]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Frédéric Buclin [Tue, 22 Dec 2015 15:45:27 +0000 (16:45 +0100)]
Update release notes
Frédéric Buclin [Fri, 11 Dec 2015 18:49:01 +0000 (19:49 +0100)]
Release notes for Bugzilla 4.2.16
David Lawrence [Fri, 11 Sep 2015 19:08:11 +0000 (15:08 -0400)]
Updated taskgraph.json to fix CI testing
David Lawrence [Thu, 10 Sep 2015 21:06:33 +0000 (17:06 -0400)]
Bumped version post-release
David Lawrence [Thu, 10 Sep 2015 17:39:57 +0000 (13:39 -0400)]
Bump version to 4.2.15
Byron Jones ‹:glob› [Thu, 10 Sep 2015 17:25:01 +0000 (13:25 -0400)]
Bug
1202447 : [SECURITY] The email address is not properly validated during registration if longer than 127 characters
r=LpSolit,a=justdave
Frédéric Buclin [Wed, 9 Sep 2015 22:04:07 +0000 (00:04 +0200)]
Bug
1202465 : Release notes for Bugzilla 4.2.15
r=dkl
Frédéric Buclin [Fri, 19 Jun 2015 22:53:58 +0000 (00:53 +0200)]
Bug
1175211 : CGI 4.14 no longer exports SERVER_PUSH(), making buglist.cgi to crash with Gecko-based browsers
r=dkl a=glob
David Lawrence [Wed, 15 Apr 2015 19:32:12 +0000 (20:32 +0100)]
Bump version post-release
David Lawrence [Wed, 15 Apr 2015 15:59:02 +0000 (16:59 +0100)]
Bumped version to 4.2.14
David Lawrence [Wed, 15 Apr 2015 03:08:22 +0000 (04:08 +0100)]
Bug
1154319 : Release notes for 4.2.14
r=LpSolit,a=dkl
Matt Tyson [Tue, 14 Apr 2015 23:41:13 +0000 (01:41 +0200)]
Bug
1154099 : Bug.get_bugs and Bug.get_history are missing from PUBLIC_METHODS (for backwards compatibility)
r=LpSolit a=glob
Frédéric Buclin [Mon, 13 Apr 2015 23:45:37 +0000 (01:45 +0200)]
Bug
1087400 : CGI 4.05 throws tons of "CGI::param called in list context" warnings
r=glob a=justdave
Frédéric Buclin [Mon, 13 Apr 2015 23:23:06 +0000 (01:23 +0200)]
Bug
1001846 : When editing cc_accessible using Bug.update, the method sometimes returns is_cc_accessible and sometimes cc_accessible as being changed
r=dkl a=justdave
Simon Green [Mon, 13 Apr 2015 20:29:33 +0000 (21:29 +0100)]
Bug
1151290 : It is possible to tell if someone made a private comment on a bug even if you are not an 'insider'
r=dkl,a=glob
Frédéric Buclin [Mon, 16 Mar 2015 17:20:32 +0000 (18:20 +0100)]
Bug
1137669 : 003safesys.t doesn't test any file due to a missing -T argument
r=dylan a=glob
David Lawrence [Tue, 3 Mar 2015 20:01:39 +0000 (15:01 -0500)]
(TaskCluster) Allow retrieval of the selenium.log for Selenium tests
David Lawrence [Tue, 24 Feb 2015 23:27:10 +0000 (23:27 +0000)]
Intial checking of taskgraph.json for TaskCluster CI
David Lawrence [Tue, 17 Feb 2015 02:32:59 +0000 (21:32 -0500)]
- Force use of PostgreSQL 9.1
Frédéric Buclin [Wed, 28 Jan 2015 16:07:58 +0000 (17:07 +0100)]
Fix typo
David Lawrence [Tue, 27 Jan 2015 20:10:52 +0000 (20:10 +0000)]
Bump version post-release
David Lawrence [Tue, 27 Jan 2015 15:55:13 +0000 (15:55 +0000)]
Bump version to 4.2.13
David Lawrence [Tue, 27 Jan 2015 15:39:11 +0000 (15:39 +0000)]
Bug
1125188 : Release notes for 4.2.13
r=justdave,a=dkl
David Lawrence [Fri, 23 Jan 2015 17:26:58 +0000 (17:26 +0000)]
Bug
1124716 : regression caused by bug
1090275 to whitelist webservice methods causes test failures with t/012throwables.t
r=dylan,a=glob
David Lawrence [Wed, 21 Jan 2015 22:31:06 +0000 (22:31 +0000)]
Bump version post-release
David Lawrence [Wed, 21 Jan 2015 21:12:27 +0000 (21:12 +0000)]
Bumped version to 4.2.12
