Security Advisories

Bugzilla is a rapidly evolving product. As we get more people involved, and more sites using Bugzilla, the code is becoming much better-defined and much better-reviewed. The current developer community is very much concerned with the security of your site and your Bugzilla data. As such, we make every attempt to seal up any security holes as soon as possible after they are found. Although no guarantees are made that Bugzilla is perfectly secure, the more secure it gets, the better.

The following is a list of the security advisories that were issued with each of our releases that included security-related fixes. Consequently, as of this writing, this is almost every version we've ever released since 2.10. Some might say this makes Bugzilla sound pretty insecure (in fact, this is actually very true of the older versions), but it really means we've been paying a lot more attention to security matters recently.