Blog

Want to always keep up-to-date with Bugzilla news? Subscribe to announce@bugzilla.org, a read-only mailing list where we'll post announcements about new versions of Bugzilla and security advisories.

Browse Archives »

You can also see what's going on in the project by looking at the notes of, or watching the video of, our monthly developer meetings.

Loading the upcoming event

01. October 2003

Korean Localization Available

by Bugzilla Team

The download page has been updated with a Korean localization for Bugzilla 2.16.3.

14. September 2003

New Localizations Available

by Bugzilla Team

The download page has been updated with additional localizations of Bugzilla.

New Languages:

  • Belarusian (2.16.3)
  • French (2.16.2)

Updated versions:

  • Chinese (2.17.4)

Many thanks to the localizers for taking on this thankless job!

24. April 2003

Bugzilla Status Update

by J. Paul Reed (preed)

Introduction

The Bugzilla Team is pleased to announce the release of Bugzilla 2.16.3, a maintenance release, and 2.17.4, a new developers’ release.

2.16.3 continues the Bugzilla Team’s support of the stable Bugzilla branch, fixing a couple of important security vulnerabilities and other bugs for 2.16 Bugzilla users.

2.17.4 continues our march toward 2.18, offering new features for developers to play with and refine, and new toys for users who like living on the edge, even though many organizations–mozilla.org included–are using the 2.17 developers’ branch without incident.

Users on both branches should upgrade to today’s releases. Both contains fixes for multiple cross-site scripting issues and an insecure temporary filename vulnerability. For specifics, see the Bugzilla security advisory on these vulnerabilities.

2.14.x users may be affected by at least one of these security vulnerabilities (bug 197153), and are encouraged to upgrade. The Bugzilla Team has officially stopped supporting the 2.14 branch. Also, the 2.16/2.17 branches have lots of cool new goodies on them!

If you’re wondering about the Win32 situation, it has improved slightly on the 2.17-branch, but “out of the box” Win32 support, on either branch, is still, unfortunately, unchanged. However, the Bugzilla Team is currently discussing the status of “out of box Win32 support” in 2.18 and it is likely to remain a release goal.

The Road to 2.18

The Bugzilla team has started reviewing goals for the 2.18 release. This includes deciding what’s important to keep on the list and what might get pushed off.

As far as timing goes, the Bugzilla Team is not going to set a date; doing so has bit the project too many times in the past. The answer to “when is 2.18 coming out?” will continue to be “When it’s done.” However, the Team understands the need to do it sooner rather than later, so post-release, we’ll be focusing on reducing the list of 2.18 goals. If we can pare this down appropriately, 2.17.5 may be the last developer release prior to the 2.18 release candidates. That may or may not be realistic, but it’s a seemingly sensible plan to work from.

The Bugzilla roadmap contains a number of 2.18 goals. If you don’t see a feature or fix you feel is necessary for 2.18 on that list, now is the time to make your case to the module owners. Also, be looking for bugs you’re interested in to be retargetted in the next few days. If you’re significantly concerned about this process, considering joining the Bugzilla developers’ mailing list.

A good initial summary of the Team’s current thinking on goals can be read in this [email protected] thread.

Upcoming Major Features

The following is a list of major new features the Bugzilla Team is currently working on. You can find more information, including implementation/design discussions, proposed landing dates, and status in the bug reports below. These are also features that the Bugzilla Team would appreciate help on, so if one of the features below interests you, feel free to jump into the fray!

  • Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
  • PostgreSQL support. (Bug 98304)
  • Sybase support. (Bug 173130)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customized resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)
  • Generic charting. Allows users to define arbitrary data sets for which historical data will be recorded, and then plot those data sets. (Bug 16009)

New Bugzilla Features

</a>

In-core processmail

Bug 124174, processmail as a package, has finally landed. This bug moves bug mail handling (mail from bug submissions/changes) from the venerable external processmail script, the source of much porting pain and some security issues, into a new module Bugzilla::BugMail.

This change moves the actual sending of mail into the same Bugzilla core process handling web requests. This change will make Win32 porting easier and has significantly sped up bug mail handling (Bug 178153) for large bug changes. The checkin also cleans up the mail sub-system interface and backend, meeting–along with Win32 support–a number of 2.18 goals.

Authentication module/LDAP improvements

As part of the ongoing preparation for mod_perl, Bugzilla’s authentication mechanisms have been modularized, making pluggable authentication schemes for Bugzilla a reality. Both the existing database and LDAP systems were ported as part of modularization process. Additionally, the CGI portion of the backend was redesigned to allow for authentication from other sources, including (theoretically) email, which will help Bug 94850.

As part of this conversion, LDAP logins now use Perl’s standard Net::LDAP module, which has no external library dependencies. This is a departure from using the Mozilla::LDAP modules, which relied on the Netscape LDAP SDK.

Bugzilla mod_perl support

Work continues on updating Bugzilla to support mod_perl, a performance and modularization win. In addition to the authentication module re-org, patches are pending (not included in 2.17.4) to move Bugzilla user handling into a module. With these and other patches, show_bug.cgi (and other minor pages) now support mod_perl, but have not been extensively tested, and are mostly a proof-of-concept at this point.

Initial testing is very encouraging; some very raw performance data suggests that for a simple bug with 5 comments, load times decrease from 0.6 seconds to 0.15 seconds on an unloaded P4-2.4GHz machine.

Despite this, mod_perl support is not yet ready for prime time. Lots of the work is very ‘hacked together’, and the patches only support mod_perl installations, to the detriment of normal CGI/Bugzilla installations. This will, of course, be fixed before checkin.

The major factor inhibiting mod_perl support is the lack of development time and the lack of time for other Bugzilla developers to review patches. If you’re interested in helping Bugzilla increase performance with mod_perl, check out bug 87406.

JS versions of buglists

Buglists are now available as JavaScript structures in addition to HTML and RDF. This allows features like the “update buglinks” bookmarklet, which will update the state of all the buglinks in a page to have the correct status and tooltip.

Perl on the “move” from /usr/bonsaitools/bin to /usr/bin

One of the most common support requests was what this “bonsaitools” directory was all about, and how could the Perl location Bugzilla expects be changed from that to the more standard /usr/bin. This request was never fulfilled because Bugzilla’s primary installation, bugzilla.mozilla.org, needed to have Perl installed in a location other than /usr/bin and a longstanding rule for Bugzilla development has been “don’t break mozilla.org.”

Because of server changes at mozilla.org, a bonsaitools was no longer required for them. After a quick message to the Bugzilla newsgroups and mailing lists asking if anybody else relied on this path, it was determined that finally getting this change checked in wouldn’t affect many people, so the oft-requested feature was finally completed.

More information can be found in bug 196433.

Doc changes

Matthew Barnson, the original author of much of the Bugzilla Guide, has recently been swamped by life. Jacob Steenhagen was gracious (and foolish) enough to volunteer to take over. In an attempt to “sync up” the documentation, Jake has been focusing on backporting relevant changes to the documentation to the 2.16 branch. Many items in the guide have received love, but the most notable ones include:

  • Section 4.3 - OS Specific Installation (New in Devel) - Moved a lot of stuff that is specific to the OS (or distribution) out into a special section. The next step is to make the installation instructions more generic as there are still some OS specific hints, etc.
  • Section 4.4 - HTTP Server Configuration (New in Devel) - Moved some information that is specific to the web server being used into its own section. I currently have varying amount of information for Apache, IIS, and AOL Server.
  • Section 5.5 - Group Security (Devel) - Because the tip has a new security model the docs needed updating for the tip.
  • Section 5.6 - Bugzilla Security (2.16 and Devel) - This section has been cleaned up considerably. It also now contains information that used to be scattered about in different sections.
  • Section 5.8 - Upgrading (2.16 and Devel) - Add a lot of information about upgrading along with specific instructions and examples for 3 different ways to get the latest code.
  • Many Misc. FAQ Updates (2.16 and Devel)
  • Finally moved everything to the xml/ directory. For quite some time now, the documentation has been using the DocBook 4.1.2 XML doctype but still residing in a directory named sgml/ and having file names ending in the .sgml extension. The master documentation files now live in the xml/ directory and have .xml extensions.

