]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Thorsten Schöning [Tue, 20 Nov 2012 16:50:17 +0000 (17:50 +0100)]
Bug 385283: bz_webservice_demo.pl --product-name fails (Product.get_product no longer exists)
Dave Lawrence [Tue, 13 Nov 2012 23:29:10 +0000 (18:29 -0500)]
Bump version post-release
Dave Lawrence [Tue, 13 Nov 2012 20:00:43 +0000 (15:00 -0500)]
Bump version to 4.2.4
Frédéric Buclin [Tue, 13 Nov 2012 17:56:26 +0000 (18:56 +0100)]
Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped correctly in tabular reports
Frédéric Buclin [Tue, 13 Nov 2012 17:48:12 +0000 (18:48 +0100)]
Bug 808845 (CVE-2012-5475): [SECURITY] Security vulnerability in YUI's swfstore.swf in YUI 2.8.2 and 2.9.0
Frédéric Buclin [Tue, 13 Nov 2012 17:36:33 +0000 (18:36 +0100)]
Bug 781850 (CVE-2012-4198): [SECURITY] Do not leak the existence of groups when using User.get()
Frédéric Buclin [Tue, 13 Nov 2012 17:23:13 +0000 (18:23 +0100)]
Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsolete can disclose its description
Frédéric Buclin [Tue, 13 Nov 2012 17:09:30 +0000 (18:09 +0100)]
Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and component names that the user is not allowed to see
Frédéric Buclin [Sat, 3 Nov 2012 18:58:26 +0000 (19:58 +0100)]
Back out the last checkin, it was already there
Frédéric Buclin [Sat, 3 Nov 2012 17:53:41 +0000 (18:53 +0100)]
Bug 805647: One more item for the 4.2.4 release notes
Frédéric Buclin [Fri, 2 Nov 2012 23:18:32 +0000 (00:18 +0100)]
Bug 804505: Oracle crashes when typing "word1 word2" in QuickSearch with "ORA-29907: found duplicate labels in primary invocations"
Frédéric Buclin [Fri, 2 Nov 2012 17:35:38 +0000 (18:35 +0100)]
Bug 806012: Installation docs need to be updated with instructions for bzr
Frédéric Buclin [Fri, 2 Nov 2012 12:56:57 +0000 (13:56 +0100)]
Fix typo
Koosha Khajeh Moogahi [Fri, 2 Nov 2012 12:45:33 +0000 (13:45 +0100)]
Bug 807937: Fix POD
Frédéric Buclin [Fri, 26 Oct 2012 15:13:05 +0000 (17:13 +0200)]
Bug 805647: Release notes for Bugzilla 4.2.4
Frédéric Buclin [Thu, 25 Oct 2012 15:16:54 +0000 (17:16 +0200)]
Bug 610767: contrib/convert-workflow.pl should add transitions from RESOLVED and VERIFIED to CONFIRMED (if transitions to REOPENED were present)
Frédéric Buclin [Thu, 18 Oct 2012 23:24:10 +0000 (01:24 +0200)]
Bug 531243: Bugzilla crashes on show_bug if it's hit while a custom field is being added
David Taylor [Thu, 18 Oct 2012 23:18:33 +0000 (01:18 +0200)]
Bug 780053: Oracle crashes when listing keywords or flags in buglists
Frédéric Buclin [Tue, 16 Oct 2012 09:10:54 +0000 (11:10 +0200)]
Bug 799721: PostgreSQL 9.2 requires DBD::Pg 2.19.3
Frédéric Buclin [Sun, 14 Oct 2012 10:55:09 +0000 (12:55 +0200)]
Bug 781314: The behavior of tags changed
Frédéric Buclin [Sat, 13 Oct 2012 21:22:21 +0000 (23:22 +0200)]
Fix typo
Frédéric Buclin [Fri, 12 Oct 2012 20:24:57 +0000 (22:24 +0200)]
s/sortey/sortkey/g
Simon Green [Fri, 12 Oct 2012 20:04:17 +0000 (22:04 +0200)]
Bug 790129: Bugzilla->fields returns fields in random order (the sortkey is ignored)
Koosha Khajeh Moogahi [Fri, 12 Oct 2012 17:51:50 +0000 (19:51 +0200)]
Bug 793826: Prevent private web service methods from being called
