Release of Bugzilla 2.18.2 and 2.20rc1

by Bugzilla Team

We are proud to announce the first Release Candidate of Bugzilla 2.20, a major new feature release for Bugzilla. Bugzilla 2.20 includes support for PostgreSQL, a new “Large Attachment” storage mechanism, a new level of bug classification, user-defined periodic reminders by email, and many other new features.

Bugzilla 2.20rc1 is recommended to be used for testing purposes only. The final release will be shaped by your feedback over the next few weeks.

We are also releasing a bug-fix release for the 2.18 series, 2.18.2. The 2.18 series is recommended for users in production environments. All users of the 2.18 series are recommended to upgrade to 2.18.2 as soon as possible.

• Download Bugzilla 2.18.2
• Read the Release Notes for 2.18.2

There is also a Security Advisory for Bugzilla 2.18.1 and 2.19.3.

We would like to remind users of the 2.16 series that we expect to stop maintenance on 2.16 around October 2005, so they should plan to upgrade to 2.18 or 2.20 before then.

Release of Bugzilla 2.16.10

by Bugzilla Team

Under many circumstances, users could not enter a bug on 2.16.9. This has been fixed with our release of Bugzilla 2.16.10:

• Download Bugzilla 2.16.10
• Read the Release Notes

Status Update

by Jacob Steenhagen (jake)

Introduction

The previous three months have seen some of the most active Bugzilla development in history. The 2.20 release is promising to be very impressive. The team has been hard at work to bring long awaited features such as bugmail threading support and an optional third level of classification (in addition to the current Products and Components).

If you’re looking to get more involved in the actual development of Bugzilla, you may wish to consider joining the developer’s list. This higher volume list is used by the development team to discuss many aspects of the development process and Bugzilla’s future.

New Releases

2.18.1

2.18.1 is our first bug-fix release for 2.18. Overall, the initial 2.18 release proved to be pretty stable, but a few polishes and bug-fixes made their way into 2.18.1, and we do encourage anybody running 2.18 to update to 2.18.1.

2.19.3

The latest in our bleeding edge trunk development is now 2.19.3. This version has seen significant changes since 2.19.2 was released and, once fully stable, will become 2.20. Like all development releases, this has received much less testing than a stable release. Because of the feverish pace of development during this latest cycle, this version is actually slightly less stable than a typical development release.

If you are currently running 2.19.2, this update to 2.19.3 should be considered “at your own risk.” The pace of development between 2.19.2 and 2.19.3 has been frenzied and there could still be issues in the code. If you are willing to try out 2.19.3 and help us with the regression testing, it would be most appreciated. Remember that development snapshots are not recommended for production use unless you have a competent Perl programmer available. They may work perfectly well, but they’ve had less testing.

Security Bugs Fixed

We fixed two minor security issues in our three most recent releases. See the Security Advisory for details.

Major Recent Developments

Internal API Changes

In order to better facilitate future changes to the code many of Bugzilla’s internal functions have been moved into modules and/or changed names. This will not matter to the average user of Bugzilla; however, this may cause some minor problems for administrators who have made customizations to the code of their local installation. This has also caused many patches on bugzilla.mozilla.org to no longer apply cleanly.

However, these internal APIs are expected to remain fairly stable between now and the final release of 2.20.

Cross-Database Compatibility

The team is very excited to see one of the most requested changes to Bugzilla finally starting to take shape. While it’s not likely to be fully supported for the 2.20 release, there has been major progress made toward allowing Bugzilla to run on more than just the MySQL database server. We have decided to start the database portability with PostgreSQL, but we won’t stop there. Once the infrastructure is fully in place, it will make adding support for other ANSI compatible database servers trivial.

The 2.19.3 development release is the first official release that is able to create a database on PostgreSQL. However, we recommend doing this only if you are interested in helping to test Bugzilla on PostgreSQL as there are still significant features of Bugzilla that do not work on PostgreSQL. Also, there is very little support for actually using Bugzilla with a PostgreSQL database at this time. Official support for running Bugzilla on PostgreSQL is coming soon, but it’s not here yet. Anybody wishing to assist with the development and/or testing of PostgreSQL support is encouraged to watch bug 98304 and all of its blockers.

Help us out with other databases

If you have some other database you’d like to see supported, please let us know! It is not hard to write a new component for Bugzilla for a new database. We already have bugs filed for support for: Oracle, Ingres, Sybase, Firebird, and MS-SQL.

However, they all need somebody to work on them! If you’re interested, come talk to us in #mozwebtools on irc.mozilla.org, or tell us on the developer’s list.

