diff options
author | David Lawrence <dkl@mozilla.com> | 2015-01-19 22:05:22 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-01-19 22:05:22 +0100 |
commit | 96d56d70dc3be4048794a1f115344e313849f286 (patch) | |
tree | 90db1d2a44805cd933e6a682197478c3c210b867 | |
parent | 58fe23486b2c6dc795ca71c6d917deaf8a1b6e8c (diff) | |
download | bugzilla-96d56d70dc3be4048794a1f115344e313849f286.tar.gz bugzilla-96d56d70dc3be4048794a1f115344e313849f286.tar.xz |
Bug 1118997: Release notes for 5.0rc1
r=LpSolit,a=dkl
-rw-r--r-- | template/en/default/pages/release-notes.html.tmpl | 773 |
1 files changed, 213 insertions, 560 deletions
diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 62f488057..289371f46 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -6,8 +6,8 @@ # defined by the Mozilla Public License, v. 2.0. #%] -[% SET title = "Bugzilla 4.4 Release Notes" %] -[% INCLUDE global/header.html.tmpl +[% SET title = "Bugzilla 5.0 Release Notes" %] +[% INCLUDE global/header.html.tmpl title = title bodyclasses = ['narrow_page'] %] @@ -15,216 +15,82 @@ <h1>[% title FILTER html %]</h1> <ul class="bz_toc"> - <li><a href="#v44_introduction">Introduction</a></li> - <li><a href="#v44_point">Updates in this 4.4.x Release</a></li> - <li><a href="#v44_req">Minimum Requirements</a></li> - <li><a href="#v44_feat">New Features and Improvements</a></li> - <li><a href="#v44_issues">Outstanding Issues</a></li> - <li><a href="#v44_upgrading">Notes On Upgrading From a Previous Version</a></li> - <li><a href="#v44_code_changes">Code Changes Which May Affect + <li><a href="#introduction">Introduction</a></li> + <li><a href="#point">Updates in this 5.0.x Release</a></li> + <li><a href="#req">Minimum Requirements</a></li> + <li><a href="#feat">New Features and Improvements</a></li> + <li><a href="#issues">Outstanding Issues</a></li> + <li><a href="#code_changes">Code Changes Which May Affect Customizations and Extensions</a></li> + <li><a href="https://bugzilla.readthedocs.org/en/latest/installing/upgrading.html"> + Notes On Upgrading From a Previous Version</a></li> <li><a href="http://www.bugzilla.org/releases/">Release Notes for Previous Versions</a></li> </ul> -<h2 id="v44_introduction">Introduction</h2> +<h2 id="introduction">Introduction</h2> -<p>Welcome to Bugzilla 4.4! It has been over a year since we - released Bugzilla 4.2 on February 2012, and this new major - release comes with several new features and improvements. This release - contains major improvements to WebServices, which were our main target in - this release, a rewritten tagging system, a real MIME type auto-detection for - attachments, improved support for Oracle, performance improvements and lots - of other enhancements.</p> +<p>Welcome to Bugzilla 5.0! It has been over a year and a half since we released + Bugzilla 4.4 in May of 2013. This new major release comes with many new features + and improvements to WebServices and performance.</p> -<p>If you're upgrading, make sure to read <a href="#v44_upgrading">Notes On - Upgrading From a Previous Version</a>. If you are upgrading from a release - before 4.2, make sure to read the release notes for all the +<p>If you're upgrading, make sure to read + <a href="https://bugzilla.readthedocs.org/en/latest/installing/upgrading.html"> + Notes On Upgrading From a Previous Version</a>. If you are upgrading from a + release before 4.4, make sure to read the release notes for all the <a href="http://www.bugzilla.org/releases/">previous versions</a> in between your version and this one, <strong>particularly the Upgrading section of each version's release notes</strong>.</p> -<h2 id="v44_point">Updates in this 4.4.x Release</h2> +<h2 id="req">Minimum Requirements</h2> -<h3>4.4.4</h3> - -<p>This release fixes one regression introduced in Bugzilla 4.4.3 by - <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=968576">security [% terms.bug %] 968576</a>: - URLs in [% terms.bug %] comments are displayed correctly again. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=998323">[% terms.Bug %] 998323</a>)</p> - -<h3>4.4.3</h3> - -<p>This release fixes two security issues. See the - <a href="http://www.bugzilla.org/security/4.0.11/">Security Advisory</a> - for details.</p> - -<p>In addition, the following important fixes/changes have been made in this release:</p> - -<ul> - <li>The <kbd>User.login</kbd> WebService method now also returns a - <kbd>token</kbd> argument containing a login token which you can use in - subsequent calls to authenticate. For security reasons, this method - no longer generates login cookies. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=893195">[% terms.Bug %] 893195</a>)</li> - <li>The <kbd>User.get</kbd> WebService method now correctly takes the - <kbd>maxusermatches</kbd> parameter into account when the <kbd>match</kbd> - argument is passed. Previously, it was returning all matching accounts. - To further limit the number of accounts returned by <kbd>User.get</kbd>, - you can now pass the <kbd>limit</kbd> argument. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=962060">[% terms.Bug %] 962060</a>)</li> - <li>The sudo cookie is no longer accessible from JavaScript. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=966676">[% terms.Bug %] 966676</a>)</li> - <li>Large dependency trees with lots of resolved [% terms.bugs %] now load - much faster. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=961789">[% terms.Bug %] 961789</a>)</li> -</ul> - -<h3>4.4.2</h3> - -<p>The following [% terms.bugs %] have been fixed in this release:</p> - -<ul> - <li><kbd>checksetup.pl</kbd> was incorrectly reporting DBI 1.630 (1.63) as - being older than 1.614, preventing the upgrade to complete. - If you still use Perl 5.10.0 or older, make sure you have the - <a href="http://search.cpan.org/~jpeacock/version/lib/version.pod">version</a> - module installed before running <kbd>checksetup.pl</kbd>. - If you use Perl 5.10.1 or newer, this module is already available and - no special action is required. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=938300">[% terms.Bug %] 938300</a>)</li> - <li>An error about <kbd>longdescs.comment_id</kbd> was thrown by MySQL 5.0 - and 5.1 when upgrading to Bugzilla 4.4 or 4.4.1. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=870369">[% terms.Bug %] 870369</a>)</li> - <li>Saved searches containing Unicode characters in their name could not - be run if Digest::SHA 5.82 or newer is installed. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=964113">[% terms.Bug %] 964113</a>)</li> - <li>A regression in Bugzilla 4.4.1 caused <kbd>email_in.pl</kbd> to fail - with an "invalid token" error message. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=928331">[% terms.Bug %] 928331</a> and - <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=930013">[% terms.bug %] 930013</a>)</li> - <li>The PROJECT environment variable is now correctly taken into account - when mod_perl is enabled (this variable allows several installations to - share the same codebase). - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=843457">[% terms.Bug %] 843457</a>)</li> - <li>Mandatory custom fields whose visibility depends on a component are now - correctly required on [% terms.bug %] creation. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=895813">[% terms.Bug %] 895813</a>)</li> - <li>Windows 8.1 is now recognized when reporting new [% terms.bugs %]. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=928092">[% terms.Bug %] 928092</a>)</li> - <li>Bugzilla no longer crashes when the <kbd>shutdownhtml</kbd> parameter - is set and using a non-cookie based authentication method. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=748095">[% terms.Bug %] 748095</a>)</li> - <li><kbd>importxml.pl</kbd> no longer ignores the <kbd>maxattachmentsize</kbd> - and <kbd>maxlocalattachment</kbd> parameters when importing [% terms.bugs %]. - This means that large attachments are now stored locally in - <kbd>data/attachments/</kbd> if parameters are configured this way. - The script must now be run as the webserver user (e.g. apache) to make these - attachments readable from web browsers. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=360231">[% terms.Bug %] 360231</a>)</li> - <li>The default date and time format used for SQLite has been fixed. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=938161">[% terms.Bug %] 938161</a>)</li> -</ul> - -<h3>4.4.1</h3> - -<p>This release fixes several security issues. See the - <a href="http://www.bugzilla.org/security/4.0.10/">Security Advisory</a> - for details.</p> - -<p>In addition, the following [% terms.bugs %] have been fixed in this release:</p> - -<ul> - <li><kbd>checksetup.pl</kbd> no longer fails with "Invalid version format (non-numeric data)" - when a Perl module contains an invalid version number. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=781672">[% terms.Bug %] 781672</a>)</li> - <li>Internet Explorer 11 and KHTML-based browsers such as Konqueror can now - display buglists correctly. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=902515">[% terms.Bug %] 902515</a> and - <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=914262">[% terms.bug %] 914262</a>)</li> - <li>When editing several [% terms.bugs %] at once and moving them into a new - product, [% terms.bugs %] restricted to a group in the old product could - loose these group restrictions in the new product. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=769134">[% terms.Bug %] 769134</a>)</li> - <li>When the <kbd>password_complexity</kbd> parameter was set to - 'letters_numbers_specialchars', passwords containing numbers and special - characters only were accepted. Now it makes sure that a letter is also present. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=897264">[% terms.Bug %] 897264</a>)</li> - <li>Large dependency trees are now displayed much faster. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=917370">[% terms.Bug %] 917370</a>)</li> - <li>When a user has set many votes, the "Votes" page is now displayed much faster. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=851267">[% terms.Bug %] 851267</a>)</li> - <li>The "My Requests" page now correctly uses the AND/OR operator for the - requester and requestee fields only instead of using it for all fields. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=891311">[% terms.Bug %] 891311</a>)</li> - <li>With DB servers doing case-insensitive comparisons, such as MySQL, tokens - and login cookies were not correctly validated as the case was ignored. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=906745">[% terms.Bug %] 906745</a> and - <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=907438">[% terms.bug %] 907438</a>)</li> - <li>All security headers (such as X-Frame-Options) are now returned when using XML-RPC. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=787328">[% terms.Bug %] 787328</a>)</li> - <li>Oracle crashed when reporting a new [% terms.bug %] if a custom free-text field - was non-mandatory and left empty. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=919475">[% terms.Bug %] 919475</a>)</li> - <li>It was not possible to import [% terms.bugs %] using <kbd>importxml.pl</kbd> with Oracle. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=848063">[% terms.Bug %] 848063</a>)</li> -</ul> - -<h2 id="v44_req">Minimum Requirements</h2> - -<p>Any requirements that are new since 4.2 will look like +<p>Any requirements that are new since 4.4 will look like <span class="req_new">this</span>.</p> <ul> - <li><a href="#v44_req_perl">Perl</a></li> - <li><a href="#v44_req_mysql">For MySQL Users</a></li> - <li><a href="#v44_req_pg">For PostgreSQL Users</a></li> - <li><a href="#v44_req_oracle">For Oracle Users</a></li> - <li><a href="#v44_req_sqlite">For SQLite Users</a></li> - <li><a href="#v44_req_modules">Required Perl Modules</a></li> - <li><a href="#v44_req_optional_mod">Optional Perl Modules</a></li> - <li><a href="#v44_req_apache">Optional Apache Modules</a></li> + <li><a href="#req_perl">Perl</a></li> + <li><a href="#req_mysql">For MySQL Users</a></li> + <li><a href="#req_pg">For PostgreSQL Users</a></li> + <li><a href="#req_oracle">For Oracle Users</a></li> + <li><a href="#req_sqlite">For SQLite Users</a></li> + <li><a href="#req_modules">Required Perl Modules</a></li> + <li><a href="#req_optional_mod">Optional Perl Modules</a></li> + <li><a href="#req_apache">Optional Apache Modules</a></li> </ul> -<h3 id="v44_req_perl">Perl</h3> +<h3 id="req_perl">Perl</h3> -<p>Perl v5.8.1</p> - -<p><strong>IMPORTANT:</strong> This is the last major release to support - Perl 5.8.x! The next major release, Bugzilla 5.0, will require - Perl 5.10.1 as a minimum.