summaryrefslogtreecommitdiffstats
path: root/template
AgeCommit message (Expand)AuthorFilesLines
2014-10-06Bug 1064140: [SECURITY] Private comments can be shown to flagmail recipients ...Simon Green1-5/+8
2014-10-06Bug 1075578: [SECURITY] Improper filtering of CGI argumentsFrédéric Buclin2-2/+1
2014-10-06Bug 1072492: Release notes for 4.2.11David Lawrence1-0/+6
2014-07-24Bug 1042088 - Release notes for 4.2.10David Lawrence1-0/+6
2014-04-18Bug 998484: Release notes for Bugzilla 4.2.9Frédéric Buclin1-0/+7
2014-04-17Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla textManish Goregaokar2-2/+2
2014-04-15Bug 996168: Release notes for Bugzilla 4.2.8Frédéric Buclin1-0/+31
2013-10-16Bug 924932: (CVE-2013-1743) [SECURITY] Field values are (still) not escaped c...Frédéric Buclin1-14/+24
2013-10-16Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanit...Frédéric Buclin2-5/+3
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ...Dave Lawrence1-0/+3
2013-10-12Bug 912640: Release notes for Bugzilla 4.2.7Frédéric Buclin1-0/+30
2013-08-10Back out bug 868330 for the 4.2 branch. This is not a security fixFrédéric Buclin2-13/+4
2013-08-09Bug 868330 - Password creation directions incompleteSunil Joshi2-4/+13
2013-08-09Bug 897264 - letters_numbers_specialchars password restriction is incorrectSimon Green1-15/+15
2013-05-18Bug 870701: Release notes for Bugzilla 4.2.6Frédéric Buclin1-0/+25
2013-04-11Bug 860723: Custom fields are shown twice in report axis selectorsPami Ketolainen1-7/+0
2013-04-05Bug 857562: ajax_user_autocompletion param ignored on Search by People fieldsFrédéric Buclin1-2/+2
2013-03-26Bug 854074: Remove all references to the uwinnipeg.ca PPM repository as it is...Frédéric Buclin1-18/+0
2013-03-16Bug 827983: "[reply]" link besides the original description will insert ("in ...Hugo Seabrook2-30/+12
2013-03-12Bug 850126 - 'token' id defined twice on logged-out pages (in header and footer)Reed Loden1-1/+1
2013-03-08Bug 848250: Bug summary tooltip now includes "---" for unresolved bugsFrédéric Buclin1-1/+3
2013-02-19Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence ...Simon Green1-0/+3
2013-02-19Bug 832264: Release notes for Bugzilla 4.2.5Frédéric Buclin1-0/+33
2013-01-17Bug 752946 - Moving a bug into another product lists inactive components, mil...Dave Lawrence1-0/+5
2013-01-03Bug 824616: The urlbase field in global/header.html.tmpl must be filteredMatt Selsky1-1/+1
2013-01-02Bug 825524: When cloning a bug, the "We've made a guess at your operating sys...Sunil Joshi1-1/+1
2012-12-16Bug 406758: The help page for keywords uses "tag", but tags are something elseSunil Joshi1-1/+1
2012-12-16Bug 806809: Custom field values with "Enabled for bugs" set to "No" break the...Alexander Tereschenko1-0/+1
2012-11-13Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped correctly...Frédéric Buclin1-1/+1
2012-11-13Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see a...Frédéric Buclin1-2/+1
2012-11-13Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product...Frédéric Buclin2-9/+21
2012-11-03Back out the last checkin, it was already thereFrédéric Buclin1-3/+0
2012-11-03Bug 805647: One more item for the 4.2.4 release notesFrédéric Buclin1-0/+3
2012-10-26Bug 805647: Release notes for Bugzilla 4.2.4Frédéric Buclin1-3/+50
2012-10-11Bug 798994: Fix incorrect double escaping when displaying saved queries URLsSimon Green1-1/+1
2012-09-29Bug 793893: Tabular reports crash when no format parameter is definedFrédéric Buclin2-2/+1
2012-09-11Bug 790215 - Flag names are not properly escaped when displayed on confirm us...Reed Loden2-2/+1
2012-09-03Bug 786889: Add missing 'Summary (first 60 chars)' header to CSV outputMatt Tyson1-0/+1
2012-08-30Bug 786351: Release notes for Bugzilla 4.2.3Frédéric Buclin1-0/+41
2012-08-28Bug 772953: Remove the token from buglist urlsByron Jones1-2/+9
2012-08-27Bug 785917: Custom field descriptions are not properly escaped when displayed...Frédéric Buclin2-2/+1
2012-08-20Bug 698068: The "There is no saved search named ..." page has a "forget" linkFrédéric Buclin1-1/+1
2012-08-06Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized pass...Frédéric Buclin2-3/+5
2012-07-26Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information about...Frédéric Buclin1-10/+11
2012-07-26Bug 777555: Release notes for Bugzilla 4.2.2Frédéric Buclin1-0/+42
2012-07-26Backout bug 768573 to fix bustageFrédéric Buclin4-6/+6
2012-07-02Bug 553553 - We shouldn't be using terms.Bugzilla in the "please contribute" ...Matt Selsky1-5/+6
2012-06-29Bug 762783: Change dependent bugs to use POST when the url exceeds the url le...Simon Green1-5/+21
2012-06-26Bug 768573: Templates must INCLUDE bug/field.html.tmpl instead of PROCESS'ing itFrédéric Buclin4-6/+6
2012-06-07Bug 761230: The server push page no longer displays all debug dataFrédéric Buclin1-9/+4