summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2013-10-17Bump version post-releaseDave Lawrence1-1/+1
2013-10-16Bump version to 4.2.7Dave Lawrence2-3/+3
2013-10-16Bug 924932: (CVE-2013-1743) [SECURITY] Field values are (still) not escaped ↵Frédéric Buclin1-14/+24
correctly in tabular reports r=dkl a=glob
2013-10-16Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not ↵Frédéric Buclin2-5/+3
sanitized when editing flag types if categoryAction-foo is set r=dkl a=glob
2013-10-16Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachmentsFrédéric Buclin1-8/+11
r=dkl a=sgreen
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence1-1/+1
and allowing easier brute force r=LpSolit,a=sgreen
2013-10-16Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵Dave Lawrence1-3/+3
total entropy and allowing easier brute force r=LpSolit,a=sgreen
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence3-8/+24
and allowing easier brute force r=LpSolit,a=glob
2013-10-12Bug 912640: Release notes for Bugzilla 4.2.7Frédéric Buclin1-0/+30
r=dkl a=LpSolit
2013-09-27Bug 914262: KHTML-based browsers such as Konqueror do not support the ↵Frédéric Buclin1-1/+1
Server-Push technology r=dkl a=justdave
2013-09-23Bug 919475: [Oracle] Crash when non-mandatory free text custom fields are ↵Jiří Netolický1-0/+4
left empty on bug creation r=LpSolit a=justdave
2013-09-03Bug 848063: [Oracle] importxml.pl fails with ORA-01830: comment timestamps ↵Mateusz Kuśmierczyk1-1/+1
are not correctly formatted r=LpSolit a=sgreen
2013-08-10Back out bug 868330 for the 4.2 branch. This is not a security fixFrédéric Buclin2-13/+4
2013-08-09Bug 902515: Internet Explorer 11 receives multipart/x-mixed-replace content ↵Frédéric Buclin1-1/+1
from buglist.cgi r=dkl a=sgreen
2013-08-09Bug 868330 - Password creation directions incompleteSunil Joshi2-4/+13
r=sgreen, a=sgreen
2013-08-09Bug 897264 - letters_numbers_specialchars password restriction is incorrectSimon Green2-16/+16
r=LpSolit, a=sgreen
2013-08-07Bug 901620 - Grammar error in the documentationSunil Joshi1-1/+1
r=sgreen, a=glob
2013-07-24Bug 880653 - Add POD for Bug.possible_duplicates webserviceDave Lawrence1-0/+53
r=LpSolit,a=sgreen
2013-07-15Bug 787328 - xmlrpc.cgi doesn't send any security-related headersDave Lawrence1-2/+10
r=glob,a=justdave
2013-05-22Bump version post-releaseDave Lawrence1-1/+1
2013-05-22Bump version to 4.2.6Dave Lawrence2-3/+3
2013-05-22Bug 828344: add missing xt broken testsByron Jones1-2/+23
2013-05-20Bug 828344: "contains all of the words" no longer looks for all words within ↵Byron Jones8-58/+251
the same comment or flag r=LpSolit, a=LpSolit
2013-05-18Bug 870701: Release notes for Bugzilla 4.2.6Frédéric Buclin1-0/+25
r=dkl a=LpSolit
2013-05-05Bug 212471: Tabular reports do not link bug counts involving the empty ↵Frédéric Buclin1-1/+2
resolution correctly r=dkl a=LpSolit
2013-05-04Bug 859118 - Bug.search called with no arguments returns all visible bugs, ↵Dave Lawrence2-11/+48
ignoring max_search_results and search_allow_no_criteria r/a=LpSolit
2013-04-28Bug 848635: Old queries based on tags are no longer listed in the page ↵Frédéric Buclin1-6/+1
footer by default when upgrading from 4.0 or older to 4.2 r=glob a=LpSolit
2013-04-28Bug 858909: When running checksetup.pl for the first time using Oracle as DB ↵Frédéric Buclin1-1/+1
server, you get an "uninitialized value" warning r=dkl a=LpSolit
2013-04-18Bug 858911: Oracle fails with "ORA-04043: object T_GROUP_CONCAT does not ↵Frédéric Buclin1-1/+3
exist" when installing Bugzilla for the first time r=dkl a=LpSolit
2013-04-17revert commit for bug 828344Byron Jones3-138/+34
2013-04-17Bug 828344: Make "contains all of the words" look for all words within the ↵Byron Jones3-34/+138
same comment or flag r=LpSolit, a=LpSolit
2013-04-16Bug 782210: If a custom field depends on a product, component or ↵Pami Ketolainen2-8/+13
classification, the "mandatory" bit is ignored on bug creation r/a=LpSolit
2013-04-15Bug 861528: $user->can_enter_product() now returns the product object ↵Frédéric Buclin1-2/+3
instead of 1 r=glob a=LpSolit
2013-04-11Bug 860723: Custom fields are shown twice in report axis selectorsPami Ketolainen2-14/+0
r/a=LpSolit
2013-04-09Bug 355620: Lines enclosed in <simplelist> do not wrap in the PDF version of ↵Christopher Trom2-185/+344
the Bugzilla Guide r/a=LpSolit
2013-04-05Bug 857562: ajax_user_autocompletion param ignored on Search by People fieldsFrédéric Buclin1-2/+2
r=dkl a=LpSolit
2013-04-05Bug 855258: The dependency graph always uses urlbase, even when sslbase is ↵Frédéric Buclin1-1/+1
in use r=glob a=LpSolit
2013-03-26Bug 854074: Remove all references to the uwinnipeg.ca PPM repository as it ↵Frédéric Buclin4-69/+2
is no longer available r=glob a=LpSolit
2013-03-20Bug 852560: Bugzilla cannot be installed with MySQL 5.6, because the ↵Frédéric Buclin1-3/+2
have_innodb variable no longer exists r=glob a=LpSolit
2013-03-16Bug 827983: "[reply]" link besides the original description will insert ("in ↵Hugo Seabrook2-30/+12
reply to comment #N+1") when the comments order is "Newest to Oldest, but keep Descritption at the top" r/a=LpSolit
2013-03-12Bug 850126 - 'token' id defined twice on logged-out pages (in header and footer)Reed Loden1-1/+1
[r=LpSolit a=LpSolit]
2013-03-08Bug 848250: Bug summary tooltip now includes "---" for unresolved bugsFrédéric Buclin1-1/+3
r=dkl a=LpSolit
2013-02-20Bump version post-releaseDave Lawrence1-1/+1
2013-02-19Bumped current yearDave Lawrence1-1/+1
2013-02-19Bump version to 4.2.5Dave Lawrence2-3/+3
2013-02-19Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵Frédéric Buclin2-6/+6
invalid page format r=glob a=LpSolit
2013-02-19Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence ↵Simon Green4-2/+22
of products and components you cannot access r/a=LpSolit
2013-02-19Bug 832264: Release notes for Bugzilla 4.2.5Frédéric Buclin1-0/+33
r=dkl a=LpSolit
2013-02-17Bug 839950: Cannot search by Change History on multi-select fieldsMatt Tyson1-2/+6
r/a=LpSolit
2013-02-16Bug 840824: It is possible to create a new bug with a non active target ↵Simon Green1-6/+3
milestone, version or component r/a=LpSolit