Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2014-07-24 | Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to ↵ | Simon Green | 1 | -2/+3 | |
avoid swf content type sniff vulnerability r=glob,a=sgreen | |||||
2014-07-24 | Bump version to 4.2.10 | David Lawrence | 2 | -3/+3 | |
2014-07-24 | Bug 1042088 - Release notes for 4.2.10 | David Lawrence | 1 | -0/+6 | |
r=glob | |||||
2014-05-15 | Bug 1011250 - Updates IRC notification text to include commit message and ↵ | David Lawrence | 1 | -4/+9 | |
also send to #bugzilla | |||||
2014-05-15 | Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci | David Lawrence | 1 | -1/+1 | |
- Only run webservices for Pg and MySQL with Perl 5.12 due to interaction bug in 5.10 | |||||
2014-05-14 | Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci | David Lawrence | 1 | -1/+1 | |
- Only run webservices for Pg with Perl 5.12 due to interaction bug in 5.10 | |||||
2014-05-08 | Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci | David Lawrence | 1 | -0/+6 | |
- Added the PostgreSQL webservices/selenium tests | |||||
2014-05-07 | Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci | David Lawrence | 1 | -7/+5 | |
2014-05-02 | Bug 995209 - Create a Build.PL script using Module::Build for ↵ | David Lawrence | 1 | -1/+1 | |
testing/installing/packaging of Bugzilla code - Fixed incorrect package name Apache-SizeLimit | |||||
2014-05-02 | Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ci | David Lawrence | 1 | -0/+39 | |
2014-05-01 | Bug 995209 - Create a Build.PL script using Module::Build for ↵ | David Lawrence | 2 | -0/+114 | |
testing/installing/packaging of Bugzilla code r=glob,a=justdave | |||||
2014-04-21 | Bumped version post-release | David Lawrence | 2 | -2/+2 | |
2014-04-19 | Bump version to 4.2.9 | David Lawrence | 2 | -3/+3 | |
2014-04-18 | Bug 998484: Release notes for Bugzilla 4.2.9 | Frédéric Buclin | 1 | -0/+7 | |
r=dkl a=justdave | |||||
2014-04-18 | Bug 998323 - URLs pasted in comments are no longer displayed | David Lawrence | 1 | -14/+11 | |
r=LpSolit,a=justdave | |||||
2014-04-17 | Bumped version post-release | David Lawrence | 2 | -2/+2 | |
2014-04-17 | Bump version to 4.2.8 | David Lawrence | 2 | -4/+4 | |
2014-04-17 | Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text | Manish Goregaokar | 4 | -2/+17 | |
r=glob a=justdave | |||||
2014-04-15 | Bug 996168: Release notes for Bugzilla 4.2.8 | Frédéric Buclin | 1 | -0/+31 | |
r=dkl a=justdave | |||||
2014-03-14 | Copied over .bzrignore to .gitignore | David Lawrence | 1 | -0/+32 | |
2013-12-21 | Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and ↵ | Frédéric Buclin | 1 | -1/+1 | |
using a non-cookie based authentication method r=dkl a=justdave | |||||
2013-12-05 | Bug 942599: Documentation about possible_duplicates() lists 'products' as ↵ | Frédéric Buclin | 1 | -1/+1 | |
argument instead of 'product' r=dkl a=justdave | |||||
2013-12-02 | Bug 938300: vers_cmp() incorrectly compares module versions | Frédéric Buclin | 1 | -15/+14 | |
r=sgreen a=justdave | |||||
2013-12-02 | Bug 781672: checksetup.pl fails to check the version of the latest ↵ | Frédéric Buclin | 1 | -2/+9 | |
Apache2::SizeLimit release (it throws "Invalid version format (non-numeric data)") r=dkl a=justdave | |||||
2013-11-14 | Bug 938161: sql_date_format() method for SQLite has an incorrect default format | Frédéric Buclin | 1 | -1/+1 | |
