Blog

Want to always keep up-to-date with Bugzilla news? Subscribe to announce@bugzilla.org, a read-only mailing list where we'll post announcements about new versions of Bugzilla and security advisories.

Browse Archives »

You can also see what's going on in the project by looking at the notes of, or watching the video of, our monthly developer meetings.

Loading the upcoming event

02. January 2003

Bugzilla 2.14.5 to be the last 2.14 release

by Bugzilla Team

The Bugzilla Team has released Bugzilla 2.14.5 today to address two security issues which were recently discovered. As we’ve been warning for the last several months, we are no longer supporting the 2.14 branch as of the end of 2002, so this release marks the last for the 2.14 line. All sites who haven’t already done so are strongly encouraged to upgrade to 2.16.2 so you can continue to receive security updates.

25. November 2002

Bugzilla 2.17.1 Developer Snapshot available

by Bugzilla Team

The Bugzilla 2.17.1 developer snapshot is now available on the download page.

18. November 2002

Bugzilla Status Update

by J. Paul Reed (preed)

State of Bugzilla

We have come to an exciting time in the life of the Bugzilla project. In the last few months, we’ve had a few major companies adopt Bugzilla for their internal bug-tracking systems. OK, nothing new here; lots of companies use Bugzilla.

So what’s the big deal? These particular companies are contributing back. We’ve gotten a number of major features in the last couple months, and some other major features in the works, all contributed by companies who are paying their employees to make Bugzilla meet their needs.

This is a really good thing for Bugzilla, because it means we’re gaining more features that will appeal to the enterprise market rather than just small companies and Open Source groups. It also puts enterprise-level features into the hands of the small companies and Open Source groups. And those same enterprise-level corporations are the ones who can afford to put full-time manpower on improving the product, which just repeats the cycle. I think of it as a “coming of age” for Bugzilla, and a really good demonstration of the power of Open Source.

But this isn’t all flowery and sweet-smelling. With that type of contribution level also comes a great challenge. Not everyone who wants to use Bugzilla is going to want all of these features. Sure, a lot of them are really cool–you can read about some of them below–but each software development environment is different, and not everyone will have a use for every feature. So the Bugzilla team is now presented with the challenge of making sure Bugzilla remains easily configurable and scalable from the very small to the very large. There’s also the challenge of making sure new features don’t slow Bugzilla down beyond a reasonable level, as we’ve already run into in some cases with the changes to products, components, and groups.

There’s also the sense of “too many cooks in the kitchen” that has to be addressed. We love getting all this help but to ensure that Bugzilla’s goals continue to get met, I feel it’s necessary to institute an “approval” process for checkins. This new policy comes as an addition to our existing review policy.

Previously, the only thing developers had to do to check something into Bugzilla’s CVS tree was get one or two people on the review team to say “yes, this is quality code” and they could check it in. That process isn’t going away, but in addition to that, approval will now need to be obtained from myself or a designee before it can be checked in. This won’t amount to a code review, rather a ‘yes’ or ‘no’ to whether this feature or bugfix in this form at this time is the best course of action to fulfill Bugzilla’s design goals.

Our core development team has always been very good about ensuring that their individual work is peer reviewed for quality, and their checkin coordinated with other work going on in the tree to ensure the greatest benefit for Bugzilla, both from a code/feature perspective and a software engineering/management perspective. This new policy simply ensures that all our “master chefs” in the “kitchen” are working on the same course, preparing the same style of food, ensuring that we continue to provide the best damn bug-tracking package available today and tomorrow, for open source project and enterprise customer alike.

– Dave Miller, Bugzilla project lead

Since the Last Status Report…

The Bugzilla Team has been working furiously over the past two weeks on readying the trunk for a 2.17.1 development release. I know many of you reading this were hoping to see that tarball of 2.17.1 by now, but there were some regressions found during the recent mozilla.org upgrade to 2.17.1 from cvs, which we decided were glaring enough that we really should fix them first before we rolled the tarball.

2.17.1 is slated to be released within the week; the Bugzilla team is currently stamping out the last few of the above-mentioned regressions which have cropped up. 2.17.1 is intended for developers wishing to base large landings or patches off an official bugzilla.org release. It should not be used for production purposes, except in special circumstances. 2.17.1 is not a solution for Win32 users (see below). The vast majority of sites wanting to test or use Bugzilla in production should install 2.16.1. If you’re not sure whether you should use 2.17.1 or 2.16.1, you want 2.16.1.

Administrators’ Mailing List Reminder

We’d like to remind all Bugzilla administrators that to assist them in keeping up-to-date with release announcements and security advisories, we’ve started a mailing list for people who administer Bugzillas. It is very low traffic - release announcements and security advisories only. We advise all Bugzilla administrators to subscribe, so they can keep up with important Bugzilla news.

The (Unchanged) Win32 Situation

Bugzilla-on-Win32 is still unchanged: administrators using Win32 as their platform for Bugzilla do not want the 2.16 branch, including 2.16.1, nor do they want 2.17.1. The plan is to make the trunk Win32-friendly (which involves a number of quite large changes, and which unfortunately did not happen in this release cycle) and then announce that fact, allowing Win32 Bugzilla administrators to pull from the trunk on a known tag. This may become a 2.17.2 release. Interested admins can search bugzilla on the [needed for Win32bz] status whiteboard entry to track bugs that are part of this process.

The Bugzilla Team continues to recommend Unix-based operating systems, including Linux, as the best platform for a Bugzilla installation; please consider it if you are starting a new Bugzilla installation and have some say in the platform decision. Trust us: it makes life easier for everyone.

Upcoming Major Features

Major new features are being worked on. If you would like to know when we plan on adding one of these features, you can get that information from the bug requesting its implementation. These include:

Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
PostgreSQL support. (Bug 98304)
Sybase support. (Bug 173130)
Ability to add generic customized fields to bugs (Bug 91037)
Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
mod_perl support. (Bug 87406)
New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)
Generic charting. Allows users to define arbitrary data sets for which historical data will be recorded, and then plot those data sets. Bug 16009.
Rearchitect product groups. Gives administrators much more control over how products and groups are related. Bug 147275.

New Bugzilla Features

Reporting Improvements

Bugzilla has a new mechanism for generating reports of the current state of the bug database. It has two, related parts: a table-based view, and several graphical views.

The table-based view allows you to specify an x, y and z (multiple tables of data) axis to plot, and then restrict the bugs plotted using the standard query form. You can take the data as HTML or CSV, for importing into a spreadsheet. Each number in the HTML version of the table is linked to a query which produces the list.

So, for example, a Netscape manager could plot assignee vertically, and severity horizontally, and restrict assignee to the names of his managees. He would then be able to see which of his managees was overloaded with severe bugs.

There are also bar, line and pie charts, which are defined in a very similar way. These views may be more appropriate for particular data types, and are suitable for saving and then putting into presentations or web pages.

Note that no attempt is made to prevent you from plotting silly data sets. For example, if you plot a graph of “assignee” along the X axis, and choose a line graph, your line won’t mean very much.

Example: https://bugzilla.mozilla.org/report.cgi?x_axis_field=bug_status&y_axis_field=component &product=MailNews&cumulate=1&format=table&ctype=html&action=wrap (You can switch between report types using the controls at the bottom.)