Please join the Bugzilla team in welcoming Jake back! Documentation is often the most overlooked and under-appreciated task of any open source project, so if you see Jake on IRC, be sure to thank him!

Improved localization support

With the landing of Bug 126955, support for localized Bugzilla templates has improved tremendously. Bugzilla administrators can now configure which languages are supported by their installations and automatically serve correct, localized content to users based on the Accept Language header sent from users’ browsers, providing the appropriate language for a user with minimal configuration on their part.

There are currently localized templates available for Chinese, German, Spanish (Spain or Mexico) and Russian. These localized template packs are third-party contributions, may only be available for specific versions of 2.16 or 2.17, and may not be supported in the future.)

Trunk Checkins Since the Last Status Update

</a>

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 01/02/2003 to 04/24/2003. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

  • Versions numbers were bumped and release notes updated
  • (1/4/03, 2/19/03, 4/1/03, 4/22/03) Documentation updates (Jake)
  • (2/16/03) Allow runtests.pl to let you specify a test number to run (justdave)
  • (1/12/03) XUL Chrome should use content over _content (in sidebar.cgi). (caillon)

Checkin manifest:

  • Bug 179510 - Fix to take group restrictions into account when sending request notifications
  • Bug 172331 - importxml.pl warnings under perl 5.8
  • Bug 179513 - take N. Fix the bracketing so that it actually works…
  • Bug 201018 - editusers.cgi never calls DeriveGroup prior to changing a bug
  • Bug 197153 - Add wording schange requested by reviewer which wasn’t in the patch on the bug, and so wasn’t checked in.
  • Bug 193965 - On product change, user can accidentally opt-out of required group restriction
  • Bug 197153 - Fix for insecure temporary filename handling.
  • Bug 192661 - Dependency graphs were printing bug summaries without HTML filtering.
  • Bug 192677 - Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a result of it.
  • Bug 198458 - Added LDAP Sync script contributed by [email protected] (Thomas Stromberg) to the contrib directory.
  • Bug 202744 - Removing unnecessary output from collectstats.pl cron job
  • Per bug 200472 - Changing the version information for Date::Parse (any) to instead specify Date::Format (2.21).
  • Fix typo in previous checking for bug 200472 - Date::Format should be version 2.21.
  • Bug 200472 - Require specific version of Date::Format to ensure we don’t run into a bug in an older version that we’re triggering.
  • bug 202534 - Login with unrestricted IP address fails - tries to access missing get_netaddr
  • Bug 71790 - Duplicate resolution field should include bug number of original
  • Bug 199012 - Default (and b.m.o.) bug email should have “change prefs” line.
  • Fix for bug 200961 - unhorks display of bug ID in RDF version of bug list.
  • Bug 200072 - Creating new users from LDAP at authentication time is broken
  • Bug 190589 - sidebar.cgi should link to report.cgi instead of reports.cgi for consistency
  • Bug 199813 - Make all users of ThrowUserError pass $vars in explicitly.
  • Bug 195424 - Add a note about new MySQL permissions needed for Bugzilla in MySQL 4.
  • Bug 194541 - Dot is a binary executable, not a perl script so we don’t need to prefix the system call with the perl binary. There are no more system calls of perl scripts in Bugzilla, so this section can go away.
  • Bug 171674 - Adding a section to the Troubleshooting section describing how to fix the File::Temp problems in perl 5.6.0.
  • Bug 195530 - Make javascript version of buglists available.
  • Bug 80157 - Add “regenerate” option to collectstats.pl.
  • Bug 192121 - Javascript error in guided bug entry.
  • Bug 197689 Missing Query - The query named $name seems to no longer exist.
  • Bug 65319 editmilestones & editversions don’t have extra add.
  • Bug 196433 - Bugzilla now uses /usr/bin/perl as the shebang line
  • Bug 195621 - Back out taint-related changes from bug 160710.
  • Bug 190892 - Radio button for “run this query” looks silly if it’s the only choice. Make it a hidden input if it’s the only one.
  • Bug 180642 - Move authentication code into a module
  • Bug 195695 - Requesting a non-existent format results in an Internal Error
  • Bug 197180 - Long comment names not flagged as an error
  • Bug 193989 - EmailSuffix wasn’t getting used for password change tokens. Also removes real name from To: header which wasn’t being escaped properly for RFC2822 specs.
  • Bug 194917 - Javascript missing HTML comments in flag list.
  • Bug 190848 - Adding a new product results in a software error.
  • Fix for bug 191051 - make substring searches actually do substring instead of anyexact.
  • Bug 196101 - use ANSI-compliant SQL for group checks in sanitycheck
  • Bug 194345 - checksetup.pl would die if you had your params set for a local dot, and the executable didn’t exist. The polite error message it was supposed to print works now.
  • Bug 196420 - jsmagic for add/and/or in boolean charts isn’t working
  • Bug 156436 IBM Web Browser is unrecognizedpatch by [email protected]
  • 180692 - enter_bug shows keywords option even if keywords are disabledFix broken tree.
  • Bug 180692 - enter_bug shows keywords option even if keywords are disabled
  • Bug 195137 - Keywords are not sent in new bug mail
  • Bug 194744 - fix dead link to confirmhelp.html.
  • Bug 183017 - Only numbers displayed when bar chart contains too many products.
  • Bug 194394 - Internal error after turning useqacontact off
  • Bug 186689 - Should be able to set all/clear all email options in user preferences with one click.
  • Bug 194426 - “usequips” was renamed improperly in the backward-compatibility Param code.
  • Bug 194172 - move.pl was sending empty bugs because of failure to initialize the field list for the new “XML Summary” mode.
  • Bug 193985 - errors from SendSQL aren’t being reported
  • Bug 135820 - token cancellation message are not user-friendly
  • Bug 193511 - post_bug page has two headers.
  • Bug 186994 - Unable to accept a new bug that has been assigned.
  • Bug 191537 - Improvements to the security section.
  • Bug 192877 - State changes on bugs w/ dependencies cause “Use of uninitialized values” in BugMail.pm;
  • Bug 193286 - Field validation errors had the wrong page title
  • Bug 192531 - Bugzilla not properly closing DB statement handles. Change code to work arround a perl < 5.8 leak when localising the tiedstatement attributes. Also, clear the sql statestack compat stuff so thatthe handles are really dead by the time we disconnect
  • Bug 177997 - Update the AOL Server section with the new configuration information.
  • Bug 192511 - Removing all occurances of ‘processmail’ from the documentation now that bug 124174 is FIXED.
  • Bug 192874 - checksetup.pl wasn’t silencing the GraphViz check when running in silent mode.
  • Bug 58020 - include bug summaries in whinemail.
  • Bug 192513 - importxml.pl and move.pl now use the new mail routines introduced in bug 124174 (they got broken when processmail was removed). Also fixes several comments referring to processmail (which no longer exists) in other files, and removes references to processmail from the .htaccess files and the executable file list in checksetup.pl.
  • Partial fix for bug 192513 (processmail cleanup). Patch fixes test filesto disregard processmail since it no longer exists (it was special-casedbefore).
  • Bug 124174 - make processmail a package (Bugzilla::BugMail),
  • Bug 192393 - $::dbwritesallowed never set
  • Bug 192340 - ‘unknown_keyword’ error doesn’t mention keyword
  • Bug 192182 - editflagtypes uses ^ instead of **
  • Bug 191020 - back out bits of generic charting checked in by mistake. Apologies.
  • Bug 191020 - buglist.cgi doesn’t always get query names right for filename to save.
  • Bug 191863 - Clean up Bugzilla.pm
  • This checkin contains two fixes:* Bug 191971 - The guide incorrectly stated that you could resolve a bug via email* Provide an example of a glossary term in the document conventions section
  • Bug 172434 - add link to latest nightly.
  • bug 191087 - process_bug.cgi: “Mid-air collision!” title when not allowed to change a field
  • Bug 191085 - Fix FetchSQLData compat code.
  • Bug 191034 - step 1 - Refactoring the installation chapter to provide sections for OS Specific notes and configuration help on multiple web servers. Also added some terms to the glossary.
  • Bug 191080 - fix SQLQuote return value for an undef input
  • bug 190999 - Quips.cgi editing doesn’t show quips author – s/FetchSQLData/FetchOneColumn/
  • Spell servlet correctly. Also, Scarab is now at Version 1.0 Beta 13 - as long as I’m updating…
  • Bug 190582 - quips table initial definition in checksetup.pl missing approved column
  • Bug 190521 - If the attachment didn’t have a Content-Description: header in the e-mail, it ended up not having a description in Bugzilla leaving nothing to click on in the Attachment table on the bug form.
  • Bug 190437 - showdependencytree.cgi and showdependencygraph should use switch_to_shadow_db
  • Bug 106918 - the “movers” param was not being interpreted correctly by move.pl or the show_bug template. Also the exporter value was not properly fed into the xml template.
  • Bug 126955 - Bugzilla should support translated/localized templates.
  • Bug 190197 AnyEntryGroups() is broken in globals.pl; call from enter_bug.cgi breaks bug enteringpatch by [email protected]
  • Bug 188712 Apple’s Browser Safari does not support server-pushpatch by [email protected]
  • Bug 189446 - Can’t change product of a bug
  • Bug 188161 - assignee/qa missing change knobs.
  • Bug 189790 voting info not displayed when editing/viewing a bugpatch by [email protected]
  • Fix for bug 184909 - show status whiteboard on bug lists when the user requests it.
  • Bug 105692 - Script to compile all docs directories.
  • Bug 136603 - show_bug.cgi’s XML retrieval needs a summary mode.
  • Bug 184309 - Adds an optional disabled state to quips, which allows quips to be moderated if the admin so chooses.
  • Bug 148093 - editmilestones.cgi shows ‘xyzzy’ as product bug count.
  • Bumping minimum versions for DBI and DBD::mysql to match what was just checked in for bug 163290.
  • Bug 163290 - move DB handling code into a module
  • Bug 156169 - Bug number styling issues in attachment viewer/editor.
  • Bug 187566 - Making the upgrading section much clearer and presenting multiple possible methods (CVS, tarball, patch).
  • Bug 153874 - Query in sidebar wasn’t working
  • Bug 188656 Change required mysqld minimum to 3.23.41
  • Fix for bug 166481 (“Spellcheck is borked”). Part one of this fix fixes the spelling errors so tinderbox doesn’t barf, part two fixes t/006spellcheck.t and adds some more new words to check for.
  • Bug 142104 - Enhancements in buglists should be gray.
  • Bug 179328 - Mozilla-specific wording in duplicates.cgi explanation text.
  • Bug 187869 long_list.cgi output includes <font =”+3”> before each bug summary
  • Bug 186920 - Loosen checking for Windows ME user-agents.
  • Bug 181047 - Change non-output templates to have a ctype of “none”.
  • Bug 187837 - Unify showing and editing of quips.