David Lawrence [Wed, 21 Jan 2015 20:41:58 +0000 (20:41 +0000)]
Bug
1090275 : WebServices modules should maintain a whitelist of methods that are allowed instead of allowing access to any function imported into its namespace
r=dylan,a=glob
Gervase Markham [Wed, 21 Jan 2015 20:26:39 +0000 (20:26 +0000)]
Bug
1079065 : [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dylan,a=simon
David Lawrence [Mon, 19 Jan 2015 20:35:10 +0000 (20:35 +0000)]
Bug
1118985 : Release notes for 4.2.12
r=LpSolit,a=glob
Frédéric Buclin [Mon, 5 Jan 2015 18:32:57 +0000 (19:32 +0100)]
Bug
1085182 : Bugzilla::Bug->check must check that a bug ID is defined when it gets a hashref
r=dkl a=glob
Gervase Markham [Thu, 11 Dec 2014 15:15:59 +0000 (15:15 +0000)]
Revert "Bug
1082106 - avoid problem where ->bz_add_columns creates a foreign key constraint causing failure in checksetup.pl when it tries to re-add it later. r,a=glob"
This reverts commit
3c0c6a5b72e342e79b99fc2f33b4b14dd3a3caec .
David Lawrence [Thu, 11 Dec 2014 15:15:10 +0000 (15:15 +0000)]
Bug
1082106 - avoid problem where ->bz_add_columns creates a foreign key constraint causing failure in checksetup.pl when it tries to re-add it later. r,a=glob
Frédéric Buclin [Wed, 19 Nov 2014 17:26:34 +0000 (18:26 +0100)]
Bug
1097798 : Do not display the resolution in the dependency tree for open bugs, nor the target milestone if usetargetmilestone is off
r=dkl a=glob
Byron Jones [Thu, 16 Oct 2014 07:31:48 +0000 (15:31 +0800)]
Bug
1082887 : comments made when setting a flag from the attachment details page are not included in the "flag updated" email
r=dkl,a=glob
David Lawrence [Mon, 6 Oct 2014 18:34:00 +0000 (18:34 +0000)]
Bump version post-release
David Lawrence [Mon, 6 Oct 2014 15:21:27 +0000 (15:21 +0000)]
Bump version to 4.2.11
Simon Green [Mon, 6 Oct 2014 15:01:03 +0000 (15:01 +0000)]
Bug
1054702 : CSV export vulnerable to formulae injection
r=glob,a=glob
Simon Green [Mon, 6 Oct 2014 14:42:40 +0000 (14:42 +0000)]
Bug
1064140 : [SECURITY] Private comments can be shown to flagmail recipients who aren't in the insider group
r=glob,a=glob
Frédéric Buclin [Mon, 6 Oct 2014 14:34:26 +0000 (14:34 +0000)]
Bug
1074980 : Forbid the { foo => $cgi->param() } syntax to prevent data override
r=dkl,a=sgreen
Frédéric Buclin [Mon, 6 Oct 2014 14:25:06 +0000 (14:25 +0000)]
Bug
1075578 : [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
David Lawrence [Mon, 6 Oct 2014 14:14:47 +0000 (14:14 +0000)]
Bug
1072492 : Release notes for 4.2.11
r=LpSolit,a=sgreen
David Lawrence [Thu, 24 Jul 2014 21:40:52 +0000 (21:40 +0000)]
Bump version post-release
David Lawrence [Thu, 24 Jul 2014 17:29:05 +0000 (17:29 +0000)]
Bump to version 4.2.10 (corrected)
Simon Green [Thu, 24 Jul 2014 17:26:23 +0000 (17:26 +0000)]
Bug
1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability
r=glob,a=sgreen
David Lawrence [Thu, 24 Jul 2014 16:56:58 +0000 (16:56 +0000)]
Bump version to 4.2.10
David Lawrence [Thu, 24 Jul 2014 16:40:20 +0000 (16:40 +0000)]
Bug
1042088 - Release notes for 4.2.10
r=glob
David Lawrence [Thu, 15 May 2014 21:44:03 +0000 (21:44 +0000)]
Bug
1011250 - Updates IRC notification text to include commit message and also send to #bugzilla