</p> +<p>Perl <span class="req_new">v5.10.1</span></p> [% INCLUDE db_req db='mysql' %] -[% INCLUDE db_req db='pg' dbd_new => 1 %] +[% INCLUDE db_req db='pg' %] [% INCLUDE db_req db='oracle' %] [% INCLUDE db_req db='sqlite' %] -<h3 id="v44_req_modules">Required Perl Modules</h3> +<h3 id="req_modules">Required Perl Modules</h3> [% INCLUDE req_table reqs = REQUIRED_MODULES - updated = ['TimeDate', 'DBI', 'Email-Send', 'List-MoreUtils'] %] + new = ['File-Slurp','JSON-XS', 'Email-Sender'] + updated = ['DateTime', 'DateTime-TimeZone', + 'Template-Toolkit', 'URI'] %] -<h3 id="v44_req_optional_mod">Optional Perl Modules</h3> +<h3 id="req_optional_mod">Optional Perl Modules</h3> <p>The following perl modules, if installed, enable various features of Bugzilla:</p> [% INCLUDE req_table reqs = OPTIONAL_MODULES - new = ['Net-SMTP-SSL', 'HTML-FormatText-WithLinks', - 'File-MimeInfo', 'IO-stringy'] - updated = ['TheSchwartz'] + new = ['Cache-Memcached','File-Copy-Recursive'] + updated = ['Test-Taint'] include_feature = 1 %] -<h3 id="v44_req_apache">Optional Apache Modules</h3> +<h3 id="req_apache">Optional Apache Modules</h3> <p>If you are using Apache as your webserver, Bugzilla can take advantage of some Apache features if you have the below Apache - modules installed and enabled. Currently, - <a href="#v40_feat_js_css_update">certain Bugzilla features</a> - are enabled only if you have all of the following modules installed - and enabled:</p> + modules installed and enabled.</p> <ul> <li>mod_headers</li> @@ -237,435 +103,222 @@ you.</p> -<h2 id="v44_feat">New Features and Improvements</h2> +<h2 id="feat">New Features and Improvements</h2> <ul> - <li><a href="#v44_feat_search">Allow Multiple Search Criteria to Match one Field</a></li> - <li><a href="#v44_feat_search_perf">Improved Performance for Searches</a></li> - <li><a href="#v44_feat_bug_tags">Overhaul of the Tagging System</a></li> - <li><a href="#v44_feat_mimetype_autodetect">Auto-Detection of the Attachment MIME Type</a></li> - <li><a href="#v44_feat_saved_reports">Saving Tabular and Graphical Reports</a></li> - <li><a href="#v44_feat_whining">Custom Columns in Whine Emails</a></li> - <li><a href="#v44_feat_webservices">Improved WebServices</a></li> - <li><a href="#v44_feat_apache_config">New Apache Configuration</a></li> - <li><a href="#v44_feat_other">Other Enhancements and Changes</a></li> + <li><a href="#feat_webservices">Improved WebServices</a></li> + <li><a href="#feat_caching_performance">Improved Caching using Memcached</a></li> + <li><a href="#feat_comment_tags">Abililty to Tag [% terms.Bug %] Comments</a></li> + <li><a href="#feat_bug_groups">Improved [% terms.Bug %] Group Membership Checking</a></li> + <li><a href="#feat_documentation">Improved Documentation for Users and Administrators</a></li> + <li><a href="#feat_other">Other Enhancements and Changes</a></li> </ul> -<h3 id="v44_feat_search">Allow Multiple Search Criteria to Match one Field</h3> - -<p> - In the "Advanced Search" page, it is now possible to build queries using - multiple custom search criteria against the same field. In Bugzilla - 4.2 and older, queries of the form - <br><br> - <kbd>"Status changed to VERIFIED" AND "Status changed by foo@bar.com"</kbd> - <br><br> - were returning all [% terms.bugs %] which had their status changed to VERIFIED - by some user and which were edited by foo@bar.com once, but both actions could - be independent. In Bugzilla 4.4, you can now decide if both - criteria must match the exact same action or not, i.e. if you want - [%+ terms.bugs %] whose status has been set to VERIFIED by foo@bar.com himself. - In the same way, queries of the form - <br><br> - <kbd>"Flags changed to approval+" AND "Flags changed by foo@bar.com"</kbd> - <br><br> - can now return [% terms.bugs %] for which the approval flag has been set to - "+" by foo@bar.com himself. In previous versions, both actions were treated - independently and [% terms.bugs %] for which foo@bar.com set the approval flag - to "?" and which is then set to "+" by someone else were also returned. -</p> -<p> - This new feature gives you the ability to build more accurate queries and to - get more relevant results. -</p> - -<h3 id="v44_feat_search_perf">Improved Performance for Searches</h3> +<h3 id="feat_webservices">Improved WebServices</h3> <p> - The search system got a performance boost which in some cases decreases the - time spent to run queries from several minutes to a few seconds only. - The more complex your queries are, the more visible the performance win - should be. + This release has major improvements in the WebServices interface. One big + addition is a new REST-like endpoint alongside the existing XML-RPC and JSON-RPC + endpoints. This will allow clients to access Bugzilla data using standard HTTP + calls for easy development. <strong>Note:</strong> XML-RPC and JSON-RPC are + deprecated in favor of REST and will likely be removed in the Bugzilla 7.0 release. </p> - -<h3 id="v44_feat_bug_tags">Overhaul of the Tagging System</h3> - <p> - The old tagging system which was in the footer of all pages had severe design - and usability limitations and has been replaced by a shiny new one which lets - you tag [% terms.bugs %] from the [% terms.bug %] report directly. Tags now - mostly work like keywords, but with two major differences. First of all, they - are personal, meaning that tags you set on [% terms.bugs %] are only visible - by you, and nobody else is notified nor can see which tags you set. This - behavior is the same as the old tagging system and so this feature didn't - change. The second major difference is that the list of available tags is - unlimited and is in no way hardcoded by administrators. You can type either - a new tag of your choice, or you can select one from an auto-generated list - of tags which you already used in other [% terms.bugs %]. Again, this feature - was already present in the old tagging system, but its usability has been - greatly