summaryrefslogtreecommitdiffstats
path: root/docs/rel_notes.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/rel_notes.txt')
-rw-r--r--docs/rel_notes.txt191
1 files changed, 175 insertions, 16 deletions
diff --git a/docs/rel_notes.txt b/docs/rel_notes.txt
index 374ee0e04..705cd8f97 100644
--- a/docs/rel_notes.txt
+++ b/docs/rel_notes.txt
@@ -50,14 +50,17 @@ XML::Parser (any)
*** Deprecated Features ***
-- This is the last stable release of bugzilla which will support mysql version
- 3.22. Future releases will require at least version 3.23.x. The exact minimum
- version number required has not yet been decided (bug 87958)
-- The use of bugzilla to maintain the shadowdb will be removed before the
- next stable release. The replacement (using mysql's built in replication) is
- not supported in 2.16, but we expect that very few sites use this feature.
- If this would cause a problem for you, please comment in bug 124589
-- ??? Anything else?
+- This is possibly the last stable release that will work with
+ MySQL version 3.22. Soon Bugzilla will require at least
+ version 3.23.x. The exact minimum version number required
+ has not yet been decided.
+ (bug 87958)
+- This is possibly the last stable release to support the
+ shadow database. The replacement (using MySQL's built in
+ replication) is not present in 2.16, but we expect that
+ very few sites use this feature. If this would cause a
+ problem for you, please comment on the below bug.
+ (bug 124589)
*** Outstanding Issues Of Note ***
@@ -75,32 +78,188 @@ XML::Parser (any)
program. To fix this, you can turn on the "sendmailnow"
parameter on the Edit Parameters page (editparams.cgi).
(bug 50159)
-???
+- Users behind rotating transparent proxies or otherwise having
+ a dynamic IP will find they need to log in regularly.
+ (bug 20122)
+- If you search on any CC or added comments, as well as at least
+ one other of CC, added comments, assignee, reporter, etc, then
+ the search can be very slow. This is because of limitations of
+ the MySQL optimiser.
+ (bug 96101)
************************************************************
*** USERS UPGRADING FROM 2.14.1 OR EARLIER - 2.16 ISSUES ***
************************************************************
+*** SECURITY ISSUES RESOLVED ***
+
+- The bug reporter could set the priority even when
+ 'letsubmitterchoosepriority' was off.
+ (bug 63018)
+- It was possible for random confidential information to be
+ divulged, if the shadow database was in use and became
+ corrupted.
+ (bug 92263)
+- Mass change would set the groupset of every bug to be the
+ groupset of the first bug.
+ (bug 107718)
+- Most CGIs now run in taint mode. This helps to prevent
+ failure to validate errors.
+ (bug 108982)
+- queryhelp.cgi no longer shows confidential products to
+ people it shouldn't.
+ (bug 126801)
+- The bug list sort order could take arbitrary SQL. There
+ are no known exploits for this problem.
+ (bug 130821)
+- It was possible for a user to bypass the IP check by
+ setting up a fake reverse DNS, if the Bugzilla web server
+ was configured to do reverse DNS lookups. Apache is not
+ configured as such by default. This is not a complete
+ exploit, as the user's login cookie would also need to
+ be divulged for this to be a problem.
+ (bug 129466)
+
*** IMPORTANT CHANGES ***
-???
+- 2.16 introduces "templatisation", a new feature that allows
+ administrators to easily customise the HTML output of Bugzilla
+ without altering Perl code. Bugzilla uses the "Template Toolkit"
+ for this. ??? See the Bugzilla Guide?
+
+ Administrators who ran the 2.15 development version and customised
+ templates should check the templates are still valid, as file names
+ and file paths have changed.
+
+ Most output is now templatised. This process will be complete next
+ milestone.
+ (bug 86168)
+- index.html is now configurable, as is now index.cgi. ??? Web server setup ???
+ (bug 80183)
+- Administrators can now configure maximum attachment sizes. These
+ should remain below the maximum size for MySQL
+ (bug 91664)
+- Perl 5.004 is no longer supported because the Template Toolkit
+ requires 5.005.
+ (bug 97721)
+- It is now strongly recommended that administrators run
+ "processmail rescanall" after upgrading to 2.16 or beyond.
+
+ This will send out notification emails for changes that were
+ made but not emailed, due to Bugzilla bugs. All known
+ causes of this have been fixed (bug 104589 and 99519).
