VCS updates: bzr moving, cvs ending

by Mark Côté (mcote)

At the Bugzilla project meeting on 2015-03-25 the project lead and assistant leads agreed on two major changes to Bugzilla’s source-code hosting:

1. CVS support is officially dropped as of now. 4.0 is the last version that was released on CVS, and it will be EOLed when 5.0 comes out (very soon; rc3 was just released). In the event of a release on the 4.0 branch before it is EOLed, any Bugzilla installations that have not migrated to bzr or git will have to apply patches to upgrade, which will continue to be distributed as usual. Bugzilla site admins are strongly encouraged to migrate to pulling from git.mozilla.org as soon as possible.
2. Bazaar hosting has been officially switched from bzr.mozilla.org to bzr.bugzilla.org. bzr.bugzilla.org is already active and syncing changes from git.mozilla.org. bzr.mozilla.org is no longer syncing changes and will soon be shut down. Any sites upgrading from bzr.mozilla.org must do one of the following to apply any future upgrades, in order of preference:

• Switch to upgrading from git.mozilla.org.
• Switch to pulling from bzr.bugzilla.org. See instructions at https://bzr.bugzilla.org/.
• Apply the released patch.

bzr.bugzilla.org will continue to mirror changes from git.mozilla.org for the 4.0, 4.2, and 4.4 branches as long as they are supported. Note that, at the moment, master/trunk is being mirrored as well, but no other branches, including and subsequent to 5.0, will be mirrored to bzr.bugzilla.org, and trunk mirroring may cease at any time.

Note that bzr.bugzilla.org is waiting on a proper certificate; please use plain http until this is resolved.

The Bugzilla team apologizes for any inconvenience. Please see our support options if you have trouble migrating.

Mark Côté

Assistant Project Lead, Bugzilla

Release of Bugzilla 5.0rc3, 4.4.9, 4.2.14, and 4.0.18

by Bugzilla Team

Today we have several new releases for you!

Bugzilla 5.0rc3 is our third Release Candidate for Bugzilla 5.0. This release has received QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk.

If feedback from this release candidate indicates that it is mostly stable, then Bugzilla 5.0 will be released in a few weeks. If feedback indicates that more extensive fixes are needed, there may be another release candidate after this one.

• Download 5.0rc3
• Release Notes for 5.0rc3

Bugzilla 4.4.9 is our latest stable release. It contains various useful bug fixes:

• Download 4.4.9
• Release Notes for 4.4.9

Bugzilla 4.2.14 is a bugfix update for the 4.2 branch:

• Download 4.2.14
• Release Notes for 4.2.14

Bugzilla 4.0.18 is a bugfix update for the 4.0 branch:

• Download 4.0.18
• Release Notes for 4.0.18

Release of Bugzilla 5.0rc2, 4.4.8, 4.2.13, and 4.0.17

by Bugzilla Team

Today we have several new releases for you!

Bugzilla 5.0rc2 is our second Release Candidate for Bugzilla 5.0. This release has receive QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk.

If feedback from this release candidate indicates that it is mostly stable, then Bugzilla 5.0 will be released in a few weeks. If feedback indicates that more extensive fixes are needed, there may be another release candidate after this one.

• Download 5.0rc2
• Release Notes for 5.0rc2

Bugzilla 4.4.8 is our latest stable release. It contains an important bug fix:

• Download 4.4.8
• Release Notes for 4.4.8

Bugzilla 4.2.13 is a bug fix update for the 4.2 branch:

• Download 4.2.13
• Release Notes for 4.2.13

Bugzilla 4.0.17 is a bug fix update for the 4.0 branch:

• Download 4.0.17
• Release Notes for 4.0.17

Upcoming EOL for 4.0.x

Please note that once Bugzilla 5.0 is released, this will mark the End Of Life for the Bugzilla 4.0 series. This will mean that there will be no further updates for the 4.0.x series, even if there are serious security issues found in that series. We recommend that all installations running the 4.0 series upgrade as soon as possible to the current stable 4.4 version or 5.0 when released.

