summaryrefslogtreecommitdiffstats
path: root/Bugzilla
AgeCommit message (Collapse)AuthorFilesLines
2014-10-06Bug 1064140: [SECURITY] Private comments can be shown to flagmail recipients ↵Simon Green2-13/+30
who aren't in the insider group r=glob,a=glob
2014-10-06Bug 1075578: [SECURITY] Improper filtering of CGI argumentsFrédéric Buclin2-10/+10
r=dkl,a=sgreen
2014-07-24Bump version post-releaseDavid Lawrence1-2/+1
2014-07-24Bump to version 4.2.10 (corrected)David Lawrence1-0/+1
2014-07-24Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to ↵Simon Green1-2/+3
avoid swf content type sniff vulnerability r=glob,a=sgreen
2014-07-24Bump version to 4.2.10David Lawrence1-1/+1
2014-04-21Bumped version post-releaseDavid Lawrence1-1/+1
2014-04-19Bump version to 4.2.9David Lawrence1-1/+1
2014-04-18Bug 998323 - URLs pasted in comments are no longer displayedDavid Lawrence1-14/+11
r=LpSolit,a=justdave
2014-04-17Bumped version post-releaseDavid Lawrence1-1/+1
2014-04-17Bump version to 4.2.8David Lawrence1-1/+1
2014-04-17Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla textManish Goregaokar2-0/+15
r=glob a=justdave
2013-12-21Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and ↵Frédéric Buclin1-1/+1
using a non-cookie based authentication method r=dkl a=justdave
2013-12-05Bug 942599: Documentation about possible_duplicates() lists 'products' as ↵Frédéric Buclin1-1/+1
argument instead of 'product' r=dkl a=justdave
2013-12-02Bug 938300: vers_cmp() incorrectly compares module versionsFrédéric Buclin1-15/+14
r=sgreen a=justdave
2013-12-02Bug 781672: checksetup.pl fails to check the version of the latest ↵Frédéric Buclin1-2/+9
Apache2::SizeLimit release (it throws "Invalid version format (non-numeric data)") r=dkl a=justdave
2013-11-14Bug 938161: sql_date_format() method for SQLite has an incorrect default formatFrédéric Buclin1-1/+1
r/a=glob
2013-11-13Bug 843457: PROJECT environment variable is not honored when mod_perl is enabledFrédéric Buclin1-3/+11
r/a=glob
2013-10-17Bump version post-releaseDave Lawrence1-1/+1
2013-10-16Bump version to 4.2.7Dave Lawrence1-1/+1
2013-10-16Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵Dave Lawrence1-3/+3
total entropy and allowing easier brute force r=LpSolit,a=sgreen
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence1-5/+17
and allowing easier brute force r=LpSolit,a=glob
2013-09-23Bug 919475: [Oracle] Crash when non-mandatory free text custom fields are ↵Jiří Netolický1-0/+4
left empty on bug creation r=LpSolit a=justdave
2013-08-09Bug 897264 - letters_numbers_specialchars password restriction is incorrectSimon Green1-1/+1
r=LpSolit, a=sgreen
2013-07-24Bug 880653 - Add POD for Bug.possible_duplicates webserviceDave Lawrence1-0/+53
r=LpSolit,a=sgreen
2013-07-15Bug 787328 - xmlrpc.cgi doesn't send any security-related headersDave Lawrence1-2/+10
r=glob,a=justdave
2013-05-22Bump version post-releaseDave Lawrence1-1/+1
2013-05-22Bump version to 4.2.6Dave Lawrence1-1/+1
2013-05-20Bug 828344: "contains all of the words" no longer looks for all words within ↵Byron Jones6-42/+152
the same comment or flag r=LpSolit, a=LpSolit
2013-05-04Bug 859118 - Bug.search called with no arguments returns all visible bugs, ↵Dave Lawrence2-11/+48
ignoring max_search_results and search_allow_no_criteria r/a=LpSolit
2013-04-28Bug 848635: Old queries based on tags are no longer listed in the page ↵Frédéric Buclin1-6/+1
footer by default when upgrading from 4.0 or older to 4.2 r=glob a=LpSolit
2013-04-28Bug 858909: When running checksetup.pl for the first time using Oracle as DB ↵Frédéric Buclin1-1/+1
server, you get an "uninitialized value" warning r=dkl a=LpSolit
2013-04-18Bug 858911: Oracle fails with "ORA-04043: object T_GROUP_CONCAT does not ↵Frédéric Buclin1-1/+3
exist" when installing Bugzilla for the first time r=dkl a=LpSolit
2013-04-17revert commit for bug 828344Byron Jones3-138/+34
2013-04-17Bug 828344: Make "contains all of the words" look for all words within the ↵Byron Jones3-34/+138
same comment or flag r=LpSolit, a=LpSolit
2013-04-16Bug 782210: If a custom field depends on a product, component or ↵Pami Ketolainen2-8/+13
classification, the "mandatory" bit is ignored on bug creation r/a=LpSolit
2013-04-15Bug 861528: $user->can_enter_product() now returns the product object ↵Frédéric Buclin1-2/+3
instead of 1 r=glob a=LpSolit
2013-03-26Bug 854074: Remove all references to the uwinnipeg.ca PPM repository as it ↵Frédéric Buclin1-20/+0
is no longer available r=glob a=LpSolit
2013-03-20Bug 852560: Bugzilla cannot be installed with MySQL 5.6, because the ↵Frédéric Buclin1-3/+2
have_innodb variable no longer exists r=glob a=LpSolit
2013-02-20Bump version post-releaseDave Lawrence1-1/+1
2013-02-19Bump version to 4.2.5Dave Lawrence1-1/+1
2013-02-19Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵Frédéric Buclin1-0/+1
invalid page format r=glob a=LpSolit
2013-02-19Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence ↵Simon Green1-0/+8
of products and components you cannot access r/a=LpSolit
2013-02-17Bug 839950: Cannot search by Change History on multi-select fieldsMatt Tyson1-2/+6
r/a=LpSolit
2013-02-16Bug 840824: It is possible to create a new bug with a non active target ↵Simon Green1-6/+3
milestone, version or component r/a=LpSolit
2013-01-17Bug 752946 - Fixed uninitialized errorDave Lawrence1-1/+1
2013-01-17Bug 752946 - Moving a bug into another product lists inactive components, ↵Dave Lawrence1-7/+21
milestones and versions r/a=LpSolit
2013-01-14Bug 829939: Only build default_authorizer on requestFrédéric Buclin1-1/+1
r=glob a=LpSolit
2013-01-06Bug 826678: Disable warnings about the deprecated Return::Value module when ↵Frédéric Buclin3-0/+19
loading Email::Send r=wicked a=LpSolit
2012-12-17Bug 818890: Bugzilla doesn't obey the "Comment required on status ↵Alexander Tereschenko1-1/+1
transition" for {Start}-> transition (for new bugs) r/a=LpSolit