3.2.5
- Release Notes for Bugzilla 3.2.5
- Security Advisory for versions before 3.2.5
- Download Bugzilla 3.2.5
- Complete changelogs since prior versions
Release Notes
Bugzilla 3.2.5 Release Notes
Table of Contents
- Introduction
- Updates In This 3.2.x Release
- Security Fixes In This 3.2.x Release
- Minimum Requirements
- New Features and Improvements
- Outstanding Issues
- How to Upgrade From An Older Version
- Code Changes Which May Affect Customizations
- Release Notes for Previous Versions
Introduction
Welcome to Bugzilla 3.2! This is our first major feature release since Bugzilla 3.0, and it brings a lot of great improvements and polish to the Bugzilla experience.
If you're upgrading, make sure to read How to Upgrade From An Older Version. If you are upgrading from a release before 3.0, make sure to read the release notes for all the previous versions in between your version and this one, particularly the "Notes For Upgraders" section of each version's release notes.
Updates in this 3.2.x Release
This section describes what's changed in the most recent bug-fix releases of Bugzilla after 3.2. We only list the most important fixes in each release. If you want a detailed list of everything that's changed in each version, you should use our Change Log Page.
3.2.5
- CSV bug lists were broken because of extra line breaks. (Bug 469794)
This release also contains a very important security fix. See the Security Fixes Section for details.
3.2.4
- We now require a specific version of the Email::MIME::Encodings Perl module, to fix an issue where some emails would have too many newlines in them. (Bug 486206)
- Bugzilla's JavaScript and CSS should now be fully compatible with Internet Explorer 8. (Bug 483150)
- Running a saved search with a saved sort order will now no longer overwrite your default search order. (Bug 491679)
- You can now confirm a bug by popular vote even if there is no status called "NEW" in your Bugzilla. (Bug 500900)
- Displaying a bug with lots of comments should now be significantly faster. (Bug 498318)
This release also contains a security fix. See the Security Fixes Section for details.
3.2.3
- Bugzilla is now compatible with MySQL 5.1.x versions 5.1.31 and greater. (Bug 480001)
- On Windows, Bugzilla sometimes would send mangled emails (that would often fail to send). (Bug 467920)
recode.plwould sometimes crash when trying to convert databases from older versions of Bugzilla. (Bug 431201)- Running a saved search with Unicode characters in its name would cause Bugzilla to crash. (Bug 477513)
- Bugzilla clients like Mylyn can now update bugs again (the bug XML format now contains a "token" element that can be used when updating a bug). (Bug 476678)
- For installations using the
shadowdbparameter, Bugzilla was accidentally writing to the "tokens" table in the shadow database (instead of the master database) when using the "Change Several Bugs at Once" page. (Bug 476943)
This release also contains a security fix. See the Security Fixes Section for details.
3.2.2
This release fixes one security issue that is critical for installations running 3.2.1 under mod_perl. See the Security Advisory for details.
3.2.1
- Attachments, charts, and graphs would sometimes be garbled on Windows. (Bug 464992)
- Saving changes to parameters would sometimes fail silently (particularly
on Windows when the web server didn't have the right permissions to
update the
paramsfile). Bugzilla will now throw an error in this case, telling you what is wrong. (Bug 347707) - If you were using the
usemenuforusersparameter, and a bug was assigned to (or had a QA Contact of) a disabled user, that field would be reset to the first user in the list when updating a bug. (Bug 465589) - If you were using the
PROJECTenvironment variable to have multiple Bugzilla installations using one codebase, project-specific templates were being ignored. (Bug 467324) - Some versions of the SOAP::Lite Perl module had a bug that caused
Bugzilla's XML-RPC service to break.
checksetup.plnow checks for these bad versions and will reject them. (Bug 468009) - The font sizes in various places were too small, when using the Classic skin. (Bug 469136)
Security Fixes In This 3.2.x Release
3.2.5
This release fixes one critical security issue. Please see the Security Advisory for details.
3.2.4
This release fixes one security issue related to bug editing. See the Security Advisory for details.