r/a=glob | |||||
2013-11-13 | Bug 843457: PROJECT environment variable is not honored when mod_perl is enabled | Frédéric Buclin | 1 | -3/+11 | |
r/a=glob | |||||
2013-10-17 | Bump version post-release | Dave Lawrence | 1 | -1/+1 | |
2013-10-16 | Bump version to 4.2.7 | Dave Lawrence | 2 | -3/+3 | |
2013-10-16 | Bug 924932: (CVE-2013-1743) [SECURITY] Field values are (still) not escaped ↵ | Frédéric Buclin | 1 | -14/+24 | |
correctly in tabular reports r=dkl a=glob | |||||
2013-10-16 | Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not ↵ | Frédéric Buclin | 2 | -5/+3 | |
sanitized when editing flag types if categoryAction-foo is set r=dkl a=glob | |||||
2013-10-16 | Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachments | Frédéric Buclin | 1 | -8/+11 | |
r=dkl a=sgreen | |||||
2013-10-16 | Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵ | Dave Lawrence | 1 | -1/+1 | |
and allowing easier brute force r=LpSolit,a=sgreen | |||||
2013-10-16 | Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵ | Dave Lawrence | 1 | -3/+3 | |
total entropy and allowing easier brute force r=LpSolit,a=sgreen | |||||
2013-10-16 | Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵ | Dave Lawrence | 3 | -8/+24 | |
and allowing easier brute force r=LpSolit,a=glob | |||||
2013-10-12 | Bug 912640: Release notes for Bugzilla 4.2.7 | Frédéric Buclin | 1 | -0/+30 | |
r=dkl a=LpSolit | |||||
2013-09-27 | Bug 914262: KHTML-based browsers such as Konqueror do not support the ↵ | Frédéric Buclin | 1 | -1/+1 | |
Server-Push technology r=dkl a=justdave | |||||
2013-09-23 | Bug 919475: [Oracle] Crash when non-mandatory free text custom fields are ↵ | Jiří Netolický | 1 | -0/+4 | |
left empty on bug creation r=LpSolit a=justdave | |||||
2013-09-03 | Bug 848063: [Oracle] importxml.pl fails with ORA-01830: comment timestamps ↵ | Mateusz Kuśmierczyk | 1 | -1/+1 | |
are not correctly formatted r=LpSolit a=sgreen | |||||
2013-08-10 | Back out bug 868330 for the 4.2 branch. This is not a security fix | Frédéric Buclin | 2 | -13/+4 | |
2013-08-09 | Bug 902515: Internet Explorer 11 receives multipart/x-mixed-replace content ↵ | Frédéric Buclin | 1 | -1/+1 | |
from buglist.cgi r=dkl a=sgreen | |||||
2013-08-09 | Bug 868330 - Password creation directions incomplete | Sunil Joshi | 2 | -4/+13 | |
r=sgreen, a=sgreen | |||||
2013-08-09 | Bug 897264 - letters_numbers_specialchars password restriction is incorrect | Simon Green | 2 | -16/+16 | |
r=LpSolit, a=sgreen | |||||
2013-08-07 | Bug 901620 - Grammar error in the documentation | Sunil Joshi | 1 | -1/+1 | |
r=sgreen, a=glob | |||||
2013-07-24 | Bug 880653 - Add POD for Bug.possible_duplicates webservice | Dave Lawrence | 1 | -0/+53 | |
r=LpSolit,a=sgreen | |||||
2013-07-15 | Bug 787328 - xmlrpc.cgi doesn't send any security-related headers | Dave Lawrence | 1 | -2/+10 | |
r=glob,a=justdave | |||||
2013-05-22 | Bump version post-release | Dave Lawrence | 1 | -1/+1 | |
2013-05-22 | Bump version to 4.2.6 | Dave Lawrence | 2 | -3/+3 | |
2013-05-22 | Bug 828344: add missing xt broken tests | Byron Jones | 1 | -2/+23 | |
2013-05-20 | Bug 828344: "contains all of the words" no longer looks for all words within ↵ | Byron Jones | 8 | -58/+251 | |
the same comment or flag r=LpSolit, a=LpSolit | |||||
2013-05-18 | Bug 870701: Release notes for Bugzilla 4.2.6 | Frédéric Buclin | 1 | -0/+25 | |
r=dkl a=LpSolit |