Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-01-31 | Bumped to version 4.2rc2 | Dave Lawrence | 2 | -4/+4 | |
2012-01-31 | (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can ↵ | Frédéric Buclin | 2 | -1/+18 | |
lead to CSRF (no victim's action required) r=mkanat a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=718319 | |||||
2012-01-31 | Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email ↵ | Frédéric Buclin | 4 | -7/+5 | |
addresses, which could allow an attacker to be CC'ed to private bugs by accident r=glob a=LpSolit | |||||
2012-01-31 | Bug 714446: Product.create default behavior is broken and inconsistent with POD | Frédéric Buclin | 1 | -17/+29 | |
r=dkl a=LpSolit | |||||
2012-01-27 | Bug 720756 - Update release notes for Bugzilla 4.2rc2 | Dave Lawrence | 1 | -4/+8 | |
r/a=LpSolit | |||||
2012-01-27 | Bug 721715: URLs in the See Also field must be detainted before inserted ↵ | Frédéric Buclin | 1 | -4/+3 | |
into the DB r=dkl a=LpSolit | |||||
2012-01-26 | Fix bustage due to bug 715514. | Tiago Mello | 1 | -1/+1 | |
2012-01-25 | Bug 717217: The regexp in Bugzilla::BugUrl::JIRA::should_handle() isn't | Simon Green | 1 | -1/+1 | |
restrictive enough (min two letters required) r=timello, a=LpSolit | |||||
2012-01-25 | Bug 715514: Fix showdependencytree misleading in "hide resolved" view | Matt Selsky | 1 | -2/+2 | |
r=timello, a=LpSolit | |||||
2012-01-24 | Bug 718183: Rename duplicated series names before inserting the new index in ↵ | Frédéric Buclin | 1 | -0/+31 | |
the series table r=dkl a=LpSolit | |||||
2012-01-24 | Bug 715870: [Oracle] Related sequences and triggers must be removed when ↵ | Frédéric Buclin | 1 | -1/+19 | |
dropping a table r=mkanat a=LpSolit | |||||
2012-01-24 | Bug 633061: Require Apache2::SizeLimit 0.96 for proper operation on Linux | Max Kanat-Alexander | 2 | -5/+5 | |
r=dkl a=mkanat | |||||
2012-01-21 | Bug 469068: SMTP parameters not documented | Matt Selsky | 1 | -0/+62 | |
r/a=LpSolit | |||||
2012-01-18 | Bug 718905: Move user_preferences hook up, before other actions in userprefs.cgi | Tiago Mello | 1 | -8/+10 | |
r=dkl, a=LpSolit | |||||
2012-01-12 | Bug 715731 - profile_search.user_id should have a FK pointing to profiles.userid | Dave Lawrence | 1 | -1/+4 | |
r/a=LpSolit | |||||
2012-01-12 | Bug 717215: Remove references to url_quote filter | Simon Green | 2 | -5/+1 | |
r/a=LpSolit | |||||
2012-01-12 | Bug 715902: Do not log personal common activities in audit_log | Frédéric Buclin | 8 | -3/+23 | |
r=dkl a=LpSolit | |||||
2012-01-11 | Bug 717210: If all attachments are stored locally (maxattachmentsize = 0, ↵ | Simon Green | 2 | -3/+3 | |
maxlocalattachment > 0), the link to attach files to bugs is not displayed r/a=LpSolit | |||||
2012-01-11 | Bug 591638: In the admin page, the link to edit field values is named 'Field ↵ | A. Shimono | 1 | -1/+1 | |
Values', not 'Legal Values' r/a=LpSolit | |||||
2012-01-11 | Bug 715650 - User auto-completion does not work in request.cgi for requester ↵ | Dave Lawrence | 1 | -1/+2 | |
and requestee as expected r=timello, a=LpSolit | |||||
2012-01-11 | Bug 716227: When checksetup.pl tells the admin that he should edit variables ↵ | Frédéric Buclin | 2 | -9/+14 | |
in localconfig, the message should be red r=timello a=LpSolit | |||||
2012-01-10 | Bug 716283: Clickjacking in the attachment "Details" page allows to bypass ↵ | Frédéric Buclin | 2 | -0/+13 | |
token checks r=dkl a=LpSolit | |||||
2012-01-06 | Bug 706753 about JSON::RPC 1.01 is now fixed | Frédéric Buclin | 1 | -4/+0 | |
2012-01-06 | Bug 695294: The See Also field is not visible in "Format for Printing" | Matt Selsky | 1 | -0/+12 | |
r/a=LpSolit | |||||
2012-01-06 | Bug 319684: The documentation is unclear about how to disable quips | Matt Selsky | 1 | -7/+12 | |
r/a=LpSolit | |||||
2012-01-06 | Bug 641957: The documentation should mention that the voting system is now ↵ | Matt Selsky | 1 | -0/+5 | |