David Lawrence [Thu, 15 May 2014 02:49:10 +0000 (02:49 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Wed, 14 May 2014 20:49:21 +0000 (16:49 -0400)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Thu, 8 May 2014 20:38:41 +0000 (20:38 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Wed, 7 May 2014 16:15:25 +0000 (16:15 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Fri, 2 May 2014 20:33:58 +0000 (20:33 +0000)]
Bug 995209 - Create a Build.PL script using Module::Build for testing/installing/packaging of Bugzilla code
David Lawrence [Fri, 2 May 2014 15:59:42 +0000 (15:59 +0000)]
Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci
David Lawrence [Thu, 1 May 2014 20:56:44 +0000 (20:56 +0000)]
Bug 995209 - Create a Build.PL script using Module::Build for testing/installing/packaging of Bugzilla code
David Lawrence [Mon, 21 Apr 2014 21:05:14 +0000 (21:05 +0000)]
Bumped version post-release
David Lawrence [Fri, 18 Apr 2014 22:12:01 +0000 (22:12 +0000)]
Bump version to 4.2.9
Frédéric Buclin [Fri, 18 Apr 2014 21:49:16 +0000 (23:49 +0200)]
Bug 998484: Release notes for Bugzilla 4.2.9
David Lawrence [Fri, 18 Apr 2014 21:03:43 +0000 (21:03 +0000)]
Bug 998323 - URLs pasted in comments are no longer displayed
David Lawrence [Thu, 17 Apr 2014 21:26:58 +0000 (21:26 +0000)]
Bumped version post-release
David Lawrence [Thu, 17 Apr 2014 17:13:45 +0000 (17:13 +0000)]
Bump version to 4.2.8
Manish Goregaokar [Thu, 17 Apr 2014 16:37:11 +0000 (18:37 +0200)]
Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text
Frédéric Buclin [Tue, 15 Apr 2014 21:53:26 +0000 (23:53 +0200)]
Bug 996168: Release notes for Bugzilla 4.2.8
David Lawrence [Fri, 14 Mar 2014 18:16:05 +0000 (18:16 +0000)]
Copied over .bzrignore to .gitignore
Frédéric Buclin [Sat, 21 Dec 2013 16:45:40 +0000 (17:45 +0100)]
Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method
Frédéric Buclin [Thu, 5 Dec 2013 22:43:34 +0000 (23:43 +0100)]
Bug 942599: Documentation about possible_duplicates() lists 'products' as argument instead of 'product'
Frédéric Buclin [Mon, 2 Dec 2013 16:07:30 +0000 (17:07 +0100)]
Bug 938300: vers_cmp() incorrectly compares module versions
Frédéric Buclin [Mon, 2 Dec 2013 16:00:20 +0000 (17:00 +0100)]
Bug 781672: checksetup.pl fails to check the version of the latest Apache2::SizeLimit release (it throws "Invalid version format (non-numeric data)")
Frédéric Buclin [Thu, 14 Nov 2013 17:01:14 +0000 (18:01 +0100)]
Bug 938161: sql_date_format() method for SQLite has an incorrect default format
Frédéric Buclin [Wed, 13 Nov 2013 15:18:48 +0000 (16:18 +0100)]
Bug 843457: PROJECT environment variable is not honored when mod_perl is enabled
Dave Lawrence [Thu, 17 Oct 2013 15:10:35 +0000 (11:10 -0400)]
Bump version post-release
Dave Lawrence [Wed, 16 Oct 2013 20:36:32 +0000 (16:36 -0400)]
Bump version to 4.2.7
Frédéric Buclin [Wed, 16 Oct 2013 17:26:25 +0000 (19:26 +0200)]
Bug 924932: (CVE-2013-1743) [SECURITY] Field values are (still) not escaped correctly in tabular reports
Frédéric Buclin [Wed, 16 Oct 2013 17:19:12 +0000 (19:19 +0200)]
Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized when editing flag types if categoryAction-foo is set
Frédéric Buclin [Wed, 16 Oct 2013 17:08:20 +0000 (19:08 +0200)]
Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachments
Dave Lawrence [Wed, 16 Oct 2013 16:27:00 +0000 (12:27 -0400)]
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
Dave Lawrence [Wed, 16 Oct 2013 16:14:11 +0000 (12:14 -0400)]
Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