improved. In particular, this means that tags are now displayed in - [%+ terms.bug %] reports directly, so that you immediately know which tags - you already set for that [% terms.bug %]. This feature is new in this release. + Also API key support has been added so that API calls will no longer need to use + cookies or a user's login and password. Users can create a different API key for + each application and revoke API keys that have been compromised or are no longer + needed. The API key will simply be passed to each call as credentials. </p> <p> - Another new feature is that your personal tags can now be listed in buglists. - They can also be used as search criteria in your queries. If you decide to - share a saved search which uses tags as criteria, this will work too! Note - that when you add a new tag, no saved search based on this tag is created - anymore, as you can easily create it yourself if you really need it. -</p> -<p> - The tags set with the old tagging system are automatically migrated to the - new system. + Several methods have been added and existing ones improved to allow returning + data that was not available before such as <kbd>Group.get</kbd>. <kbd>B[%%]ug.search</kbd> + is now as full featured as the Advanced Query UI allowing for the same searches + to be executed. Attachment data such as flags and other metadata can now be + updated through the API. Other WebService changes are detailed + <a href="#feat_webservices_other">below</a>. </p> -<h3 id="v44_feat_mimetype_autodetect">Auto-Detection of the Attachment MIME Type</h3> +<h3 id="feat_caching_performance">Improved Caching using Memcached</h3> <p> - When a user uploads a new attachment and lets the "Content Type" field set to - "auto-detect", Bugzilla now does its own MIME type detection - if the web browser tells them that the attachment is of type - "application/octet-stream", in an attempt to make a better guess than the web - browser. In all other cases, Bugzilla still trusts what the browser - tells them. -</p> -<p> - Check the <a href="#v44_req_optional_mod">list of optional Perl modules</a> to - know which modules to install in order to enable MIME type sniffing. + Bugzilla now has the ability to connect to a Memcached server running either + locally or on the network to allow fast access to different types of data. + This cuts down on the amount of database hits and can improve performance. Other + areas have been improved as well to take advantage of caching in memory for + objects that are retrieved multiple times during a request such as user data, etc. </p> -<h3 id="v44_feat_saved_reports">Saving Tabular and Graphical Reports</h3> +<h3 id="feat_comment_tags">Ability to Tag [% terms.Bug %] Comments</h3> <p> - It is now possible to save tabular and graphical reports in the same way as - you save searches. Saved reports will appear in the footer of pages, below - saved searches. -</p> -<p> - Unlike saved searches, it is not yet possible to share saved reports with - other users. + Users can add tags, visible to other users, to [% terms.bug %] comments. This + gives the users the ability to thread conversations, mark comments as spam, + identify important comments, etc. Users can hide comments that contain specific + tags if desired. The tag input field also supports autocompletion so commonly + used tags can be selected. Administrators can make specifically tagged comments + be automatically hidden from view. </p> -<h3 id="v44_feat_whining">Custom Columns in Whine Emails</h3> +<h3 id="feat_bug_groups">Improved [% terms.Bug %] Group Membership Checking</h3> <p> - The list of columns to display in buglists contained in emails sent by the - whining system on a regular basis is no longer hardcoded. If the saved - search used for whining emails contains a list of columns, these columns are - used to be displayed in the emails. If no custom list is found, the default - column list is used instead. -</p> -<p> - This means that depending on the kind of email notifications you want, you - can fully customize data to return, on a per saved search basis! + In the past, Bugzilla restricted who can view [% terms.abug %] to everyone + who was a member of ALL the groups the [% terms.bug %] was in. That is, the + groups were ANDed together. This made some access control scenarios rather + difficult to achieve. So now, Bugzilla defaults to (and can be switched to, + in existing installations) a mode where the [% terms.bug %] can be viewed by + everyone who is a member of ANY group the [% terms.bug %] is in. That is, the + groups are ORed together. This give more flexibility in the way [% terms.bugs %] + are made private to specific groups of users. </p> - -<h3 id="v44_feat_webservices">Improved WebServices</h3> - <p> - This release got major improvements in its WebServices interface. Many new - methods have been implemented to let third-party applications interact with - Bugzilla even more closely. For instance, it is now possible to - know what parameters are set to using <kbd>B[%%]ugzilla.parameters</kbd>. - It is now also possible to update tags, products, groups or user accounts - using our API. -<p> -<p> - Several existing methods have also been improved to return data which - weren't available till now, such as [% terms.bug %] and attachment flags - using <kbd>B[%%]ug.get</kbd>, <kbd>B[%%]ug.attachments</kbd> or - <kbd>Product.get</kbd>. Users can also get their saved searches and reports - using <kbd>User.get</kbd>; and much more, see the - <a href="#v44_feat_webservices_details">detailed list</a> below. + <strong>Note:</strong> Group memberships for [% terms.bugs %] and users are + not changed at all when this setting is switched. When switching from AND to + OR, this means that [% terms.bugs %] may be more widely viewable than previously. + It is the responsibility of the administrator to make sure that no [% terms.bugs %] + are accidentally revealed to the wrong people when changing this setting. </p> -<h3 id="v44_feat_apache_config">New Apache Configuration</h3> +<h3 id="feat_documentation">Improved Documentation for Users and Administrators</h3> <p> - For improved security, Bugzilla now prevents directory browsing - by default. If you run Bugzilla