summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2014-07-24Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to ↵Simon Green1-2/+3
avoid swf content type sniff vulnerability r=glob,a=sgreen
2014-07-24Bump version to 4.2.10David Lawrence2-3/+3
2014-07-24Bug 1042088 - Release notes for 4.2.10David Lawrence1-0/+6
r=glob
2014-05-15Bug 1011250 - Updates IRC notification text to include commit message and ↵David Lawrence1-4/+9
also send to #bugzilla
2014-05-15Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ciDavid Lawrence1-1/+1
- Only run webservices for Pg and MySQL with Perl 5.12 due to interaction bug in 5.10
2014-05-14Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ciDavid Lawrence1-1/+1
- Only run webservices for Pg with Perl 5.12 due to interaction bug in 5.10
2014-05-08Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ciDavid Lawrence1-0/+6
- Added the PostgreSQL webservices/selenium tests
2014-05-07Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ciDavid Lawrence1-7/+5
2014-05-02Bug 995209 - Create a Build.PL script using Module::Build for ↵David Lawrence1-1/+1
testing/installing/packaging of Bugzilla code - Fixed incorrect package name Apache-SizeLimit
2014-05-02Bug 983275 - Switch Bugzilla's CI testing from Tinderbox to travis-ciDavid Lawrence1-0/+39
2014-05-01Bug 995209 - Create a Build.PL script using Module::Build for ↵David Lawrence2-0/+114
testing/installing/packaging of Bugzilla code r=glob,a=justdave
2014-04-21Bumped version post-releaseDavid Lawrence2-2/+2
2014-04-19Bump version to 4.2.9David Lawrence2-3/+3
2014-04-18Bug 998484: Release notes for Bugzilla 4.2.9Frédéric Buclin1-0/+7
r=dkl a=justdave
2014-04-18Bug 998323 - URLs pasted in comments are no longer displayedDavid Lawrence1-14/+11
r=LpSolit,a=justdave
2014-04-17Bumped version post-releaseDavid Lawrence2-2/+2
2014-04-17Bump version to 4.2.8David Lawrence2-4/+4
2014-04-17Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla textManish Goregaokar4-2/+17
r=glob a=justdave
2014-04-15Bug 996168: Release notes for Bugzilla 4.2.8Frédéric Buclin1-0/+31
r=dkl a=justdave
2014-03-14Copied over .bzrignore to .gitignoreDavid Lawrence1-0/+32
2013-12-21Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and ↵Frédéric Buclin1-1/+1
using a non-cookie based authentication method r=dkl a=justdave
2013-12-05Bug 942599: Documentation about possible_duplicates() lists 'products' as ↵Frédéric Buclin1-1/+1
argument instead of 'product' r=dkl a=justdave
2013-12-02Bug 938300: vers_cmp() incorrectly compares module versionsFrédéric Buclin1-15/+14
r=sgreen a=justdave
2013-12-02Bug 781672: checksetup.pl fails to check the version of the latest ↵Frédéric Buclin1-2/+9
Apache2::SizeLimit release (it throws "Invalid version format (non-numeric data)") r=dkl a=justdave
2013-11-14Bug 938161: sql_date_format() method for SQLite has an incorrect default formatFrédéric Buclin1-1/+1
r/a=glob
2013-11-13Bug 843457: PROJECT environment variable is not honored when mod_perl is enabledFrédéric Buclin1-3/+11
r/a=glob
2013-10-17Bump version post-releaseDave Lawrence1-1/+1
2013-10-16Bump version to 4.2.7Dave Lawrence2-3/+3
2013-10-16Bug 924932: (CVE-2013-1743) [SECURITY] Field values are (still) not escaped ↵Frédéric Buclin1-14/+24
correctly in tabular reports r=dkl a=glob
2013-10-16Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not ↵Frédéric Buclin2-5/+3
sanitized when editing flag types if categoryAction-foo is set r=dkl a=glob
2013-10-16Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachmentsFrédéric Buclin1-8/+11
r=dkl a=sgreen
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence1-1/+1
and allowing easier brute force r=LpSolit,a=sgreen
2013-10-16Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵Dave Lawrence1-3/+3
total entropy and allowing easier brute force r=LpSolit,a=sgreen
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence3-8/+24
and allowing easier brute force r=LpSolit,a=glob
2013-10-12Bug 912640: Release notes for Bugzilla 4.2.7Frédéric Buclin1-0/+30
r=dkl a=LpSolit
2013-09-27Bug 914262: KHTML-based browsers such as Konqueror do not support the ↵Frédéric Buclin1-1/+1
Server-Push technology r=dkl a=justdave
2013-09-23Bug 919475: [Oracle] Crash when non-mandatory free text custom fields are ↵Jiří Netolický1-0/+4
left empty on bug creation r=LpSolit a=justdave
2013-09-03Bug 848063: [Oracle] importxml.pl fails with ORA-01830: comment timestamps ↵Mateusz Kuśmierczyk1-1/+1
are not correctly formatted r=LpSolit a=sgreen
2013-08-10Back out bug 868330 for the 4.2 branch. This is not a security fixFrédéric Buclin2-13/+4
2013-08-09Bug 902515: Internet Explorer 11 receives multipart/x-mixed-replace content ↵Frédéric Buclin1-1/+1
from buglist.cgi r=dkl a=sgreen
2013-08-09Bug 868330 - Password creation directions incompleteSunil Joshi2-4/+13
r=sgreen, a=sgreen
2013-08-09Bug 897264 - letters_numbers_specialchars password restriction is incorrectSimon Green2-16/+16
r=LpSolit, a=sgreen
2013-08-07Bug 901620 - Grammar error in the documentationSunil Joshi1-1/+1
r=sgreen, a=glob
2013-07-24Bug 880653 - Add POD for Bug.possible_duplicates webserviceDave Lawrence1-0/+53
r=LpSolit,a=sgreen
2013-07-15Bug 787328 - xmlrpc.cgi doesn't send any security-related headersDave Lawrence1-2/+10
r=glob,a=justdave
2013-05-22Bump version post-releaseDave Lawrence1-1/+1
2013-05-22Bump version to 4.2.6Dave Lawrence2-3/+3
2013-05-22Bug 828344: add missing xt broken testsByron Jones1-2/+23
2013-05-20Bug 828344: "contains all of the words" no longer looks for all words within ↵Byron Jones8-58/+251
the same comment or flag r=LpSolit, a=LpSolit
2013-05-18Bug 870701: Release notes for Bugzilla 4.2.6Frédéric Buclin1-0/+25
r=dkl a=LpSolit