Dave Lawrence [Wed, 16 Oct 2013 16:05:10 +0000 (12:05 -0400)]
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
Frédéric Buclin [Fri, 11 Oct 2013 22:13:42 +0000 (00:13 +0200)]
Bug 912640: Release notes for Bugzilla 4.2.7
Frédéric Buclin [Thu, 26 Sep 2013 23:22:30 +0000 (01:22 +0200)]
Bug 914262: KHTML-based browsers such as Konqueror do not support the Server-Push technology
Jiří Netolický [Mon, 23 Sep 2013 15:44:20 +0000 (17:44 +0200)]
Bug 919475: [Oracle] Crash when non-mandatory free text custom fields are left empty on bug creation
Mateusz Kuśmierczyk [Tue, 3 Sep 2013 09:45:44 +0000 (11:45 +0200)]
Bug 848063: [Oracle] importxml.pl fails with ORA-01830: comment timestamps are not correctly formatted
Frédéric Buclin [Sat, 10 Aug 2013 00:45:28 +0000 (02:45 +0200)]
Back out bug 868330 for the 4.2 branch. This is not a security fix
Frédéric Buclin [Fri, 9 Aug 2013 09:30:58 +0000 (11:30 +0200)]
Bug 902515: Internet Explorer 11 receives multipart/x-mixed-replace content from buglist.cgi
Sunil Joshi [Fri, 9 Aug 2013 04:02:41 +0000 (14:02 +1000)]
Bug 868330 - Password creation directions incomplete
Simon Green [Fri, 9 Aug 2013 03:57:38 +0000 (13:57 +1000)]
Bug 897264 - letters_numbers_specialchars password restriction is incorrect
Sunil Joshi [Wed, 7 Aug 2013 05:29:13 +0000 (15:29 +1000)]
Bug 901620 - Grammar error in the documentation
Dave Lawrence [Wed, 24 Jul 2013 14:19:05 +0000 (10:19 -0400)]
Bug 880653 - Add POD for Bug.possible_duplicates webservice
Dave Lawrence [Mon, 15 Jul 2013 03:47:22 +0000 (23:47 -0400)]
Bug 787328 - xmlrpc.cgi doesn't send any security-related headers
Dave Lawrence [Wed, 22 May 2013 20:09:47 +0000 (16:09 -0400)]
Bump version post-release
Dave Lawrence [Wed, 22 May 2013 18:46:58 +0000 (14:46 -0400)]
Bump version to 4.2.6
Byron Jones [Wed, 22 May 2013 17:03:13 +0000 (01:03 +0800)]
Bug 828344: add missing xt broken tests
Byron Jones [Mon, 20 May 2013 17:54:06 +0000 (01:54 +0800)]
Bug 828344: "contains all of the words" no longer looks for all words within the same comment or flag
Frédéric Buclin [Sat, 18 May 2013 14:06:25 +0000 (16:06 +0200)]
Bug 870701: Release notes for Bugzilla 4.2.6
Frédéric Buclin [Sun, 5 May 2013 21:35:46 +0000 (23:35 +0200)]
Bug 212471: Tabular reports do not link bug counts involving the empty resolution correctly
Dave Lawrence [Fri, 3 May 2013 22:23:50 +0000 (18:23 -0400)]
Bug 859118 - Bug.search called with no arguments returns all visible bugs, ignoring max_search_results and search_allow_no_criteria
Frédéric Buclin [Sun, 28 Apr 2013 11:51:50 +0000 (13:51 +0200)]
Bug 848635: Old queries based on tags are no longer listed in the page footer by default when upgrading from 4.0 or older to 4.2
Frédéric Buclin [Sun, 28 Apr 2013 11:40:12 +0000 (13:40 +0200)]
Bug 858909: When running checksetup.pl for the first time using Oracle as DB server, you get an "uninitialized value" warning
Frédéric Buclin [Wed, 17 Apr 2013 23:26:19 +0000 (01:26 +0200)]
Bug 858911: Oracle fails with "ORA-04043: object T_GROUP_CONCAT does not exist" when installing Bugzilla for the first time
Byron Jones [Wed, 17 Apr 2013 17:38:22 +0000 (01:38 +0800)]
revert commit for bug 828344
Byron Jones [Wed, 17 Apr 2013 17:18:03 +0000 (01:18 +0800)]
Bug 828344: Make "contains all of the words" look for all words within the same comment or flag
projects / thirdparty / bugzilla.git / log