Request Tracker

The Request Tracker (RT) is a set of enhancements that make attachment statuses more powerful and easier to administer. It includes the following changes:

Additional states: Previously attachment statuses could be in one of two states: off or on. RT adds two more states for a total of four: off, granted, denied, and (optionally) requested, where “granted” is the equivalent of “on”. These additions mean it is no longer necessary to define a status to negate another status (f.e. “needs-work” to negate “has-review”) because negation is built into each status via the status’ “denied” state.
Bug statuses: Previously only attachments could have these kinds of statuses. RT enables them for bugs as well. Since the word “status” already has a meaning for bugs, attachment statuses have been renamed to “flags” to avoid confusion.
Requests: Flags can now optionally be made requestable, which means users can ask other users to set them. When a user requests a flag, Bugzilla emails the requestee and adds the request to a browsable queue so both the requester and the requestee can keep track of its status. Once the requestee fulfills the request by setting the flag to either granted or denied, Bugzilla emails the requestee and removes the request from the queue.
This feature supports workflow like the mozilla.org code review and milestone approval processes, whereby code is peer reviewed before being committed and patches get approved by product release managers for inclusion in specific product releases.
Product/component specificity: Previously flags were product-specific, and if you wanted the same flag for multiple products you had to define multiple flags with the same name. Flags are now product/component-specific, and a single flag can be enabled or disabled for multiple product/component combinations via inclusions and exclusions lists. Flags are enabled for all combinations on their inclusions list except those that appear on their exclusions list.

For more information see the brief online documentation.

User Wildcard Matching

Sites can now enable the use of wildcards and substrings in bug entry and editing forms. If the usermatchmode param is set to wildcard, then any “*” included in email addresses will be treated as a wildcard and cause the entry provided to be matched against all active userids and real names in the system. If usermatchmode is set to search, addresses that do not exactly match an existing email address will be matched as a substring as well.

Two other paramaters influence the behavior of wildcards, maxusermatches and confirmuniqueusermatch permit a site to determine how broadly to apply ambiguous wildcards and to determine if all wildcard expansions should be confirmed.

Support for “Insiders”

If the insidergroup parameter is defined, a specific group of users can be designated insiders who can designate comments and attachments as private to other insiders. These comments and attachments will be invisible to other users who are not members of the insiders group even if the bugs to which they apply are visible. Other insiders will see the comments and attachments with a visual tinting indicating that they are private.

Enterprise Group Support

The 55 group limit is now gone along with the groupset and blessgroupset bitset fields. Each user is now a member of a list of groups. It is now possible to define a group in terms of other groups as well as to place individual users in a group directly.

Bugzilla now keeps track of whether a user was added to a group via a regular expression match or whether they were explicitly added to that group. Changes to regular expressions for group membership now take effect instantly for all users when updated, and no longer apply only to new accounts. If a member no longer matches the group’s regexp, and they were originally added to that group because they matched the regexp, they are removed from that group. Note that the upgrade process has no way to know who was added to a group explicitly and who was added by a regexp, so all members of a group prior to this feature will remain members of that group until explicitly removed from it via the user editor, wether they still match the regexp or not.

Estimated/Actual/Remaining Time

If the timetrackinggroup parameter is defined, members of the named group get controls for tracking the time spent fixing a bug added to the bug form. Any time comments are added to the bug, members of the time tracking group can add an amount of time they spent, and it’s figured into the total and displayed at the top of the bug. Shown in the bug are your original estimate, the amount of time spent so far, the revised estimate of how much time is remaining, and your gain/loss on the original estimate.

Support for database replication

The shadow database is a read-only copy of the Bugzilla database which can be used for queries. Until now, keeping the main database in sync with the shadow was handled internally by Bugzilla. This has several issues with performance, stability, and accuracy, and so Bugzilla now supports using MySQL’s replication to handle the mirroring (bug 124589).

As announced before the release of Bugzilla 2.16, the only supported way for a read-only database will soon become replication (bug 180870). It is not expected that this will cause any problems for sites, as the only installation known to be using the shadowdb is bugzilla.mozilla.org. The old code will be removed from Bugzilla as soon as bmo upgrades, and well before the next stable release (2.18).

Miscellaneous Improvements

2.17.1 also introduces a number of general improvements; these features are now available on bmo.

Autolinkification Page - It’s now possible to apply Bugzilla’s comment hyperlinking algorithm to any text you like. This should be useful for status updates and other web pages which give lists of bugs. The bug links created include the subject, status and resolution of the bug as a tooltip.
There are more tags on the links toolbar for navigating quickly between different areas
Buglists are now available as comma-separated value files (CSV) (link at the bottom)
Keywords and dependencies can now be entered during initial bug entry
The performance of some queries and CGIs has been improved; unfortunately, some have also gotten worse; “hey, that’s life.”

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 09/22/2002 to 11/17/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

Various build bustage fixes (Myk and JayPee)
(11/4/2002) Some installation documentation updates (mbarnson)

Checkin manifest:

Bug [179886](https://bugzilla.mozilla.org/show_bug.cgi?id=179886 “request.cgi should not

use diagnostics;

”) - request.cgi should not

use diagnostics

Bug 179264 - only quote non-numeric CSV values.
Bug 100639 - make resolution more visible on mostfreq list.
Bug 180232: removes unnecessary margins/borders around XUL duplicates report
Bug 179462 - Clarify description for enablequips param.
Bug 179697 - OR terms need extra level of bracketing
Bug 178043 - Make it possible to have vertical x-axis labels.
Bug 179706 activity log needs to include full account names for requestees
Bug 179302 - ‘anyexact’ isn’t an option for boolean charts
Bug 179491 Searchs of attachments containing a string do not enforce attachment privacy
Second installment of Bug 179260 Unknown table ‘map_assigned_to’ in order clause at globals.pl line 242
Bug 179360: puts the filters at the top of the request queue and eliminates that empty table that sometimes is at the top of the queue.
Bug 179334: updates the setter consistently. also fixes numerous other bugs in the RT code.
Bug 179260 Unknown table ‘map_assigned_to’ in order clause at globals.pl line 242
Bug 179290 - login cookie email needs to be escaped
Bug 179380: if “enablequips” is off, quips.cgi now presents a message that the quips are disabled instead of letting you view or add quips.
Bug 179396 (add 007util.t in order to test Bugzilla::Util).
Bug 178984: disables flag requestee field using JavaScript unless flag is set to “requested”.
Bug 170464 - OS/2 disappeared from ‘Operating System’ list. This allows selection of any OS, if the submitter is running it, on this form.
Bug 178178 Sidebar name should not be hardcoded to “Bugzilla”
Bug 173689 - Default comments search box type to “contains string”.
Bug 179321 - cannot clear status whiteboard entirely
Bug 179264 csv output for the buglist (see url inside) is invalid (too many “s)
Bug 179329: filters HTML out of quips on “show all quips” page
Adding runtests.pl for bug 143155. runtests.sh will remain for a little while in order to allow tinderboxen to transition and any documents to be updated.
Bug 179238 - searching by commenter is ignored if you do ‘exact’ or ‘contains’
Bug 176599, Improve performance of duplicates.cgi
Bug 179242 Part 2 - Handle both conditions for the if block
Bug 178383 - product/component query conditions appear twice
Bug 179193 - anyexact should use IN, not OR
Bug 179184 - regetlastlist returns all bugs
Bug 179203 - “Preset Queries” text does not appear in footer if last named query is not in footer
Bug 179188 - The new flag system wasn’t indicating which attachment a flag was changed on. This patch inserts the attachment ID any time it exists in the activity log (to match what show_activity does).
Bug 179225 Missing space. “Reassign bug to ownerand QA contact of selected component “
Bug 179242 Searching for comment contains string + email gives “Not unique table/alias: ‘longdescs_’ at globals.pl line 242”
Bug 179207 Blessing doesn’t work right
bug 179205: Makes flag options be correct in all situations.
Bug 179177: avoid database errors when inserting bug by locking all tables i need to access

