diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2016-05-13 20:38:08 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2016-05-13 20:38:08 +0200 |
| commit | ab99e8dc2ce17827247f49fa34a13ef30ff8e449 (patch) | |
| tree | cc62764bb21aabab4eaf885ae94627c7978324c3 /template/en/default/pages | |
| parent | 54f8e937861494f938ab7b2c8d45b88cc998d75e (diff) | |
| download | bugzilla-ab99e8dc2ce17827247f49fa34a13ef30ff8e449.tar.gz bugzilla-ab99e8dc2ce17827247f49fa34a13ef30ff8e449.tar.xz | |
Bug 1269388 - Release notes for Bugzilla 5.0.3
r=dkl
Diffstat (limited to 'template/en/default/pages')
| -rw-r--r-- | template/en/default/pages/release-notes.html.tmpl | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 5bd1608d9..358298bc8 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -43,6 +43,40 @@ <h2 id="point">Updates in this 5.0.x Release</h2> +<h3>5.0.3</h3> + +<p>This release fixes one security issue. See the + <a href="https://www.bugzilla.org/security/4.4.11/">Security Advisory</a> + for details.</p> + +<p>This release also contains the following [% terms.bug %] fixes:</p> + +<ul> + <li>A regression in Bugzilla 5.0.2 caused <kbd>whine.pl</kbd> to be unable + to send emails due to a missing subroutine. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1235395">[% terms.Bug %] 1235395</a>)</li> + <li>The <kbd>Encode</kbd> module changed the way it encodes strings, causing + email addresses in emails sent by [%terms.Bugzilla %] to be encoded, + preventing emails from being correctly delivered to recipients. + We now encode email headers correctly. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1246228">[% terms.Bug %] 1246228</a>)</li> + <li>Fix additional taint issues with Strawberry Perl. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=987742">[% terms.Bug %] 987742</a> and + <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1089448">[% terms.bug %] 1089448</a>)</li> + <li>When exporting a buglist as a CSV file, fields starting with either + "=", "+", "-" or "@" are preceded by a space to not trigger formula + execution in Excel. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1259881">[% terms.Bug %] 1259881</a>)</li> + <li>An extension which allows user-controlled data to be used as a link in + tabs could trigger XSS if the data is not correctly sanitized. + [%+ terms. Bugzilla %] no longer relies on the extension to do the sanity + check. A vanilla installation is not affected as no tab is user-controlled. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1250114">[% terms.Bug %] 1250114</a>)</li> + <li>Extensions can now easily override the favicon used for the + [%+ terms.Bugzilla %] website. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1250264">[% terms.Bug %] 1250264</a>)</li> +</ul> + <h3>5.0.2</h3> <p>This release fixes two security issues. See the |