]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Simon Green [Thu, 17 May 2012 13:23:35 +0000 (15:23 +0200)]
Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are not escaped correctly in SAFE_URL_REGEXP
Håkan Jerning [Mon, 7 May 2012 19:09:42 +0000 (21:09 +0200)]
Bug 744338: jobqueue.pl won't work if not called from the bugzilla/ root directory
Byron Jones [Mon, 30 Apr 2012 06:41:43 +0000 (14:41 +0800)]
Bug 749074: Throw an error message instead of syntax error on invalid search type operators
Dave Lawrence [Wed, 18 Apr 2012 22:29:24 +0000 (15:29 -0700)]
Bumping the version post-release
Dave Lawrence [Wed, 18 Apr 2012 18:02:35 +0000 (11:02 -0700)]
Bump version to 4.2.1
Frédéric Buclin [Wed, 18 Apr 2012 17:00:42 +0000 (19:00 +0200)]
Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see
Frédéric Buclin [Wed, 18 Apr 2012 16:47:02 +0000 (18:47 +0200)]
Bug 728639: (CVE-2012-0465) [SECURITY] User lockout policy can be bypassed by altering the X-FORWARDED-FOR header
Frédéric Buclin [Wed, 18 Apr 2012 14:49:57 +0000 (16:49 +0200)]
Bug 746547: SMALLSERIAL is of type INT2, not INT1
Frédéric Buclin [Tue, 17 Apr 2012 19:24:18 +0000 (21:24 +0200)]
Bug 741078: Update relnotes for 4.2.1
Frédéric Buclin [Tue, 17 Apr 2012 19:11:20 +0000 (21:11 +0200)]
Bug 745197: Add a hook in Bugzilla::Error::_throw_error() so that extensions can control the way to throw errors
Frédéric Buclin [Tue, 17 Apr 2012 18:41:05 +0000 (20:41 +0200)]
Bug 745320: Shared queries do not work when tags are part of the query
Frédéric Buclin [Tue, 17 Apr 2012 00:15:59 +0000 (02:15 +0200)]
Bug 745080: Voting extension causes database deadlocks
Marc Schumann [Sat, 14 Apr 2012 22:02:17 +0000 (00:02 +0200)]
Comment toggling text is not localizable because it's in a .js file.
Marc Schumann [Sat, 14 Apr 2012 16:05:39 +0000 (18:05 +0200)]
Change columns: empty buttons when images turned off.
Frédéric Buclin [Fri, 13 Apr 2012 15:48:43 +0000 (17:48 +0200)]
Move doc of the admin_editusers_action hook at its right place
Frédéric Buclin [Thu, 12 Apr 2012 18:58:30 +0000 (20:58 +0200)]
Bug 741078: Release notes for Bugzilla 4.2.1
Frédéric Buclin [Thu, 12 Apr 2012 18:44:59 +0000 (20:44 +0200)]
Bug 737436: Relative dates do not work correctly with the deadline field
Dave Lawrence [Thu, 12 Apr 2012 18:00:11 +0000 (14:00 -0400)]
Bug 744823 - Deadline throws error when selected in change history field list in query.cgi when not in time tracking group
Frédéric Buclin [Thu, 12 Apr 2012 15:12:40 +0000 (17:12 +0200)]
Fix typo
Marc Schumann [Wed, 11 Apr 2012 19:50:54 +0000 (21:50 +0200)]
If you're not allowed to change status or resolution, their values are being displayed unlocalized.
Frédéric Buclin [Wed, 11 Apr 2012 15:23:59 +0000 (17:23 +0200)]
Bug 663377: Quicksearch using "status:" field doesn't work--it is defeated by the default status selection
Frédéric Buclin [Wed, 11 Apr 2012 15:04:04 +0000 (17:04 +0200)]
Bug 734997: The 'take' link for the assignee field doesn't work when usemenuforusers is turned on
rojanu [Tue, 10 Apr 2012 18:36:46 +0000 (20:36 +0200)]
Bug 743991: Need a new hook to update Bugzilla::Search::COLUMN_JOINS
Frédéric Buclin [Wed, 4 Apr 2012 18:02:50 +0000 (20:02 +0200)]
Bug 58179: End date not included in the Search By Change History section
Marc Schumann [Sat, 31 Mar 2012 12:56:53 +0000 (14:56 +0200)]
Search for start-of-time-interval in date fields is (partially?) broken.
