summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2013-02-19Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵Frédéric Buclin2-6/+6
invalid page format r=glob a=LpSolit
2013-02-19Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence ↵Simon Green4-2/+22
of products and components you cannot access r/a=LpSolit
2013-02-19Bug 832264: Release notes for Bugzilla 4.2.5Frédéric Buclin1-0/+33
r=dkl a=LpSolit
2013-02-17Bug 839950: Cannot search by Change History on multi-select fieldsMatt Tyson1-2/+6
r/a=LpSolit
2013-02-16Bug 840824: It is possible to create a new bug with a non active target ↵Simon Green1-6/+3
milestone, version or component r/a=LpSolit
2013-01-17Bug 752946 - Fixed uninitialized errorDave Lawrence1-1/+1
2013-01-17Bug 752946 - Moving a bug into another product lists inactive components, ↵Dave Lawrence2-7/+26
milestones and versions r/a=LpSolit
2013-01-14Bug 829939: Only build default_authorizer on requestFrédéric Buclin1-1/+1
r=glob a=LpSolit
2013-01-06Bug 826678: Disable warnings about the deprecated Return::Value module when ↵Frédéric Buclin3-0/+19
loading Email::Send r=wicked a=LpSolit
2013-01-03Bug 824616: The urlbase field in global/header.html.tmpl must be filteredMatt Selsky1-1/+1
r/a=LpSolit
2013-01-02Bug 825524: When cloning a bug, the "We've made a guess at your operating ↵Sunil Joshi1-1/+1
system and platform" message should not be displayed r/a=LpSolit
2012-12-19Bug 818621: Perl 5.16 complains with "Variable length lookbehind not ↵Frédéric Buclin1-1/+7
implemented in regex" when the Example extension is enabled r=dkl a=LpSolit
2012-12-17Bug 818890: Bugzilla doesn't obey the "Comment required on status ↵Alexander Tereschenko1-1/+1
transition" for {Start}-> transition (for new bugs) r/a=LpSolit
2012-12-16Bug 406758: The help page for keywords uses "tag", but tags are something elseSunil Joshi1-1/+1
r/a=LpSolit
2012-12-16Bug 806809: Custom field values with "Enabled for bugs" set to "No" break ↵Alexander Tereschenko1-0/+1
the values list if the field's values visibility depends on another field values r/a=LpSolit
2012-12-07Bug 818007: Searching by commenter is slowFrédéric Buclin1-1/+1
r=dkl a=LpSolit
2012-11-29Bug 579189 - New methods added to Bugzilla/User.pm by bug 24896 have no PODHugo1-0/+29
r=dkl, a=LpSolit
2012-11-23Bug 385283: bz_webservice_demo.pl --product-name fails (Product.get_product ↵Thorsten Schöning1-9/+17
no longer exists) Part 2: correctly display components, milestones and versions r/a=LpSolit
2012-11-20Bug 640756 - Make the documentation clearer that attachments created with ↵Dave Miller1-1/+3
Bug.add_attachment must by of type 'base64' when non-ASCII . r=LpSolit, a=LpSolit
2012-11-20Bug 385283: bz_webservice_demo.pl --product-name fails (Product.get_product ↵Thorsten Schöning1-4/+4
no longer exists) r/a=LpSolit
2012-11-14Bump version post-releaseDave Lawrence1-1/+1
https://bugzilla.mozilla.org/show_bug.cgi?id=805644
2012-11-13Bump version to 4.2.4Dave Lawrence2-3/+3
https://bugzilla.mozilla.org/show_bug.cgi?id=805644
2012-11-13Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped ↵Frédéric Buclin2-2/+2
correctly in tabular reports r=dkl a=LpSolit