an extension r/a=LpSolit | |||||
2012-01-06 | Bug 715705: User auto-completion doesn't work for watched users in the email ↵ | Frédéric Buclin | 1 | -1/+2 | |
prefs tab r=timello a=LpSolit | |||||
2012-01-06 | Bug 714664: The content of the "emailregexpdesc" parameter is not escaped ↵ | Frédéric Buclin | 2 | -2/+2 | |
when displayed to the user r=dkl a=LpSolit | |||||
2012-01-05 | Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due ↵ | Frédéric Buclin | 1 | -1/+12 | |
to non-backward compatibility r=dkl r=mkanat a=LpSolit | |||||
2011-12-29 | Bump the version number post-release | Dave Lawrence | 1 | -1/+1 | |
2011-12-29 | Bump version for 4.2rc1 | Dave Lawrence | 2 | -3/+3 | |
2011-12-28 | Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email ↵ | Frédéric Buclin | 5 | -46/+51 | |
WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account r=dkl a=LpSolit | |||||
2011-12-28 | Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or ↵ | Byron Jones | 2 | -3/+3 | |
tabular and graphical reports in debug mode r=gerv, a=LpSolit | |||||
2011-12-28 | user_autocompletion -> ajax_user_autocompletion | Frédéric Buclin | 1 | -1/+1 | |
https://bugzilla.mozilla.org/show_bug.cgi?id=713346 | |||||
2011-12-28 | Bug 713346: Release notes for Bugzilla 4.2rc1 | Frédéric Buclin | 2 | -3418/+4037 | |
r=mkanat a=LpSolit | |||||
2011-12-28 | Bug 713144: The SQL query to remove older searches from the profile_search ↵ | Frédéric Buclin | 1 | -6/+8 | |
table should be more robust r=dkl a=LpSolit | |||||
2011-12-26 | Bug 683644: Foreign keys aren't renamed correctly when DB tables are renamed | Frédéric Buclin | 7 | -30/+121 | |
r=wicked a=LpSolit | |||||
2011-12-19 | Bug 711925: Update from 4.0 or older to 4.2 or trunk fails when bug_see_also ↵ | Frédéric Buclin | 2 | -2/+2 | |
field is populated r=wicked a=LpSolit | |||||
2011-12-17 | Fix bustage due to bug 705474 | Frédéric Buclin | 1 | -0/+1 | |
2011-12-16 | Last Comment Bug 685611 - delta_ts is updated even when no changes are made ↵ | Dave Lawrence | 3 | -3/+35 | |
to bugs created via WebServices r/a=LpSolit | |||||
2011-12-15 | Bug 707428: Custom field values whose visibility depends on another field ↵ | Frédéric Buclin | 1 | -1/+1 | |
value do not remain selected after editing a bug r=wicked a=LpSolit | |||||
2011-12-13 | Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible ↵ | Reed Loden | 3 | -2/+13 | |
unauthorized account creation e-mail request [r=mkanat a=mkanat] | |||||
2011-12-09 | Bug 644281: When the sort order of a buglist is modified, the "Show next bug ↵ | Frédéric Buclin | 2 | -31/+25 | |
in my list" user pref still uses the original sort order to decide which bug to display next r=glob a=LpSolit | |||||
2011-12-08 | Bug 707170: Several features about custom fields are missing in the ↵ | Frédéric Buclin | 1 | -7/+50 | |
documentation r=dkl a=LpSolit | |||||
2011-12-06 | Bug 657290: Bug.add_attachment() stores truncated timestamps in the DB ↵ | Frédéric Buclin | 1 | -1/+4 | |
(seconds are missing) r=dkl a=mkanat | |||||
2011-12-05 | Bug 692354: Incorrect parameter type in WebServices documentation for ↵ | Matt Selsky | 1 | -1/+1 | |
Bug.add_comment r/a=mkanat | |||||
2011-12-05 | Bug 422256: email_in.pl should send an email if user matching fails or ↵ | Albert Ting | 1 | -5/+14 | |
returns too many results r/a=mkanat | |||||
2011-12-05 | Bug 577854: URL field header caption does not link to field value ↵ | Matt Selsky | 2 | -10/+7 | |
description (confusingly links to actual URL) r/a=mkanat | |||||
2011-12-05 | Forgot to fix all occurences of $cache->{search_columns}->{$user->id}, see ↵ | Frédéric Buclin | 1 | -2/+2 | |
bug 550299 | |||||
2011-12-05 | Bug 550299: User fields are left blank in buglists and whines when local ↵ | Frédéric Buclin | 5 | -40/+24 | |
user accounts are used (i.e. they have no @company.com suffix) r/a=mkanat |