]>
git.ipfire.org Git - thirdparty/bugzilla.git/log
Christopher Trom [Tue, 9 Apr 2013 10:30:30 +0000 (12:30 +0200)]
Bug 355620: Lines enclosed in <simplelist> do not wrap in the PDF version of the Bugzilla Guide
Dave Lawrence [Wed, 20 Feb 2013 01:11:38 +0000 (20:11 -0500)]
Bump version post-release
Dave Lawrence [Tue, 19 Feb 2013 18:39:59 +0000 (13:39 -0500)]
Bumped current year
Dave Lawrence [Tue, 19 Feb 2013 17:58:10 +0000 (12:58 -0500)]
Un-bump version temporarily
Dave Lawrence [Tue, 19 Feb 2013 17:34:54 +0000 (12:34 -0500)]
Bump version prior to release
Dave Lawrence [Tue, 19 Feb 2013 17:33:00 +0000 (12:33 -0500)]
Bump version to 3.6.13
Frédéric Buclin [Tue, 19 Feb 2013 17:30:33 +0000 (18:30 +0100)]
Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an invalid page format
Simon Green [Tue, 19 Feb 2013 17:17:48 +0000 (18:17 +0100)]
Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence of products and components you cannot access
Frédéric Buclin [Mon, 18 Feb 2013 16:26:23 +0000 (17:26 +0100)]
Bug 832266: Release notes for Bugzilla 3.6.13
Dave Lawrence [Tue, 13 Nov 2012 23:27:55 +0000 (18:27 -0500)]
Bump version post-release
Dave Lawrence [Tue, 13 Nov 2012 19:53:36 +0000 (14:53 -0500)]
Bump version to 3.6.12
Frédéric Buclin [Tue, 13 Nov 2012 17:25:25 +0000 (18:25 +0100)]
Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsolete can disclose its description
Frédéric Buclin [Tue, 13 Nov 2012 17:11:32 +0000 (18:11 +0100)]
Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and component names that the user is not allowed to see
Frédéric Buclin [Fri, 2 Nov 2012 12:57:58 +0000 (13:57 +0100)]
Fix typo
Koosha Khajeh Moogahi [Fri, 2 Nov 2012 12:49:37 +0000 (13:49 +0100)]
Bug 807937: Fix POD
Frédéric Buclin [Tue, 30 Oct 2012 21:23:25 +0000 (22:23 +0100)]
Bug 805650: Release notes for Bugzilla 3.6.12
Frédéric Buclin [Sat, 13 Oct 2012 21:24:06 +0000 (23:24 +0200)]
Fix typo
Reed Loden [Tue, 11 Sep 2012 19:17:48 +0000 (12:17 -0700)]
Bug 790215 - Flag names are not properly escaped when displayed on confirm user match page
Dave Lawrence [Thu, 30 Aug 2012 20:23:15 +0000 (16:23 -0400)]
Bumped version post-release
Dave Lawrence [Thu, 30 Aug 2012 19:01:40 +0000 (15:01 -0400)]
Bump version to 3.6.11
Reed Loden [Thu, 30 Aug 2012 18:30:13 +0000 (20:30 +0200)]
Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead to LDAP injection
Frédéric Buclin [Wed, 29 Aug 2012 14:39:53 +0000 (16:39 +0200)]
Bug 786355: Release notes for Bugzilla 3.6.11
Frédéric Buclin [Mon, 27 Aug 2012 18:22:15 +0000 (20:22 +0200)]
Bug 785917: Custom field descriptions are not properly escaped when displayed as bug list column headers
Koosha Khajeh Moogahi [Fri, 3 Aug 2012 16:50:41 +0000 (12:50 -0400)]
Bug 682317 - Bug.create is incorrectly documented as ignoring invalid fields; it should say it produces an error
Dave Lawrence [Thu, 26 Jul 2012 22:45:12 +0000 (18:45 -0400)]
Bumped version post release
Dave Lawrence [Thu, 26 Jul 2012 21:28:22 +0000 (17:28 -0400)]
Bump version to 3.6.10
Frédéric Buclin [Thu, 26 Jul 2012 21:09:32 +0000 (23:09 +0200)]
Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is still visible to unauthorized users when mentioned in a comment
