Blog

Want to always keep up-to-date with Bugzilla news? Subscribe to announce@bugzilla.org, a read-only mailing list where we'll post announcements about new versions of Bugzilla and security advisories.

Browse Archives »

You can also see what's going on in the project by looking at the notes of, or watching the video of, our monthly developer meetings.

Loading the upcoming event

09. September 2009

Warning: Major Bugzilla Security Release Coming Soon

by Max Kanat-Alexander (mkanat)

A major security issue has been discovered in versions of Bugzilla back to 3.0. We will be releasing a version of Bugzilla which fixes the issue within 48 hours (possibly within 24 hours), and all administrators should be ready to perform the upgrade (which does not require any database changes) shortly after the new version is released.

If you do not wish to do a full upgrade, patches for just the security issue will be available. The patches are relatively small and do not modify very much of Bugzilla.

01. August 2009

Release of Bugzilla 3.4.1

by Bugzilla Team

A security issue was found in Bugzilla 3.4 after its release. We are releasing 3.4.1 to address this issue. We recommend that all Bugzilla administrators running 3.3.4, 3.4rc1, or 3.4 read the Security Advisory that was published along with this release, and upgrade immediately if your installation is affected.

28. July 2009

Release of Bugzilla 3.4

by Bugzilla Team

Bugzilla 3.4 is a new major release from the Bugzilla Project! It contains a LOT of great new features, including:

  • A greatly-simplified bug-filing page.
  • A new front page for Bugzilla.
  • Users’ email addresses are now hidden from logged-out users (helps prevent users receiving spam)
  • Emails can be sent in the background (which greatly speeds up editing bugs)
  • URLs of searches are now much shorter, so they can be more easily shared.
  • Exciting new custom field enhancements
  • A field that allows you to refer to bugs in other Bugzillas.

And lots of other exciting new features! You can see the complete list in the Release Notes.

The Bugzilla Project would like to thank all of the organizations and individuals that contributed to Bugzilla 3.4! Without you, there wouldn’t be any Bugzilla at all!

EOL For Bugzilla 2.22

The release of Bugzilla 3.4 marks the End Of Life for the Bugzilla 2.22.x series. This means that there will be no further updates released for Bugzilla 2.22.x, even if there are security holes found in that release. If you are running Bugzilla 2.22.x, we recommend that you upgrade to 3.4 immediately.

Instructions for upgrading Bugzilla are in the Upgrading section of the Bugzilla Guide. You should also read the Notes for Upgraders in the Release Notes for Bugzilla 3.4, 3.2, and 3.0.

08. July 2009

Release of Bugzilla 3.4rc1 and 3.2.4

by Bugzilla Team

Today we have two releases for you, a new release candidate for 3.4, and an update for the stable 3,2 branch.

All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.

Bugzilla 3.4rc1 is our first Release Candidate for Bugzilla 3.4. This release has received QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk. However, it should be fine for smaller or non-critical production installations.

If feedback from this release candidate indicates that it is mostly stable, then Bugzilla 3.4 will be released in a few weeks. If feedback indicates that more extensive fixes are needed, there may be another release candidate after this one.

Bugzilla 3.2.4 is our latest stable release. It contains various useful bug fixes and security improvements:

08. July 2009

Bugzilla Update: Wednesday, July 8, 2009 (Release of Bugzilla 3.4rc1 and Bugzilla 3.2.4)

by Max Kanat-Alexander (mkanat)

Well, it’s time for another Bugzilla update! And today I just did two releases, Bugzilla 3.4rc1 and Bugzilla 3.2.4.

Bugzilla 3.4rc1

Bugzilla 3.4rc1 is particularly exciting, because it’s our first Release Candidate for 3.4. We did a really good job on this Release Candidate, I think–there’s only one 3.4 blocker remaining (and it’s only still there because we’re waiting on an external party to do something). In other words, there are no known issues with the Release Candidate that are so bad that we couldn’t just call it 3.4 next week if all goes well, and we’ve never actually been in that state for a Release Candidate, at least not as long as I’ve been around the Bugzilla Project.