Simon Green [Thu, 11 Oct 2012 06:31:06 +0000 (14:31 +0800)]
Bug 798994: Fix incorrect double escaping when displaying saved queries URLs
Simon Green [Tue, 9 Oct 2012 07:23:39 +0000 (15:23 +0800)]
Bug 753635: Allow editing local see also even if you cannot edit the other bug
Frédéric Buclin [Mon, 8 Oct 2012 11:05:25 +0000 (13:05 +0200)]
Bug 652047: checksetup.pl fails to compile/run if the Voting extension is enabled on a fresh install
Frédéric Buclin [Thu, 4 Oct 2012 15:54:47 +0000 (17:54 +0200)]
Bug 790909: Editing dependencies from the "Change Several Bugs at Once" page does not work as expected (bug IDs are incorrectly parsed)
Frédéric Buclin [Thu, 4 Oct 2012 15:48:23 +0000 (17:48 +0200)]
Bug 788098: Queries involving group substitution crash when usevisibilitygroups is enabled
Frédéric Buclin [Thu, 4 Oct 2012 11:30:23 +0000 (13:30 +0200)]
Bug 794389: There is no field named 'actual_time' when generating reports
Frédéric Buclin [Wed, 3 Oct 2012 17:38:30 +0000 (19:38 +0200)]
Bug 757935: Bugs with resolution MOVED cannot be edited
Frédéric Buclin [Sat, 29 Sep 2012 11:47:13 +0000 (13:47 +0200)]
Bug 793893: Tabular reports crash when no format parameter is defined
Byron Jones [Mon, 17 Sep 2012 14:22:09 +0000 (22:22 +0800)]
Bug 761046: Don't redirect when hitting buglist.cgi directly to avoid duplicate cgi->header calls
Frédéric Buclin [Fri, 14 Sep 2012 20:14:35 +0000 (22:14 +0200)]
Update POD to fix bustage in Perl 5.16.1
Reed Loden [Wed, 12 Sep 2012 23:53:45 +0000 (16:53 -0700)]
Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking
Reed Loden [Tue, 11 Sep 2012 19:17:23 +0000 (12:17 -0700)]
Bug 790215 - Flag names are not properly escaped when displayed on confirm user match page
Matt Selsky [Sun, 9 Sep 2012 18:06:39 +0000 (11:06 -0700)]
Bug 671612: Send "X-Content-Type-Options: nosniff" with every response
Matt Tyson [Mon, 3 Sep 2012 07:31:57 +0000 (15:31 +0800)]
Bug 786889: Add missing 'Summary (first 60 chars)' header to CSV output
Dave Lawrence [Thu, 30 Aug 2012 20:24:38 +0000 (16:24 -0400)]
Bumped version post-release
Dave Lawrence [Thu, 30 Aug 2012 19:02:10 +0000 (15:02 -0400)]
Bump version to 4.2.3
Reed Loden [Thu, 30 Aug 2012 18:27:36 +0000 (20:27 +0200)]
Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead to LDAP injection
Frédéric Buclin [Thu, 30 Aug 2012 18:16:58 +0000 (20:16 +0200)]
Bug 785522: [SECURITY] Block access to templates in extensions/
Frédéric Buclin [Wed, 29 Aug 2012 22:47:11 +0000 (00:47 +0200)]
Bug 731156: [Oracle] Adding or removing a DB column does not handle SERIAL correctly
Frédéric Buclin [Wed, 29 Aug 2012 22:14:29 +0000 (00:14 +0200)]
Bug 786351: Release notes for Bugzilla 4.2.3
Frédéric Buclin [Wed, 29 Aug 2012 14:36:38 +0000 (16:36 +0200)]
Bug 772620: Ignore empty strings in the CC list
Byron Jones [Wed, 29 Aug 2012 05:45:37 +0000 (13:45 +0800)]
Bug 786310: Remove tokens when saving the default query
Byron Jones [Wed, 29 Aug 2012 04:59:26 +0000 (12:59 +0800)]
Fix more bustage caused by Bug 772953
Byron Jones [Wed, 29 Aug 2012 04:45:48 +0000 (12:45 +0800)]
Fix bustage caused by Bug 772953
Byron Jones [Tue, 28 Aug 2012 16:35:50 +0000 (00:35 +0800)]