Bugzilla 5.0 will also be our first stable release to be only available using Git. This means you will not be able to use bzr (Bazaar) anymore to upgrade to or install 5.0. The 4.0 branch is the last branch available on CVS, so any documentation referencing the use of CVS for installation or upgrading will no longer be valid. For more information, check the Download page page.

Release of Bugzilla 5.0rc1, 4.4.7, 4.2.12, and 4.0.16

by Bugzilla Team

Today we have several new releases for you!

All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.

Bugzilla 5.0rc1 is our first Release Candidate for Bugzilla 5.0. This release has received QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk.

If feedback from this release candidate indicates that it is mostly stable, then Bugzilla 5.0 will be released in a few weeks. If feedback indicates that more extensive fixes are needed, there may be another release candidate after this one.

• Download 5.0rc1
• Release Notes for 5.0rc1

Bugzilla 4.4.7 is our latest stable release. It contains various useful bug fixes and security improvements:

• Download 4.4.7
• Release Notes for 4.4.7

Bugzilla 4.2.12 is a security and bugfix update for the 4.2 branch:

• Download 4.2.12
• Release Notes for 4.2.12

Bugzilla 4.0.16 is a security and bugfix update for the 4.0 branch:

• Download 4.0.16
• Release Notes for 4.0.16

Release of Bugzilla 4.0.15, 4.2.11, 4.4.6, and 4.5.6

by Bugzilla Team

Today we have several new releases for you!

All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.

Bugzilla 4.4.6 is our latest stable release. It contains various useful bug fixes and security improvements:

• Download 4.4.6
• Release Notes for 4.4.6

Bugzilla 4.2.11 is a security update for the 4.2 branch:

• Download 4.2.11
• Release Notes for 4.2.11

Bugzilla 4.0.15 is a security update for the 4.0 branch:

• Download 4.0.15
• Release Notes for 4.0.15

Bugzilla 4.5.6 is an unstable development release. This release has not received QA testing from the Bugzilla Project, and should not be used in production environments. Development releases exist as previews of the features that the next major release of Bugzilla will contain. They also exist for testing purposes, to collect bug reports and feedback, so if you find a bug in this development release (or you don’t like how some feature works) please tell us.

• Download 4.5.6

Landfill.bugzilla.org Disclosure

by Mark Côté (mcote)

UPDATE: We have reset all passwords on all Landfill test Bugzilla systems. All users will be required to set a new password the next time they access the test Bugzilla systems.

One of our developers discovered that, starting on about May 4th, 2014, for a period of around 3 months, during the migration of our testing server for test builds of the Bugzilla software, database dump files containing email addresses and encrypted passwords of roughly 97,000 users of the test build were posted on a publicly accessible server.  As soon as we became aware, the database dump files were removed from the server immediately, and we’ve modified the testing process to not require database dumps.

Generally, developers who use our test builds have told us they understand that these builds are insecure and may break, so they do not use passwords they would reuse elsewhere.  However, because it is possible that some users could have reused their passwords on other websites or authentication systems, we’ve sent notices to the users who were affected by this disclosure and recommended that they change any similar passwords they may be using. It’s important to note that, unless users reused the password they used on landfill.bugzilla.org, this does not affect bugzilla.mozilla.org email addresses or passwords.

We are deeply sorry for any inconvenience or concern this incident may cause you.

Thanks,

Mark Côté

Assistant Project Lead, Bugzilla

Release of Bugzilla 4.0.14, 4.2.10, 4.4.5, and 4.5.5

by Bugzilla Team

Today we have several new releases for you!

All of today’s releases contain a security fix. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.

Bugzilla 4.4.5 is our latest stable release and contains a security fix.

• Download 4.4.5
• Release Notes for 4.4.5

Bugzilla 4.2.10 is a security update for the 4.2 branch:

• Download 4.2.10
• Release Notes for 4.2.10

Bugzilla 4.0.14 is a security update for the 4.0 branch:

• Download 4.0.14
• Release Notes for 4.0.14

Bugzilla 4.5.5 is an unstable development release. This release has not received QA testing from the Bugzilla Project, and should not be used in production environments. Development releases exist as previews of the features that the next major release of Bugzilla will contain. They also exist for testing purposes, to collect bug reports and feedback, so if you find a bug in this development release (or you don’t like how some feature works) please tell us.

