From b93a222fc36f803ee31de2859fa989e2a9cf54be Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Mon, 25 Sep 2006 03:33:41 +0000 Subject: Bug 346505: Release Notes For Bugzilla 2.22.1 Patch By Max Kanat-Alexander r=LpSolit --- docs/rel_notes.txt | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'docs') diff --git a/docs/rel_notes.txt b/docs/rel_notes.txt index 036b0509f..f70c508a4 100644 --- a/docs/rel_notes.txt +++ b/docs/rel_notes.txt @@ -6,6 +6,7 @@ Table of Contents ***************** - Introduction +- Important Updates In This Point Release - Minimum Requirements * Perl * For MySQL Users @@ -61,6 +62,46 @@ Contributor's Guide at: http://www.bugzilla.org/docs/contributor.html +Important Updates In This Point Release +*************************************** + +This section describes bugs fixed in releases after the original 2.22 +release. + +Version 2.22.1 +-------------- + ++ When sending mail, Bugzilla could throw the error "Insecure dependency in + exec while running with -T switch" (bug 340538). + ++ Using the public webdot server (for dependency graphs) should work + again (bug 351243). + ++ The "I'm added to or removed from this capacity" email preference + wasn't working for new bugs (bug 349852). + ++ The original release of 2.22 incorrectly said it required Template-Toolkit + version 2.08. In actual fact, Bugzilla requires version 2.10 (bug 351478). + ++ votes.cgi would crash if your bug was the one confirming a bug (bug 351300). + ++ checksetup.pl now correctly reports if your Template::Plugin::GD module + is missing. If missing, it could lead to charts and graphs not working + (bug 345389). + ++ The "Keyword" field on buglist.cgi was not sorted alphabetically, so + it wasn't very useful for sorting (bug 342828). + ++ Sendmail will no longer complain about there being a newline in the + email address, when Bugzilla sends mail (bug 331365). + ++ contrib/bzdbcopy.pl would try to insert an invalid value into the + database, unnecessarily (bug 335572). + ++ Deleting a bug now correctly deletes its attachments from the database + (bug 339667). + + Minimum Requirements ******************** @@ -533,6 +574,25 @@ This is actually safe to do at any time--it just forces a logout of every single user, even those with saved sessions. (It invalidates every login cookie Bugzilla has ever given out.) +Version 2.22.1 +-------------- + +The Bugzilla team fixed two Information Leaks and two Cross-Site +Scripting vulnerabilities that existed in versions of Bugzilla +prior to 2.22.1. None of them are considered to be of critical +severity, but we still strongly recommend that you update any +2.22 installation to 2.22.1. + +In addition, we have made an enhancement to security in this version +of Bugzilla. In previous versions, it was possible for malicious +users to exploit administrators in certain ways. Although this has +never happened (to our knowledge) in the real world, we thought it +was important that we protect administrators from this sort of attack. + +You can see details on all the vulnerabilities and enhancements at: + +http://www.bugzilla.org/security/2.18.5/ + Release Notes For Previous Versions ************************************ -- cgit v1.2.3-24-g4f1b