guess at your operating system and platform" message should not be displayed
Frédéric Buclin [Wed, 19 Dec 2012 22:52:54 +0000 (23:52 +0100)]
Bug 818621: Perl 5.16 complains with "Variable length lookbehind not implemented in regex" when the Example extension is enabled
Alexander Tereschenko [Mon, 17 Dec 2012 22:41:09 +0000 (23:41 +0100)]
Bug 818890: Bugzilla doesn't obey the "Comment required on status transition" for {Start}-> transition (for new bugs)
Sunil Joshi [Sun, 16 Dec 2012 13:14:31 +0000 (14:14 +0100)]
Bug 406758: The help page for keywords uses "tag", but tags are something else
Alexander Tereschenko [Sun, 16 Dec 2012 13:08:49 +0000 (14:08 +0100)]
Bug 806809: Custom field values with "Enabled for bugs" set to "No" break the values list if the field's values visibility depends on another field values
Frédéric Buclin [Fri, 7 Dec 2012 13:09:04 +0000 (14:09 +0100)]
Bug 818007: Searching by commenter is slow
Hugo [Thu, 29 Nov 2012 19:12:21 +0000 (14:12 -0500)]
Bug 579189 - New methods added to Bugzilla/User.pm by bug 24896 have no POD
Thorsten Schöning [Thu, 22 Nov 2012 23:39:37 +0000 (00:39 +0100)]
Bug 385283: bz_webservice_demo.pl --product-name fails (Product.get_product no longer exists)
Dave Miller [Tue, 20 Nov 2012 19:07:13 +0000 (14:07 -0500)]
Bug 640756 - Make the documentation clearer that attachments created with Bug.add_attachment must by of type 'base64' when non-ASCII
Thorsten Schöning [Tue, 20 Nov 2012 16:50:17 +0000 (17:50 +0100)]
Bug 385283: bz_webservice_demo.pl --product-name fails (Product.get_product no longer exists)
Dave Lawrence [Tue, 13 Nov 2012 23:29:10 +0000 (18:29 -0500)]
Bump version post-release
Dave Lawrence [Tue, 13 Nov 2012 20:00:43 +0000 (15:00 -0500)]
Bump version to 4.2.4
Frédéric Buclin [Tue, 13 Nov 2012 17:56:26 +0000 (18:56 +0100)]
Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped correctly in tabular reports
Frédéric Buclin [Tue, 13 Nov 2012 17:48:12 +0000 (18:48 +0100)]
Bug 808845 (CVE-2012-5475): [SECURITY] Security vulnerability in YUI's swfstore.swf in YUI 2.8.2 and 2.9.0
Frédéric Buclin [Tue, 13 Nov 2012 17:36:33 +0000 (18:36 +0100)]
Bug 781850 (CVE-2012-4198): [SECURITY] Do not leak the existence of groups when using User.get()
Frédéric Buclin [Tue, 13 Nov 2012 17:23:13 +0000 (18:23 +0100)]
Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsolete can disclose its description
Frédéric Buclin [Tue, 13 Nov 2012 17:09:30 +0000 (18:09 +0100)]
Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and component names that the user is not allowed to see
Frédéric Buclin [Sat, 3 Nov 2012 18:58:26 +0000 (19:58 +0100)]
Back out the last checkin, it was already there
Frédéric Buclin [Sat, 3 Nov 2012 17:53:41 +0000 (18:53 +0100)]
Bug 805647: One more item for the 4.2.4 release notes
Frédéric Buclin [Fri, 2 Nov 2012 23:18:32 +0000 (00:18 +0100)]
Bug 804505: Oracle crashes when typing "word1 word2" in QuickSearch with "ORA-29907: found duplicate labels in primary invocations"
Frédéric Buclin [Fri, 2 Nov 2012 17:35:38 +0000 (18:35 +0100)]
Bug 806012: Installation docs need to be updated with instructions for bzr
Frédéric Buclin [Fri, 2 Nov 2012 12:56:57 +0000 (13:56 +0100)]
Fix typo
Koosha Khajeh Moogahi [Fri, 2 Nov 2012 12:45:33 +0000 (13:45 +0100)]
Bug 807937: Fix POD
Frédéric Buclin [Fri, 26 Oct 2012 15:13:05 +0000 (17:13 +0200)]