Ability to Upgrade from 2.8 Restored

Starting with 2.18.1 and 2.19.3, you can now successfully upgrade from the very old Bugzilla 2.8. Upgrading from Bugzilla 2.8 has been broken for a while, but now that it’s fixed, this is definitely a good time to upgrade. Such old releases have many security issues which have been fixed in newer releases.

Upcoming Events and Changes

MySQL 3.23 Support Deprecated

The decision has been made in bug 204217 to no longer support MySQL 3.23 in future releases. 2.20 and all its point releases will continue to be fully supported on MySQL 3.23.41 and above, but the minimum version will be bumped to 4.0.2 early on in the 2.21 development cycle.

Upcoming UI Hackathons

Myk Melez has proposed that early in the development for 2.22 that the Bugzilla team should focus on making large improvements to the User Interface. His proposal for this is to have a number of weekly hackathons where teams of people agree to dedicate time to discussing UI improvements, coding them, reviewing them, and getting them checked in. Under this proposal, the normal procedures would still apply, but by having reviewers and approvers on hand, they could be greatly accelerated. For more information, see the archive of Myk’s post to the Developer’s list.

Continuing to Support the 2.16 Branch

Official support on the 2.16 branch for security issues and major bugs will continue until 2.22 is released, which is currently projected for sometime in November 2005. Our hope is that this will give our current 2.16 users enough time to plan an upgrade to one of the other supported versions.

Dave’s Corner

An update from Dave Miller, Project Leader

There has been a lot happening in the last six months, both with myself and with Bugzilla. Shortly before Bugzilla 2.18 released, I got hired by the Mozilla Foundation as a system administrator. This has been a most rewarding and challenging experience for me! However, being that we’ve been a bit shorthanded, I’ve actually wound up with less time to spend on Bugzilla instead of more, despite heading up the Bugzilla project actually being part of my job description. We currently have a position posted on our careers page to get some additional help, and we also have an intern this summer, so I’m confident that it’s temporary, but in the meantime I’ve felt like the Bugzilla project hasn’t been getting anywhere near the kind of attention it deserves from me lately.

I had some family issues to deal with that came up during our final push to release version 2.18, and that prompted me to make a desperate cry for help getting the release out the door. Max Kanat-Alexander came to my rescue and coordinated the efforts of several others who also pitched in, and most of the 2.18 release was pulled off without my having to do anything other than roll the tarballs and post stuff that was handed to me onto the website. Max did an awesome job with this, and I invited him to become the release manager for Bugzilla, which he graciously accepted. Max is a former technical support manager for a large software company best known for their mail server products, and recently gave that up to start a new consulting company, which among other things, specializes in Bugzilla. The 2.18.1 and 2.19.3 release is entirely his doing! It’s my great pleasure to have him taking on this responsibility, and helping reinvigorate the Bugzilla project, and helping so many of our contributors get their patches reviewed!

On to other news… if you haven’t already noticed, we are running slightly late with the 2.20 release. Most of this is a result of the cross-database compatibility code being taken in. At the point it was time to freeze, it was so close, and such a big deal, that we just couldn’t turn it away. With all of the incredible work that’s gone in since 2.19.2, I’m confident that you’ll agree that the extra wait for 2.20 was well worth it once you get your hands on it. Barring any major regressions getting reported from the 2.19.3 release, we should have a 2.20 release candidate within the next few weeks, and a final release not too long after.

Checkins Since Last Update

You can see the list updates between any Bugzilla release and the current release by using the table on our changes page.

Release of Bugzilla 2.18.1, 2.19.3, and 2.16.9

by Bugzilla Team

Today we are releasing Bugzilla 2.18.1, a bug-fix release for the 2.18 series. It contains various useful bug and security fixes for the original 2.18 release.

We are also releasing a very unstable development snapshot, 2.19.3, for those who want to track the bleeding edge of Bugzilla development. We expect our next development release after this to be Release Candidate 1 (2.20rc1).

Finally, there is a security-fix release for the old 2.16 series, version 2.16.9. Users of 2.16 are still encouraged to upgrade to 2.18 as soon as it is possible.

• Download the new versions.
• Read the Release Notes for 2.18.1.
• See the changelog for the new versions.
• Read the Security Advisory for the new releases.

And read our latest Status Update! It contains a lot of useful information, particularly about the latest development release (which has no release notes besides this Status Update).