under Apache (as most people do), - you most likely require a <strong>new Apache configuration</strong> for this - version of Bugzilla. See the - <a href="#v44_upgrading">Notes On Upgrading From a Previous Version</a> - section for details. + The standard documentation that is shipped along with the Bugzilla code has been + rewritten and improved using the reStructuredText format. This allows the + documentation to be easily hosted at sites such as ReadTheDocs.org and can + also be more easily converted into different formats such as HTML and PDF. + A new section dedicated to the new REST WebService API has also been added, + significantly improving on the old WebService documentation. </p> -<h3 id="v44_feat_other">Other Enhancements and Changes</h3> +<h3 id="feat_other">Other Enhancements and Changes</h3> <h4>Enhancements for Users</h4> <ul> - <li><strong>[% terms.Bugs %]:</strong> It is now possible to add yourself to - the CC list when uploading an attachment and when editing an existing one.</li> - <li><strong>[% terms.Bugs %]:</strong> There is a new user preference to be - automatically added to the CC list of [% terms.bugs %] for which a flag - request is addressed to you (the flag has you as the requestee).</li> - <li><strong>[% terms.Bugs %]:</strong> Changes to the CC list no longer - causes midair collisions.</li> - <li><strong>[% terms.Bugs %]:</strong> There is now a <em>(take)</em> link - besides the QA Contact field to easily set yourself as QA contact.</li> - <li><strong>[% terms.Bugs %]:</strong> [% terms.Bugs %] are no longer - reassigned to the default assignee when moving the [% terms.bug %] into - another product or component if the current assignee is not the default - one. Same goes for the QA contact.</li> - <li><strong>[% terms.Bugs %]:</strong> When reporting a new [% terms.bug %], - flags which are not available for the selected component and those which - the reporter cannot edit are now hidden instead of being disabled. For - existing [% terms.bugs %], unset flags are also hidden by default. Clicking - the <em>(set flags)</em> or <em>(more flags)</em> link will make them - appear.</li> - <li><strong>[% terms.Bugs %]:</strong> When viewing [% terms.abug %], the list - of duplicated [% terms.bugs %] is now listed near the top of the page.</li> - <li><strong>[% terms.Bugs %]:</strong> Private comments now always remain - visible to their author. Previously, the author of a comment couldn't see - it anymore if the comment was marked private and the author isn't in the - insider group.</li> - <li><strong>[% terms.Bugs %]:</strong> The See Also field now supports URLs - pointing to GitHub by default. If the new MoreBugUrl extension included in - this release is enabled, then you can also add URLs pointing to: - b[%%]ugs.php.net, RT, appspot.com (Rietveld), Review Board, and - getsatisfaction.com.</li> - <li><strong>Searches:</strong> The alias of [% terms.bugs %] you cannot see - are no longer resolved to their [% terms.bug %] ID, meaning that it is no - longer possible to connect an alias with its ID unless you can see the - [%+ terms.bug %].</li> - <li><strong>Searches:</strong> Custom multi-select fields are now available - in the "Search By Change History" section of the query page.</li> - <li><strong>Searches:</strong> The <em>changed by</em> operator in boolean - charts now accepts pronouns.</li> - <li><strong>Searches:</strong> The requester and requestee fields in boolean - charts now accept pronouns.</li> - <li><strong>Searches:</strong> It is now possible to hide the description of - queries appearing at the top of buglists.</li> - <li><strong>Requests:</strong> The "My Requests" page now displays an AND/OR - radio button to define the interaction between the requester and requestee - fields.</li> - <li><strong>Email Notifications:</strong> There is a new user preference to - not prepend "New:" to the subject of [% terms.bug %]mails when reporting - a new [% terms.bug %]. Some email clients couldn't thread emails correctly - due to this.</li> - <li><strong>Email Notifications:</strong> There is a new email event to get - notifications when the product or component of [% terms.abug %] changes.</li> - <li><strong>Email Notifications:</strong> All [% terms.bug %]mails now have - a <em>X-Bugzilla-Flags</em> email header, listing currently set flags.</li> - <li><strong>Email Notifications:</strong> All [% terms.bug %]mails now have - a <em>X-Bugzilla-Version</em> email header with the current product - version.</li> - <li><strong>Whining:</strong> The sort order of the saved search is used to - sort [% terms.bugs %] in the emails.</li> - <li><strong>User Accounts:</strong> To confirm an email address change, the - password is now requested instead of the old email address.</li> - <li><strong>Graphical Reports:</strong> The size of graphical reports is now - set dynamically to fit within the window of the web browser. - The Taller/Thinner/Fatter/Shorter links are now gone.</li> - <li><strong>Incoming Emails:</strong> <kbd>email_in.pl</kbd> now accepts - HTML-only emails to create and edit [% terms.bugs %] by email.</li> - <li><strong>Incoming Emails:</strong> When creating a new [% terms.bug %], - <kbd>email_in.pl</kbd> will look at the <em>Importance</em> and - <em>X-Priority</em> email headers to increase or decrease the initial - priority of the [% terms.bug %], unless the priority is already explicitly - set in the email itself.</li> - <li><strong>Skins:</strong> Bugzilla no longer fetches all skins - available when viewing a page. It only loads the skin selected by the user - in their preferences, which results in less requests to the server.</li> + <li><strong>[% terms.Bugs %]:</strong> The deadline field is now visible to users + not in the the <kbd>timetracking</kbd> group.</li> + <li><strong>[% terms.Bugs %]:</strong> There is now a "Preview" mode when + creating a new comment that allows you to see how the comment will look + before committing to the database.</li> + <li><strong>[% terms.Bugs %]:</strong> The reporter is now allowed to enter + keywords at time of [% terms.bug %] creation.</li> + <li><strong>[% terms.Bugs %]:</strong> "See Also" now allows spaces as well as + commas to delimit multiple values.