One of the particularly exciting thing about a Release Candidate is that it has release notes! That means that all the new features are listed. There’s a lot of really exciting stuff in 3.4, and you should take a look. There are some gems in the “Other Enhancements and Changes” section, too, so make sure you read that too. :-)

WebService Changes Since 3.3.4

Anybody who was writing WebService clients against 3.3.x development releases should know: we renamed the Bug.get\_history method to Bug.history. You can still call it as Bug.get\_history if you want, but that’s undocumented and not recommended.

Also, we don’t send \<nil\> for NULL items anymore–too many clients didn’t support it. Now we just remove items from the returned result if they are undefined. (This is documented in the Bugzilla::WebService documentation.)

Progress Toward Bugzilla 3.6

There’s been some activity on HEAD since our last update. We got a new WebService method to get attachment information, Bug.attachments. I’ve been working on making Quicksearch (the search box in the header and footer) even faster. Greg Hendricks (of Testopia fame) has been working on the ability for administrators to “disable” certain field values (so that they don’t show up as options anymore, but remain set on existing bugs). And Bradley Baetz has been adding new hooks and working on improving performance in some important areas.

There’s no ETA for Bugzilla 3.6, but if it works anything like how Bugzilla 3.4 works, we will have open development on it until two months after Bugzilla 3.4 is released, and then we will branch for 3.6 and the 3.6 branch will be “frozen” to only bug-fixes.

Bugzilla Meeting

We have a Bugzilla Meeting next week, on Tuesday, July 14. Just read the page if you want more information! Anybody is welcome to attend.

04. June 2009

Bugzilla Update: Thursday, June 4, 2009

by Max Kanat-Alexander (mkanat)

Well, it’s time for another Bugzilla update!

Bugzilla 3.4

In the Bugzilla 3.4 area, we just made some more changes to how the login form in the header and footer work. Now it’s easy again for users to discover how to reset their password–when we moved the login forms into the header/footer, we at first didn’t have any way for people to discover how to reset their password, but now there’s a link and everything works really nicely. You can see how it all works on the Bugzilla 3.4 Test Installation.

We’re getting somewhat closer to Bugzilla 3.4rc1. We found a few more blockers, so those have to be resolved, and there’s also release notes that need to be written before we can have a Release Candidate.

One new feature of Bugzilla 3.4 that we haven’t talked much about is the “See Also” field. This is a field where you can put a URL to a bug in another Bugzilla installation or to a Launchpad bug. The “See Also” feature isn’t quite complete–in the future, we also want to make it update the other installation so that the other installation knows that you’re referring to it. We also want to fix up the display, and get summary/status/resolution information on the remote bug, etc. But for now it does check that you’ve entered a valid bug URL, and at least you can somehow record that bugs in different Bugzilla installations are related to each other, and there’s a WebService interface for updating the field.

For installations that don’t need the “See Also” field, you can turn it off by disabling the “use_see_also” Parameter.

Bugzilla 3.6 (HEAD)

We’re working on various interesting things for Bugzilla 3.6, though our focus recently has been on 3.4rc1, so there are a lot of patches awaiting review for HEAD that haven’t had the time to be reviewed. People are working on the ability to disable field values and some cool WebService enhancements, but of course our main focus is fixing up the HCI issues that the Carnegie-Mellon research team discovered in their 2008 study.

20. May 2009

Bugzilla Update: Wednesday, May 20, 2009

by Max Kanat-Alexander (mkanat)

Hey hey. So, I was thinking that I’d do a regular (or semi-regular) post on the status of the Bugzilla Project, for anybody interested. This is the first one.

Bugzilla 3.4

We’re getting pretty close to releasing Bugzilla 3.4rc1, now. There are only a few blockers left. Mostly they’re just awaiting review. I’ll also need some help with the release process for Bugzilla 3.4rc1, if anybody wants to help out.

The only significant changes since 3.3.4 will be a lot of bug fixes, a change to the Bug.search WebServices API, and the ability to hide the “See Also” field. The bug fixes are pretty important, though, so if you’re using 3.3.4 you definitely want to update to the most recent BUGZILLA-3\_4-BRANCH code regularly or update to 3.4rc1 when it comes out.

There are a lot of significant changes in 3.4 compared to Bugzilla 3.2, though. Those will all be listed in the release notes for 3.4rc1. The difference between 3.2 and 3.4 is not as great as the difference between 3.0 and 3.2 though. We’re working on having smaller releases more often (starting with 3.4), and it seems to be working pretty well so far.