2.16 Branch Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the 2.16 branch from 01/02/2003 to 04/24/2003. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

  • Versions numbers were bumped and release notes updated
  • A bunch of highly useful documentation updates (Jake)
  • Allow runtests.pl to let you specify a test number to run (justdave)
  • Update template tests to also catch localized template versions during testing (justdave)

Checkin manifest:

  • Bug 172331 - importxml.pl warnings under perl 5.8
  • Bug 197153 - Add wording schange requested by reviewer which wasn’t in the patch on the bug, and so wasn’t checked in.
  • Fixing tinderbox test failure resulting from the checkin for bug 197153
  • Bug 197153 - Fix for insecure temporary filename handling.
  • Bug 194394 - Someone listed as QA contact on a bug could still access a bug with QA contact privileges if “useqacontact” was later disabled via the parameters.
  • Bug 192661 - Dependency graphs were printing bug summaries without HTML filtering.
  • Bug 192677 - Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a result of it.
  • Fix (on the 2.16 branch) for bug 160279 - checksetup.pl doesn’t check permission on data/comments. Patch adds a fixPerms() call for data/comments.
  • Bug 194125 - CGI.pl perl warning: Character in “c” format wrapped
  • Bug 195424 - Add a note about new MySQL permissions needed for Bugzilla in MySQL 4.
  • Bug 171674 - Adding a section to the Troubleshooting section describing how to fix the File::Temp problems in perl 5.6.0.
  • Bug 197180 - long component name not flagged as error. Because of a mismatch between the size of bugs.component and components.program, this caused silent failures when creating/moving bugsin that component.
  • Port security section rewrite from bug 191537 to the 2.16.3 docs
  • Bug 157704 - Deleting a product could potentially remove privileges from administrators.
  • Bug 191971 - The guide incorrectly stated that you could close a bug by sending an email with the code in contrib/
  • Bug 188757 - 2.16 shipped with the problem mentioned in bug 174255 and that fix was never ported to 2.16’s documentation, so the error was still on bugzilla.org.
  • Bug 187566 - Update upgrade section in the 2.16 branch as was done on the tip
24. April 2003

Bugzilla 2.16.3, 2.17.4 Released

by Bugzilla Team

The Bugzilla Team is pleased to announce the release of the Bugzilla 2.17.4 developer snapshot. For details on the newest features and bugfixes, see the new status update. The 2.17.4 snapshot also contains multiple security fixes.

Also released today is Bugzilla 2.16.3. 2.16.3 is the latest stable Bugzilla release, and fixes multiple security bugs in Bugzilla 2.16.2. Read the security advisory below for details.

16. January 2003

Bugzilla Getting Exposure at LinuxWorld

by Bugzilla Team

Bugopolis is showing off their Bug Station, a server hardware product that comes with Bugzilla pre-installed on it, at the LinuxWorld expo next week. IDG (the event promoters) announced today that the Bug Station was a finalist in the LinuxWorld Open Source Product Excellence Awards, in the Best Developer Tools category. The Bugzilla Team offers their congratulations to Bugopolis for becoming a finalist, and best wishes at the show! Read IDG’s press release.

02. January 2003

Bugzilla Status Update

by J. Paul Reed (preed)

Introduction

The Bugzilla Team is pleased to announce the release of three versions of Bugzilla today: 2.14.5, 2.16.2, and 2.17.3:

  • 2.14.5 is a maintenance release on the 2.14 branch; it contains a couple of security-related bug fixes.
    Note: this is the last 2.14.x release, as the Bugzilla Team has officially stopped supporting the 2.14 branch.