</li> + <li><strong>[% terms.Bugs %]:</strong> Auto linkification in comments of [% terms.bug %] + IDs and comment IDs has been improved.</li> + <li><strong>[% terms.Bugs %]:</strong> [% terms.Bugs %] can now have multiple + aliases assigned to them. Before each [% terms.bug %] could only have a single + value. Also, aliases are now visible in the browser's title bar.</li> + <li><strong>[% terms.Bugs %]:</strong> Users can now change the flags of multiple + [%+ terms.bugs %] at once using the mass-edit form.</li> + <li><strong>Charts and Reports:</strong> UTF-8 characters are now correctly + displayed in "New Charts" and graphical reports.</li> + <li><strong>Email:</strong> You can now choose to not receive any mail at all + about a particular [% terms.bug %], even if you continue to have a role on + that [% terms.bug %] (e.g. reporter).</li> + <li><strong>Email:</strong> When adding or removing [% terms.abug %] as a + dependency, the summary of the [% terms.bug %] is included in the email + notification.</li> + <li><strong>Requests:</strong> <kbd>request.cgi</kbd> can now output results in + CSV format.</li> + <li><strong>Requests:</strong><kbd> X-Bugzilla-*</kbd> headers are now included + in flag notification emails.</li> + <li><strong>Searches:</strong> Some useful searches have been added to the + Bugzilla home page.</li> + <li><strong>Searches:</strong> Quicksearch now allows for use of comparison + operators such as !=, >=, >, <, etc., in addition to substring searches.</li> + <li><strong>Searches:</strong> The "Blocks" and "Depends On" values can now be + displayed as columns in [% terms.abug %] list.</li> + <li><strong>Searches:</strong> The "is empty" and "is not empty" search operators + have been added to the Advanced Search UI. This allows searching for null + and not null values for certain fields.</li> + <li><strong>Searches:</strong> Custom multi-select fields are now available as + report axis options. This makes them usable for categorizing [% terms.bugs %] + in reports.</li> </ul> <h4>Enhancements for Administrators and Developers</h4> <ul> - <li><strong>License:</strong> The Bugzilla code is now released - under the MPL 2.0 license (previously was MPL 1.1).</li> - <li><strong>Installation:</strong> On mod_perl, templates now remain in - memory for one hour, which can cause an increase in memory requirements. - This also means that it can take up to one hour before changes in templates - become active (unless you restart Apache).</li> - <li><strong>Installation:</strong> Running - <kbd>checksetup.pl --make-admin=foo@bar.com</kbd> now automatically - re-enables the user account if it was disabled.</li> - <li><strong>Configuration:</strong> A new parameter <em>smtp_ssl</em> can be - turned on to enable SSL connections to the SMTP server to send email - notifications.</li> - <li><strong>Administration:</strong> Custom fields now have a new <em>Long - description</em> attribute to better describe what the custom field is - about. This description then appears as a tooltip when hovering the custom - field in [% terms.bug %] reports.</li> - <li><strong>Administration:</strong> When creating a new product, the form - lets you add a component at the same time.</li> - <li><strong>Administration:</strong> When viewing a user account in - <kbd>editusers.cgi</kbd>, the date of the last login is displayed. Users - who did not log in since you upgraded to 4.4 will have this field empty.</li> - <li><strong>Administration:</strong> It is now possible to exclude disabled - user accounts when running a query in <kbd>editusers.cgi</kbd>.</li> - <li><strong>Administration:</strong> The default CC list is now also displayed - when listing components in <kbd>editcomponents.cgi</kbd>.</li> - <li><strong>Administration:</strong> Target milestones can now be 64 characters - long, for consistency with versions (previously was limited to 20 characters - only).</li> - <li><strong>Administration:</strong> The result code returned by - <kbd>contrib/bugzilla-queue.rhel</kbd> when it's not running is now 2 - instead of 0.</li> - <li><strong>Database:</strong> Support for MySQL 5.6 has been added.</li> - <li><strong>Database:</strong> Support for Oracle has been greatly improved.</li> - <li><strong>Security:</strong> For improved security, the - "X-Content-Type-Options: nosniff" and "X-XSS-Protection: block" - headers are now sent with every response.</li> - <li><strong>Security:</strong> Tokens are now generated using HMAC SHA-256 - instead of MD5.</li> - <li><strong>Documentation:</strong> The documentation is now generated with - <kbd>xmlto</kbd> and <kbd>dblatex</kbd> instead of <kbd>jade</kbd>.</li> + <li><strong>Administration:</strong> There are now <kbd>INTEGER</kbd> and + <kbd>DATE</kbd> custom field types.</li> + <li><strong>Administration:</strong> Filenames used to store product data for + "Old Charts" are now based on product IDs to avoid data loss when changing + product names.</li> + <li><strong>Administration:</strong> JavaScript and CSS files are now minified + and concatenated to improve page load performance. When changes are made, + <kbd>checksetup.pl</kbd> should be run to regenerate the combined files.</li> + <li><strong>[% terms.Bugs %]:</strong> Bugzilla now keeps track of the last + time each user visited (that is, loaded the show_bug page in a web browser) + each [% terms.bug %]. This could be useful for dashboards or API clients.</li> + <li><strong>Database:</strong> Text that contained unicode + supplementary characters (outside BMP) was cut off when using MySQL as backend. + This has been fixed to prevent data loss.</li> + <li><strong>Database:</strong> SSL connections are now possible when using + MySQL as backend.</li> + <li><strong>Database:</strong> For version 8.x of PostgreSQL, <kbd>plpgsql</kbd> + was not always installed by default and <kbd>checksetup.pl</kbd> would + generate an error. This has been fixed.</li> + <li><strong>Development:</strong> Bugzilla is now HTML5 compliant.</li> + <li><strong>Email:</strong> Email generation originally was done before the + jobqueue job was inserted. This is now delayed and done by + <kbd>jobqueue.pl</kbd> right before sending the email which can improve + responsiveness when processing [% terms.bug %] changes.