2012-11-13Bug 808845 (CVE-2012-5475): [SECURITY] Security vulnerability in YUI's ↵Frédéric Buclin1-0/+0
swfstore.swf in YUI 2.8.2 and 2.9.0 a=LpSolit
2012-11-13Bug 781850 (CVE-2012-4198): [SECURITY] Do not leak the existence of groups ↵Frédéric Buclin2-6/+21
when using User.get() r=dkl a=LpSolit
2012-11-13Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see ↵Frédéric Buclin2-5/+1
as obsolete can disclose its description r=gerv a=LpSolit
2012-11-13Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses ↵Frédéric Buclin2-9/+21
product and component names that the user is not allowed to see r=dkl a=LpSolit
2012-11-03Back out the last checkin, it was already thereFrédéric Buclin1-3/+0
2012-11-03Bug 805647: One more item for the 4.2.4 release notesFrédéric Buclin1-0/+3
2012-11-03Bug 804505: Oracle crashes when typing "word1 word2" in QuickSearch with ↵Frédéric Buclin3-9/+10
"ORA-29907: found duplicate labels in primary invocations" r=dkl a=LpSolit
2012-11-02Bug 806012: Installation docs need to be updated with instructions for bzrFrédéric Buclin2-6/+6
r=dkl a=LpSolit
2012-11-02Fix typoFrédéric Buclin1-1/+1
2012-11-02Bug 807937: Fix PODKoosha Khajeh Moogahi1-6/+7
r/a=LpSolit
2012-10-26Bug 805647: Release notes for Bugzilla 4.2.4Frédéric Buclin1-3/+50
r=dkl
2012-10-25Bug 610767: contrib/convert-workflow.pl should add transitions from RESOLVED ↵Frédéric Buclin1-3/+46
and VERIFIED to CONFIRMED (if transitions to REOPENED were present) r=dkl a=LpSolit
2012-10-19Bug 531243: Bugzilla crashes on show_bug if it's hit while a custom field is ↵Frédéric Buclin1-1/+9
being added r=justdave a=LpSolit
2012-10-19Bug 780053: Oracle crashes when listing keywords or flags in buglistsDavid Taylor1-9/+13
r/a=LpSolit
2012-10-16Bug 799721: PostgreSQL 9.2 requires DBD::Pg 2.19.3Frédéric Buclin1-4/+5
r=glob a=LpSolit
2012-10-14Bug 781314: The behavior of tags changedFrédéric Buclin1-11/+5
r=wicked a=LpSolit
2012-10-13Fix typoFrédéric Buclin1-1/+1
2012-10-12s/sortey/sortkey/gFrédéric Buclin1-2/+2
2012-10-12Bug 790129: Bugzilla->fields returns fields in random order (the sortkey is ↵Simon Green1-2/+3
ignored) r/a=LpSolit
2012-10-12Bug 793826: Prevent private web service methods from being calledKoosha Khajeh Moogahi1-1/+3
r=dkl a=LpSolit
2012-10-11Bug 798994: Fix incorrect double escaping when displaying saved queries URLsSimon Green1-1/+1
r=glob, a=LpSolit
2012-10-09Bug 753635: Allow editing local see also even if you cannot edit the other bugSimon Green1-3/+7
r=glob, a=LpSolit
2012-10-08Bug 652047: checksetup.pl fails to compile/run if the Voting extension is ↵Frédéric Buclin2-1/+33
enabled on a fresh install r=glob a=LpSolit
2012-10-04Bug 790909: Editing dependencies from the "Change Several Bugs at Once" page ↵Frédéric Buclin1-1/+1
does not work as expected (bug IDs are incorrectly parsed) r=dkl a=LpSolit
2012-10-04Bug 788098: Queries involving group substitution crash when ↵Frédéric Buclin2-6/+14
usevisibilitygroups is enabled r=dkl a=LpSolit
2012-10-04Bug 794389: There is no field named 'actual_time' when generating reportsFrédéric Buclin1-0/+4
r=glob a=LpSolit
2012-10-03Bug 757935: Bugs with resolution MOVED cannot be editedFrédéric Buclin1-1/+3
r=glob a=LpSolit