• Download 4.5.5

Release of Bugzilla 4.5.4, 4.4.4, 4.2.9, and 4.0.13

by Bugzilla Team

There are four new releases today. All of today’s releases contain an important bug fix discovered since the last release.

Bugzilla 4.4.4 is our latest stable release. It is a bug fix update for the 4.4 branch:

• Download 4.4.4
• Release Notes for 4.4.4

Bugzilla 4.2.9 is a bug fix update for the 4.2 branch:

• Download 4.2.9
• Release Notes for 4.2.9

Bugzilla 4.0.13 is a bug fix update for the 4.0 branch:

• Download 4.0.13
• Release Notes for 4.0.13

Bugzilla 4.5.4 is an unstable development release. This release has not received QA testing from the Bugzilla Project, and should not be used in production environments. Development releases exist as previews of the features that the next major release of Bugzilla will contain. They also exist for testing purposes, to collect bug reports and feedback, so if you find a bug in this development release (or you don’t like how some feature works) please tell us.

• Download 4.5.4

Release of Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12

by Bugzilla Team

Today we have several new releases for you!

All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.

Bugzilla 4.4.3 is our latest stable release. It contains various useful bug fixes and security improvements:

• Download 4.4.3
• Release Notes for 4.4.3

Bugzilla 4.2.8 is a security update for the 4.2 branch as well as contains several bug fixes:

• Download 4.2.8
• Release Notes for 4.2.8

Bugzilla 4.0.12 is a security update for the 4.0 branch:

• Download 4.0.12
• Release Notes for 4.0.12

Bugzilla 4.5.3 is an unstable development release. This release has not received QA testing from the Bugzilla Project, and should not be used in production environments. Development releases exist as previews of the features that the next major release of Bugzilla will contain. They also exist for testing purposes, to collect bug reports and feedback, so if you find a bug in this development release (or you don’t like how some feature works) please tell us.

• Download 4.5.3

(re)introducing Mark Côté, Bugzilla Assistant Project Lead

by Dave Miller (justdave)

I’ve invited Mark Côté to step up to fill the Assistant Project Lead position vacated by Simon Green two months ago. He’ll also be taking on a role as a “Community Coordinator” to try to step up efforts to make new community members feel welcome and encourage more involvement.

You probably all know him most recently for his leadership in the project to move our source control from bzr to git. He’s a long-time developer outside of Bugzilla, and has been heavily involved with Bugzilla the last year or so via his participation in maintaining bugzilla.mozilla.org. He’s mainly been in the role of a project manager for BMO, and that’s really what Bugzilla needs right now. We haven’t had a really good project manager or community coordinator in a long time, and the state of the project kinda shows it. In another first (in recent history), “approval” rights aren’t initially coming with the job. Any patches that need commit approval can continue to be directed towards Byron (glob) or myself (justdave).

I’ve had a long-standing policy of trying to avoid having the entire senior leadership team being employed by Mozilla, in order to try to keep it a real community project and not feel like it was being controlled by Mozilla, but the reality is that nobody else from outside of Mozilla has been involved enough to step into this kind of role in the recent past, and it’s better to have it filled and get things done than to leave it vacant and let the project stagnate even further. If he’s an effective community builder, that problem will probably solve itself eventually.

We’re going to try to set up another real-time project meeting soon either on IRC or Air Mozilla or in Google Hangouts again (that wasn’t too bad when we did it) so we can regroup on where we are and where we plan to go. Expect to be hearing from Mark on that soon.

For more information about Mark, see his Mozillians profile at https://mozillians.org/en-US/u/mcote/ or his LinkedIn profile at https://www.linkedin.com/profile/view?id=27908882 or find him in the #bugzilla channel on IRC as mcote.