  • 2.16.2 is a maintenance release on the 2.16 branch, containing a couple of security-related bug fixes.
    It is recommended that all production installations upgrade to 2.16.2 to make sure they get the fixes for these security bugs.

  • 2.17.3 is the latest developers’ snapshot release from the trunk; it contains the above security bug fixes as well as tweaks to features in 2.17.1 (bug and attachment flags, enterprise groups, etc.). This release is a developers’ release and is not generally intended for production use.

The security bug fixes on the 2.14.x and 2.16.x branches and the trunk all address the same security bugs. These bugs address cross site scripting vulnerabilities (which the Bugzilla Team already released an announcement about), and sensitive directory and file permissions. In all cases, local server compromises aren’t possible, but unrestricted Bugzilla database access is possible.

Unfortunately, none of these release address the Win32 situation which is still unchanged.

What Happened to 2.17.2?!

Bugzilla project observers may note that we’re releasing a 2.17.3 developers’ release without having released a 2.17.2 version.

This was due to an overzealous Bugzilla developer (JayPee) who tagged the 2.17.2 release in CVS before it was quite ready to be released. Because of the holiday season and a couple of other bugs that were found, the Team decided to hold the release of 2.17.2 until after the holidays.

But, some astute users noticed the new, incorrect tag and had already started to pull it from CVS. Therefore, to minimize confusion, and signify that other patches had been checked into the tree after what had been dubbed “2.17.2” was tagged, the Team decided to bump the version number to 2.17.3.

Developers (and anyone else) do not want the 2.17.2 “release”; they want 2.17.3.

Check-in Policy Update

As Bugzilla project lead Dave Miller announced in the last status report, the Bugzilla project has changed its policies regarding check-ins. The new policy institutes an “approval” process for check-ins and comes as an addition to our existing review policy.

Previously, to check something into Bugzilla’s CVS tree, developers were only required to get the approval of one or two people on the review team. That process is now augmented by a requirement of obtaining approval on the patch from the project lead or a designee before it can be checked in. Current “designees,” if there are any, are noted in the #mozwebtools topic. This won’t amount to a code review, but rather a ‘yes’ or ‘no’ on whether this feature or bugfix in this form at this time is the best course of action to fulfill Bugzilla’s design goals. Approvals are also being used to coordinate landing patches, so the approval flag generally won’t be set until there’s a patch ready to land. If you want to know if a patch you’re working on will likely be given approval for check-in before you expend effort on it, you can ask on the [email protected] mailing list.

Bugzilla developers and reviewers are adjusting to this new policy well, and it’s seemingly serving the Bugzilla project well. The quick release of another 2.17 developers’ snapshot, a mere six weeks after 2.17.1, provides good evidence of this.

Upcoming Major Features

The following is a list of major new features the Bugzilla Team is currently working on. You can find more information, including implementation/design discussions, proposed landing dates, and status in the bug reports below. These are also features that the Bugzilla Team would appreciate help on, so if one of the features below interests you, feel free to jump into the fray!

  • Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
  • PostgreSQL support. (Bug 98304)
  • Sybase support. (Bug 173130)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customized resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)
  • Generic charting. Allows users to define arbitrary data sets for which historical data will be recorded, and then plot those data sets. Bug 16009.

New Bugzilla Features

Re-architected Product Groups

Bug 147275, re-architected product groups, has finally landed. In the 2.17.3 release, the entire mechanism for handling groups has been revised.

It is now possible to exert much more control over how groups and products are related. In editproducts.cgi, there is now a mechanism to permit you to edit the “Group Controls” for a product and determine which groups are applicable, default, and mandatory for each product as well as controlling entry for each product and being able to set bugs in a product to be totally read-only unless some group restrictions are met.

The patch author, Joel Peshkin, has noted that all of the possible scenarios have not been anticipated and this is a new feature, so please Cc him on all bugs you file against re-architected product groups.

Some examples of advanced uses for the re-architected product groups follow:

  • Example: When several products need to be associated with the same default group (formerly a product group), instead of defining several groups with the same names as the products and managing memberships in each group, a single group can be defined to control access and that group can be set as a “Default” group for all of the products.
  • Example: If certain products are never supposed to have a publicly accessible bug, define a group of all authorized users and set the groups control for those products to indicate that the group is Mandatory/Mandatory. This will place bugs in that group without giving the user any option at all.
  • Example: Anyone can enter a security bug. Create a product for security bugs. Do not restrict entry to the product at all. However, set the Member/Nonmember permissions to Default/Mandatory for the security group. This will permit anyone to enter and members of the security group will be able to override the default group restriction while nonmembers will be forced to restrict the bug to the security group.

Replication/shadowdb removal

The shadowdb was a read only copy of Bugzilla’s database, which Bugzilla used for potentially expensive read only queries, such as from buglist.cgi. Due to MySQL’s table-level locking mechanism, long running queries block modifications and updates to the database; the shadowdb attempted to alleviate this bottleneck by creating a second database for these long running queries to use.

Previously, Bugzilla handled updates from the main database to the copy on its own by keeping track of every SQL update. These updates were then sent to the shadow database via a separate process (syncshadowdb). This process had several bugs and was inefficient.

With the landing of bug 124589, which added MySQL replication support to Bugzilla, and bug 180870, which removed the old manual syncing code, Bugzilla 2.17.3 is now able to use the replication facilities provided by the database to handle these updates. The system is now given the locations of the two databases, but leaves updating them to an alternative process. This simplifies the Bugzilla code, and enables further optimizations which were not possible when Bugzilla needed to capture all of an SQL UPDATE/INSERT command.

New “always-require-login” Parameter

This new parameter, added under bug 173761, allows administrators running commercial or sensitive Bugzilla installations to require users to present login credentials to access Bugzilla.

Bugzilla is most commonly used for open source projects, where anyone should be able to search for and view certain types of bugs. But some entities need to restrict these operations to logged in users; this parameter allows administrators to require a login on every Bugzilla page, except for the front page. If users try to access any page without login credentials (in the form of a valid login cookie) and “always-require-login” is set, they will be prompted for the information before being allowed to continue.

Attach and Reassign at Once

When developers attach patches or other attachments (testcases, etc.) to bugs, they will commonly reassign the bug to themselves shortly thereafter, since that developer is actively working on that bug. These used to be distinct steps, which generated two email messages and required Bugzilla users to attach their patch and then reassign the bug to themselves.

This patch, added as part of bug 116819 allows developers to reassign the bug to themselves and set the status to accepted during the attachment creation process. This effectively makes the above process one atomic operation, reducing bug spam and streamlining a very common process.