Status Update

by Jacob Steenhagen (jake)

Introduction

It’s been about 3 months since our last update and the corresponding 3rd release candidate for Bugzilla 2.18, but at long last we are pleased to announce the full release of Bugzilla 2.18. Though it’s been more than 2 1/2 years in the making, we think you’ll find the new features were worth the wait.

If you didn’t get an email notification of this new release, but would like to for future releases, be sure to subscribe to our “announce” list. This is a low volume mailing list that covers releases and security advisories. We recommend that all Bugzilla administrators subscribe to this list.

If you’re looking to get more involved in the actual development of Bugzilla, you may wish to consider joining the developer’s list. This higher volume list is used by the development team to discuss many aspects of the development process and Bugzilla’s future.

New Releases

2.18

More than 2 1/2 years in the making, 2.18 is our latest stable release of Bugzilla. This new version offers an impressive list of new features as well as a number of bug fixes over 2.16, our previous stable release. The security fixes in 2.16.8 are included in 2.18 as well.

As always, be sure you have a good backup before attempting to upgrade to Bugzilla 2.18. There are many irreversible database changes between 2.16 and 2.18. While we don’t anticipate any problems with the migration, it never hurts to be safe.

2.16.8

If you are unable or currently unwilling to upgrade to 2.18, we highly recommend that you upgrade to 2.16.8. In addition to some very small yet useful bugfixes, there are also security issues with 2.16.7 that have been fixed for 2.16.8.

2.19.2

The latest in our bleeding edge trunk development is now 2.19.2. This development snapshot doesn’t have any major new features over 2.19.1, but it does have the same security fixes as 2.16.8 and 2.18. There are also many bugfixes to the new features from 2.19.1 as well as a few small usability enhancements.

If you are currently running 2.19.1, we highly recommend that you update to 2.19.2. Remember that development snapshots are not recommended for production use unless you have a competent Perl programmer available. They may work perfectly well, but they’ve had less testing.

Security Bugs Fixed

These releases contain fixes for security bugs that exist in prior versions of Bugzilla. Be sure to read the Security Advisory for more information.

It’s finally over!

An update from Dave Miller, Project Leader

Our 9 month branch freeze for 2.18 is finally over, that is. It took a long time because of the two years of free development to clean up after, but it’s resulted in one of our best releases yet! And the upcoming 2.20 is showing signs of being even better!

First off I’d like to thank all of the developers for putting up with the “harsh working conditions” of trying to stablize the 2.18 branch and the current cvs trunk as well over the last three months.

Although the trunk is quite stable at the moment as a result, we decided it would be very confusing to shove another release down everyone’s throats just a few weeks later, so the trunk has been reopened, and we’ll be freezing again for 2.20 in March (hopefully releasing in April). As a result, we’ve pushed back our previous release schedule by 6 months, so 2.22 will be freezing in September 2005, and releasing a month or so later.

We will be honoring our earlier promise to support the 2.16 branch until version 2.22 releases, which puts the End-Of-Life date for Bugzilla 2.16.x somewhere in the vicinity of October 2005.

Checkins Since Last Update

Our last status update happened to coincide with our last release, which makes finding the change list pretty easy. Just visit our changes page and pick the link for changes between the previous and current releases.

Release of Bugzilla 2.18 (also 2.19.2 and 2.16.8)

by Bugzilla Team

After over two years of work, the Bugzilla Team is pleased to announce the release of Bugzilla 2.18. Bugzilla 2.18 is our best release yet, with over 1000 bug fixes and improvements since 2.16.

• New features
• Download page
• 2.18 Release notes
• 2.18 Release information

Also released is development snapshot 2.19.2, and the latest bugfix release for 2.16: version 2.16.8.

We have also posted a new status update to help keep everyone informed of where the project is heading.

Bugzilla receives award from Game Developer Magazine

by Bugzilla Team

CMP Media, publisher of Game Developer Magazine, has issued a press release announcing the winners of the seventh annual Front Line Awards, honoring excellence and innovation in tools for game development in 2004. Bugzilla was given an award for the Programming category. The full list of awards will be featured in their January 2005 issue.

Cross-site scripting vulnerability in Bugzilla 2.16.7 and 2.18rc3

by Bugzilla Team

We’ve released a security advisory and patches for a potential cross-site scripting issue with Bugzilla’s error messages. Not all browsers are affected, but to protect all of your users, applying the patches is recommended. These fixes will be included in the upcoming 2.16.8 and 2.18 releases as well as the next snapshot from the trunk (either 2.20rc1 or 2.19.2).

