summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-04-04no bug - add mailmap file to fix historical statsDylan William Hardison1-0/+85
2018-04-04Bug 1446431 - Allow Baseline scan to ignore forms that dont need CSRF TokensSimon Bennetts11-14/+14
The data-no-csrf attribute is used to signify that a form is 'safe' (ie doesn't actually make any permanent changes) and so doesn't need an anti-csrf token.
2018-04-04Bug 1447028 - Add auth delegation test scriptDylan William Hardison3-0/+89
2018-04-04no bug - add dev build pipeline to circleciDylan William Hardison2-0/+37
2018-04-04no bug - circleci config tweaksDylan William Hardison2-10/+28
2018-04-03Bug 1450920 - Don't pass blank API token to JSON-PRC in instant searchVladimir Panteleev1-2/+4
When an API token is seen by JSON-RPC, it will attempt to authenticate it, including blank tokens (empty strings). Thus, avoid passing an empty string in the first place. The pattern to pass an empty string if the absence of BUGZILLA.api_token is the most common way to include the Bugzilla_api_token in the JSON-PRC requests. However, most places which pass a token to JSON-RPC in JavaScript are in contexts where a user is expected to be logged in, and this is not the case for instant search. Although this could have been fixed by patching Bugzilla::Auth::Login::Cookie::get_login_info to treat empty API tokens as if none were given, this method was chosen, as this is also the approach used in the ProdCompSearch extension (where a login session also does not need to be required), and to avoid possible breakage in JSON-RPC consumers.
2018-04-02Bug 1450283 - JobQueue should treat "no jobs" as a trace-level message, and ↵Dylan William Hardison1-1/+6
all other logs as info
2018-03-30bump version to 20180330.1Dylan William Hardison1-1/+1
2018-03-30Bug 1450343 - Make the SES handler use Bugzilla::Logging and log more detailsDylan William Hardison2-69/+85
2018-03-30bump base image to bmo-slim:20180330.1Dylan William Hardison2-2/+2
2018-03-29Bug 1441244 - prevent compounding error messages in testsDylan William Hardison1-6/+4
2018-03-29Bug 1447027 - Change default mail method for vagrant and update READMEIsrael Madueme3-1/+50
Updates the default mail_delivery_method to be Sendmail for vagrant development. This allows developers to connect to the imap server running at bmo-web.vm:143 to view mail using a real mail client. The default method remains the same for docker users, 'Test'. Both methods are described in the README in a new section.
2018-03-29Bug 1441897 - Improve opengraph metadata for bug pagesIsrael Madueme1-1/+6
2018-03-29Bug 1450010 - The jobqueue supervisor's pidfile should not be stored in the ↵Dylan William Hardison1-2/+2
data directory
2018-03-29Bug 1450008 - documentation link in API errors is wrongDylan William Hardison2-6/+2
2018-03-29Bug 1200695 - API-key-creation emails should reflect if the action was a ↵Israel Madueme1-0/+8
result of auth delegation
2018-03-29Bug 1441063: Fix the unaccepted revision comment (PhabBugz)Piotr Zalewa1-1/+7
* PhabBugz: Fix the unaccepted revision comment Summary: Currently, we're sending the "User removed from revision" comment when the Accept flag has been removed from a revision. This could happen in a number of use cases: 1. The reviewer resigned from being a reviewer. 2. The reviewer has been removed from reviewers list. 3. Someone (author, reviewer) removed acceptance of the revision by changing its status to "Needs Review". This patch is sending a "flag is deactivated" or "reviewer removed from revision" depending on the current status of the reviewer. Test Plan: Accept a revision. Change the revision to "Needs Review". Check the bug comment. Accept the revision. Remove the user from reviewers list. Check the bug comment. Reviewers: dkl Bug #: 1441063 Differential Revision: https://phabricator.services.mozilla.com/D809 * Styling fixed as requested in review. * Perl style fixes
2018-03-28bump version to 20180328.1Dylan William Hardison1-1/+1
2018-03-28no bug - always build latest tagDylan William Hardison1-9/+12
2018-03-28no bug - skip tests if the only thing changed is the versionDylan William Hardison1-8/+42
2018-03-28no bug - existing tag is non-fatalDylan William Hardison1-3/+0
2018-03-28Bug 1449168 - Remove warning --function from jobqueue workerDylan William Hardison1-3/+3
2018-03-28Bug 1449156 - Bugzilla::Memcached should use smaller timeouts and ping ↵Dylan William Hardison1-5/+19
servers at instantiation time
2018-03-28Bug 1449413 - Refactor circleci container building stuffDylan William Hardison4-26/+276
2018-03-27Bug 1440829 - Bugzilla comment for Phabricator commit should include entire ↵dklawren3-7/+9
commit message, not just first line
2018-03-27bump version to 20180327.1Dylan William Hardison1-1/+1
2018-03-27Bug 1448681 - Bugmail Message-ID header format changed without changing ↵byron jones1-5/+4
In-Reply-To/References, breaking threading
2018-03-26bump version to 20180326.1Dylan William Hardison1-1/+1
2018-03-26no bug - run jobqueue fasterDylan William Hardison1-1/+1
2018-03-26no bug - fix jobqueue command to run with multiplexed json outputDylan William Hardison1-1/+2
2018-03-26no bug - TheSchwartz debug log is really more like info level in how we have ↵Dylan William Hardison1-1/+1
used it
2018-03-26no bug - add interdiffDylan William Hardison3-3/+3
2018-03-24bump version to 20180324.1Dylan William Hardison1-1/+1
2018-03-24no bug - enable HTTPS the proper wayDylan William Hardison1-1/+1
2018-03-23bump version to 20180323.1Dylan William Hardison1-1/+1
2018-03-23no bug - increase httpd limitsDylan William Hardison1-1/+2
2018-03-23Bug 1447410 - Make it so you can always request review from .bugs or .tld ↵Dylan William Hardison1-0/+2
accounts
2018-03-23Bug 1446974 - Revert changes of the subscribers list on secure revisionsdklawren1-3/+5
2018-03-22bump version to 20180321.1Dylan William Hardison1-1/+1
2018-03-22Bug 1447669 - follow-up fix - use override shadowsdb value to determine to ↵Dylan William Hardison1-1/+1
use it or not
2018-03-22Bug 1399713 - ensure existing production redirects work in a cloud hosted ↵Dylan William Hardison5-0/+117
environment
2018-03-21Bug 1447669 - Add localconfig parameter for changing shadowdb user and passIsrael Madueme3-2/+21
2018-03-21Bug 1444008 - Fix sanity tests for unfiltered urlbaseDylan William Hardison2-2/+2
2018-03-20bump version to 20180320.3Dylan William Hardison1-1/+1
2018-03-20no bug - remove debugging for nowDylan William Hardison1-8/+10
2018-03-20bump version to 20180320.2Dylan William Hardison1-1/+1
2018-03-20Bug 1444008 - Form action injection in Bugzilla /user_profile (leads to ↵Dylan William Hardison3-5/+5
XSS/single-factor credential leakage)
2018-03-20bump version to 20180320.1Dylan William Hardison1-1/+1
2018-03-20Bug 1447289 - heartbeat check should not check for enabled featuresDylan William Hardison1-1/+0
2018-03-20Bug 1447291 - Remove Apache2::Log from PhabBugs/Push in favor of logging ↵Dylan William Hardison5-112/+63
framework