Bug [178189](https://bugzilla.mozilla.org/show_bug.cgi?id=178189 “

nsCOMPtr

: do we still care about VC++4.2? and if not, can we remove this comment”) - when filing a new bug, the generated bugmail doesn’t include product/component

Bug [179174](https://bugzilla.mozilla.org/show_bug.cgi?id=179174 “Need to fix use of $ (for buffering)”) - renable $ = 1
Bug 114696 - permission checking in queries not optimal
Bug 171505: shows disabled flags in the UI
Bug 114696 - permission checking in queries not optimal
Bug 178841: removes full paths from filenames in attachments table and prevents them from appearing again
Bug 92253 - Boolean chart makes very wide web pages from query.cgi.
Bug 164003 - Button “Add another boolean chart” appears twice after clicking “And”.
Bug 71794 - processmail shouldn’t bother checking dependencies unless state changes.
Bug 171480: make output for non requestee-specific requests look better in the request queue.
Bug 178776: Eliminates warning in duplicates.cgi.
Bug 172518: makes the request tracker use the generic user matching code
Bug 178772 doeditparams.cgi failed with malformed headers
Bug 178800: fixes taint failure in graphical charts with Perl 5.6.0
Bug 178801: Missing &:: caused function call to fail, resulting in server error.
Bug 178794 Request Queue has Internal Server Error if accessed when not logged in
Bug 174731: no longer represents spurious flags as being set by default.
Bug 171475: make new flags include all categories (product/component combinations) by default.
Added information about versioncache back in. See bug 140332
Added blurb about movebugs. At this point, only bmo uses it, so I’m calling it an “undocumented feature”. See bug 127818
Modified text for cookiepath line for clarity. See bug 162359
Included note regarding the origin of “bonsaitools”, per bug 174922.
Added section for Bugzilla and mod_perl (future expansion). Right now, it just says “Bugzilla doesn’t work under mod_perl”. See bug 149883
A rather controversial new entry to the FAQ. See bug 107917. I decided one way for the Guide, based upon the code I see currently checked in. If I’m wrong, feel free to correct it!
Fix for Apache configuration directives from bug 174255 and de-stupidifying of emacs destruction of tags.
Removed links to dbschema.jpg image. See bug 173484, it was really outdated and redundant anyway.
Removing these images, since they are too outdated to be useful, and they are basically redundant anyway. See bug 173484
Added notes on using OpenLDAP; We should probably look at code changes to make Net::LDAP our permanent LDAP plugin rather than Mozilla::LDAP…See bug 167379.
Bug 156548: XUL implementation of duplicates report.
Bug 173571 - Turn “all selected” into “none selected” for efficiency.
Bug 177436 User matching shouldn’t be case-sensitive
Bug 62729, “Add real name capability to bug_list.cgi”.
Bug 178019 - reports.cgi should use the shadowdb.
Bug 176509: “(this bug is not in your list)” no longer appears in the navigation bar when you aren’t viewing a bug.
Bug 127200 Query for CC/longdesc/OR takes long time
Bug 177430 - buglist.cgi needs a CSV output format.
Bug 177435 exact match on assignee fails with user matching
Bug 177624 Wildcard rejects –do_not_change– in mass-change
Bug 95430 Reopening en masse fails.
Bug 177099: stored queries ordering and editing were broken after moving to CGI.pm. They work again now.
Bug 175838 Reopening a bug does not clear resolution, nor does selecting ‘clear resolution’
Bug 177351 - checksetup.pl tells about deleting templates in silent-running mode.
Bug 176953 - version not set properly from form value like others in enter_bug.cgi.
Bug 168191 - Checksetup needs to force template recompilation.
Bug 173005 - Add bar charts, pie charts etc. to reporting.
Bug 176936 minor consistency changes for editproducts and editflags
Bug 147833 - start using CGI.pm
Bug 171278 - component/product ids mean that you can’t do change queries oncomponent/product
Bug 162990Adding missing new file
Bug 162990 Shorthand/wildcard entry for login names in assign, cc, qa, fields
Bug 172874 - cvs remove old editattachstatus templates, take 2. All tests still pass.
Bug 171770 - check in Bugzilla Helper.
Bug 175625 Timetracking columns are computed even if not displayed
Bug 172875 - Fix site-navigation.html.tmpl to link to flags CGI and not attachments one.
Bug 173495 - require perl 5.6
Bug 112373 you should be able to enter bug dependencies/blockers when you enter a bug.
Bug 174221 - field names should be l10n in user-errors.html.tmpl.
Bug 172959 - Remove old reporting (most doomed etc.).
Bug 174524 - Tidy up Bugzilla::{Util,Config}, and lazily-load unneeded modules
Bug 174464 - buglist code for empty query shouldn’t set headers_done