Frédéric Buclin [Thu, 26 Jul 2012 13:53:52 +0000 (15:53 +0200)]
Bug 777676: Release notes for Bugzilla 3.6.10
Koosha Khajeh Moogahi [Wed, 25 Jul 2012 21:38:02 +0000 (17:38 -0400)]
Bug 776103 - Syntax error in Bugzilla::User::Setting API doc
Dave Lawrence [Wed, 18 Apr 2012 22:27:10 +0000 (15:27 -0700)]
Bumping the version post-release
Dave Lawrence [Wed, 18 Apr 2012 17:56:31 +0000 (10:56 -0700)]
Bump version to 3.6.9
Frédéric Buclin [Wed, 18 Apr 2012 17:03:44 +0000 (19:03 +0200)]
Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see
Frédéric Buclin [Wed, 18 Apr 2012 16:53:44 +0000 (18:53 +0200)]
Bug 728639: (CVE-2012-0465) [SECURITY] User lockout policy can be bypassed by altering the X-FORWARDED-FOR header
Frédéric Buclin [Wed, 18 Apr 2012 14:52:39 +0000 (16:52 +0200)]
Bug 746547: SMALLSERIAL is of type INT2, not INT1
Frédéric Buclin [Tue, 17 Apr 2012 19:14:24 +0000 (21:14 +0200)]
Bug 727892: Update relnotes for 3.6.9
Frédéric Buclin [Thu, 12 Apr 2012 19:03:36 +0000 (21:03 +0200)]
Bug 727892: Release notes for Bugzilla 3.6.9
Emmanuel Seyman [Thu, 1 Mar 2012 22:57:20 +0000 (17:57 -0500)]
Bug 731725 - In the documentation license, the address of the FSF is incorrect
Marc Schumann [Wed, 15 Feb 2012 17:54:21 +0000 (18:54 +0100)]
Test 1 fails if PERLLIB contains paths with whitespace.
Frédéric Buclin [Tue, 14 Feb 2012 22:05:41 +0000 (23:05 +0100)]
Bug 727240: The POD for Bug.attachments is wrong about the format of the returned data
Dave Lawrence [Tue, 31 Jan 2012 23:48:27 +0000 (18:48 -0500)]
Bump the version number post-release
Dave Lawrence [Tue, 31 Jan 2012 16:55:44 +0000 (11:55 -0500)]
Bumped to version 3.6.8
Frédéric Buclin [Tue, 31 Jan 2012 16:06:30 +0000 (17:06 +0100)]
Bug 718319: (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can lead to CSRF (no victim's action required)
Frédéric Buclin [Tue, 31 Jan 2012 15:48:13 +0000 (16:48 +0100)]
Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email addresses, which could allow an attacker to be CC'ed to private bugs by accident
Dave Lawrence [Fri, 27 Jan 2012 22:00:44 +0000 (17:00 -0500)]
Bug 720751 - Release notes for Bugzilla 3.6.8
Matt Selsky [Sat, 21 Jan 2012 11:07:42 +0000 (12:07 +0100)]
Bug 469068: SMTP parameters not documented
A. Shimono [Wed, 11 Jan 2012 12:24:41 +0000 (13:24 +0100)]
Bug 591638: In the admin page, the link to edit field values is named 'Field Values', not 'Legal Values'
Matt Selsky [Fri, 6 Jan 2012 10:04:05 +0000 (11:04 +0100)]
Bug 319684: The documentation is unclear about how to disable quips
Frédéric Buclin [Thu, 5 Jan 2012 00:49:15 +0000 (01:49 +0100)]
Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due to non-backward compatibility
Dave Lawrence [Thu, 29 Dec 2011 17:56:52 +0000 (12:56 -0500)]
Bump the version number post-release
Dave Lawrence [Wed, 28 Dec 2011 23:06:15 +0000 (18:06 -0500)]
Bump version for 3.6.7
Frédéric Buclin [Wed, 28 Dec 2011 22:18:06 +0000 (23:18 +0100)]
Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account
Byron Jones [Wed, 28 Dec 2011 21:51:44 +0000 (16:51 -0500)]
Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode
Frédéric Buclin [Mon, 26 Dec 2011 10:42:39 +0000 (11:42 +0100)]
Bug 713344: Release notes for Bugzilla 3.6.7
Frédéric Buclin [Thu, 8 Dec 2011 22:51:30 +0000 (23:51 +0100)]
Bug 707170: Several features about custom fields are missing in the documentation
Matt Selsky [Mon, 5 Dec 2011 21:29:50 +0000 (22:29 +0100)]
Bug 692354: Incorrect parameter type in WebServices documentation for Bug.add_comment
Byron Jones [Mon, 5 Dec 2011 16:44:21 +0000 (00:44 +0800)]
Bug 707594: Fix broken account lockout notifications
Frédéric Buclin [Fri, 2 Dec 2011 16:37:32 +0000 (17:37 +0100)]
Bug 591610: Custom field doc doesn't include 'Bug ID' type
Matt Selsky [Wed, 16 Nov 2011 16:54:03 +0000 (17:54 +0100)]
Bug 531257: Wrong error codes in WebServices documentation
Matt Selsky [Sat, 15 Oct 2011 13:31:53 +0000 (15:31 +0200)]
Bug 691243: Fix typo
Matt Selsky [Sat, 15 Oct 2011 12:40:28 +0000 (14:40 +0200)]
Bug 620694: MySQL is not 'required' RDBMS for Bugzilla
Matt Selsky [Sat, 15 Oct 2011 12:22:28 +0000 (14:22 +0200)]
Bug 445804: Suggested crontab configuration opens security hole
Max Kanat-Alexander [Sat, 6 Aug 2011 00:15:14 +0000 (17:15 -0700)]
Bump the version number post-release.
Max Kanat-Alexander [Fri, 5 Aug 2011 00:09:08 +0000 (17:09 -0700)]
Bump version number for 3.6.6.
Byron Jones [Thu, 4 Aug 2011 20:48:15 +0000 (22:48 +0200)]
Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts user-modifiable field for obtaining current e-mail address
Byron Jones [Thu, 4 Aug 2011 20:37:08 +0000 (22:37 +0200)]
Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause XSS on this domain in IE 6-8 and Safari
Frédéric Buclin [Thu, 4 Aug 2011 20:24:57 +0000 (22:24 +0200)]
Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are not deleted on Windows
Frédéric Buclin [Thu, 4 Aug 2011 20:13:15 +0000 (22:13 +0200)]
Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug
Frédéric Buclin [Thu, 4 Aug 2011 19:24:00 +0000 (12:24 -0700)]
Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containing newline are corrupt
Frédéric Buclin [Tue, 2 Aug 2011 22:57:12 +0000 (00:57 +0200)]
Bug 675752: Release notes for Bugzilla 3.6.6
Byron Jones [Fri, 29 Apr 2011 05:41:35 +0000 (13:41 +0800)]
Bug 653406: fix escaping of url vars in error messages
Max Kanat-Alexander [Thu, 28 Apr 2011 03:52:24 +0000 (20:52 -0700)]
Bump the version number post-release.
Max Kanat-Alexander [Thu, 28 Apr 2011 02:15:45 +0000 (19:15 -0700)]
Bump version number for 3.6.5.
Max Kanat-Alexander [Thu, 28 Apr 2011 00:24:00 +0000 (17:24 -0700)]
Bug 653274 - Release Notes for Bugzilla 3.6.5
Max Kanat-Alexander [Wed, 27 Apr 2011 22:05:18 +0000 (15:05 -0700)]
Bug 646578: Make Math::Random::Secure fail to install if its dependencies
Frédéric Buclin [Fri, 22 Apr 2011 15:36:54 +0000 (17:36 +0200)]
Fix typo in POD
Matt Selsky [Tue, 22 Mar 2011 20:15:34 +0000 (16:15 -0400)]
Bug 311392 - Typos and proper name of Red Hat's stuff
David Lawrence [Fri, 18 Mar 2011 21:02:01 +0000 (17:02 -0400)]
Bug 586011 - Change references to 'DarwinPorts' to 'MacPorts' (proper project name)
Frédéric Buclin [Tue, 15 Feb 2011 18:51:45 +0000 (19:51 +0100)]
Restore the missing link due to bug 490322 (thanks Selenium!)