Status Update

by Zach Lipton (zach)

Introduction and Updates

Welcome to the October 2004 Bugzilla status update, covering the status of the Bugzilla project since the July 10th status update and the release of Bugzilla 2.18rc1 and Bugzilla 2.16.6.

In this update, we are pleased to announce the third release candidate of Bugzilla 2.18 (2.18rc3), the latest (and hopefully last) in the series of candidate releases before the final Bugzilla 2.18 stable release. This release fixes a variety of issues and security vulnerabilities. We are also pleased to announce the release of Bugzilla 2.19.1, a development snapshot release from the cvs trunk. Lastly, we are announcing Bugzilla 2.16.7, a security update for the 2.16 stable branch.

Also of note is the recent release of version 0.6 of the bugzilla-submit utility, a command-line tool to submit new bugs to a Bugzilla installation.

Since the previous status update, we have also released Bugzilla 2.18rc2, an update to 2.18rc1 which fixed several major issues. These issues are detailed below. We also updated our website style to be more consistent with the new redesign of the mozilla.org website.

As usual, we’d like to remind all Bugzilla administrators that to assist them in keeping up-to-date with release announcements and security advisories, we provide an ultra-low-volume administrator mailing list ([email protected]), covering just new releases and security advisories. We advise all Bugzilla administrators to subscribe so they can keep up to date with important Bugzilla announcements.

Those looking to get involved with Bugzilla development or more closely follow the development process may want to consider joining the developers list ([email protected]). This list offers discussion on new features and issues. Developers are invited to subscribe to the list.

New Releases

2.18rc3

This release is a developers’ release and is not recommended for production use, but all existing users of the 2.17 development branch or previous 2.18 release candidates are strongly encouraged to upgrade to 2.18rc3.

We’ve done a third release candidate for 2.18 because there were some major changes to the group security code in the new “Charts over time” section of the reporting features, intended to give you better control over who can see charts of what data.

We also recommend that Bugzilla administrators test their installations with 2.18rc3 using a backup copy of their database, in order to help us make the 2.18 final release the best it can be. Since 2.16 was originally released, Bugzilla has come a long way. This list shows many of the major new features that have been added to the 2.17 development branch since 2.16. Those using 2.16 should take a look at this list for an indication of what will be new in 2.18 and make plans to migrate their installations from the 2.16 stable branch (which will be retired with the release of Bugzilla 2.22, scheduled for approximately April 2005).

2.16.7

The Bugzilla 2.16.7 release is a security update to the previous 2.16.6 stable release. This release allows administrators to patch their stable installations without needing to upgrade to a development release. Please see the security section of this status update for more information on the issues that were fixed.

2.19.1

Bugzilla 2.19.1 is a bleeding-edge development release for those who would like the latest features available on the Bugzilla CVS trunk. Major new features on the trunk since the last status update include:

• A higher level of categorization (departments, locations, etc…) is now available for bug reports. (Bug 224208.)
• The wining system has been revamped and rewritten. The new system allows periodic scheduled reports on anything you can search on to be sent to individual users or lists. (Bug 185090.)
• Comments in bug reports can be selectively highlighted (i.e. highlight comments 5, 9, and 12-16). (Bug 259452.)
• Environment Variable Authentication can be used for Apache HTTP Auth support. (Bug 241903.)
• Users can be shown in a drop-down menu in bug reports instead of being entered in a text entry field. (Bug 251669.)
• An installation test suite allows administrators to ensure that their Bugzilla installation is functioning correctly. (Bug 245877.)
• Per-chart negation to boolean searches is now supported. (Bug 245272.)
• Boolean charts now support %reporter%, %user%, and %assignee% pronouns. (Bug 226434.)

Security Bugs Fixed

Several security bugs have been fixed in the new Bugzilla releases. Please see the Bugzilla Security Advisory for more detailed information on these issues.

Major New Features Since 2.16

Users upgrading from 2.16 may be interested in a list of major new features since the 2.16 release.

Completing the Transition to Time-Based Releases

An update from Dave Miller, Bugzilla project leader

We committed back in December to start doing time-based releases of Bugzilla, rather than feature-based. It was felt by many that, with the largely volunteer workforce that we have, trying to get any kind of timely Bugzilla releases with feature-based release goals was almost a lost cause (evidence: it’s been over 3 years since Bugzilla 2.16 was released and we still don’t have a 2.18). The schedule we agreed to was to lock down the cvs tree for a “feature freeze” every 6 months, at which time only bugfixes, and not enhancements, can be checked in, until we feel the tree is stable and releasable. At that point, we would create a branch for the release candidates, and reopen the trunk for development. A release would happen as soon as the release candidates proved a stable release.

