summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2012-11-13Bug 808845 (CVE-2012-5475): [SECURITY] Security vulnerability in YUI's ↵Frédéric Buclin1-0/+0
swfstore.swf in YUI 2.8.2 and 2.9.0 a=LpSolit
2012-11-13Bug 781850 (CVE-2012-4198): [SECURITY] Do not leak the existence of groups ↵Frédéric Buclin2-6/+21
when using User.get() r=dkl a=LpSolit
2012-11-13Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see ↵Frédéric Buclin2-5/+1
as obsolete can disclose its description r=gerv a=LpSolit
2012-11-13Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses ↵Frédéric Buclin2-9/+21
product and component names that the user is not allowed to see r=dkl a=LpSolit
2012-11-03Back out the last checkin, it was already thereFrédéric Buclin1-3/+0
2012-11-03Bug 805647: One more item for the 4.2.4 release notesFrédéric Buclin1-0/+3
2012-11-03Bug 804505: Oracle crashes when typing "word1 word2" in QuickSearch with ↵Frédéric Buclin3-9/+10
"ORA-29907: found duplicate labels in primary invocations" r=dkl a=LpSolit
2012-11-02Bug 806012: Installation docs need to be updated with instructions for bzrFrédéric Buclin2-6/+6
r=dkl a=LpSolit
2012-11-02Fix typoFrédéric Buclin1-1/+1
2012-11-02Bug 807937: Fix PODKoosha Khajeh Moogahi1-6/+7
r/a=LpSolit
2012-10-26Bug 805647: Release notes for Bugzilla 4.2.4Frédéric Buclin1-3/+50
r=dkl
2012-10-25Bug 610767: contrib/convert-workflow.pl should add transitions from RESOLVED ↵Frédéric Buclin1-3/+46
and VERIFIED to CONFIRMED (if transitions to REOPENED were present) r=dkl a=LpSolit
2012-10-19Bug 531243: Bugzilla crashes on show_bug if it's hit while a custom field is ↵Frédéric Buclin1-1/+9
being added r=justdave a=LpSolit
2012-10-19Bug 780053: Oracle crashes when listing keywords or flags in buglistsDavid Taylor1-9/+13
r/a=LpSolit
2012-10-16Bug 799721: PostgreSQL 9.2 requires DBD::Pg 2.19.3Frédéric Buclin1-4/+5
r=glob a=LpSolit
2012-10-14Bug 781314: The behavior of tags changedFrédéric Buclin1-11/+5
r=wicked a=LpSolit
2012-10-13Fix typoFrédéric Buclin1-1/+1
2012-10-12s/sortey/sortkey/gFrédéric Buclin1-2/+2
2012-10-12Bug 790129: Bugzilla->fields returns fields in random order (the sortkey is ↵Simon Green1-2/+3
ignored) r/a=LpSolit
2012-10-12Bug 793826: Prevent private web service methods from being calledKoosha Khajeh Moogahi1-1/+3
r=dkl a=LpSolit
2012-10-11Bug 798994: Fix incorrect double escaping when displaying saved queries URLsSimon Green1-1/+1
r=glob, a=LpSolit
2012-10-09Bug 753635: Allow editing local see also even if you cannot edit the other bugSimon Green1-3/+7
r=glob, a=LpSolit
2012-10-08Bug 652047: checksetup.pl fails to compile/run if the Voting extension is ↵Frédéric Buclin2-1/+33
enabled on a fresh install r=glob a=LpSolit
2012-10-04Bug 790909: Editing dependencies from the "Change Several Bugs at Once" page ↵Frédéric Buclin1-1/+1
does not work as expected (bug IDs are incorrectly parsed) r=dkl a=LpSolit
2012-10-04Bug 788098: Queries involving group substitution crash when ↵Frédéric Buclin2-6/+14
usevisibilitygroups is enabled r=dkl a=LpSolit
2012-10-04Bug 794389: There is no field named 'actual_time' when generating reportsFrédéric Buclin1-0/+4
r=glob a=LpSolit
2012-10-03Bug 757935: Bugs with resolution MOVED cannot be editedFrédéric Buclin1-1/+3
r=glob a=LpSolit
2012-09-29Bug 793893: Tabular reports crash when no format parameter is definedFrédéric Buclin3-7/+5
r=glob a=LpSolit
2012-09-17Bug 761046: Don't redirect when hitting buglist.cgi directly to avoid ↵Byron Jones1-1/+0
duplicate cgi->header calls r=LpSolit, a=LpSolit
2012-09-14Update POD to fix bustage in Perl 5.16.1Frédéric Buclin2-0/+7
r=runtests.pl
2012-09-13Bug 680771 - Send X-XSS-Protection header for XSS prevention/blockingReed Loden1-0/+4
[r=mkanat a=LpSolit]
2012-09-11Bug 790215 - Flag names are not properly escaped when displayed on confirm ↵Reed Loden2-2/+1
user match page [r=LpSolit a=LpSolit]
2012-09-09Bug 671612: Send "X-Content-Type-Options: nosniff" with every responseMatt Selsky3-4/+5
r/a=LpSolit
2012-09-03Bug 786889: Add missing 'Summary (first 60 chars)' header to CSV outputMatt Tyson1-0/+1
r=glob, a=LpSolit
2012-08-30Bumped version post-releaseDave Lawrence1-1/+1
2012-08-30Bump version to 4.2.3Dave Lawrence2-3/+3
2012-08-30Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can ↵Reed Loden1-0/+2
lead to LDAP injection r/a=LpSolit
2012-08-30Bug 785522: [SECURITY] Block access to templates in extensions/Frédéric Buclin1-1/+1
r=glob a=LpSolit
2012-08-30Bug 731156: [Oracle] Adding or removing a DB column does not handle SERIAL ↵Frédéric Buclin2-29/+97
correctly r=dkl a=LpSolit
2012-08-30Bug 786351: Release notes for Bugzilla 4.2.3Frédéric Buclin1-0/+41
r=dkl a=LpSolit
2012-08-29Bug 772620: Ignore empty strings in the CC listFrédéric Buclin1-0/+2
r=dkl a=LpSolit
2012-08-29Bug 786310: Remove tokens when saving the default queryByron Jones1-0/+2
r= LpSolit, a=LpSolit
2012-08-29Fix more bustage caused by Bug 772953Byron Jones1-4/+6
2012-08-29Fix bustage caused by Bug 772953Byron Jones1-1/+4
2012-08-28Bug 772953: Remove the token from buglist urlsByron Jones4-3/+24
r=dkl, a=LpSolit
2012-08-27Bug 785917: Custom field descriptions are not properly escaped when ↵Frédéric Buclin2-2/+1
displayed as bug list column headers r=glob a=LpSolit
2012-08-26Bug 559539: [Oracle] whine.pl sets run_next incorrectly due to CURRENT_DATEDavid Taylor1-3/+5
r/a=LpSolit
2012-08-21Bug 783786: PostgreSQL databases can be created with the wrong encodingFrédéric Buclin1-0/+10
r=dkl a=LpSolit
2012-08-20Bug 698068: The "There is no saved search named ..." page has a "forget" linkFrédéric Buclin3-3/+3
r=glob a=LpSolit
2012-08-15Bug 771100: Unable to attach a file to a bug with perl 5.16Frédéric Buclin1-1/+1
r=dkl a=LpSolit