</li> + <li><strong>Email:</strong> When a site administrator creates a new user, an + email is sent to the user.</li> + <li><strong>Email:</strong> For dependency email notifications, the header + <kbd>X-B[%%]ugzilla-Type: dep_changed</kbd> is set.</li> + <li><strong>Email:</strong> <kbd>whine.pl</kbd> emails now use + <kbd>DEFAULT_COLUMN_LIST</kbd> (the same default columns seen in the buglist + page) instead of hard coded column list.</li> + <li><strong>Security:</strong> Support for increased values for + <kbd>PASSWORD_SALT_LENGTH</kbd> without breaking compatibility with old + hashes.</li> </ul> -<h4 id="v44_feat_webservices_details">WebService Changes</h4> - -<ul> - <li>Several new methods have been added: <kbd>B[%%]ug.update_tags</kbd>, - <kbd>B[%%]ugzilla.parameters</kbd>, <kbd>B[%%]ugzilla.last_audit_time</kbd>, - <kbd>Classification.get</kbd>, <kbd>Group.update</kbd>, - <kbd>Product.update</kbd>, <kbd>User.update</kbd>.</li> - <li><kbd>B[%%]ug.add_attachment</kbd> now only returns the ID of the newly - created attachments instead of all the attachment data.</li> - <li><kbd>B[%%]ug.attachments</kbd> now also returns the <kbd>size</kbd> field - containing the size of the attachment.</li> - <li><kbd>B[%%]ug.attachments</kbd> and <kbd>B[%%]ug.get</kbd> now return - data about flags.</li> - <li><kbd>B[%%]ug.comments</kbd> now also returns <kbd>creation_time</kbd> - which is exactly the same as <kbd>time</kbd>, but is provided for - consistency with <kbd>B[%%]ug.get</kbd> and <kbd>B[%%]ug.attachments</kbd>. - The <kbd>time</kbd> field may be deprecated and removed in a future release, - so you should use <kbd>creation_time</kbd> instead.</li> - <li><kbd>B[%%]ug.comments</kbd> now also returns the <kbd>count</kbd> field - containing the comment ID relative to the [% terms.bug %] it belongs to. - This is the same comment ID as the one you can see in [% terms.bug %] - reports.</li> - <li>It is now possible to create new [% terms.bugs %] with a closed status with - <kbd>B[%%]ug.create</kbd>.</li> - <li>The <kbd>bug_status</kbd> field returned by <kbd>B[%%]ug.fields</kbd> now - also includes [% terms.bug %] statuses available on [% terms.bug %] creation.</li> - <li><kbd>B[%%]ug.fields</kbd> now also returns keyword descriptions, not only - their names.</li> - <li><kbd>B[%%]ug.fields</kbd> now also returns the <kbd>is_active</kbd> field - for product-specific fields.</li> - <li>For users in the timetracking group, <kbd>B[%%]ug.get</kbd> now also - returns the <kbd>actual_time</kbd> field with the total number of hours - spent in the [% terms.bug %].</li> - <li>Field names returned in the <kbd>field_name</kbd> field of the - <kbd>B[%%]ug.history</kbd> method have changed to be consistent with other - methods.</li> - <li>The <kbd>B[%%]ug.search</kbd> method was returning all visible [% terms.bugs %] - when called with no arguments, ignoring the <kbd>max_search_results</kbd> - and <kbd>search_allow_no_criteria</kbd> parameters. This has been fixed.</li> - <li><kbd>Product.get</kbd> now also returns the <kbd>flag_types</kbd> field - containing all the relevant data for attachment and [% terms.bug %] flag types.</li> - <li><kbd>Product.get</kbd> now throws an error if neither <kbd>ids</kbd> nor - <kbd>names</kbd> is passed to the method.</li> - <li>When requesting data for your own account using <kbd>User.get</kbd>, - this method now returns two additional fields: <kbd>saved_searches</kbd> - and <kbd>saved_reports</kbd> containing all your saved searches and - graphical and tabular reports.</li> - <li><kbd>User.get</kbd> now also returns the <kbd>groups</kbd> field - containing the list of groups the user belongs to. The list is filtered - based on your privileges.</li> -</ul> - - -<h2 id="v44_issues">Outstanding Issues</h2> +<h4 id="feat_webservices_other">WebService Changes</h4> <ul> - <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=89822"> - [%- terms.Bug %] 89822</a>: When changing multiple [% terms.bugs %] at - the same time, there is no "mid-air collision" protection.</li> - <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=276230"> - [%- terms.Bug %] 276230</a>: The support for restricting access to - particular Categories of New Charts is not complete. You should treat the - <em>chartgroup</em> parameter as the only access mechanism available.</li> - <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=584742"> - [%- terms.Bug %] 584742</a>: When viewing [% terms.abug %], WebKit-based - browsers can automatically reset a field's selected value when the field - has disabled values.</li> + <li><kbd>B[%%]ug.search</kbd> now allows for full search functionality + similar to what is possible using the Advanced Query UI.</li> + <li>Basic support for eTag headers has been added to all WebServices + to allow for better network performance.</li> + <li>Administrators can now change a parameter that filters all email + addresses returned in WebService calls similar to filtering that + happens in the web UI.</li> + <li>WebService calls now support use of API keys for authentication. + Usernames and passwords remain supported.</li> + <li>WebService calls that are used to create and update [% terms.bugs %] + and attachments now support setting and updating of flags.</li> + <li><kbd>B[%%]ug.update_attachment</kbd> can update an attachment's + metadata as well as its flags.</li> + <li>Invalid or expired authentication cookies and tokens now throw + errors instead of being silently ignored.</li> + <li>The <kbd>product</kbd> parameter for <kbd>B[%%]ug.possible_duplicates</kbd> + has been renamed to <kbd>products</kbd>.</li> + <li>Some compatibility fields included in returned data that were marked + to be removed in this release are now gone.</li> + <li><kbd>Group.get</kbd> has been added to get information about a group and + its members.