+
+ It is also recommended that this be run nightly to avoid
+ lengthy delays in future if this reoccurs.
+ (bug 106377)
*** Other changes of note ***
-???
+- The query page has been redesigned for better user friendliness.
+ (bug 98707)
+- Users can now change their email account.
+ (bug 23067)
+- "Dependent Bug Changed" notification emails now contain the
+ dependent bug's summary.
+ (bug 28736)
+- Bugs with severity "critical", "blocker", and "enhancement" are
+ visually differentiated on bug lists for recent browsers.
+ (bug 28884)
+- Bugzilla now has a sidebar for the Mozilla browser.
+ (bug 37339)
+- A link to just created attachments now appears in notification
+ email.
+ (bug 66651)
+- Comments now have numbers and can be referenced with
+ autohyperlinkifying similar to bugs.
+ (bug 71840)
+- The attachment system has been rewritten, supporting new
+ "attachment statuses" (like keywords, but for attachments),
+ the ability to obsolete attachments, and the ability to
+ edit attachment metadata.
+ (bugs 84338, 75176)
+- syncshadowdb now supports a configurable temp file location,
+ and properly shuts down Bugzilla.
+ (bug 75840)
+- Dependency tree now lets you exclude resolve bugs and bugs
+ below a specific depth.
+ (bugs 83058)
+- The "strictvaluechecks" parameter has gone away. These checks
+ are now always done.
+ (bug 119715)
+- The midair collision page now shows all changes since the bug
+ page was loaded, not just the last one.
+ (bug 108312)
+- Added support for making dependency graphs with 'dot', which
+ is better at creating complex graphs than 'webdot'.
+ (bug 120537)
*** Bug fixes of note ***
+- Bugzilla scripts are now usually not terminated when the browser
+ window they are running in is closed. This caused hard to
+ reproduce bugs.
+ (bug 104589)
+- On browsers that "reflow" the page, large component / milestone /
+ version fields were extremely slow to reflow when you altered
+ the product field.
+ (bug 96534)
+- The selection in the component / milestone / version fields is
+ no longer lost when you change the selection in the product
+ field or use the back/forward buttons in your browser to return
+ to the page.
+ (bug 97966)
+- You could not reverse dependencies in one step.
+ (bug 82143)
+- Mass reassignment of non-open bugs will no longer reopen them.
+ (bug 30731)
+- Attempting to bulk change no bugs will now give a user-friendly
+ error message.
+ (bug 90333)
+- If you make a change to a bug where you only add yourself to CC,
+ email notifications are now properly sent out for MySQL 3.23.
+ (bug 99519)
+- Bug entry now properly validates the data it has been sent.
+ (bug 107743)
+- Midair collision checks will now properly work in all situations
+ where dependencies have changed.
+ (bug 73502)
+- Some browsers were able to corrupt the params file with the wrong
+ end-of-line markers.
+ (bug 92500)
+- The MySQL port defined in localconfig is now properly honoured.
+ (bug 98368)
+- Apostrophes in component/milestone/version names no longer cause
+ a problem on the query page.
+ (bug 30689/42810)
+- File attachment comments will now wrap.
+ (bug 52060)
+- Saved queries are no longer mangled if you need to log in again,
+ for example if you had cookies of.
+ (bug 38835)
- Bug counts (on reports.cgi) were very slow if you had to
count a lot of bugs.
(bug 63249)
-- The new options to let people see a bug when their name
+- 2.14 introduced options to let people see a bug when their name
is on it but who aren't in the groups the bug is restricted
- to only allow people to view bugs if they know the bug number.
- It still will not show up in these people's buglists and
- they will not receive email about changes to the bugs.
+ to. These only allowed the people to view the bugs directly,
+ and not see them on buglists and receive email about them.
(bugs 95024, 97469)
-???
+- A new 'cookiepath' parameter on editparams.cgi allows multiple
+ Bugzilla installations to exist on one host without problems.
+ (bug 19910)
+- whineatnews.pl now respects the 'sendmailnow' parameter.
+ (bug 52782)
+- The query page came up even when Bugzilla was shut down.
+ (bug 121747)
+- Quicksearch gave a weird error message when Bugzilla was
+ shut down.
+ (bug 121741)
+- Querying on CC took too long on big databases, it is quicker
+ now.
+ (bug 127200)
+
+??? 109357
************************************************************
*** USERS UPGRADING FROM 2.14 OR EARLIER - 2.14.1 ISSUES ***