Frédéric Buclin [Thu, 29 Mar 2012 22:27:12 +0000 (00:27 +0200)]
Fix bustage: Perl 5.8.x doesn't understand \g1 in regexp (must use \1 instead)
Frédéric Buclin [Thu, 29 Mar 2012 17:56:41 +0000 (19:56 +0200)]
Bug 554819: Quicksearch should be using Text::ParseWords instead of custom code in splitString
Tiago Mello [Wed, 28 Mar 2012 14:47:59 +0000 (09:47 -0500)]
Bug 735821: Fix broken HTML code in bugmail.html.tmpl.
Frédéric Buclin [Tue, 27 Mar 2012 22:32:52 +0000 (00:32 +0200)]
Bug 730984: A single whitespace in the Status Whiteboard field generates an invalid SQL query
Francisco Donalisio [Mon, 26 Mar 2012 21:10:18 +0000 (17:10 -0400)]
Bug 734471 - Need new hook edituser search template
Gervase Markham [Mon, 26 Mar 2012 11:11:16 +0000 (12:11 +0100)]
Add hooks for alternative login methods. r,a=LpSolit.
Matt Selsky [Thu, 22 Mar 2012 18:55:41 +0000 (19:55 +0100)]
Bug 733458: The "creator" argument is listed twice for the Bug.search WebService method
Frédéric Buclin [Sat, 17 Mar 2012 13:12:05 +0000 (14:12 +0100)]
Fix bustage: Bugzilla -> terms.Bugzilla
Frédéric Buclin [Sat, 17 Mar 2012 13:03:21 +0000 (14:03 +0100)]
Bug 736057: Add to the release notes that |FILTER url_quote| has been replaced by |FILTER uri|
Marc Schumann [Sat, 10 Mar 2012 16:07:30 +0000 (17:07 +0100)]
Tabular reports' column headers do not use display_value.
Frédéric Buclin [Sat, 10 Mar 2012 15:09:45 +0000 (16:09 +0100)]
Bug 730032: The documentation must mention bzr instead of cvs in the "Upgrading to New Releases" section
Frédéric Buclin [Sat, 10 Mar 2012 15:05:44 +0000 (16:05 +0100)]
Bug 731163: Search.pm can use undefined alias in ORDER BY clause
Dave Lawrence [Fri, 9 Mar 2012 20:11:57 +0000 (15:11 -0500)]
Fixed comma in documentation
Francisco Donalisio [Fri, 9 Mar 2012 20:10:17 +0000 (15:10 -0500)]
Bug 730794 - Need new hook edituser page
Frédéric Buclin [Tue, 6 Mar 2012 21:24:54 +0000 (22:24 +0100)]
Fix bustage
Frédéric Buclin [Tue, 6 Mar 2012 21:11:17 +0000 (22:11 +0100)]
Bug 545610: Correctly parse CGI parameters, especially when using mod_perl
Frédéric Buclin [Tue, 6 Mar 2012 21:05:20 +0000 (22:05 +0100)]
Bug 731323: Wrong URLs in the "Total" row at the bottom of tabular reports when JS is enabled and a user field is used for the vertical axis
Frédéric Buclin [Sat, 3 Mar 2012 15:00:27 +0000 (16:00 +0100)]
Bug 731586: Email notifications about status changes in blockers are incorrectly formatted
Emmanuel Seyman [Thu, 1 Mar 2012 22:52:38 +0000 (17:52 -0500)]
Bug 731725 - In the documentation license, the address of the FSF is incorrect
Byron Jones [Wed, 29 Feb 2012 04:51:35 +0000 (12:51 +0800)]
Bug 731219: Fix XMLRPC breakage when content-type contains a charset
Frédéric Buclin [Tue, 28 Feb 2012 22:28:17 +0000 (23:28 +0100)]
Bug 695514: Slow performance in field-events.js.tmpl on show_bug.cgi with large number of products
Frédéric Buclin [Tue, 28 Feb 2012 08:22:03 +0000 (09:22 +0100)]
Bug 731055: get_enterable_products() is very slow when a product has many components or versions
Frédéric Buclin [Mon, 27 Feb 2012 14:10:45 +0000 (15:10 +0100)]
