Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-02-22 | Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC ↵ | Dave Lawrence | 2 | -0/+16 | |
API when using mod_perl r/a=LpSolit | |||||
2012-02-16 | Bug 723944: Plain-text only emails are mangled when they contain non-ASCII ↵ | Frédéric Buclin | 1 | -1/+5 | |
characters r=glob a=LpSolit | |||||
2012-02-15 | Bug 724464 - JSON-RPC support shouldn't require SOAP::Lite | Dave Lawrence | 2 | -20/+14 | |
r/a=LpSolit | |||||
2012-02-15 | Bug 722113: The profile_search table has a wrong index name | Frédéric Buclin | 2 | -1/+7 | |
r=glob a=LpSolit | |||||
2012-02-14 | Bug 727240: The POD for Bug.attachments is wrong about the format of the ↵ | Frédéric Buclin | 1 | -16/+10 | |
returned data r=dkl a=LpSolit | |||||
2012-02-01 | Bump the version number post-release | Dave Lawrence | 1 | -1/+1 | |
2012-01-31 | Bumped to version 4.2rc2 | Dave Lawrence | 1 | -1/+1 | |
2012-01-31 | (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can ↵ | Frédéric Buclin | 1 | -1/+13 | |
lead to CSRF (no victim's action required) r=mkanat a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=718319 | |||||
2012-01-31 | Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email ↵ | Frédéric Buclin | 2 | -2/+2 | |
addresses, which could allow an attacker to be CC'ed to private bugs by accident r=glob a=LpSolit | |||||
2012-01-31 | Bug 714446: Product.create default behavior is broken and inconsistent with POD | Frédéric Buclin | 1 | -17/+29 | |
r=dkl a=LpSolit | |||||
2012-01-27 | Bug 721715: URLs in the See Also field must be detainted before inserted ↵ | Frédéric Buclin | 1 | -4/+3 | |
into the DB r=dkl a=LpSolit | |||||
2012-01-25 | Bug 717217: The regexp in Bugzilla::BugUrl::JIRA::should_handle() isn't | Simon Green | 1 | -1/+1 | |
restrictive enough (min two letters required) r=timello, a=LpSolit | |||||
2012-01-24 | Bug 718183: Rename duplicated series names before inserting the new index in ↵ | Frédéric Buclin | 1 | -0/+31 | |
the series table r=dkl a=LpSolit | |||||
2012-01-24 | Bug 715870: [Oracle] Related sequences and triggers must be removed when ↵ | Frédéric Buclin | 1 | -1/+19 | |
dropping a table r=mkanat a=LpSolit | |||||
2012-01-24 | Bug 633061: Require Apache2::SizeLimit 0.96 for proper operation on Linux | Max Kanat-Alexander | 1 | -3/+2 | |
r=dkl a=mkanat | |||||
2012-01-12 | Bug 715731 - profile_search.user_id should have a FK pointing to profiles.userid | Dave Lawrence | 1 | -1/+4 | |
r/a=LpSolit | |||||
2012-01-12 | Bug 715902: Do not log personal common activities in audit_log | Frédéric Buclin | 8 | -3/+23 | |
r=dkl a=LpSolit | |||||
2012-01-11 | Bug 716227: When checksetup.pl tells the admin that he should edit variables ↵ | Frédéric Buclin | 1 | -3/+6 | |
in localconfig, the message should be red r=timello a=LpSolit | |||||
2012-01-05 | Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due ↵ | Frédéric Buclin | 1 | -1/+12 | |
to non-backward compatibility r=dkl r=mkanat a=LpSolit | |||||
2011-12-29 | Bump the version number post-release | Dave Lawrence | 1 | -1/+1 | |
2011-12-29 | Bump version for 4.2rc1 | Dave Lawrence | 1 | -1/+1 | |
2011-12-28 | Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email ↵ | Frédéric Buclin | 3 | -19/+45 | |
WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account r=dkl a=LpSolit | |||||
2011-12-28 | Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or ↵ | Byron Jones | 1 | -1/+1 | |
tabular and graphical reports in debug mode r=gerv, a=LpSolit | |||||
2011-12-28 | Bug 713144: The SQL query to remove older searches from the profile_search ↵ | Frédéric Buclin | 1 | -6/+8 | |
table should be more robust r=dkl a=LpSolit | |||||
2011-12-26 | Bug 683644: Foreign keys aren't renamed correctly when DB tables are renamed | Frédéric Buclin | 6 | -29/+120 | |
r=wicked a=LpSolit | |||||