The first such freeze was on March 15th for 2.18. Yes, that was over 7 months ago. Because it had been 2 1/2 years since the 2.16 release, there was a lot of cleanup to do in order to make 2.18 be release-quality. Our “feature freeze” lasted almost 4 months. We created the 2.18 release branch and released 2.18rc1 on July 10th, leaving us with only 2 months of open development prior to our scheduled September 15th feature freeze for 2.20, which is now in effect.

This has lead to a rather interesting situation. With this update comes our 3rd (and hopefully last) release candidate for Bugzilla 2.18. We’re also releasing version 2.19.1 off the trunk. It should be 2.20rc1, because it’s definitely stable enough to be a release candidate. But I have a nagging suspicion in the back of my head that having a 2.20 release candidate available before we have a 2.18 final release would greatly confuse people. So my plan at this point is to release 2.20rc1 at the same time we release 2.18 final. This will hopefully happen in about 2 weeks, as long as no one finds any showstopper issues in 2.18rc3.

Once 2.18 is out of the way, 2.20 will likely follow within a few weeks. After no major version bump in 3 years, we’ll have another major version bump in a couple weeks. :) How about that? Once 2.20 is out, we should be stablized at approximately every 6 months. 2.20 has been going very smoothly so far (nothing like 2.18).

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date as rendered by Bonsai. It includes checkins on the trunk from 2004/07/08 to 2004/10/24. This list was generated by filtering Bonsai’s output on that query.

Checkins that don’t refer to a specific bug number have been omitted, and were a small minority.

Checkin manifest:

• Bug 263250 - adds base tag to simple bug list so it can be loaded in iframe on remote site and the CSS still work
• Bug 265240 - make collectstats generate valid RDF by not cutting off the opening RDF tag
• Bug 232155 - Remove uninitialized value warning from Pperl’s Cookie.pm and unify code by removing redundancy
• Bug 265303 - updates RDF content type to new standard application/rdf+xml
• Bug 264003 - Include the DBI error in the error message if ‘createdb’ fails
• Bug 189073 - Allow accept as a resolution when changing multiple bugs only if all bugs are opened
• Bug 261434 - implement functionality to delete a user semi-properly (only works for users with no bugs/comments)
• Bug 251338 - Installation section should mention that you need an MTA installed
• Bug 257765 - Make replies to private comments private by default
• Bug 263165 - Make Bugzilla specify table type as MyISAM when creating tables
• Bug 261210 - adapt bz_secure CSS for text based browsers
• Bug 262126 - fix invalid date parsing
• Bug 237769 - use Administrator instead of root for super-user name in Windows, and change the ppm repository from Apache to the one maintained on landfill
• Bug 103794 - adds ‘home’ link to navigation bar
• Bug 261446 - Make checksetup.pl adjust permissions properly
• Bug 153811 - default severity should be parameterized.
• Bug 261071 - Error: Error in parsing value for property ‘vertical-align’. Declaration dropped.
• Bug 260411 - MS IE breaks png alpha channel padlock. Adds a new PNG file with a 1-bit alpha layer.
• Bug 259452 - Add bonsai style &mark support to showbug for bug comments
• Bug 256004 - Fix regression that caused duplicate sortkeys in the fielddefs table or later when running on Windows with ActiveState Perl
• Bug 252295 - Ensure that the “Edit Search” link goes back to the same form the search was created on when running a saved search that was saved before we had multiple search forms.
• Bug 253696 - Work around NAME_lc bug in ActiveState Perl on Win32
• Bug 255913 - mailto link on show_bug.cgi wasn’t honoring emailsuffix. Bugzilla->user->email now includes emailsuffix in the result.
• Bug 190224 - templatize editmilestones.cgi
• Bug 255664 - Wait until buglist is ready to be displayed before closing the “please wait” page when using server push, so any errors that occur can actually be seen by the user instead of getting a blank page.
• Bug 255663 - Query on [Bug creation] and anything to do with attachments no longer crashes
• Bug 215319 - changes “flag requester” field in boolean charts to “flag requestee” field, which is what it should have been (“flag requester” can be queried via the “flag setter” field)
• Bug 232659 - Fix inconsistent attachment links (and clean up diff feature)
• Bug 257111 - t/006spellcheck.t should check each file only once.
• Bug 253480 - pages should be classified rather than identified by domain name
• Bug 254587 - group description not displayed on delete group confirm page.
• Bug 252810 - p1, critical not displayed in red when groups are used for bug. Roundabout patch that adds a padlock icon next to the bug
• Bug 224208 - Add a higher level of categorization (ie departments, locations, etc.)
• Bug 255772 - Prevent whine.pl from running endless whining loop
• Bug 244239 - Add group-based pronouns to query
• Bug 241903 - Add Environment Variable Authentication for apache auth and SSO
• Bug 251669 - Added an option to show users in a drop down menu instead of a text edit field
• Bug 254430 - Fix User.pm so it returns a logged-out user if userid=0
• Bug 253562 - Fix timetracking so Hours Worked (actual_time) is no longer listed as 1.
• Bug 185090 - Add revamped whining system
• Bug 186093 - Move CanSeeBug to User.pm and make User.pm usable by templates
• Bug 253968 - Fix extra column in insert statement in checksetup
• Bug 253583 - Warning: assignment to undeclared variable assigned_to
• Bug 253447 - Fix unhelpful error if user enters text in “blocks” field
• Bug 216008 - Time Tracking: default values cause change bug
• Bug 236678 - Clean up access to COOKIE global. Remove the last remaining places in the tree where COOKIE is used
• Bug 252789 - Empty timetrackinggroup causes error “hours worked needs to be positive” when changing. Fixes regression introduced in bug 252159.