Bug [24789](https://bugzilla.mozilla.org/show_bug.cgi?id=24789 “[E

R] Add Estimated, Actual, Remaining Time Fields”) [E

R] Add Estimated, Actual, Remaining Time Fields

Bug 174112 Edit multiple bugs broken
Bug 173808 - Use of uninitialized value in subtraction (-) at duplicates.cgi line 133.
Bug 173719 - warnings in report.cgi.
Bug 170903 - review markup I missed.
Bug 170903 - Remove hard-coded titles and things.
Bug 173581 - Changing milestone sortkeys is broken.
Bug 173249 - user-error.html.tmpl: Bogus title, inconsistent indenting.
Bug 171437 - Enhancements to generic reporting. Reporting menu, 3D tables, rearranged UI, better API for new report types.
Bug 173027 - code-error.html.tmpl misses a </em>.
Bug 172740 - “use of uninitialized variable” warnings.
Bug 163114 - Templatise all calls to DisplayError.
Bug 93667: Minor style fix, uninit var fix, add explanatory comments to CrossCheck/DoubleCrossCheck.
Bug 93667: More movement, commenting, and remove an unused variable.
Bug 93667: Move some code around, add some section heading comments.
Bug 93667: Rewrite double cross checking.
Bug 93667: Rewrite single cross checking.
Bug 93667: General bug check refactoring.
Bug 155389 - More elements & templatization of navigation_links. Fix small regression where I accidentally damaged the user.login field.
Bug 155389 - More elements & templatization of navigation_links.
Bug 20122 - Bugzilla requires new login if IP changes
Bug 172045 can’t see restricted bugs if cc set
Bug 172010 voting broken on tipRegression from 43600 and 157756
Bug 163114 - Templatise all calls to DisplayError.
Bug 170903 - Remove hard-coded titles and things.
Bug 171639 dupes not marked in original bug
Bug 164038 - token.cgi: Cancel token messages should be moved into the templates.
Bug 169819 - remove ‘this is bugzilla…’ text from footer
Bug 170073: checksetup.pl (indirectly via Bugzilla::Config.pm) had a dependency on File::Temp, which caused it to crash before the version checks were even done to warn the admin that it wasn’t present. This patch reorders the loading sequence in checksetup.pl so that the version checks are done before the Config module is loaded.
Bug 171506: Fixes bustage in sanitycheck.cgi by making it check for correct product IDs in the flaginclusions and flagexclusionstables instead of the flagtypes table, which no longer has a product_id field.
Bug 171420: fixes usage of $template, $vars, and &Param in Flag.pm.
Bug 171322 process_bug.cgi makes reference to non-existent product variable
Bug 171440 editgroups shows system groups as usable for bugs even though they are not
Bug 163114 - Templatise all calls to DisplayError.
Bug 98801: Implementation of the request tracker, a set of enhancements to attachment statuses.
Bug 171296: changing Content-disposition header in attachment.cgi to use ‘inline’ instead of ‘attachment’ so that itdoesn’t force you to download it.
Bug 170213 - CVS remove old and obsolete HTML files.
Bug 170195 Regression - buglist highlighting broken
Bug 170822 - Linkification process destroys whitespace.
Bug 170986 - General Summary reports don’t work with taint checking. Also fixes Throw*Error’s $extra_vars parameter.
Bug 170843 - cvs remove obsolete file, changepassword.cgi.
Bug 12282 - General summary reports.
Bug 169197: Explicitly identifies RDF ‘about’ and ‘resource’ tags as being in the RDF namespace to update deprecated syntax and get some RDF parsers to stopgenerating warnings.
Bug 170064 - Change error API again to allow vars to be passed in the call.
Bug 170075 - Mid-air collision pages should be titled as such.

2.16-Branch Checkins Since the Last Status Update

None.

2.14-Branch Checkins Since the Last Status Update

None.

The Bugzilla team will stop officially supporting the 2.14 branch after December, 2002. All 2.14 users are strongly encouraged to upgrade to the 2.16 branch to pick up new features, such as template support, request tracking, and improved attachment handling, among tons of other goodies.

01. October 2002

Bugzilla Status Update

by J. Paul Reed (preed)

Introduction

The Bugzilla Team is pleased to announce both the 2.16.1 and 2.14.4 releases.

Both releases provide enhanced security and fix critical bugs on their respective branches, so both are recommended upgrades for 2.14.x and 2.16 users.

Administrators’ Mailing List Reminder

The Win32 Situation

Bugzilla on Win32 is still unchanged: administrators using Win32 as their platform for Bugzilla do not want the 2.16 branch, including 2.16.1. The plan is to make the trunk Win32-friendly (which involves a number of quite large changes) and then announce that fact, allowing Win32 Bugzilla administrators to pull from the trunk. Interested admins can search bugzilla on the [needed for Win32bz] status whiteboard entry to track bugs that are part of this process.

Having said that, the Bugzilla Team continues to recommend Unix-based operating systems, including Linux, as the best platform for a Bugzilla installation; please consider it if you are starting a new Bugzilla installation and have some say in the platform decision.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these features, you can get that information from the bug requesting its implementation. These include:

Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
PostgreSQL support. (Bug 98304)
Ability to add generic customized fields to bugs (Bug 91037)
Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
mod_perl support. (Bug 87406)
New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)
Generic Reporting, allowing users to generate arbitrary tabular reports of Bugzilla data. (Bug 12282)

Enterprise Group support

Commercial software developments using Bugzilla for support of multiple customers in confidential reliationships require additional features to prevent accidental cross-contamination of confidential information between customers. A series of Bugzilla features making such strict controls available is being worked on, spearheaded by Joel Peshkin.

Ability to mark individual comments and attachments as confidential to a specific group, typically the internal development team, even if the bug to which they are attached is more public. (~~[bug 143826](https://bugzilla.mozilla.org/show_bug.cgi?id=143826)~~)
Ability to have an arbitrarily large number of groups defined, to define groups in terms of other groups, and to make changes to user regular expressions immediately effect all users instead of only future new users. (~~[bug 157756](https://bugzilla.mozilla.org/show_bug.cgi?id=157756)~~)
A more flexible set of controls on the relationships of products and bugs to groups replacing the usebuggroupsentry and usebuggroups features (bug 147275)

Taken together, these changes enable sites to manage large lists of users in a large number of groups and to define appropriate default group restrictions and enforce group access policies on products, thus providing a solid foundation for enterprise group support in Bugzilla.

The largest of these changes (bug 157756) landed last weekend; any new bugs or regressions should be filed as new bugs.

Request Tracker

Request tracker is a series of enhancements to make attachment statuses more powerful and easier to administer. It includes the following changes and additions:

Two additional states for attachment statuses: Currently statuses can be in one of two states: off or on. RT adds two more states for a total of four: off, granted, denied, and requested, where “granted” is equivalent to “on” and “denied” and “requested” are new. These additions mean it is no longer necessary to define a second status to negate a previous one (f.e. “needs-work” to negate “has-review”): negation is built into each status.
Bug statuses: Currently only attachments have these kinds of statuses. RT allows them to be defined for bugs as well. Since “status” already has a meaning for bugs, attachment statuses have been renamed “status flags” (or “flags” for short) to avoid confusion.
Requests: Flags can be requested by setting the flag to the “requested” state and entering the name of the user you want to fulfill the request. Bugzilla emails the requestee about the request and adds the request to a queue that users can browse to keep track of their pending requests.

When the requestee fulfills the request by setting the flag to a different state, Bugzilla emails the requester and removes the request from the queue. This feature supports development and management processes where some users have to ask others to grant or deny review to a patch, approve a patch for check-in to a restricted branch, etc.
Flag types are no longer product-specific. They can be enabled and disabled for any number of product/component combinations via inclusions and exclusions lists. This feature makes it much easier to administer flag types.

As before, you can search for bugs using flag criteria via the boolean chart on the search form, and flag changes are recorded in the bugs activity table.

An older version of RT is currently being tested by the Bugzilla team on bugzilla.mozilla.org, so if you find a bug or have an enhancement, please check with #mozwebtools before filing new bugs. The status of RT can be monitored in bug 98801.