Bug 805647: Release notes for Bugzilla 4.2.4
Frédéric Buclin [Thu, 25 Oct 2012 15:16:54 +0000 (17:16 +0200)]
Bug 610767: contrib/convert-workflow.pl should add transitions from RESOLVED and VERIFIED to CONFIRMED (if transitions to REOPENED were present)
Frédéric Buclin [Thu, 18 Oct 2012 23:24:10 +0000 (01:24 +0200)]
Bug 531243: Bugzilla crashes on show_bug if it's hit while a custom field is being added
David Taylor [Thu, 18 Oct 2012 23:18:33 +0000 (01:18 +0200)]
Bug 780053: Oracle crashes when listing keywords or flags in buglists
Frédéric Buclin [Tue, 16 Oct 2012 09:10:54 +0000 (11:10 +0200)]
Bug 799721: PostgreSQL 9.2 requires DBD::Pg 2.19.3
Frédéric Buclin [Sun, 14 Oct 2012 10:55:09 +0000 (12:55 +0200)]
Bug 781314: The behavior of tags changed
Frédéric Buclin [Sat, 13 Oct 2012 21:22:21 +0000 (23:22 +0200)]
Fix typo
Frédéric Buclin [Fri, 12 Oct 2012 20:24:57 +0000 (22:24 +0200)]
s/sortey/sortkey/g
Simon Green [Fri, 12 Oct 2012 20:04:17 +0000 (22:04 +0200)]
Bug 790129: Bugzilla->fields returns fields in random order (the sortkey is ignored)
Koosha Khajeh Moogahi [Fri, 12 Oct 2012 17:51:50 +0000 (19:51 +0200)]
Bug 793826: Prevent private web service methods from being called
Simon Green [Thu, 11 Oct 2012 06:31:06 +0000 (14:31 +0800)]
Bug 798994: Fix incorrect double escaping when displaying saved queries URLs
Simon Green [Tue, 9 Oct 2012 07:23:39 +0000 (15:23 +0800)]
Bug 753635: Allow editing local see also even if you cannot edit the other bug
Frédéric Buclin [Mon, 8 Oct 2012 11:05:25 +0000 (13:05 +0200)]
Bug 652047: checksetup.pl fails to compile/run if the Voting extension is enabled on a fresh install
Frédéric Buclin [Thu, 4 Oct 2012 15:54:47 +0000 (17:54 +0200)]
Bug 790909: Editing dependencies from the "Change Several Bugs at Once" page does not work as expected (bug IDs are incorrectly parsed)
Frédéric Buclin [Thu, 4 Oct 2012 15:48:23 +0000 (17:48 +0200)]
Bug 788098: Queries involving group substitution crash when usevisibilitygroups is enabled
Frédéric Buclin [Thu, 4 Oct 2012 11:30:23 +0000 (13:30 +0200)]
Bug 794389: There is no field named 'actual_time' when generating reports
Frédéric Buclin [Wed, 3 Oct 2012 17:38:30 +0000 (19:38 +0200)]
Bug 757935: Bugs with resolution MOVED cannot be edited
Frédéric Buclin [Sat, 29 Sep 2012 11:47:13 +0000 (13:47 +0200)]
Bug 793893: Tabular reports crash when no format parameter is defined
Byron Jones [Mon, 17 Sep 2012 14:22:09 +0000 (22:22 +0800)]
Bug 761046: Don't redirect when hitting buglist.cgi directly to avoid duplicate cgi->header calls
Frédéric Buclin [Fri, 14 Sep 2012 20:14:35 +0000 (22:14 +0200)]
Update POD to fix bustage in Perl 5.16.1
Reed Loden [Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)]
Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
Reed Loden [Tue, 11 Sep 2012 19:17:23 +0000 (12:17 -0700)]
Bug 790215 - Flag names are not properly escaped when displayed on confirm user match page
Matt Selsky [Sun, 9 Sep 2012 18:06:39 +0000 (11:06 -0700)]
Bug 671612: Send "X-Content-Type-Options: nosniff" with every response
Matt Tyson [Mon, 3 Sep 2012 07:31:57 +0000 (15:31 +0800)]
Bug 786889: Add missing 'Summary (first 60 chars)' header to CSV output
Dave Lawrence [Thu, 30 Aug 2012 20:24:38 +0000 (16:24 -0400)]
Bumped version post-release
projects / thirdparty / bugzilla.git / log