</li> </ul> - -<h2 id="v44_upgrading">Notes On Upgrading From a Previous Version</h2> - -<h3>IMPORTANT: Apache Configuration Change</h3> - -<p> - For improved security, Bugzilla now prevents directory browsing - by default. In order to do that, the root <kbd>bugzilla/.htaccess</kbd> file - now contains the <kbd>Options -Indexes</kbd> directive. By default, this - directive is not allowed in <kbd>.htaccess</kbd> and so you must configure - Apache to allow it. To do that, add <kbd>Options</kbd> to the - <kbd>AllowOverride</kbd> directive in <kbd>httpd.conf</kbd>. This means you - should now have something like this: - <p> - <kbd>AllowOverride Limit FileInfo Indexes Options</kbd> - </p> - Check the - <a href="http://www.bugzilla.org/docs/4.4/en/html/configuration.html#http-apache">documentation</a> - for more information about how to configure Apache. -</p> - -<h2 id="v44_code_changes">Code Changes Which May Affect Customizations and Extensions</h2> +<h2 id="code_changes">Code Changes Which May Affect Customizations and Extensions</h2> <ul> - <li>The <em>usebugaliases</em> parameter has been removed. Aliases are now - always available.</li> - <li>There is a new code hook <kbd>admin_editusers_action</kbd> to alter the - way <kbd>editusers.cgi</kbd> works.</li> - <li>There is a new code hook <kbd>buglist_column_joins</kbd> to alter the way - tables and columns are joined in queries. In combination with the - <kbd>buglist_columns</kbd> hook, this permits to customize the list of - columns to display in buglists.</li> - <li>There is a new code hook <kbd>bug_start_of_update</kbd> which is called - after <kbd>object_end_of_update</kbd> but before <kbd>bug_end_of_update</kbd> - for a better control on how to update [% terms.bugs %].</li> - <li>There is a new code hook <kbd>bug_url_sub_classes</kbd> to support - additional URLs in the See Also field.</li> - <li>There is a new code hook <kbd>error_catch</kbd> to catch errors thrown - by Bugzilla and to take the appropriate actions.</li> - <li>There is a new code hook <kbd>path_info_whitelist</kbd> to whitelist - scripts which should still get the Path-Info information from URLs. By - default, Path-Info is now removed before being passed to CGI scripts.</li> - <li>It is now illegal to have a product with no components and no versions. - Trying to delete the last component or version of a product is now - rejected.</li> - <li>Trying to set the component, target milestone or version of [% terms.abug %] - to a disabled value is no longer accepted. The change will be rejected.</li> - <li>The comment box now checks the returned value of check_can_change_field() - to determine if it should be displayed or not. This means its visibility - can now be controlled by the <kbd>bug_check_can_change_field</kbd> hook.</li> - <li>Flags now checks the returned value of check_can_change_field() to - determine if they should appear as editable or not. This means their - visibility can now be controlled by the <kbd>bug_check_can_change_field</kbd> - hook.</li> - <li>Quips can no longer exceed 512 characters. Existing quips longer than - that are automatically truncated when upgrading.</li> - <li>The static <kbd>bugzilla.dtd</kbd> file has been replaced by a dynamic - one to take custom fields into account. The old - <em><urlbase>/bugzilla.dtd</em> URL is now - <em><urlbase>/page.cgi?id=bugzilla.dtd</em>.</li> - <li>There is a new extension located at <kbd>extensions/MoreBugUrl/</kbd> - which permits to add new classes of URLs in the See Also field. It uses - the <kbd>bug_url_sub_classes</kbd> hook mentioned above.</li> - <li>There is a new <kbd>B[%%]ugzilla->process_cache</kbd> method to store - data which should remain available for the lifetime of the worker process, - on mod_perl. On mod_cgi, it behaves the same way as - <kbd>B[%%]ugzilla->request_cache</kbd>.</li> - <li>In the RDF output of <kbd>config.cgi</kbd>, URIs used to identify - versions and target milestones have been changed to be unique across - products.</li> - <li>The RDF output of <kbd>config.cgi</kbd> now also returns data about - classifications.</li> - <li>It is now legal to call <kbd>B[%%]ugzilla::Version->check({ id => $id })</kbd> - and <kbd>B[%%]ugzilla::Milestone->check({ id => $id })</kbd> to validate - and get an object using its ID.</li> - <li>Rows in the <kbd>dependencies</kbd>, <kbd>flaginclusions</kbd> and - <kbd>flagexclusions</kbd> DB tables are now enforced to be unique.</li> - <li>The <kbd>b[%%]ugs_activity</kbd> and <kbd>profiles_activity</kbd> DB - tables now have an auto-incremented primary key named <kbd>id</kbd>.</li> - <li>A custom <kbd>B[%%]ugzilla.pm</kbd> module has been added into - <kbd>contrib/</kbd> to help packagers to package B[%%]ugzilla in their - Linux distros.</li> + <li>The <kbd>docs_urlbase</kbd> parameter has been removed. If documentation + has not been compiled locally, the "Help" links and other documentation links + will redirect to <a href="https://bugzilla.readthedocs.org">bugzilla.readthedocs.org</a> + automatically.</li> + <li>The <kbd>mostfreqthreshold</kbd> parameter has also been removed.</li> + <li><kbd>JSON::XS</kbd> is now used instead of <kbd>Data::Dumper</kbd> for + storage on configuration values in <kbd>data/params</kbd>. This should + improve performance when loading the file.</li> + <li>A new test has been added to check for reserved words in SQL schema.</li> + <li><kbd>Pod::Coverage</kbd> is now used to ensure subroutines are documented.</li> + <li>Bugzilla code now uses <kbd>use parent</kbd> instead of <kbd>use base</kbd> + in all places applicable.</li> + <li>A new hook called <kbd>cgi_headers</kbd> has been added to allow + customization of the HTTP headers returned.</kbd> </ul> [% INCLUDE global/footer.html.tmpl %] @@ -680,7 +333,7 @@ [% '</span>' IF db_new %] </li> <li><strong>perl module:</strong> - [%+ m.dbd.module FILTER html %] + [%+ m.dbd.module FILTER html %] [% '<span class="req_new">' IF dbd_new %]v[% m.dbd.version FILTER html %] [% '</span>' IF dbd_new %]</li> </ul> @@ -698,8 +351,8 @@ [% FOREACH req = reqs %] <tr> <td [% ' class="req_new"' IF new.contains(req.package) %]> - [%- req.module FILTER html %]</td> - <td [% ' class="req_new"' IF updated.contains(req.package) + [%- req.module FILTER html %]</td> + <td [% ' class="req_new"' IF updated.contains(req.package) OR new.contains(req.package) %]> [%- IF req.version == 0 %] (Any) @@ -707,7 +360,7 @@ [%- req.version FILTER html %] [% END %] </td> - [% IF include_feature %] + [% IF include_feature %] <td>[% req.feature.join(', ') FILTER html %]</td> [% END %] </tr> |