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 07/29/2002 to 09/22/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

(9/5/2002) Inline doc (POD) spelling fixes (MattyT)
(9/5/2002) Add Mac OS X 10.x to the OS lists (justdave)
(8/26/2002) Updated maintainer email address throughout the tree (Jake)

Checkin manifest:

Bug 157756 - >55 groups now supported
Bug 63601: Recommend filename when downloading attachments (except in IE4, which chokes on the Content-Disposition header)
Bug 108987 - Linkify script to use quoteUrls on texts provided by user.
Bug 163114 - Templatise all calls to DisplayError.
Bug 167476 - unix_timestamp conversion error using MySQL.
Bug 152935 - Pref for no notification on Target Milestone change not respected.
Bug 160476 - boolean chart addition doesn’t keep query template format.
Bug 146945: Hack to support format=rdf for legacy applications that don’t know to do ctype=rdf instead.
Bug 169561 - Speed up UserInGroup by using cached information.
Bug 168804 - Document CheckCanChangeField so sites can modify it for local needs.
Bug 163790 - colchange.cgi is not localisable.
Bug 162151 - Fix page.cgi’s method of finding templates. It now looks in a “pages” subdirectory of the template directory.
Bug 25521 - Keyword field in new bug entry.
Bug 168075 - Undefined subroutine &main::Error called at /opt/webtools/bugzilla/buglist.cgi line 1005.
Bug 167978 - Fix Throw*Error l10n regressions and add a test to catch more.
Bug 166698 - The error system’s in a bit of a mess. This file was missed on the original checkin.
Bug 166821 - reports.cgi broken by recent schema changes.
Bug 167595 - Query - multiple-select product (and probably component) broken
Bug 167643 - Schema Changes from bug 143826 are out of order
Bug 166023 - On failure in template->new, a template is used to display error
Bug 166698 - clean up the error system, which was confused and broken.
Bug 146134 - checksetup.pl gives weird error message
Bug 123957 run checksetup.pl non-interactively (for use with cron jobs on test installs)
Bug 165756 - Running tests without checksetup causes failure
Bug 166318 - Bugzilla::Config should check for defparams.pl failure
bug 163024 - bugzilla_email_append calls processmail incorrectly
Bug 166016 checksetup gives torrent of cryptic errors if my_webservergroup is not found
Recheckin due to misapplied patch for bug 123957
Bug 123957 run checksetup.pl non-interactively (for use with cron jobs on test installs)
Bug 121419 - If multiple cookies exist, the least significant is assigned. Also fixes Duplicate Bug 165685 When switching from no cookiepath to using cookiepath, old cookie gets in the way
Bug 165221: Apostrophes not properly handled during account creation.
Bug 163829 - move pref code into a separate package
Correct checkin date for bug 153578 schema modification
Bug 165080 - Delete product fails with missing column error
Bug 161203 - Bug changes with intermediate pages munges fields withmultiple values (e.g., CC)patch by “Randall M! Gee”,
Bug 86651 - cvs-update was setting sticky dates which made committing changes and getting updates more difficult
Bug 164623 - xml.cgi - attachments is broken and insiders not enforced
Bug 164623 - add .htaccess to .cvsignore
Bug 76923 - Don’t |use diagnostics| (its really expensive at startup time)
Bug 164470 - mass reassign changes UNCONFIRMED->NEW
Bug 164566 - Param and UserInGroup are not defined in Bugzilla::Search
Bug 163494 - runtests.sh needs a switch to include optional modulesTests now detect optional modules and only exclude optional filesif optional module dependencies are not met.Also major indent cleanup
Bug 164464 - Importxml will fail if versioncache needs update
Bug 164465 - importxml.pl fails
Fixed merge problem from checkin of 143826 - No bug
Bug 143826 - Adding 2 new files missing from repository
Bug 163570 - Bugzilla::Search missing Date::Format includepatch by [email protected] (Jussi Sirpoma),
Fix for bug 163541: Corrects problem with previous patch that causes primary headers not to appear on some installations.
Fix for bug 163541: let there be a page title but no primary page header.
Bug 163457 - bugs not registered as “new”.
Bug 163331 - shutdownhtml is broken.
Bug 163299 - Can’t change cc accessible checkbo
Bug 143286 - Add support for Insiders, Private comments, Private Attachments.
Big 163291 - Move utility funcs into a module
Fix typo from 43600
Bug 162854 - buglist.cgi reporter is actually owner
bug 160631 - bug_email.pl is broken
Bug 160112 - clean up quip table conversion code
Bug 10037 - param to disable adding new quips
Bug 162066 - Fix callers of ThrowCodeError to use messages in code-error.html.tmpl.
Bug 162068 - Fix callers of ThrowUserError to use messages.html.tmpl.
Bug 162216 - colchange.cgi, buglist.cgi and page.cgi messages should be l10nable.
Bug 162066 - Fix callers of ThrowCodeError to use messages in code-error.html.tmpl.
Bug 151619 - Problem with the regex in checksetup.pl to find duplicates
Bug 153578 - Attachment modified date is meant to be attachment creationdate
Bug 162642 - Cannot accept bugs if requiremilestone is on; regression frombug 43600
Bug 162438 - fix permissions/tests for Bugzilla/ directory
Bug 24823 - show the last modified date at the top of show_bug
Bug 160710 - Taint checking causes problem with rename function
Fixing up the changedate from my bug 43600 patch. Knew I must haveforgotten something….
Bug 43600 - Convert products/components to use ids instead of names.Initial attempt by [email protected], updated by me
Bug 162217: fixed bustage introduced in bug 160410
Bug 160410: defparams.pl support for single/multi pulldown menus; p=preed,
Bug 160557 - products that start with _ do not show up properly in query.cgi.
Bug 155584 - Opening duplicates.cgi with no frequent bugs causes SQL syntax error.
Bug 109008 - Footer on create attachment page looks wrong.
Bug 159901 - token.cgi: localize strings send to message.html.tmpl.
Miseed &:: for call to SqlQuote, no bug # (cleanup from bug 158474)
Bug 161402 - Disable DBI taint mode in processmail
Bug 158474 - Abstract out GenerateSQL into perl module.
Add a test to check for speling errors. It only currently checks for two simple errors that used to be in checksetup.pl, more errors can and will be added in the future.Bug 147151, no review needed for tests
Bug 161450 - New search knob causes warnings.
Bug 160224 - remember query radio buttons don’t have default
Bug 55753 - if order is the first param to buglist.cgi, can’t resort.
Bug 118442 - Bugzilla fails to notice if nothing has changed when editingmultiple bugs if no keywords have been definedpatch by [email protected],
Bug 160227 - VERSION cookie not set correctly
Bug 113459 Bad regexp in emailregexp causes system lockout
Bug 160204 - search/knob.html.tmpl: script type missing, space missing
Bug 158236 - Remove ‘watchfordiffs’ column from namedqueries table

2.16-Branch Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_16-BRANCH from 07/29/2002 to 09/28/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs: None.

Bug 166023 - On failure in template->new, a template is used to display error
Bug 167485; group_id is wrong when usebuggroups is on
Bug 161203 - Bug changes with intermediate pages munges fields withmultiple values (e.g., CC)
bug 163024 - bugzilla_email_append calls processmail incorrectly
Bug 165221: Apostrophes not properly handled during account creation.
Bug 164464 - Importxml will fail if versioncache needs update
bug 160631 - bug_email.pl is broken
Bug 151619 - Problem with the regex in checksetup.pl to find duplicates
Bug 160710 - Taint checking causes problem with rename function
Bug 161305 - SQL error with allowemailchange with mysql 3.22
Bug 160227 - VERSION cookie not set correctly

2.14-Branch Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_14_1-BRANCH from 07/29/2002 to 09/22/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs: None.

Bug 167485; group_id is wrong when usebuggroups is on
Bug 163024 - bugzilla_email_append calls processmail incorrectly
Bug 160631 - bug_email.pl is broken

01. October 2002

Bugzilla 2.16.1 Released

by Bugzilla Team

The Bugzilla Team is pleased to announce the release of Bugzilla 2.16.1. 2.16.1 is the latest stable Bugzilla release, and fixes a number of security bugs and other defects in Bugzilla 2.16, originally released on July 28th.

There is also a new status update available.