• Bug 252839 - Remove action=view from links in attachment table; this was done to improve link target consistency and avoid difficulty when shell-pasting
• Bug 204903 - Enable searches to match NULL aliases, missing qa_contact, and search on CC even when cc-list is empty
• Bug 251837 - Extend group_group_map to control which groups can see each other
• Bug 252943 - broken title in interdiff. Adds reasonable title while doing an interdiff, and fixes some broken and confusing double-linking
• Bug 252450 - Unlock tables in edit*.cgi before sending trailer
• Bug 251837 - Add UI to add/remove ‘My Bugs’ link in footer
• Bug 253088 - Fix ability of users with bless privileges to bless users
• Bug 251911 - Silly ThrowUserError bits in attachment.cgi. Fixing variables missing in some errors raised, and doing bits of $::FORM
• Bug 252370 - Provide edit link for attachment in comment. Adds an [edit] link next to attachments in comment text
• Bug 272721 - Document testserver.pl
• Bug 252329 - Returning to buglist after an empty fulltext search causes code error
• Bug 252159 - centralize time validation. Adds a ValidateTime function to Bugzilla::Bug and uses it in relevant callsites.
• Bug 252358 - Unnecessary documentation about /usr/bonsaitools/bin/perl into UNIX (non-root) Installation Notes.
• Bug 252388 - Fix undef warning when Bugzilla->cgi->header() is called twice
• Bug 245877 - Add an installation test suite
• Bug 238544 - Emit appropriate error if content and matches are used in invalid search combinations.
• Bug 98751 - Made it easier to update a stored query.
• Bug 252190 - Fix unitialized value in editusers.cgi
• Bug 252378 - Remove $COOKIE from attachment.cgi.
• Bug 251727 - Added a /images directory to store Bugzilla’s images
• Bug 251841 - body id from urlbase with tilde (~) fails validation. Swap [sequences of] tilde, hypens and some other common characters.
• Bug 123030 - Move query.cgi javascript to separate file. Create productform.js that contains functions to handle the various select boxes in the advanced search page
• Bug 241900 - Allow Bugzilla::Auth to have multiple login and validation styles.
• Bug 245272 - Add per-chart negation to boolean searches
• Bug 165589 - Add data/errorlog logging support to bugzilla
• Bug 250547 - Make FlagTypes use INNER JOIN instead of comma operator.
• Bug 86051 - Enable changing product name case.
• Bug 252002 - Fix typo in create-guided.html.tmpl.
• Bug 251898 - Add function information to PatchReader output.
• Bug 251484 - Fix taint error on series create when creating a new product
• Bug 251567 - Make sure “find a specific bug” doesn’t miss exact matches in summary
• Bug 250840 - Changed the minimum version numbers to all agree with reality.
• Bug 244324 - bugzilla-submit crashed when incorrect base url provided.
• Bug 244324 - updated manpage for bugzilla-submit script
• Bug 251469 - Solveed filtering issues with javascript_url,
• Bug 251469 - Added an interface argument in the header template to import script files
• Bug 250967 - Fixed spurious updates to requesteeless flags
• Bug 226434 - Add %reporter%, %user%, and %assignee% pronouns to boolean charts
• Bug 103274 - Site Navigation Bar was incorrect if viewing a bug not in the list
• Bug 250881 - No longer not set DEFAULT-FORMAT unless standard search is being used
• Bug 241900 - Allow Bugzilla::Auth to have multiple login and validation styles
• Bug 245158 - Combine multiple redundant LEFT JOINs into a single LEFT JOIN in Search.pm
• Bug 238797 - made a minor adjustment to javascript filters to prevent tags inserted in product, component, and flag names from causing problems.
• Bug 237627 - Validate dataset name in reports.cgi
• Bug 244272 - Remove editusers ‘query’ parameter
• Bug 234855 - Show only products enterable by current user in edit-multiple
• Bug 233486 - Only process groups user is supposed to be able to bless in editgroups.cgi
• Bug 227191 - Change DBI->connect syntax so database password will not be revealed if connect fails
• Bug 236650 - html_quote and validate email addresses in editueser.cgi
• Bug 234825 - Keep duplicates.cgi from revealing products user doesn’t have access to
• Bug 235510 - Do not expose user password in URL to chart image if login required to access a chart
• Bug 242405 - Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component
• Bug 250265 - fix taint issues with vote fields when editing products