Trunk Checkins Since the Last Status Update

</a>

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 11/17/2002 to 01/02/2003. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

  • (12/28/02) Release notes update (mattyt)
  • (12/21/02) Documentation rebuild (gerv)
  • (11/21/02) Post-2.17.1 release documentation corrections (justdave)

Checkin manifest:

  • Bug 186673 - Updating section on Red Hat Bugzilla and adding last updated lines to each of the variants.
  • Bug 186962 - Update minimum versions of required software and move those versions to be ENTITY’s
  • Bug 180005 - Bring the FAQ up to date.
  • Bug 178230 - Update documentation for Entrprise Groups
  • Bug 183388 - processmail wasn’t picking up on users being added to the owner or qa contact role and was dropping emails if the user had selected to only get mail on those events.
  • Bug 186594 - $db_sock was not being exported from Bugzilla/Config.pm
  • Bug 186337 - Param lookup should fall back to defaults
  • Bug 186383 - Checksetup leaves editor backups of localconfig accessible
  • Bug 180870 - Remove old shadowdb manual replication code
  • Bug 173622 - Move template handling into a module.
  • Bug 185760 - New group system doesn’t upgrade transparently if usebuggroups = 0
  • Bug 186218 - importxml.pl was doing a query against the products table using the old schema
  • Bug 185944 - radio buttons for adding/removing groups on the change-multiple-bugs screen all had the same name
  • Bug 184949 - CSV buglists are missing the Bug ID column.
  • Bug 185332 - Rewrite the description for timezone param (typo fixes etc.)
  • Bug 158499 - Templatise XML bug output
  • Bug 116819 - Attach and Reassign in one fell swoop.
  • Bug 183188 - collectstats.pl no longer makes data/mining world-readable
  • Bug 184256 Canedit group_control_map entry does not prevent making attachments
  • Bug 184081 Change search interfaces to use Viewable products instead of enterable products
  • Bug 184336 - default urlbase parameter on new installs now points at http://you-havent-visited-editparams.cgi-yet/ to a) relieve cvs-mirror.mozilla.org of all the hits, and b) give people who receive those emails a hint what to do to fix it.
  • Bug 180955 - Remove dual-license from test files
  • Bug 184365 - link to urlbase instead of index.cgi from “Top” link in navigation toolbar.
  • Bug 86029 - create permission restrictions for createaccount.cgi (prevent people from creating accounts)
  • Bug 159627 - quips should be editable and deleteable using the web interface
  • Bug 176461 - Move descs strings from change-columns.html.tmpl tofield-descs.html.tmpl
  • Bug 183843 - Query knobs are missing if requirelogin is set
  • Bug 182946 - fix additional typo noticed on irc by tm
  • Bug 182946 - fix regressions from bug 171493(Bug.pm/show_bug.cgi/bug_form.pl reorg)
  • Bug 177850 - checksetup.pl was failing if the user didn’t have read permissions to the entire Bugzilla path
  • Bug 178880 - Creation date is now displayed in the long list.
  • Bug 182512 - Charts over time broken
  • Bug 181951 - Cannot delete groups
  • Bug 171493 - make show_bug use Bug.pm and remove bug_form.pl
  • Bug 67077 - We now include the timezone (as configured in editparams.cgi) on every time we display.
  • Bug 173761 Need ability to always require login
  • Bug 114179 - Concentration, improvement, and templatisation of Bugzilla general user help system.
  • Bug 181221 - CSV reports on 2-d tables have header messed up.
  • Bug 181960 Reason for account being disabled is not shown
  • Bug 180460 request.cgi doesn’t filter list of products/components
  • Bug 181582 - reorders the table cells on the query page so that the list headers are grouped with the lists in Links and whenused with voice synthesis packages.
  • Bug 147275 Rearchitect product groups
  • Bug 180980 Doing 2 email searches fails when searching for CC list members
  • Bug 180966 - warnings in webserver error log (take 2)
  • Bug 181613 - $::ENV not being cleared
  • Bug 181182 - Reporting fix pack 2. Fixes bug 179198 (Don’t print labels for pie chart wedges when smaller than a certain size), bug 180255 (Tabular report CSV downloads should suggest csv filename), and bug 180967 (csv reports swap rows/columns).
  • Bug 181286 - Invalid html in banner.html.tmpl
  • Bug 179483 - Guided template displays wrong product name sometimes.
  • Bug 179582 - More informative and easier to read flag email template
  • Bug 179293 - time tracking js should only appear if time tracking isenabled
  • Bug 181000 - Lock the keyworddefs table for READ when using a shadowdb, too
  • Bug 180978 - Adding keyword from enter_bug doesn’t update keyword cache
  • Bug 179811, used & instead of &
  • Bug 124589 - support database replication
  • Bug 179881 - makes the “Requests” link in the footer be “My Requests” for logged in users.
  • Bug 179876 - Labels the “Requestee” field to reduce confusion about its purpose.
  • Bug 175579 - make templates html compliant
  • Bug 179206 - enter_bug isn’t picking up version from URL
  • Bug 180545 - It was possible to change the product/component of a bug without having the editbugs permission.
  • Bug 179960 - QuickSearch queries are slow and timeoutfixed by adding subselect emulation for product/component lookups
  • Bug 180205 - General reporting fixes.
  • Bug 180151 - Grand total links are messed up when axis is restricted,
  • Bug 180105 - CSV reports occasionally break,
  • Bug 179671 - Boolean charts are broken on reporting pages,
  • Bug 179887 - report.cgi should require Data::Dumper , not use
  • Bug 179581 - Keyword combinations report not very useful.
  • Bug 180444 - Correctly attributes request creation to person who submitted it.
  • Bug 180632 - corrects reference flag->is_requesteeble to flag->type->is_requesteeble
  • Last part of fix for bug 179494 - adds “use Bugzilla::Util” and removes “&::” from before “trim” per bbaetz.
  • Bug 179494 - prevents Bugzilla from thinking users have changed flags when they haven’t.
  • Bug 180544 - prevents display of requestee field for generally requestable fields.

2.16 & 2.14 Branch Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the 2.14 and 2.16 branches from 11/17/2002 to 01/02/2003. This list was generated by filtering Bonsai’s output on that query (contains both branches).

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

  • Versions numbers were bumped and release notes updated for both branches

Checkin manifest:

  • Bug 186383 - Checksetup leaves editor backups of localconfig accessible
  • Bug 183188 - collectstats.pl no longer makes data/mining world-readable
  • Bug 179329 - filter quips in “show all the quips” for HTML
02. January 2003

Bugzilla 2.16.2, 2.17.3 Released

by Bugzilla Team

The Bugzilla Team is pleased to announce the release of the Bugzilla 2.17.3 developer snapshot. For details on the newest features and bugfixes, see the new status update.

Also released today is Bugzilla 2.16.2. 2.16.2 is the latest stable Bugzilla release, and fixes two security bugs in Bugzilla 2.16.1. Read the security advisory below for details.

02. January 2003

Bugzilla 2.14.5 to be the last 2.14 release

by Bugzilla Team

The Bugzilla Team has released Bugzilla 2.14.5 today to address two security issues which were recently discovered. As we’ve been warning for the last several months, we are no longer supporting the 2.14 branch as of the end of 2002, so this release marks the last for the 2.14 line. All sites who haven’t already done so are strongly encouraged to upgrade to 2.16.2 so you can continue to receive security updates.

25. November 2002

Bugzilla 2.17.1 Developer Snapshot available

by Bugzilla Team

The Bugzilla 2.17.1 developer snapshot is now available on the download page.

18. November 2002

Bugzilla Status Update

by J. Paul Reed (preed)

State of Bugzilla

We have come to an exciting time in the life of the Bugzilla project. In the last few months, we’ve had a few major companies adopt Bugzilla for their internal bug-tracking systems. OK, nothing new here; lots of companies use Bugzilla.

So what’s the big deal? These particular companies are contributing back. We’ve gotten a number of major features in the last couple months, and some other major features in the works, all contributed by companies who are paying their employees to make Bugzilla meet their needs.

This is a really good thing for Bugzilla, because it means we’re gaining more features that will appeal to the enterprise market rather than just small companies and Open Source groups. It also puts enterprise-level features into the hands of the small companies and Open Source groups. And those same enterprise-level corporations are the ones who can afford to put full-time manpower on improving the product, which just repeats the cycle. I think of it as a “coming of age” for Bugzilla, and a really good demonstration of the power of Open Source.