01. October 2002

Bugzilla 2.14.4 Released

by Bugzilla Team

The Bugzilla Team announces the release of Bugzilla 2.14.4. 2.14.4 is the latest release on the 2.14 branch and fixes two security bugs involving groups and email and a bug involving the bug_email.pl script.

28. July 2002

Bugzilla Status Update

by Gervase Markham (gerv) and J. Paul Reed (preed)

Introduction

It’s here! That’s right, after tracking down a number of small regressions, 2.16 is out of the door (for Unix users at least; Win32 users, see note below.)

We have also released 2.14.3, a tiny update for 2.14.2 for people who aren’t yet ready to upgrade to 2.16, but would like column sorting in buglists to work.

Administrators’ Mailing List

We’ve started a mailing list for people who administer Bugzillas. It’ll be very low traffic - basically, release announcements and security advisories only. We advise all Bugzilla administrators to subscribe, so we can easily contact them with important news.

Localisation

Meanwhile, on the trunk, the last few pieces of infrastructure have been checked in to permit the localisation of all Bugzilla’s error messages and system messages, which were previously embedded in the Perl code. The Bugzilla Team is now looking for those who wish to localise Bugzilla to contribute patches moving our (large number) of error messages out of the CGI files into the templates. This is a reasonably large but fairly simple job, and each one moved becomes localisable. If you are able to help with this, please contact Gerv.

The Win32 Situation

Unfortunately, the templatization of process_bug.cgi broke the ability for Bugzilla to send bug update notifications via email on Windows due to the way ActiveState Perl handles fork(). There is a fix for this in the works, but it involves major code changes, and we didn’t want to hold up the 2.16 release for another month to give it adequate testing. The bottom line is, if you’re using Win32, you do not want Bugzilla 2.16.

A 2.16.1 was considered, but given our resource considerations, the plan is to make the trunk Win32-friendly (which involves the above change and many others) and then announce that fact, so Win32 Bugzilla administrators can pull from the trunk. The Bugzilla Team continue to recommend Linux as the best platform for a Bugzilla installation :-)

For up-to-date information on this topic, see bugs 124174 and 84876.

2.16 Goals

So, how did we do?

HTML 4.01 Transitional compliance (complete for templatised pages)
Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (complete)
Allow users to change their own email addresses (complete)
Remove old attachment code in favor of the new attachment tracker system (complete)
Enable Perl’s taint mode for all user-accessible CGI files, and taint-check anything being sent to the database (complete)

Not so badly, then :-). To give you some idea of what can be done with templates, compare this to this.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
PostgreSQL support. (Bug 98304)
Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
Ability to add generic customized fields to bugs (Bug 91037)
Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
Request tracker, for managing requests to change things about bugs. (Bug 98801) - Now being tested by the Bugzilla Team on bugzilla.mozilla.org
mod_perl support. (Bug 87406)
New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run the query for yourself.

The following checkins were made without reference to any specific bugs:

5/9/2002 - Release Notes Updates (MattyT)
5/25/2002 - Release Notes Updates (MattyT)
6/03/2002 - Release Notes Updates (MattyT)
6/04/2002 - Release Notes Updates (MattyT)
6/07/2002 - Release Notes Updates (MattyT)
7/21/2002 - Trivial template “and QA Contact” fix (Gerv)

Da big list:

Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
Bug 67950c - make quips.cgi compile without warnings, by use vars-ing $userid.
Bug 67950b - quick fixes.
Bug 67950 - Move the quip list into the database.
Bug 158660 - confirm_login in CGI.pl should use a template for the login dialog.
bug 159200 - support accesskey in search page.
Bug 102648 - a little more thought. We are changing Platform to Hardware (see the search page) for usability; if we do that, Product can be P and Hardware can be H.
Bug 102648 - Bugzilla should support accesskey.
bug 158498 - defparams.pl prints an error message in a check function instead of returning it.
Bug 96003 - buglist.cgi should not return all bugs if called without any parameters.
Bug 143650 - general template display system.
Tree bustage fix of bug 157074: a filter had the wrong name in hidden-fields template.
Bug 95426 - remove $onebug cruft.
Bug 157074 - verify-new-product doubles comment linefeeds on Win32
Bug 151648 - QA Contact stuff displayed even if you aren’t using QA Contacts.
Bug 156426: Query interface had ´:s instead of ‘:s in “doesn’t”.
Bug 156680: “Undefined variable warning” in createaccount.cgi
Bug 156844 - ‘use of uninitialized value in string eq’ warning
Bug 117297: CC list mailing had case-sensitive dupe checking, making it possible to mail both “[email protected]” and”[email protected]”.
Fix for bug 156559: Changes to mysqld-watcher.pl to make it kill queries quicker, kill ‘em all at once, give better notifications, and not include globals.pl, which is unnecessary.
Fix for bug 156563: Adds URI of installation to RDF output of buglist.cgi.
Bug 155031 - search by votes is shown even when votes are turned off.
Bug 155793 - $::FORM is not tainted under perl 5.6.1
Fix for bug 156564: flag bug IDs as integers in the RDF output of buglist.cgi.
Bug 156568 - data dir is not correctly created
Bug 150829 - ‘My Votes’ link missing from footer
bug 155861 - showdependencygraph.cgi fails taint check with local dotinstallation
Bug 149246: Allow use of relative time units in query screen.
Fix for bug 150925: make email address changes work.
Recheckin fix for bug 150798 which I accidentally broke in the fix for bug150770
Bug 151714 - user with no canconfirm permission should not get option tomark bugs they reported as NEW
Fix for bug 150804: makes “allwords” the default when searching for keywords.
Bug 105472 - expectbigqueries unnecessary with mysql >=3.23.
Fix for bug 155700: detaints bug ID in ValidateBugID so it doesn’t fail taint checks.2rx=bbaetz
Bug 155388: elements for next/prev/first/last in buglists didn’t appear post-templatization.
Bug 155343: header template interface comment correction: extra parameter renamed to header_html.
Bug 145795: editcomponents had error messages referring to products where it should’ve been components.
Bug 155744: fix a used only once warning in tinderbox caused by myk’s checkin of bug 99203.
Bug 62000: File attachments don’t work on Windows. Note: only the code from the patch was checked in, thedocumentation issue was split to bug 155743.
Fix for bug 99203: Implements bug aliases feature.
Bug 151871 - rewrite quoteUrls to fix major performance problems, and a few other misc bugs too.
Fix for bug 122900: implements email preference for unconfirmed bugs.
Fix for bug 149347: Corrects interface comment to refer to “javascript” parameter instead of “jscript” parameter.
Bug 150770 - Lost arround query results
Bug 155033 - standardizing on NAME: vs. NAME:patch by [email protected],
Bug 152693 - added “resolution” to the INTERFACE comment.
Bug 151281 - change duplicates.cgi to make one query instead of several thousand.
Bug 148488 - more HTML validation fixes
Bug 154036 - ccing an invalid user on a bug posts the bug anyway
Bug 157085 - verify-new-product doesn’t set defaults
Bug 152632: My bugs query doesn’t use the mybugstemplate parameter. Also removes the My Bugs query from the index page.
Bug 152772 - buglist.cgi truncates emails at 45 characters.
Bug 150153 - ConnectToDatabase/quietly_check_login issues pt
Bug 153629: Clean up the HTML in the remembered query option knob section of the query page.
Bug 150778: Remove an extraneous linefeed above initial bug comments (not visible in all browsers).
Bug 152283: Show votes by bug -list has a logged out footer.
Bug 151217 - buglist references the wrong priority field.
Bug 152541 - After deleting remembered query it is still in page footer
Bug 150955 - confirmation doesn’t propagate when reassigning to new product/component.
Fix for bug 150792: Locks profiles table so adding a CC while creating a bug doesn’t fail.
Bug 151529 - No list of votes shown if there is a + sign in the address
Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledearly enough
Bug 151369 - need to trim the entered assignee’s email address
Bug 148712 - add component with error/invalid initial owner results indouble header outputpatch by [email protected] (Stu Tomlinson),
Bug 151695 - assignee/qa contact can’t access secure bugs
Fix for bug 151658: get UI for moving bugs showing again.
Bug 151122 - Email prefs: Reporter / Owner messed up.
Bug 151327 - verify_new_product.html.tmpl prints wrong message.
Bug 151023 - duplicates.cgi sort by delta sorts in wrong direction.
Bug 150882 - SQL error when sorting by bugs.votes with explicit direction
Bug 150802 - default version for bug entry not read from cookies
Bug 150826 - missing space between list of attachments
Bug 150798 - Extra whitespace included in saved query links
Backing out change I accidentally made while checking in fix for bug 137855.
Fix for bug 150703: Adds format support to query.cgi.2rx=gerv
Bug 149845 - buglist.cgi checks for ORDER validity are wrong
Fix for bug 149964 - quietly_check_login() needs to be called in colchange.cgi.
Backing out incorrect change to background color that was accidentally checked in as part of the fix for bug 148179.
Bug 148919: Make entryheader a separate template. (again)
Fix for bug 148679: permit multiple stylesheets in the header template.
Fix for bug 148179: Cleans up interface to header.html.tmpl.
Bug #142890: Make the banner a separate template.
Bug 143574 - taint errors with alternate formats. Also make data/templatewritable for non webservergroup users.
Bug 144285 - checksetup.pl fails to set data dir (and other dir)permissions properly
Fix for bug 148767: Eliminates warning in rare situations.
Fix for bug 145030: Removes use of CGI.pm from Template Toolkit until problems with it can be investigated and resolved.
Bug 93167 - &GroupExists and &GroupIsActive should push and pop sql state
Bug 148674 Boolean Charts don’t work in Netpositive because ‘-‘ is sent as ‘%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
Bug 145702 - query.cgi doesn’t always ConnectToDatabase() early enough
Fix for bug 147476: the affect of changing your dot/webdot preferences on your web server’s accessibility option (.htaccessfor Apache) is now mentioned in the parameter description.
Fix for bug 143108: comment change in localconfig to eliminate incorrect statement that your permissions won’t get touched if$webservergroup is empty.
Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz); patch=preed,
Bug 148363 - minor html glitch on the enter_bug templatepatch by [email protected] (Jouni Heikniemi),
Fix for bug 148157 - Bad sorting in describecomponents.cgi, patch by David Lawrence [email protected]
Fix for bug 148011: Move pseudo-method definitions together.
Bug 147272 - no background for bugzilla pages
Bug 144728 - Midair collision doubles line feeds.
Bug 145849 - Non-maintainers with ability to bless others need “users” link in footer.
Bug 146091 - Sort order for votes is ascending instead of descending.
Bug 144768 - Selecting multiple products on query page causes script error in IE.
Fix for bug 146261: fixes bug preventing the sending of email to users when the status of bugs changes in some situations.
Bug 93667: Add comments to uncommented sections of sanitycheck.cgi
Bug 144565 - describecomponents.cgi shows wrong components when user hasaccess to only one productBug 145113 - describecomponents doesn’t call quietly_check_login()
Fix for bug 47251: Make HTML output HTML 4.01 Transitional compliant.
Fix for bug 143743: Eliminates warning by properly initializing array reference.Fix by Myk Melez [email protected].
Bug 143586 - required modules tests should be sorted.
Bug 144165 - enter_bug product selection has a footer like without a login if no usebuggroupsentry.
Fix for bug 144091: adding old-params.txt to .cvsignore
Bug 129466 - Adding a comment per a discussion w/ bbaetz on IRC about having backported this bug’s patch to the 2_14_1-BRANCH, which was checked in today
Bug 143560 - showdependencytree.cgi eats all available memory if there’s a circular dependency.
Bug 143486 - enter_bug.cgi: Using ?format=simple doesn’t work.
Fix for bug 143547: Don’t show bugs as grey if usebuggroups parameter is set to true.
Fix for bug 78701: missing . in INVALID description in queryhelp.cgi
Bug 143231 - Changing a bug with an empty buglist gives a warning.
Fix for bug 135449: allows named queries to override the last sort order.
Bug 143251 - RFE: checksetup.pl should report module version in error message.

2.16 Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_16-BRANCH from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run run the query for yourself.

The following checkins were made without reference to any specific bugs:

05/09/2002 - Release Notes Updates (MattyT)
05/12/2002 - Various documentation updates (Gerv)
05/23/2002 - Release Notes Updates (MattyT)
05/25/2002 - Various documentation updates (Gerv)
05/25/2002 - Release Notes Updates (MattyT)
06/03-07/2002 - Release Notes Updates (MattyT)
07/13/2002 - Various documentation Updates (Gerv)
07/25/2002 - Removed various old documentation files and varioius updates (Gerv)

Da big list:

Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
Tree bustage fix of bug 157074: a filter had the wrong name in hidden-fields template.
Bug 157074 - verify-new-product doubles comment linefeeds on Win32
Bug 151648 - QA Contact stuff displayed even if you aren’t using QA Contacts.
Bug 156426: Query interface had �:s instead of ‘:s in “doesn’t”.
Bug 156680: “Undefined variable warning” in createaccount.cgi
Bug 155031 - search by votes is shown even when votes are turned off.
Bug 155793 - $::FORM is not tainted under perl 5.6.1
Bug 156568 - data dir is not correctly created
Bug 150829 - ‘My Votes’ link missing from footer
bug 155861 - showdependencygraph.cgi fails taint check with local dotinstallation
Fix for bug 150925: Make email changes work.
Recheckin fix for bug 150798 which I accidentally broke in the fix for bug150770
Bug 151714 - user with no canconfirm permission should not get option tomark bugs they reported as NEW
Fix for bug 150804: Makes “allwords” the default when searching by keyword.
Bug 155388: next/prev/first/last (Mozilla’s Site navigation bar) didn’t work after 2.16 templatization.
Bug 155343: header template interface comment correction: extra parameter renamed to header_html.Note: the patch on the bug didn’t apply cleanly to branch anymore; fixed manually.
Fix for bug 149347: Corrects interface comment to refer to “javascript” parameter instead of “jscript”.
Bug 150770 - Lost arround query results
Bug 155033 - standardizing on NAME: vs. NAME:patch by [email protected],
Bug 154036 - ccing an invalid user on a bug posts the bug anyway
Bug 157085 - verify-new-product doesn’t set defaults
Bug 152632: My bugs query in the footer doesn’t use the mybugstemplate parameter. Also removes the My Bugs link from the index page.
Bug 152772 - buglist.cgi truncates emails at 45 characters.
Bug 153629: Clean up the HTML in the remembered query option knob section of the query page.
Bug 150778: Remove an extraneous linefeed above initial bug comments (not visible in all browsers).
Bug 152283: Show votes by bug -list has a logged out footer.
Bug 151217 - buglist references the wrong priority field.
Bug 152541 - After deleting remembered query it is still in page footer
Bug 150955 - confirmation doesn’t propagate when reassigning to new product/component.
Fix for bug 150792: Locks profiles table so adding a CC while creating a bug doesn’t fail.
Bug 151529 - No list of votes shown if there is a + sign in the address
Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledearly enough
Bug 151369 - need to trim the entered assignee’s email address
Bug 148712 - add component with error/invalid initial owner results indouble header outputpatch by [email protected] (Stu Tomlinson),
Bug 151695 - assignee/qa contact can’t access secure bugs
Bug 151122 - Email prefs: Reporter / Owner messed up.
Bug 151327 - verify_new_product.html.tmpl prints wrong message.
Bug 151023 - duplicates.cgi sort by delta sorts in wrong direction.
Bug 150882 - SQL error when sorting by bugs.votes with explicit direction
Bug 150802 - default version for bug entry not read from cookies
Bug 150826 - missing space between list of attachments
Bug 150798 - Extra whitespace included in saved query links
Bug 149845 - buglist.cgi checks for ORDER validity are wrong
Fix for bug 148993: Makes debug work in the query part of buglist.cgi.
Fix for bug 149964 - quietly_check_login() needs to be called in colchange.cgi.
Bug 148919: Make entryheader a separate template (again).
Fix for bug 148679: permit multiple stylesheets in the header template.
Fix for bug 148179: Cleans up interface to header.html.tmpl.
Bug #142890: Make the banner a separate template.
Bug 143574 - taint errors with alternate formats. Also make data/templatewritable for non webservergroup users.
Bug 144285 - checksetup.pl fails to set data dir (and other dir)permissions properly
Fix for bug 148767: Eliminates warning in rare situations.
Fix for bug 145030: Removes use of CGI.pm from Template Toolkit until problems with it can be resolved.
Bug 93167 - &GroupExists and &GroupIsActive should push and pop sql state
Bug 148674 Boolean Charts don’t work in Netpositive because ‘-‘ is sent as ‘%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
Bug 145702 - query.cgi doesn’t always ConnectToDatabase() early enough
Fix for bug 147476: the affect of changing your dot/webdot preferences on your web server’s accessibility option (.htaccessfor Apache) is now mentioned in the parameter description.
Fix for bug 143108: comment change in localconfig to eliminate incorrect statement that your permissions won’t get touched if$webservergroup is empty.
Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz)
Bug 148363 - minor html glitch on the enter_bug templatepatch by [email protected] (Jouni Heikniemi),
Fix for bug 148157 - Bad sorting in describecomponents.cgi, patch by David Lawrence [email protected]
Fix for bug 148011: move TT pseudo-method declarations together.
Bug 147272 - no background for bugzilla pages
Bug 144728 - Midair collision doubles line feeds.
Bug 145849 - Non-maintainers with ability to bless others need “users” link in footer.
Bug 146091 - Sort order for votes is ascending instead of descending.
Bug 144768 - Selecting multiple products on query page causes script error in IE.
Fix for bug 47251: Make Bugzilla HTML 4.01 Transitional compliant.
Bug 144565 - describecomponents.cgi shows wrong components when user hasaccess to only one product
Bug 145113 - describecomponents doesn’t call quietly_check_login()
Fix for bug 143743: Eliminates warning by properly initializing array reference.Fix by Myk Melez [email protected].
Bug 143586 - required modules tests should be sorted.
Fix for bug 144091: adding old-params.txt to .cvsignore
Bug 144165 - enter_bug product selection has a footer like without a login if no usebuggroupsentry.
Bug 129466 - Adding a comment per a discussion w/ bbaetz on IRC about having backported this bug’s patch to the 2_14_1-BRANCH, which was checked in today
Bug 143560 - showdependencytree.cgi eats all available memory if there’s a circular dependency.
Bug 143486 - enter_bug.cgi: Using ?format=simple doesn’t work.
Fix for bug 143547: Don’t show bugs as grey if usebuggroups parameter is set to true.
Fix for bug 78701: missing . in INVALID description in queryhelp.cgi
Bug 143231 - Changing a bug with an empty buglist gives a warning.
Fix for bug 135449: allows named queries to override the last sort order.
Bug 143251 - RFE: checksetup.pl should report module version in error message.

2.14 Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_14_1-BRANCH from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run run the query for yourself.

The following checkins were made without reference to any specific bugs:

05/25/2002 - HTML Quote reporter’s name (Gerv)
05/25/2002 - Release Notes Updates (MattyT)
06/03/2002 - Release Notes Updates (MattyT)

Da big list:

Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
Bug 152138 - 2.14.2 breaks sorting on more than one field
Bug 130821: Backported patch to further validate the order sql parameter.
Bug 148674 Boolean Charts don’t work in Netpositive because ‘-‘ is sent as ‘%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
Bug 93167 - &GroupExists and &GroupIsActive and &UserInGroup need to pushand pop sql state
Bug 147486 - First (of many?) fixes of cross site scripting issues; checked in on the 2.14.1 branch; this patch is slightly different (semantically) from the one in 147486; it moves the ) placement, per myk’s suggestion in the bug.
Bug 107718: backported patch for 2_14_1-BRANCH
Fix bug 146447, part
Backported patch for bug 92263; patch applies cleanly to the 2_14_1-BRANCH
Bug 134575: Backported patch for the 2_14_1 BRANCH
Bugs 126801, 141557: backported security patches for the 2.14.1

28. July 2002

Bugzilla 2.16 Released

by Bugzilla Team

The Bugzilla Team is relieved and pleased to finally announce the release of Bugzilla 2.16, and also a new status update. The product of 11 months of hard work, Bugzilla 2.16 is the first release of Bugzilla to have a templatised UI, allowing administrators easily to customise the look and feel of their Bugzilla without editing Perl code.

There are no security fixes in 2.16 that were not in 2.16rc2 - but anyone running a version of Bugzilla older than that needs to read the 2.16rc2 and 2.14.2 security advisory and previous advisories. Bugzilla 2.16 is the best Bugzilla, and the Bugzilla team strongly recommends its use over all other versions.

28. July 2002

Bugzilla 2.14.3 Released

by Bugzilla Team

Due to a small “brown bag” issue in 2.14.2, 2.14.3 has been released. This release contains two extra fixes to 2.14.2 - we fixed column sorting in buglists, and made a system call in the optional, unsupported, contributed email subsystem more secure.

The 2.14.x branch is Bugzilla’s older stable branch. New installations and upgraders are strongly recommended to use 2.16.

08. June 2002

Bugzilla 2.16 Release Candidate 2 and Bugzilla 2.14.2 are now available

by Bugzilla Team

Based on feedback from Bugzilla 2.16rc1, and some recent security issues that were found, we’ve now made available a second release candidate for 2.16 as well as a security update for the 2.14 branch. All of the security fixes are also included in 2.16rc2. For details, see the following links:

Check out the download page for links to download or update to it. Unless any major problems are found, this is what we’d like to release as version 2.16.