2011-12-19 | Bug 711925: Update from 4.0 or older to 4.2 or trunk fails when bug_see_also ↵ | Frédéric Buclin | 2 | -2/+2 | |
field is populated r=wicked a=LpSolit | |||||
2011-12-16 | Last Comment Bug 685611 - delta_ts is updated even when no changes are made ↵ | Dave Lawrence | 3 | -3/+35 | |
to bugs created via WebServices r/a=LpSolit | |||||
2011-12-13 | Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible ↵ | Reed Loden | 1 | -2/+7 | |
unauthorized account creation e-mail request [r=mkanat a=mkanat] | |||||
2011-12-09 | Bug 644281: When the sort order of a buglist is modified, the "Show next bug ↵ | Frédéric Buclin | 1 | -13/+12 | |
in my list" user pref still uses the original sort order to decide which bug to display next r=glob a=LpSolit | |||||
2011-12-06 | Bug 657290: Bug.add_attachment() stores truncated timestamps in the DB ↵ | Frédéric Buclin | 1 | -1/+4 | |
(seconds are missing) r=dkl a=mkanat | |||||
2011-12-05 | Bug 692354: Incorrect parameter type in WebServices documentation for ↵ | Matt Selsky | 1 | -1/+1 | |
Bug.add_comment r/a=mkanat | |||||
2011-12-05 | Forgot to fix all occurences of $cache->{search_columns}->{$user->id}, see ↵ | Frédéric Buclin | 1 | -2/+2 | |
bug 550299 | |||||
2011-12-05 | Bug 550299: User fields are left blank in buglists and whines when local ↵ | Frédéric Buclin | 5 | -40/+24 | |
user accounts are used (i.e. they have no @company.com suffix) r/a=mkanat | |||||
2011-12-05 | Bug 707594: Fix broken account lockout notifications | Byron Jones | 1 | -1/+2 | |
r=LpSolit, a=LpSolit | |||||
2011-12-05 | Bug 701350: Oracle crashes if the 'maxattachmentsize' parameter is set to a ↵ | Frédéric Buclin | 1 | -2/+6 | |
too small value r/a=mkanat | |||||
2011-11-29 | Bug 686971: Fix add_see_also to ignore empty values | Tiago Mello | 1 | -0/+1 | |
r/a=LpSolit | |||||
2011-11-28 | Bug 687725: Adding a local bug ID in the See Also field isn't logged in the ↵ | Tiago Mello | 2 | -66/+34 | |
bug history of that bug r/a=LpSolit | |||||
2011-11-28 | Bug 705393: Improve the error message thrown by Update.pm when ↵ | Frédéric Buclin | 2 | -13/+20 | |
updates.bugzilla.org is unavailable r=glob a=LpSolit | |||||
2011-11-26 | Bug 368250: collectstats.pl creates files with wrong ownership | Frédéric Buclin | 1 | -0/+27 | |
r/a=mkanat | |||||
2011-11-26 | Bug 255606: Do not let buglist.cgi return all bugs by default | Frédéric Buclin | 3 | -1/+11 | |
r/a=mkanat | |||||
2011-11-19 | cancelled -> canceled | Frédéric Buclin | 1 | -1/+1 | |
https://bugzilla.mozilla.org/show_bug.cgi?id=703788 | |||||
2011-11-19 | Bug 703788: Improve performance of diff_arrays() with large arrays | Frédéric Buclin | 1 | -26/+29 | |
r/a=mkanat | |||||
2011-11-18 | Make Login/Stack.pm refuse to continue down the stack if an Auth method ↵ | Gervase Markham | 1 | -2/+8 | |
returns an explicit failure. r=dkl, a=mkanat. https://bugzilla.mozilla.org/show_bug.cgi?id=698423 | |||||
2011-11-15 | Bug 702208: TheSchwartz should not open a new db connection for each email | Byron Jones | 1 | -0/+6 | |
r=mkanat, a=mkanat | |||||
2011-10-24 | Bug 685552 - Email auto-completion causes server to thrash | David Lawrence | 1 | -0/+6 | |
r/a=mkanat | |||||
2011-10-23 | Bug 690173: Cannot delete user accounts due to FK on audit_log | miketosh | 3 | -1/+26 | |
r/a=mkanat | |||||
2011-10-19 | Bug 686963: Setting the work time using the Bug.update WebService method | Tiago Mello | 1 | -7/+9 | |
requires a comment. r/a=LpSolit | |||||
2011-10-15 | Bug 689862: Fix Product.get to only return the Classification name, | Tiago Mello | 1 | -17/+2 | |
instead of all the classification info. r/a=LpSolit | |||||
2011-10-15 | Bug 691243: Fix typo | Matt Selsky | 1 | -1/+1 | |
r/a=LpSolit | |||||
2011-10-04 | $user->is_mover no longer exists, see bug 556422 | Frédéric Buclin | 1 | -6/+0 | |