Bug 730598: Running checksetup.pl twice deletes the DEFAULT value of the bug_see_also.class column
Matt Selsky [Sun, 26 Feb 2012 11:52:49 +0000 (12:52 +0100)]
Bug 714030: Add Mac OS 10.7 Lion detection
Matt Selsky [Sun, 26 Feb 2012 11:51:11 +0000 (12:51 +0100)]
Bug 714368: Add Windows 8 detection
Michal 'hramrach' Suchanek [Sat, 25 Feb 2012 14:19:07 +0000 (15:19 +0100)]
Bug 696352: Required fields have broken colors
Frédéric Buclin [Sat, 25 Feb 2012 14:08:23 +0000 (15:08 +0100)]
Bug 730552: HTML markup validation: unescaped "&" in CSV link on buglist.cgi
Dave Lawrence [Wed, 22 Feb 2012 20:32:45 +0000 (15:32 -0500)]
Updated docs for stable release
Dave Lawrence [Wed, 22 Feb 2012 15:46:48 +0000 (10:46 -0500)]
Bumped version number post-release
Dave Lawrence [Wed, 22 Feb 2012 15:42:43 +0000 (10:42 -0500)]
Bumped version to 4.2
Dave Lawrence [Wed, 22 Feb 2012 15:38:20 +0000 (10:38 -0500)]
Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC API when using mod_perl
Matt Selsky [Sun, 19 Feb 2012 23:26:01 +0000 (00:26 +0100)]
Bug 718283: Indentation and newlines in the "Descriptive text sent within whine message" are ignored in HTML whinemail
Frédéric Buclin [Thu, 16 Feb 2012 17:32:19 +0000 (18:32 +0100)]
Bug 723944: Plain-text only emails are mangled when they contain non-ASCII characters
Marc Schumann [Wed, 15 Feb 2012 17:52:57 +0000 (18:52 +0100)]
Test 1 fails if PERLLIB contains paths with whitespace.
Dave Lawrence [Wed, 15 Feb 2012 15:59:08 +0000 (10:59 -0500)]
Bug 724464 - JSON-RPC support shouldn't require SOAP::Lite
Frédéric Buclin [Wed, 15 Feb 2012 15:26:34 +0000 (16:26 +0100)]
Bug 722113: The profile_search table has a wrong index name
Frédéric Buclin [Tue, 14 Feb 2012 22:02:15 +0000 (23:02 +0100)]
Bug 727240: The POD for Bug.attachments is wrong about the format of the returned data
Frédéric Buclin [Wed, 8 Feb 2012 15:51:48 +0000 (16:51 +0100)]
Bug 722161: Clickjacking is possible in "View All" with HTML attachments
Dave Lawrence [Tue, 31 Jan 2012 23:51:03 +0000 (18:51 -0500)]
Bump the version number post-release
Dave Lawrence [Tue, 31 Jan 2012 16:50:42 +0000 (11:50 -0500)]
Bumped to version 4.2rc2
Frédéric Buclin [Tue, 31 Jan 2012 16:01:20 +0000 (17:01 +0100)]
(CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can lead to CSRF (no victim's action required)
Frédéric Buclin [Tue, 31 Jan 2012 15:39:50 +0000 (16:39 +0100)]
Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email addresses, which could allow an attacker to be CC'ed to private bugs by accident
Frédéric Buclin [Tue, 31 Jan 2012 12:04:49 +0000 (13:04 +0100)]
Bug 714446: Product.create default behavior is broken and inconsistent with POD
Dave Lawrence [Fri, 27 Jan 2012 22:07:47 +0000 (17:07 -0500)]
Bug 720756 - Update release notes for Bugzilla 4.2rc2
Frédéric Buclin [Fri, 27 Jan 2012 21:28:45 +0000 (22:28 +0100)]
Bug 721715: URLs in the See Also field must be detainted before inserted into the DB
Tiago Mello [Thu, 26 Jan 2012 00:47:17 +0000 (22:47 -0200)]
Fix bustage due to bug 715514.