Bug 772953: Remove the token from buglist urls
Frédéric Buclin [Mon, 27 Aug 2012 18:14:49 +0000 (20:14 +0200)]
Bug 785917: Custom field descriptions are not properly escaped when displayed as bug list column headers
David Taylor [Sun, 26 Aug 2012 01:22:01 +0000 (03:22 +0200)]
Bug 559539: [Oracle] whine.pl sets run_next incorrectly due to CURRENT_DATE
Frédéric Buclin [Mon, 20 Aug 2012 22:43:52 +0000 (00:43 +0200)]
Bug 783786: PostgreSQL databases can be created with the wrong encoding
Frédéric Buclin [Mon, 20 Aug 2012 09:02:24 +0000 (11:02 +0200)]
Bug 698068: The "There is no saved search named ..." page has a "forget" link
Frédéric Buclin [Wed, 15 Aug 2012 19:29:25 +0000 (21:29 +0200)]
Bug 771100: Unable to attach a file to a bug with perl 5.16
Frédéric Buclin [Sun, 12 Aug 2012 12:14:38 +0000 (14:14 +0200)]
Bug 781059 part 2: -moz-border-radius is obsolete and must be replaced by the standard border-radius CSS property
Frédéric Buclin [Wed, 8 Aug 2012 10:23:45 +0000 (12:23 +0200)]
Bug 781059: -moz-border-radius is obsolete and must be replaced by the standard border-radius CSS property
Reed Loden [Tue, 7 Aug 2012 15:54:26 +0000 (08:54 -0700)]
Bug 780883 - s/fieldAutoComp/keywordAutoComp/ (fallout from bad 4.2 commit in bug 764517)
SImon Green [Tue, 7 Aug 2012 04:59:38 +0000 (12:59 +0800)]
Bug 779709: Don't allow searching on changes to private attachments or comments
Frédéric Buclin [Mon, 6 Aug 2012 21:44:33 +0000 (23:44 +0200)]
Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request
Koosha Khajeh Moogahi [Fri, 3 Aug 2012 16:41:45 +0000 (12:41 -0400)]
Bug 682317 - Bug.create is incorrectly documented as ignoring invalid fields; it should say it produces an error
Frédéric Buclin [Fri, 3 Aug 2012 10:20:19 +0000 (12:20 +0200)]
Bug 780028: Oracle crashes if a column listed in ORDER BY appears twice in SELECT
Matt Selsky [Mon, 30 Jul 2012 20:52:38 +0000 (16:52 -0400)]
Bug 778226 - Add Mac OS 10.8 Mountain Lion detection
Dave Lawrence [Thu, 26 Jul 2012 22:46:12 +0000 (18:46 -0400)]
Bumped version post release
Dave Lawrence [Thu, 26 Jul 2012 21:32:35 +0000 (17:32 -0400)]
Bump version to 4.2.2
Frédéric Buclin [Thu, 26 Jul 2012 21:04:08 +0000 (23:04 +0200)]
Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information about restricted bugs
Markus Kolb [Thu, 26 Jul 2012 20:43:30 +0000 (16:43 -0400)]
Bug 774625 - describecomponents.cgi - product category listing is not sorted
Frédéric Buclin [Thu, 26 Jul 2012 15:14:07 +0000 (17:14 +0200)]
Bug 777555: Release notes for Bugzilla 4.2.2
Frédéric Buclin [Thu, 26 Jul 2012 01:31:07 +0000 (03:31 +0200)]
Backout bug 768573 to fix bustage
Koosha Khajeh Moogahi [Wed, 25 Jul 2012 21:41:02 +0000 (17:41 -0400)]
Bug 776103 - Syntax error in Bugzilla::User::Setting API doc
Frédéric Buclin [Tue, 24 Jul 2012 14:03:46 +0000 (16:03 +0200)]
Bug 753688: Classification doesn't work as z-axis on reports
Byron Jones [Tue, 24 Jul 2012 08:57:33 +0000 (16:57 +0800)]
Bug 764517: Don't automatically select the first keyword if the search string is empty
Matt Selsky [Sun, 1 Jul 2012 23:44:23 +0000 (01:44 +0200)]
Bug 553553 - We shouldn't be using terms.Bugzilla in the "please contribute" message.
