summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-05-16Bug 1273245 - [SECURITY] Backport upstream bug 1253263 to bmo/4.2 to fix XSS ↵David Lawrence1-1/+7
vulnerability in dependency graphs via bug summary
2016-05-16Bug 1273185 - Add the "Has Regression Range" and "Has STR" flags to the ↵David Lawrence1-0/+4
Firefox Android and Firefox iOS components
2016-05-14Bug 232193 - bmo's systems (webheads, database, etc) should use UTC natively ↵David Lawrence5-83/+159
for o/s timezone and date storage
2016-05-12Bug 1270867 - confusing error message when I was just searching for a bugDylan Hardison2-1/+2
2016-05-12Bug 1270295 - don't update timestamps when the tab is not active / in the ↵David Lawrence3-2/+14
background
2016-05-10Bug 1271635 - XSS when viewing image attachmentsDavid Lawrence1-1/+1
2016-05-09Bug 1271172 - When copying a flag that has a period in the version, the ↵David Lawrence1-2/+12
description is not incremented properly
2016-05-05Bug 1270479 - Unsetting the needinfo checks the needinfo checkboxDavid Lawrence1-1/+1
2016-05-05Bug 1270289 - REST API /bug/comment/render method is not documentedDavid Lawrence1-0/+48
2016-05-05Bug 1263198 - Do not automatically set tracking flags status-firefoxXX ↵David Lawrence1-0/+6
affected for bugs filed under SeaMonkey
2016-05-04Bug 1269795 - [BMO] ImageMagick Is On Fire  (CVE-2016-3714)Dylan William Hardison2-139/+0
2016-05-03Bug 1269236 - Incorrect checking of API tokens possibly leads to CSRF and ↵Dylan Hardison1-9/+6
data disclosure vulnerability for insecure accounts
2016-05-02Add build.platform = linux64, machine.platform = linux64 to taskgraph.json ↵David Lawrence1-4/+28
to remove b2gtest from Treeherder results
2016-04-28Bug 1256051 - Allow MozReview.attachments() to post mozreview-* tags without ↵Dylan Hardison1-7/+14
requiring editbugs
2016-04-27Bug 1235514 - Change color of note regarding changed votesNikhil Handa2-10/+12
2016-04-27Bug 1225214 - Implement very simple request time loggingDylan Hardison1-0/+3
2016-04-22Bug 1195736 - intermittent internal error: "file error - nav_link: not ↵Dylan Hardison5-6/+22
found" (also manifests as fields_lhs: not found)
2016-04-22Bug 1266167 - clickjacking is possible on "view all" and "details" ↵David Lawrence2-2/+2
attachment pages
2016-04-21Bug 1239838 - Don't see a way to redirect a needinfo request (in ↵Byron Jones4-166/+225
Experimental UI)
2016-04-20Bug 1266117 - I have found a bug in the section 2.6.1 in the user guide(2.6) ↵David Lawrence1-1/+1
of BMO documentation. The bug identified is a grammatical error committed in one of the sentences.
2016-04-19Bug 1265432 - backport upstream bug 1263923 to bmo/4.2 - X-Bugzilla-Who ↵David Lawrence1-1/+1
header is not set for flag mails
2016-04-13Revert "Bug 1195736 - intermittent internal error: "file error - nav_link: ↵Dylan William Hardison3-13/+2
not found" (also manifests as fields_lhs: not found)" Test failures result from this, we will need a different approach. This reverts commit 33f61556746e1729746342d802ca7ea9cea18caf.
2016-04-13Bug 1264207 - add support for the hellosplat tracker to 'see also'Byron Jones3-0/+26
2016-04-13Bug 1195736 - intermittent internal error: "file error - nav_link: not ↵Dylan Hardison3-2/+13
found" (also manifests as fields_lhs: not found)
2016-04-12Bug 1263520 - Cannot set r+ back to r? directlyDavid Lawrence2-2/+2
2016-04-07Bug 1260458 - search failing for users who are not members of the insider ↵David Lawrence1-1/+2
group (DBD::mysql::db selectcol_arrayref failed: You have an error in your SQL syntax)
2016-04-04Bug 1259322 - Legal compliance / adding link to footerDavid Lawrence3-12/+23
2016-04-04Bug 1257662 - Disallow clearing a flag if the flag is set to allow granting ↵David Lawrence4-8/+20
by specifc group and changer is not in group
2016-04-04Bug 1197061 - don't create a new session for every authenticated ↵David Lawrence1-0/+7
XMLRPC/JSONRPC call
2016-03-30Bug 1260545 - Legal compliance / adding terms link to new BMO account flowDavid Lawrence1-0/+6
2016-03-25Bug 1253718 - CRM/Email request formDavid Lawrence3-0/+362
2016-03-24Bug 1259266 - Attachment of security issues when viewing a bug are ↵David Lawrence3-3/+15
indistinguishable from any other attachment.
2016-03-23Bug 1251236 - Please show the diff on the attachment details page when a ↵Byron Jones2-65/+86
patch has been reviewed in MozReview
2016-03-22Bug 1258547 - XSS through javascript: callback URLs in auth delegationDylan Hardison2-0/+7
2016-03-21Bug 1252782 - can't add a "See Also" to a Chromium bug on bugs.chromium.orgDavid Lawrence3-0/+51
2016-03-15Bug 1256954 - Multiple Selenium cases are failing after the commit of bug ↵David Lawrence1-1/+1
1253914
2016-03-15Bug 1251442 - Update VP list in Recruiting ProductDavid Lawrence1-0/+1
2016-03-15Bug 1229834 - extend information we [audit] log to the syslogDylan Hardison2-1/+16
2016-03-14Bug 1255272 - Adding a flag via the MozReview batch-attachment API doesn't ↵Dylan Hardison1-0/+3
CC the user
2016-03-10Bug 1252578 - CSRF and SELECT-only SQL execution attack against ↵Dylan Hardison2-0/+2
query_database.html
2016-03-10Bug 1253914 - Cross domain referer leakage when resetting the user passwordDylan Hardison4-1/+8
2016-03-10Bug 1254227 - MozReview auth delegation allows sending out phishing mails ↵Dylan Hardison4-3/+15
via Bugzilla
2016-03-10Bug 1254675 - bug_modal template fails to escape format parameterDavid Lawrence1-1/+1
2016-03-10Bug 1254542 - Reflected XSS in comment-remo-form-payment.txt pageDylan Hardison2-1/+2
2016-03-09Bug 1253483 - MozReview.attachments() doesn't create flags on new attachmentsDylan Hardison1-1/+7
2016-03-08Bug 1252554 - Avoid possibility of XSS in release tracking reportDylan Hardison1-3/+3
2016-03-08Bug 1252445 - Tracking flags configuration is vulnerable to CSRF and causes ↵David Lawrence6-9/+24
persistent XSS
2016-03-08Bug 1251442 - Update VP list in Recruiting ProductDavid Lawrence1-3/+4
2016-03-07Bug 1253691 - In issue-api-key.pl, set the MozReview API key if the ↵Mark Côté1-2/+9
description is 'mozreview'. r=dylan
2016-03-07Bug 1252084 - Warning when entering row into user_request_log when running ↵David Lawrence1-1/+2
commandline script