But this isn’t all flowery and sweet-smelling. With that type of contribution level also comes a great challenge. Not everyone who wants to use Bugzilla is going to want all of these features. Sure, a lot of them are really cool–you can read about some of them below–but each software development environment is different, and not everyone will have a use for every feature. So the Bugzilla team is now presented with the challenge of making sure Bugzilla remains easily configurable and scalable from the very small to the very large. There’s also the challenge of making sure new features don’t slow Bugzilla down beyond a reasonable level, as we’ve already run into in some cases with the changes to products, components, and groups.

There’s also the sense of “too many cooks in the kitchen” that has to be addressed. We love getting all this help but to ensure that Bugzilla’s goals continue to get met, I feel it’s necessary to institute an “approval” process for checkins. This new policy comes as an addition to our existing review policy.

Previously, the only thing developers had to do to check something into Bugzilla’s CVS tree was get one or two people on the review team to say “yes, this is quality code” and they could check it in. That process isn’t going away, but in addition to that, approval will now need to be obtained from myself or a designee before it can be checked in. This won’t amount to a code review, rather a ‘yes’ or ‘no’ to whether this feature or bugfix in this form at this time is the best course of action to fulfill Bugzilla’s design goals.

Our core development team has always been very good about ensuring that their individual work is peer reviewed for quality, and their checkin coordinated with other work going on in the tree to ensure the greatest benefit for Bugzilla, both from a code/feature perspective and a software engineering/management perspective. This new policy simply ensures that all our “master chefs” in the “kitchen” are working on the same course, preparing the same style of food, ensuring that we continue to provide the best damn bug-tracking package available today and tomorrow, for open source project and enterprise customer alike.

– Dave Miller, Bugzilla project lead

Since the Last Status Report…

The Bugzilla Team has been working furiously over the past two weeks on readying the trunk for a 2.17.1 development release. I know many of you reading this were hoping to see that tarball of 2.17.1 by now, but there were some regressions found during the recent mozilla.org upgrade to 2.17.1 from cvs, which we decided were glaring enough that we really should fix them first before we rolled the tarball.

2.17.1 is slated to be released within the week; the Bugzilla team is currently stamping out the last few of the above-mentioned regressions which have cropped up. 2.17.1 is intended for developers wishing to base large landings or patches off an official bugzilla.org release. It should not be used for production purposes, except in special circumstances. 2.17.1 is not a solution for Win32 users (see below). The vast majority of sites wanting to test or use Bugzilla in production should install 2.16.1. If you’re not sure whether you should use 2.17.1 or 2.16.1, you want 2.16.1.

Administrators’ Mailing List Reminder

We’d like to remind all Bugzilla administrators that to assist them in keeping up-to-date with release announcements and security advisories, we’ve started a mailing list for people who administer Bugzillas. It is very low traffic - release announcements and security advisories only. We advise all Bugzilla administrators to subscribe, so they can keep up with important Bugzilla news.

The (Unchanged) Win32 Situation

Bugzilla-on-Win32 is still unchanged: administrators using Win32 as their platform for Bugzilla do not want the 2.16 branch, including 2.16.1, nor do they want 2.17.1. The plan is to make the trunk Win32-friendly (which involves a number of quite large changes, and which unfortunately did not happen in this release cycle) and then announce that fact, allowing Win32 Bugzilla administrators to pull from the trunk on a known tag. This may become a 2.17.2 release. Interested admins can search bugzilla on the [needed for Win32bz] status whiteboard entry to track bugs that are part of this process.

The Bugzilla Team continues to recommend Unix-based operating systems, including Linux, as the best platform for a Bugzilla installation; please consider it if you are starting a new Bugzilla installation and have some say in the platform decision. Trust us: it makes life easier for everyone.

Upcoming Major Features

Major new features are being worked on. If you would like to know when we plan on adding one of these features, you can get that information from the bug requesting its implementation. These include:

  • Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
  • PostgreSQL support. (Bug 98304)
  • Sybase support. (Bug 173130)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)
  • Generic charting. Allows users to define arbitrary data sets for which historical data will be recorded, and then plot those data sets. Bug 16009.
  • Rearchitect product groups. Gives administrators much more control over how products and groups are related. Bug 147275.

New Bugzilla Features

Reporting Improvements

Bugzilla has a new mechanism for generating reports of the current state of the bug database. It has two, related parts: a table-based view, and several graphical views.

The table-based view allows you to specify an x, y and z (multiple tables of data) axis to plot, and then restrict the bugs plotted using the standard query form. You can take the data as HTML or CSV, for importing into a spreadsheet. Each number in the HTML version of the table is linked to a query which produces the list.

So, for example, a Netscape manager could plot assignee vertically, and severity horizontally, and restrict assignee to the names of his managees. He would then be able to see which of his managees was overloaded with severe bugs.

There are also bar, line and pie charts, which are defined in a very similar way. These views may be more appropriate for particular data types, and are suitable for saving and then putting into presentations or web pages.

Note that no attempt is made to prevent you from plotting silly data sets. For example, if you plot a graph of “assignee” along the X axis, and choose a line graph, your line won’t mean very much.

Example: https://bugzilla.mozilla.org/report.cgi?x_axis_field=bug_status&y_axis_field=component &product=MailNews&cumulate=1&format=table&ctype=html&action=wrap (You can switch between report types using the controls at the bottom.)

Request Tracker

The Request Tracker (RT) is a set of enhancements that make attachment statuses more powerful and easier to administer. It includes the following changes:

  • Additional states: Previously attachment statuses could be in one of two states: off or on. RT adds two more states for a total of four: off, granted, denied, and (optionally) requested, where “granted” is the equivalent of “on”. These additions mean it is no longer necessary to define a status to negate another status (f.e. “needs-work” to negate “has-review”) because negation is built into each status via the status’ “denied” state.
  • Bug statuses: Previously only attachments could have these kinds of statuses. RT enables them for bugs as well. Since the word “status” already has a meaning for bugs, attachment statuses have been renamed to “flags” to avoid confusion.
  • Requests: Flags can now optionally be made requestable, which means users can ask other users to set them. When a user requests a flag, Bugzilla emails the requestee and adds the request to a browsable queue so both the requester and the requestee can keep track of its status. Once the requestee fulfills the request by setting the flag to either granted or denied, Bugzilla emails the requestee and removes the request from the queue.
    This feature supports workflow like the mozilla.org code review and milestone approval processes, whereby code is peer reviewed before being committed and patches get approved by product release managers for inclusion in specific product releases.
  • Product/component specificity: Previously flags were product-specific, and if you wanted the same flag for multiple products you had to define multiple flags with the same name. Flags are now product/component-specific, and a single flag can be enabled or disabled for multiple product/component combinations via inclusions and exclusions lists. Flags are enabled for all combinations on their inclusions list except those that appear on their exclusions list.

For more information see the brief online documentation.

User Wildcard Matching

Sites can now enable the use of wildcards and substrings in bug entry and editing forms. If the usermatchmode param is set to wildcard, then any “*” included in email addresses will be treated as a wildcard and cause the entry provided to be matched against all active userids and real names in the system. If usermatchmode is set to search, addresses that do not exactly match an existing email address will be matched as a substring as well.

Two other paramaters influence the behavior of wildcards, maxusermatches and confirmuniqueusermatch permit a site to determine how broadly to apply ambiguous wildcards and to determine if all wildcard expansions should be confirmed.

Support for “Insiders”

If the insidergroup parameter is defined, a specific group of users can be designated insiders who can designate comments and attachments as private to other insiders. These comments and attachments will be invisible to other users who are not members of the insiders group even if the bugs to which they apply are visible. Other insiders will see the comments and attachments with a visual tinting indicating that they are private.