Simon Green [Wed, 25 Jan 2012 20:14:08 +0000 (18:14 -0200)]
Bug 717217: The regexp in Bugzilla::BugUrl::JIRA::should_handle() isn't
Matt Selsky [Wed, 25 Jan 2012 20:06:17 +0000 (18:06 -0200)]
Bug 715514: Fix showdependencytree misleading in "hide resolved" view
Frédéric Buclin [Tue, 24 Jan 2012 22:21:43 +0000 (23:21 +0100)]
Bug 718183: Rename duplicated series names before inserting the new index in the series table
Frédéric Buclin [Tue, 24 Jan 2012 17:41:55 +0000 (18:41 +0100)]
Bug 715870: [Oracle] Related sequences and triggers must be removed when dropping a table
Max Kanat-Alexander [Tue, 24 Jan 2012 17:09:59 +0000 (18:09 +0100)]
Bug 633061: Require Apache2::SizeLimit 0.96 for proper operation on Linux
Matt Selsky [Sat, 21 Jan 2012 11:04:42 +0000 (12:04 +0100)]
Bug 469068: SMTP parameters not documented
Tiago Mello [Wed, 18 Jan 2012 21:32:46 +0000 (19:32 -0200)]
Bug 718905: Move user_preferences hook up, before other actions in userprefs.cgi
Dave Lawrence [Thu, 12 Jan 2012 22:16:46 +0000 (17:16 -0500)]
Bug 715731 - profile_search.user_id should have a FK pointing to profiles.userid
Simon Green [Wed, 11 Jan 2012 23:13:05 +0000 (00:13 +0100)]
Bug 717215: Remove references to url_quote filter
Frédéric Buclin [Wed, 11 Jan 2012 23:08:11 +0000 (00:08 +0100)]
Bug 715902: Do not log personal common activities in audit_log
Simon Green [Wed, 11 Jan 2012 20:13:42 +0000 (21:13 +0100)]
Bug 717210: If all attachments are stored locally (maxattachmentsize = 0, maxlocalattachment > 0), the link to attach files to bugs is not displayed
A. Shimono [Wed, 11 Jan 2012 12:21:58 +0000 (13:21 +0100)]
Bug 591638: In the admin page, the link to edit field values is named 'Field Values', not 'Legal Values'
Dave Lawrence [Wed, 11 Jan 2012 05:38:13 +0000 (00:38 -0500)]
Bug 715650 - User auto-completion does not work in request.cgi for requester and requestee as expected
Frédéric Buclin [Tue, 10 Jan 2012 23:00:53 +0000 (00:00 +0100)]
Bug 716227: When checksetup.pl tells the admin that he should edit variables in localconfig, the message should be red
Frédéric Buclin [Mon, 9 Jan 2012 23:53:33 +0000 (00:53 +0100)]
Bug 716283: Clickjacking in the attachment "Details" page allows to bypass token checks
Frédéric Buclin [Fri, 6 Jan 2012 18:12:19 +0000 (19:12 +0100)]
Bug 706753 about JSON::RPC 1.01 is now fixed
Matt Selsky [Fri, 6 Jan 2012 10:55:36 +0000 (11:55 +0100)]
Bug 695294: The See Also field is not visible in "Format for Printing"
Matt Selsky [Fri, 6 Jan 2012 10:01:08 +0000 (11:01 +0100)]
Bug 319684: The documentation is unclear about how to disable quips
Matt Selsky [Fri, 6 Jan 2012 09:47:23 +0000 (10:47 +0100)]
Bug 641957: The documentation should mention that the voting system is now an extension
Frédéric Buclin [Fri, 6 Jan 2012 09:32:11 +0000 (10:32 +0100)]
Bug 715705: User auto-completion doesn't work for watched users in the email prefs tab
Frédéric Buclin [Thu, 5 Jan 2012 23:58:18 +0000 (00:58 +0100)]
Bug 714664: The content of the "emailregexpdesc" parameter is not escaped when displayed to the user
Frédéric Buclin [Thu, 5 Jan 2012 00:44:40 +0000 (01:44 +0100)]
Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due to non-backward compatibility
Dave Lawrence [Thu, 29 Dec 2011 17:59:37 +0000 (12:59 -0500)]
Bump the version number post-release
Dave Lawrence [Wed, 28 Dec 2011 23:15:03 +0000 (18:15 -0500)]
Bump version for 4.2rc1
Frédéric Buclin [Wed, 28 Dec 2011 22:15:49 +0000 (23:15 +0100)]
Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account
Byron Jones [Wed, 28 Dec 2011 22:03:56 +0000 (17:03 -0500)]
Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode
Frédéric Buclin [Wed, 28 Dec 2011 20:57:35 +0000 (21:57 +0100)]
user_autocompletion -> ajax_user_autocompletion
Frédéric Buclin [Wed, 28 Dec 2011 20:20:04 +0000 (21:20 +0100)]
Bug 713346: Release notes for Bugzilla 4.2rc1
Frédéric Buclin [Wed, 28 Dec 2011 11:09:29 +0000 (12:09 +0100)]
Bug 713144: The SQL query to remove older searches from the profile_search table should be more robust
projects / thirdparty / bugzilla.git / log