Simon Green [Fri, 29 Jun 2012 04:50:32 +0000 (12:50 +0800)]
Bug 762783: Change dependent bugs to use POST when the url exceeds the url length limit
Frédéric Buclin [Wed, 27 Jun 2012 16:12:10 +0000 (18:12 +0200)]
Bug 768870: The "Un-forget the search" link has no token
Frédéric Buclin [Tue, 26 Jun 2012 18:51:46 +0000 (20:51 +0200)]
Bug 768573: Templates must INCLUDE bug/field.html.tmpl instead of PROCESS'ing it
A. Shimono [Wed, 20 Jun 2012 22:20:40 +0000 (00:20 +0200)]
Bug 762785: Attachments are attached to the wrong comment when created by email_in.pl
Koosha Khajeh Moogahi [Fri, 8 Jun 2012 22:16:16 +0000 (00:16 +0200)]
Bug 577014: [SINGLE|MULTIPLE]_SELECT custom fields with no new values, containing only the default value '---' and marked as mandatory, blocks the user to update/create a bug
Simon Green [Fri, 8 Jun 2012 07:01:10 +0000 (15:01 +0800)]
Bug 760075: Fix error thrown when an allwords search starts with or ends with a space
Frédéric Buclin [Thu, 7 Jun 2012 21:35:00 +0000 (23:35 +0200)]
Bug 761230: The server push page no longer displays all debug data
Reed Loden [Tue, 29 May 2012 15:23:18 +0000 (08:23 -0700)]
Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting of default search options
Reed Loden [Tue, 29 May 2012 14:52:31 +0000 (07:52 -0700)]
Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default"
Reed Loden [Tue, 29 May 2012 14:45:06 +0000 (07:45 -0700)]
Bug 754561 - Escape HTML in keywords in the auto-complete form
Byron Jones [Mon, 28 May 2012 16:58:23 +0000 (00:58 +0800)]
Bug 756314: Fix dropping of unique matches when the "confirm page" page is display.
Koosha Khajeh Moogahi [Sun, 27 May 2012 23:36:39 +0000 (01:36 +0200)]
Bug 754981: Add a link pointing to the bug itself in HTML bugmails when only a comment is added
Byron Jones [Thu, 24 May 2012 06:17:50 +0000 (14:17 +0800)]
Bug 744691: Throw an error early when calling a method from a non-existent class
Frédéric Buclin [Mon, 21 May 2012 18:07:33 +0000 (20:07 +0200)]
Bug 754090: Bugzilla::FlagType::match() crashes when the group parameter is not a number
Simon Green [Thu, 17 May 2012 13:23:35 +0000 (15:23 +0200)]
Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are not escaped correctly in SAFE_URL_REGEXP
Håkan Jerning [Mon, 7 May 2012 19:09:42 +0000 (21:09 +0200)]
Bug 744338: jobqueue.pl won't work if not called from the bugzilla/ root directory
Byron Jones [Mon, 30 Apr 2012 06:41:43 +0000 (14:41 +0800)]
Bug 749074: Throw an error message instead of syntax error on invalid search type operators
Dave Lawrence [Wed, 18 Apr 2012 22:29:24 +0000 (15:29 -0700)]
Bumping the version post-release
Dave Lawrence [Wed, 18 Apr 2012 18:02:35 +0000 (11:02 -0700)]
Bump version to 4.2.1
Frédéric Buclin [Wed, 18 Apr 2012 17:00:42 +0000 (19:00 +0200)]
Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see
Frédéric Buclin [Wed, 18 Apr 2012 16:47:02 +0000 (18:47 +0200)]
Bug 728639: (CVE-2012-0465) [SECURITY] User lockout policy can be bypassed by altering the X-FORWARDED-FOR header
Frédéric Buclin [Wed, 18 Apr 2012 14:49:57 +0000 (16:49 +0200)]
Bug 746547: SMALLSERIAL is of type INT2, not INT1
Frédéric Buclin [Tue, 17 Apr 2012 19:24:18 +0000 (21:24 +0200)]
Bug 741078: Update relnotes for 4.2.1
Frédéric Buclin [Tue, 17 Apr 2012 19:11:20 +0000 (21:11 +0200)]
Bug 745197: Add a hook in Bugzilla::Error::_throw_error() so that extensions can control the way to throw errors
Frédéric Buclin [Tue, 17 Apr 2012 18:41:05 +0000 (20:41 +0200)]
Bug 745320: Shared queries do not work when tags are part of the query
Frédéric Buclin [Tue, 17 Apr 2012 00:15:59 +0000 (02:15 +0200)]
Bug 745080: Voting extension causes database deadlocks
Marc Schumann [Sat, 14 Apr 2012 22:02:17 +0000 (00:02 +0200)]
Comment toggling text is not localizable because it's in a .js file.
Marc Schumann [Sat, 14 Apr 2012 16:05:39 +0000 (18:05 +0200)]
Change columns: empty buttons when images turned off.
projects / thirdparty / bugzilla.git / log