Enterprise Group Support

The 55 group limit is now gone along with the groupset and blessgroupset bitset fields. Each user is now a member of a list of groups. It is now possible to define a group in terms of other groups as well as to place individual users in a group directly.

Bugzilla now keeps track of whether a user was added to a group via a regular expression match or whether they were explicitly added to that group. Changes to regular expressions for group membership now take effect instantly for all users when updated, and no longer apply only to new accounts. If a member no longer matches the group’s regexp, and they were originally added to that group because they matched the regexp, they are removed from that group. Note that the upgrade process has no way to know who was added to a group explicitly and who was added by a regexp, so all members of a group prior to this feature will remain members of that group until explicitly removed from it via the user editor, wether they still match the regexp or not.

Estimated/Actual/Remaining Time

If the timetrackinggroup parameter is defined, members of the named group get controls for tracking the time spent fixing a bug added to the bug form. Any time comments are added to the bug, members of the time tracking group can add an amount of time they spent, and it’s figured into the total and displayed at the top of the bug. Shown in the bug are your original estimate, the amount of time spent so far, the revised estimate of how much time is remaining, and your gain/loss on the original estimate.

Support for database replication

The shadow database is a read-only copy of the Bugzilla database which can be used for queries. Until now, keeping the main database in sync with the shadow was handled internally by Bugzilla. This has several issues with performance, stability, and accuracy, and so Bugzilla now supports using MySQL’s replication to handle the mirroring (bug 124589).

As announced before the release of Bugzilla 2.16, the only supported way for a read-only database will soon become replication (bug 180870). It is not expected that this will cause any problems for sites, as the only installation known to be using the shadowdb is bugzilla.mozilla.org. The old code will be removed from Bugzilla as soon as bmo upgrades, and well before the next stable release (2.18).

Miscellaneous Improvements

2.17.1 also introduces a number of general improvements; these features are now available on bmo.

  • Autolinkification Page - It’s now possible to apply Bugzilla’s comment hyperlinking algorithm to any text you like. This should be useful for status updates and other web pages which give lists of bugs. The bug links created include the subject, status and resolution of the bug as a tooltip.
  • There are more tags on the links toolbar for navigating quickly between different areas
  • Buglists are now available as comma-separated value files (CSV) (link at the bottom)
  • Keywords and dependencies can now be entered during initial bug entry
  • The performance of some queries and CGIs has been improved; unfortunately, some have also gotten worse; “hey, that’s life.”

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 09/22/2002 to 11/17/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

  • Various build bustage fixes (Myk and JayPee)
  • (11/4/2002) Some installation documentation updates (mbarnson)

Checkin manifest:

  • Bug [179886](https://bugzilla.mozilla.org/show_bug.cgi?id=179886 “request.cgi should not use diagnostics; ”) - request.cgi should not use diagnostics
  • Bug 179264 - only quote non-numeric CSV values.
  • Bug 100639 - make resolution more visible on mostfreq list.
  • Bug 180232: removes unnecessary margins/borders around XUL duplicates report
  • Bug 179462 - Clarify description for enablequips param.
  • Bug 179697 - OR terms need extra level of bracketing
  • Bug 178043 - Make it possible to have vertical x-axis labels.
  • Bug 179706 activity log needs to include full account names for requestees
  • Bug 179302 - ‘anyexact’ isn’t an option for boolean charts
  • Bug 179491 Searchs of attachments containing a string do not enforce attachment privacy
  • Second installment of Bug 179260 Unknown table ‘map_assigned_to’ in order clause at globals.pl line 242
  • Bug 179360: puts the filters at the top of the request queue and eliminates that empty table that sometimes is at the top of the queue.
  • Bug 179334: updates the setter consistently. also fixes numerous other bugs in the RT code.
  • Bug 179260 Unknown table ‘map_assigned_to’ in order clause at globals.pl line 242
  • Bug 179290 - login cookie email needs to be escaped
  • Bug 179380: if “enablequips” is off, quips.cgi now presents a message that the quips are disabled instead of letting you view or add quips.
  • Bug 179396 (add 007util.t in order to test Bugzilla::Util).
  • Bug 178984: disables flag requestee field using JavaScript unless flag is set to “requested”.
  • Bug 170464 - OS/2 disappeared from ‘Operating System’ list. This allows selection of any OS, if the submitter is running it, on this form.
  • Bug 178178 Sidebar name should not be hardcoded to “Bugzilla”
  • Bug 173689 - Default comments search box type to “contains string”.
  • Bug 179321 - cannot clear status whiteboard entirely
  • Bug 179264 csv output for the buglist (see url inside) is invalid (too many “s)
  • Bug 179329: filters HTML out of quips on “show all quips” page
  • Adding runtests.pl for bug 143155. runtests.sh will remain for a little while in order to allow tinderboxen to transition and any documents to be updated.
  • Bug 179238 - searching by commenter is ignored if you do ‘exact’ or ‘contains’
  • Bug 176599, Improve performance of duplicates.cgi
  • Bug 179242 Part 2 - Handle both conditions for the if block
  • Bug 178383 - product/component query conditions appear twice
  • Bug 179193 - anyexact should use IN, not OR
  • Bug 179184 - regetlastlist returns all bugs
  • Bug 179203 - “Preset Queries” text does not appear in footer if last named query is not in footer
  • Bug 179188 - The new flag system wasn’t indicating which attachment a flag was changed on. This patch inserts the attachment ID any time it exists in the activity log (to match what show_activity does).
  • Bug 179225 Missing space. “Reassign bug to ownerand QA contact of selected component “
  • Bug 179242 Searching for comment contains string + email gives “Not unique table/alias: ‘longdescs_’ at globals.pl line 242”
  • Bug 179207 Blessing doesn’t work right
  • bug 179205: Makes flag options be correct in all situations.
  • Bug 179177: avoid database errors when inserting bug by locking all tables i need to access
  • Bug [178189](https://bugzilla.mozilla.org/show_bug.cgi?id=178189 “ nsCOMPtr : do we still care about VC++4.2? and if not, can we remove this comment”) - when filing a new bug, the generated bugmail doesn’t include product/component
  • Bug [179174](https://bugzilla.mozilla.org/show_bug.cgi?id=179174 “Need to fix use of $ (for buffering)”) - renable $ = 1
  • Bug 114696 - permission checking in queries not optimal
  • Bug 171505: shows disabled flags in the UI
  • Bug 114696 - permission checking in queries not optimal
  • Bug 178841: removes full paths from filenames in attachments table and prevents them from appearing again
  • Bug 92253 - Boolean chart makes very wide web pages from query.cgi.
  • Bug 164003 - Button “Add another boolean chart” appears twice after clicking “And”.
  • Bug 71794 - processmail shouldn’t bother checking dependencies unless state changes.
  • Bug 171480: make output for non requestee-specific requests look better in the request queue.
  • Bug 178776: Eliminates warning in duplicates.cgi.
  • Bug 172518: makes the request tracker use the generic user matching code
  • Bug 178772 doeditparams.cgi failed with malformed headers
  • Bug 178800: fixes taint failure in graphical charts with Perl 5.6.0
  • Bug 178801: Missing &:: caused function call to fail, resulting in server error.
  • Bug 178794 Request Queue has Internal Server Error if accessed when not logged in
  • Bug 174731: no longer represents spurious flags as being set by default.
  • Bug 171475: make new flags include all categories (product/component combinations) by default.
  • Added information about versioncache back in. See bug 140332
  • Added blurb about movebugs. At this point, only bmo uses it, so I’m calling it an “undocumented feature”. See bug 127818
  • Modified text for cookiepath line for clarity. See bug 162359
  • Included note regarding the origin of “bonsaitools”, per bug 174922.
  • Added section for Bugzilla and mod_perl (future expansion). Right now, it just says “Bugzilla doesn’t work under mod_perl”. See bug 149883
  • A rather controversial new entry to the FAQ. See bug 107917. I decided one way for the Guide, based upon the code I see currently checked in. If I’m wrong, feel free to correct it!
  • Fix for Apache configuration directives from bug 174255 and de-stupidifying of emacs destruction of tags.
  • Removed links to dbschema.jpg image. See bug 173484, it was really outdated and redundant anyway.
  • Removing these images, since they are too outdated to be useful, and they are basically redundant anyway. See bug 173484
  • Added notes on using OpenLDAP; We should probably look at code changes to make Net::LDAP our permanent LDAP plugin rather than Mozilla::LDAP…See bug 167379.
  • Bug 156548: XUL implementation of duplicates report.
  • Bug 173571 - Turn “all selected” into “none selected” for efficiency.
  • Bug 177436 User matching shouldn’t be case-sensitive
  • Bug 62729, “Add real name capability to bug_list.cgi”.
  • Bug 178019 - reports.cgi should use the shadowdb.
  • Bug 176509: “(this bug is not in your list)” no longer appears in the navigation bar when you aren’t viewing a bug.
  • Bug 127200 Query for CC/longdesc/OR takes long time
  • Bug 177430 - buglist.cgi needs a CSV output format.
  • Bug 177435 exact match on assignee fails with user matching
  • Bug 177624 Wildcard rejects –do_not_change– in mass-change
  • Bug 95430 Reopening en masse fails.
  • Bug 177099: stored queries ordering and editing were broken after moving to CGI.pm. They work again now.
  • Bug 175838 Reopening a bug does not clear resolution, nor does selecting ‘clear resolution’
  • Bug 177351 - checksetup.pl tells about deleting templates in silent-running mode.
  • Bug 176953 - version not set properly from form value like others in enter_bug.cgi.
  • Bug 168191 - Checksetup needs to force template recompilation.
  • Bug 173005 - Add bar charts, pie charts etc. to reporting.
  • Bug 176936 minor consistency changes for editproducts and editflags
  • Bug 147833 - start using CGI.pm
  • Bug 171278 - component/product ids mean that you can’t do change queries oncomponent/product
  • Bug 162990Adding missing new file
  • Bug 162990 Shorthand/wildcard entry for login names in assign, cc, qa, fields
  • Bug 172874 - cvs remove old editattachstatus templates, take 2. All tests still pass.
  • Bug 171770 - check in Bugzilla Helper.
  • Bug 175625 Timetracking columns are computed even if not displayed
  • Bug 172875 - Fix site-navigation.html.tmpl to link to flags CGI and not attachments one.
  • Bug 173495 - require perl 5.6
  • Bug 112373 you should be able to enter bug dependencies/blockers when you enter a bug.
  • Bug 174221 - field names should be l10n in user-errors.html.tmpl.
  • Bug 172959 - Remove old reporting (most doomed etc.).
  • Bug 174524 - Tidy up Bugzilla::{Util,Config}, and lazily-load unneeded modules
  • Bug 174464 - buglist code for empty query shouldn’t set headers_done
  • Bug [24789](https://bugzilla.mozilla.org/show_bug.cgi?id=24789 “[E A R] Add Estimated, Actual, Remaining Time Fields”) [E A R] Add Estimated, Actual, Remaining Time Fields
  • Bug 174112 Edit multiple bugs broken
  • Bug 173808 - Use of uninitialized value in subtraction (-) at duplicates.cgi line 133.
  • Bug 173719 - warnings in report.cgi.
  • Bug 170903 - review markup I missed.
  • Bug 170903 - Remove hard-coded titles and things.
  • Bug 173581 - Changing milestone sortkeys is broken.
  • Bug 173249 - user-error.html.tmpl: Bogus title, inconsistent indenting.
  • Bug 171437 - Enhancements to generic reporting. Reporting menu, 3D tables, rearranged UI, better API for new report types.
  • Bug 173027 - code-error.html.tmpl misses a </em>.
  • Bug 172740 - “use of uninitialized variable” warnings.
  • Bug 163114 - Templatise all calls to DisplayError.
  • Bug 93667: Minor style fix, uninit var fix, add explanatory comments to CrossCheck/DoubleCrossCheck.
  • Bug 93667: More movement, commenting, and remove an unused variable.
  • Bug 93667: Move some code around, add some section heading comments.
  • Bug 93667: Rewrite double cross checking.
  • Bug 93667: Rewrite single cross checking.
  • Bug 93667: General bug check refactoring.
  • Bug 155389 - More elements & templatization of navigation_links. Fix small regression where I accidentally damaged the user.login field.
  • Bug 155389 - More elements & templatization of navigation_links.
  • Bug 20122 - Bugzilla requires new login if IP changes
  • Bug 172045 can’t see restricted bugs if cc set
  • Bug 172010 voting broken on tipRegression from 43600 and 157756
  • Bug 163114 - Templatise all calls to DisplayError.
  • Bug 170903 - Remove hard-coded titles and things.
  • Bug 171639 dupes not marked in original bug
  • Bug 164038 - token.cgi: Cancel token messages should be moved into the templates.
  • Bug 169819 - remove ‘this is bugzilla…’ text from footer
  • Bug 170073: checksetup.pl (indirectly via Bugzilla::Config.pm) had a dependency on File::Temp, which caused it to crash before the version checks were even done to warn the admin that it wasn’t present. This patch reorders the loading sequence in checksetup.pl so that the version checks are done before the Config module is loaded.
  • Bug 171506: Fixes bustage in sanitycheck.cgi by making it check for correct product IDs in the flaginclusions and flagexclusionstables instead of the flagtypes table, which no longer has a product_id field.
  • Bug 171420: fixes usage of $template, $vars, and &Param in Flag.pm.
  • Bug 171322 process_bug.cgi makes reference to non-existent product variable
  • Bug 171440 editgroups shows system groups as usable for bugs even though they are not
  • Bug 163114 - Templatise all calls to DisplayError.
  • Bug 98801: Implementation of the request tracker, a set of enhancements to attachment statuses.
  • Bug 171296: changing Content-disposition header in attachment.cgi to use ‘inline’ instead of ‘attachment’ so that itdoesn’t force you to download it.
  • Bug 170213 - CVS remove old and obsolete HTML files.
  • Bug 170195 Regression - buglist highlighting broken
  • Bug 170822 - Linkification process destroys whitespace.
  • Bug 170986 - General Summary reports don’t work with taint checking. Also fixes Throw*Error’s $extra_vars parameter.
  • Bug 170843 - cvs remove obsolete file, changepassword.cgi.
  • Bug 12282 - General summary reports.
  • Bug 169197: Explicitly identifies RDF ‘about’ and ‘resource’ tags as being in the RDF namespace to update deprecated syntax and get some RDF parsers to stopgenerating warnings.
  • Bug 170064 - Change error API again to allow vars to be passed in the call.
  • Bug 170075 - Mid-air collision pages should be titled as such.

2.16-Branch Checkins Since the Last Status Update

None.

2.14-Branch Checkins Since the Last Status Update

None.

The Bugzilla team will stop officially supporting the 2.14 branch after December, 2002. All 2.14 users are strongly encouraged to upgrade to the 2.16 branch to pick up new features, such as template support, request tracking, and improved attachment handling, among tons of other goodies.