Max Kanat-Alexander [Tue, 15 Feb 2011 05:45:10 +0000 (21:45 -0800)]
Bug 490322: Make "allwords" work with the keywords field, again.
Frédéric Buclin [Mon, 14 Feb 2011 21:56:52 +0000 (22:56 +0100)]
Bug 480044: Use dashes instead of colons to separate bug IDs in the BUGLIST cookie, because colons are HTML-escaped, making the cookie bigger than the 4k limit
Max Kanat-Alexander [Mon, 14 Feb 2011 20:30:01 +0000 (12:30 -0800)]
Remove tabs and fix some formatting in Bugzilla::DB::Pg.
Max Kanat-Alexander [Mon, 14 Feb 2011 20:17:53 +0000 (12:17 -0800)]
Bug 633055: Make Bug.legal_values explicitly throw an error if you pass "undef"
Sam Morris [Mon, 14 Feb 2011 20:11:44 +0000 (12:11 -0800)]
Bug 616981: Make whine.pl work with PostgreSQL 8.4+ by fixing sql_string_until
Max Kanat-Alexander [Mon, 14 Feb 2011 07:43:51 +0000 (23:43 -0800)]
Bug 633422: Fix the documentation for User.get's include_disabled parameter
Max Kanat-Alexander [Thu, 3 Feb 2011 21:38:04 +0000 (13:38 -0800)]
Bug 630750: Don't let "." and "lib" get into @INC when running under
Graeme Coates [Mon, 31 Jan 2011 22:50:36 +0000 (23:50 +0100)]
Bug 629007: Example in quicksearch priority shortcut is incorrect
Gervase Markham [Thu, 27 Jan 2011 12:01:27 +0000 (12:01 +0000)]
Add missing documentation. r=mkanat.
Max Kanat-Alexander [Tue, 25 Jan 2011 05:27:27 +0000 (21:27 -0800)]
The "simple format" of the duplicates table was broken by an improper backport
Max Kanat-Alexander [Tue, 25 Jan 2011 02:27:44 +0000 (18:27 -0800)]
Bug 621597: Make mod_perl.pl automatically include the lib/ directory and
Max Kanat-Alexander [Tue, 25 Jan 2011 01:48:36 +0000 (17:48 -0800)]
Bump the version number post-release.
Max Kanat-Alexander [Mon, 24 Jan 2011 23:32:04 +0000 (15:32 -0800)]
Bump the version number for 3.6.4.
Max Kanat-Alexander [Mon, 24 Jan 2011 21:48:17 +0000 (13:48 -0800)]
Bug 619594: (CVE-2010-4568) [SECURITY] Improve the randomness of
David Lawrence [Mon, 24 Jan 2011 19:22:37 +0000 (14:22 -0500)]
Bug 621105 - [SECURITY] Voting lacks CSRF protection
Frédéric Buclin [Mon, 24 Jan 2011 18:36:51 +0000 (19:36 +0100)]
Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace
Reed Loden [Mon, 24 Jan 2011 18:14:09 +0000 (10:14 -0800)]
Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to header-injection due to use of |print "Location:"| instead of $cgi->redirect
Frédéric Buclin [Mon, 24 Jan 2011 17:28:07 +0000 (18:28 +0100)]
Bug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF protection
Frédéric Buclin [Mon, 24 Jan 2011 17:15:40 +0000 (18:15 +0100)]
Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection
Max Kanat-Alexander [Mon, 24 Jan 2011 04:08:34 +0000 (20:08 -0800)]
Bug 627923 - Release Notes for Bugzilla 3.6.4
David Lawrence [Fri, 21 Jan 2011 21:44:10 +0000 (16:44 -0500)]
Bug 627854: Add 'form' hook to create-guided.html.tmpl similar to create.html.tmpl
Reed Loden [Fri, 21 Jan 2011 21:16:42 +0000 (13:16 -0800)]
Bug 591165: (CVE-2010-4411) [SECURITY] Bump minimum required version of CGI.pm to v3.51 in order to address header injection vulnerability.
projects / thirdparty / bugzilla.git / log