Release Candidate (2.18) Branch Checkins since the Last Status Update

The following is a list of specific bugs fixed on the 2.18 branch since the last status update. The list is ordered by check-in date as determined by Bonsai and was constructed from this Bonsai query of all checkins on the BUGZILLA_2_16_BRANCH from 2004/07/08 to 2004/10/24.

Checkin manifest:

• Bug 263250 - adds base tag to simple bug list so it can be loaded in iframe on remote site and the CSS still work
• Bug 265240 - make collectstats generate valid RDF by not cutting off the opening RDF tag
• Bug 232155 - Remove uninitialized value warning from Perl’s Cookie.pm and unify code by removing redundancy
• Bug 265303 - updates RDF content type to new standard application/rdf+xml
• Bug 264003 - Include the DBI error in the error message if ‘createdb’ fails
• Bug 189073 - Allow accept as a resolution when changing multiple bugs only if all bugs are opened
• Bug 261434 - implement functionality to delete a user semi-properly (only works for users with no bugs/comments)
• Bug 257765 - Make replies to private comments private by default
• Bug 263165 - Make Bugzilla specify table type as MyISAM when creating tables
• Bug 261210 - adapt bz_secure CSS for text based browsers
• Bug 262126 - fix invalid date parsing
• Bug 237769 - use Administrator instead of root for super-user name in Windows, and change the ppm repository from Apache to the one maintained on landfill
• Bug 103794 - adds ‘home’ link to navigation bar
• Bug 252739 - moves inclusion/exclusion action names to button name instead of button value so that button values (which are also used as labels) will be localizable
• Bug 261273 - make column changing work with Sun ONE web server
• Bug 261071 - Error: Error in parsing value for property ‘vertical-align’. Declaration dropped.
• Bug 260411 - MS IE breaks png alpha channel padlock. Adds a new PNG file with a 1-bit alpha layer.
• Bug 245075 - command-line script that sends bug mail so installations can push bug mail out if it’s been missed by the code that sends mail when changes are made
• Bug 250979 - fix broken anchors to severity.
• Bug 257593 - new charts were requiring you to log in every time a new dataset was added to the list.
• Bug 256004 - Fix regression that caused duplicate sortkeys in the fielddefs table
• Bug 249868 - makes series pages validate
• Bug 240460 - updates upgrading examples with new URLs and version numbers
• Bug 257534 - Require Perl 5.8.1 or later when running on Windows with ActiveState Perl (there is no official CGI ppm build with a new enough version for Bugzilla on any earlier version of ActiveState Perl)
• Bug 255913 - mailto link on show_bug.cgi wasn’t honoring emailsuffix. Bugzilla->user->email now includes emailsuffix in the result.
• Bug 252295 - Ensure that the “Edit Search” link goes back to the same form the search was created on when running a saved search that was saved before we had multiple search forms.
• Bug 253696 - work around NAME_lc bug in ActiveState Perl on Win32
• Bug 255663 - Query on [Bug creation] and anything to do with attachments no longer crashes
• Bug 255664 - Wait until buglist is ready to be displayed before closing the “please wait” page when using server push, so any errors that occur can actually be seen by the user instead of getting a blank page.
• Bug 215319 - changes “flag requester” field in boolean charts to “flag requestee” field, which is what it should have been (“flag requester” can be queried via the “flag setter” field)
• Bug 254360 - lists the rules governing who can edit which fields in 2.16 and 2.18 and the differences in those rules between the two versions. Contributed by Nick Barnes.
• Bug 232659 - Fix inconsistent attachment links (and clean up diff viewer UI while we’re at it). Includes minor change to list that makes the URLs actually as consistent as on trunk.
• Bug 211188 - Make testing suite check for any #! lines that are not /usr/bin/perl
• Bug 253308 - Mention the Scmbug integration system in documentation
• Bug 257419 - make checksetup.pl quote database name in ‘show table status’ command
• Bug 257152 - make flag type deletion not crash when JavaScript is switched off
• Bug 257267 - allow trimming leading zeros when typing the test number in the testing suite
• Bug 256762 - make flag request email use emailsuffix
• Bug 225687 - add group controls to charts, along with various other cleanups.
• Bug 254146 - make the error message clear if servertest.pl failed to find the GID for HTTPD
• Bug 235061 - move CSS stylings in global.css if they are used across multiple pages
• Bug 216572 - 002goodperl.t shouldn’t add an extra test for every additional Throw*Error violation in the same file
• Bug 253480 - pages should be classified rather than identified by domain name.
• Bug 252810 - p1, critical not displayed in red when groups are used for bug. Adding padlock image and fixing reference to it
• Bug 253562 - Hours Worked (actual_time) is being listed as 1.
• Bug 253583 - Warning: assignment to undeclared variable assigned_to
• Bug 253447 - Fix unhelpful error if user enters text in “blocks” field
• Bug 216008 - Time Tracking: default values cause change bug errors. Check if the time values haven’t actually changed by using integer comparison (instead of string comparison).
• Bug 252943 - broken title in interdiff. Adds reasonable title while doing an interdiff, and fixes some broken and confusing double-linking in the text.
• Bug 252450 - Unlock tables in edit*.cgi before sending trailer
• Bug 251837 - Add UI to add/remove ‘My Bugs’ link in footer
• Bug 253088 - Fix ability of users with bless privileges only to bless users
• Bug 239112 - docs patch to warn about min. TT version for hooks system.
• Bug 252721 - Document testerver.pl
• Bug 252370 - Provide edit link for attachment in comment. Adds an [edit] link next to attachments in comment text, and removes the &action=view suffix which breaks things when pasting into a shell.
• Bug 252329 - Returning to buglist after an empty fulltext search causes code error
• Bug 252358 - Unnecessary documentation about /usr/bonsaitools/bin/perl into UNIX (non-root) Installation Notes.
• Bug 252388 - Fix undef warning when Bugzilla->cgi->header() is called twice
• Bug 245877 - Add an installation test suite
• Bug 238544 - Emit appropriate error if content and matches are used in invalid search combinations.
• Bug 252190 - Fix uninitialized value in editusers.cgi
• Bug 252002 - Fix typo in create-guided.html.tmpl.
• Bug 240093 - get canconfirm working again.
• Bug 251484 - Fix taint error on series create when creating a new product
• Bug 251567 - Make sure “find a specific bug” doesn’t miss exact matches in summary
• Bug 250840 - Make the minimum version numbers all agree with reality.
• Bug 250967 - Fix spurious updates to requesteeless flags
• Bug 250892 - Fix w3c validation error on search-specific
• Bug 250881 - Do not change DEFAULT-FORMAT for queries unless one of the standard serach form is used

Stable (2.16) Branch Checkins Since the Last Status Update

The following checkins have been made to the 2.16 stable branch in the Bugzilla CVS repository since the previous status update:

• Bug 263165 - Make Bugzilla specify table type as MyISAM when creating tables
• Bug 250897 - Limit password reset requests to once every ten minutes to limit mailbombing if someone submits the form multiple times

Conclusion and Credits

Thank you to all our developers and users who have contributed to this release. We hope to deliver a great 2.18 release and we depend on your feedback and patches to make this happen. Please send us your comments.

Thank you also to all those who contributed to this status update.

Bugzilla 2.16.7, 2.18rc3, and 2.19.1 are available

by Bugzilla Team

The Bugzilla Team is please to announce the release of our third release candidate for Bugzilla 2.18. This release will be shaped by your feedback over the next few weeks.

Also released are stable version 2.16.7 and development snapshot version 2.19.1. All three releases fix a few security issues.

• Security Advisory
• 2.18 Release information
• 2.16.7 Release notes
• Download page

We are doing a 3rd release candidate because there was a major change to the group security mechanisms in the Charting code. We would appreciate any testing, particularly related to the new “Charts over time” code using groups to limit access to charts.

We have also posted a new status update to help keep everyone informed of where the project is heading.