HEAD (Bugzilla 3.6)

On trunk (which will be Bugzilla 3.6), we’ve done a fair bit. There’s a JSON-RPC interface, support for suexec environments in checksetup, and a lot of HCI improvements. We’ve decided that for Bugzilla 3.6, our focus isn’t going to be adding major new features, but fixing up the features we already have. I wrote a message to the Bugzilla Developers List about it, a week ago or so, and I got a lot of positive responses (mostly on IRC or by private email). If you’re interested in helping out, feel free to check out the list of bugs we’d like to fix for Bugzilla 3.6.

30. March 2009

Status Update

by Max Kanat-Alexander (mkanat)

Introduction and Updates

We released two versions of Bugzilla today. Bugzilla 3.2.3 has some important bug fixes, and Bugzilla 3.3.4 is our latest development snapshot.

About Bugzilla 3.3.4

Bugzilla 3.3.4 is our latest development release leading up to Bugzilla 3.4. Bugzilla 3.3.4 is feature-complete. This means that from here on out until the final release of Bugzilla 3.4, we will only be fixing bugs on the 3.4 branch–we won’t be adding any new features.

Bugzilla 3.3.4 is still unstable, and should not be used in production environments. There are still known bugs that have not been fixed, in this release.

There have been a few big changes since Bugzilla 3.3.3:

  • There is a brand-new super-simple front page for Bugzilla.
  • The form for filing a bug is now much simpler by default.
  • Obsolete attachments are now hidden by default, on a bug.
  • You can now log in using a form in the header and footer on every page in Bugzilla.
  • When editing a bug, text inputs grow with your browser window.
  • When you log out of Bugzilla, you will be sent to the front page, not just a blank page with a message saying you’ve logged out.
  • The Bug.get WebService function now accepts a “permissive” argument that can be used to make it not die on errors.
  • You can now have custom fields only show up in a particular product.

Development for Bugzilla 3.4 is now done on the BUGZILLA-3_4-BRANCH branch in CVS instead of on trunk. So if you are updating via CVS, make sure to do cvs -q up -dP -r BUGZILLA-3_4-BRANCH when updating, if you want to stay on the 3.4 branch.

The trunk (HEAD) is open for feature development toward Bugzilla 3.6.

Stay Updated About Bugzilla

As usual, we’d like to remind all Bugzilla administrators that to assist them in keeping up-to-date with release announcements and security advisories, we provide an ultra-low-volume administrator mailing list ([email protected]). We advise all Bugzilla administrators to subscribe so they can keep up with important Bugzilla announcements.

Those looking to get involved with Bugzilla development may want to consider joining the developers list ([email protected]). This list offers discussion on new features and issues. Developers are invited to subscribe to the list. You may also want to read our Contributor’s Guide. You might also want to contribute to other Bugzilla areas.

Bugzilla Meetings

Come to our meetings every month! Anybody is welcome to attend who is interested in helping out with the Bugzilla Project, or just anybody who wants to put in their two cents on how development should go.

You can learn more about the meetings at the wiki page about Bugzilla Meetings.

30. March 2009

Release of Bugzilla 3.2.3 and 3.3.4

by Bugzilla Team

We are releasing two versions of Bugzilla, one bug-fix release for our stable branch, and one development release. All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.

Bugzilla 3.2.3 is our latest stable release. It contains various useful bug fixes and security improvements:

Bugzilla 3.3.4 is an unstable development release. This release has not received QA testing from the Bugzilla Project, and should not be used in production environments. Development releases exist as previews of the features that the next major release of Bugzilla will contain. They also exist for testing purposes, to collect bug reports and feedback, so if you find a bug in this development release (or you don’t like how some feature works) please tell us.

For details on what’s new in this development release and what’s going on with the Bugzilla Project, see our latest Status Update.

03. February 2009

Release of Bugzilla 3.2.2, 3.0.8, and 3.3.3

by Bugzilla Team

A critical bug was found in Bugzilla 3.2.1, 3.0.7, and 3.3.2 immediately after their release. If you are running these versions and your installation runs under mod_perl, it is very important that you upgrade to these new releases.

See today’s Security Advisory for details on the bug being fixed.