3.2.3
This release fixes one security issue related to attachments. See the Security Advisory for details.
3.2.2
This release fixes one security issue that is critical for installations running 3.2.1 under mod_perl. See the Security Advisory for details.
3.2.1
This release contains several security fixes. One fix may break any automated scripts you have that are loading process_bug.cgi directly. We recommend that you read the entire Security Advisory for this release.
Minimum Requirements
Any requirements that are new since 3.0.5 will look like this.
- Perl
- For MySQL Users
- For PostgreSQL Users
- For Oracle Users
- Required Perl Modules
- Optional Perl Modules
Perl
Perl v5.8.1
For MySQL Users
- MySQL v4.1.2
- perl module: DBD::mysql v4.00
For PostgreSQL Users
- PostgreSQL v8.00.0000
- perl module: DBD::Pg v1.45
For Oracle Users
- Oracle v10.02.0
- perl module: DBD::Oracle v1.19
Required Perl Modules
| Module | Version |
|---|---|
| CGI | 3.21 |
| Date::Format | 2.21 |
| File::Spec | 0.84 |
| DBI | 1.41 |
| Template | 2.15 |
| Email::Send | 2.00 |
| Email::MIME | 1.861 |
| Email::MIME::Encodings | 1.313 |
| Email::MIME::Modifier | 1.442 |
Optional Perl Modules
The following perl modules, if installed, enable various features of Bugzilla:
| Module | Version | Enables Feature |
|---|---|---|
| LWP::UserAgent | (Any) | Automatic Update Notifications |
| Template::Plugin::GD::Image | (Any) | Graphical Reports |
| GD::Text | (Any) | Graphical Reports |
| GD::Graph | (Any) | Graphical Reports |
| GD | 1.20 | Graphical Reports, New Charts, Old Charts |
| Email::MIME::Attachment::Stripper | (Any) | Inbound Email |
| Email::Reply | (Any) | Inbound Email |
| Net::LDAP | (Any) | LDAP Authentication |
| HTML::Parser | 3.40 | More HTML in Product/Group Descriptions |
| HTML::Scrubber | (Any) | More HTML in Product/Group Descriptions |
| XML::Twig | (Any) | Move Bugs Between Installations |
| MIME::Parser | 5.406 | Move Bugs Between Installations |
| Chart::Base | 1.0 | New Charts, Old Charts |
| Image::Magick | (Any) | Optionally Convert BMP Attachments to PNGs |
| PatchReader | 0.9.4 | Patch Viewer |
| Authen::Radius | (Any) | RADIUS Authentication |
| Authen::SASL | (Any) | SMTP Authentication |
| SOAP::Lite | (Any) | XML-RPC Interface |
| mod_perl2 | 1.999022 | mod_perl |
New Features and Improvements
- Major UI Improvements
- New Default Skin: Dusk
- Custom Status Workflow
- New Custom Field Types
- Easier Installation
- Experimental Oracle Support
- Improved UTF-8 Support
- Group Icons
- Other Enhancements and Changes
Major UI Improvements
Bugzilla 3.2 has had some UI assistance from the NASA Human-Computer Interaction department and the new Bugzilla User Interface Team.
In particular, you will notice a massively redesigned bug editing form, in addition to our new skin.
New Default Skin: Dusk
Bugzilla 3.2 now ships with a skin called "Dusk" that is a bit more colorful than old default "Classic" skin.
Upgrading installations will still default to the "Classic" skin--administrators can change the default in the Default Preferences control panel. Users can also choose to use the old skin in their Preferences (or using the View :: Page Style menu in Firefox).
The changes that Bugzilla required for Dusk made Bugzilla much easier to skin. See the Addons page for additional skins, or try making your own!
Custom Status Workflow
You can now customize the list of statuses in Bugzilla, and transitions between them.
You can also specify that a comment must be made on certain transitions.
New Custom Field Types
Bugzilla 3.2 has support for three new types of custom fields:
- Large Text: Adds a multi-line textbox to your bugs.
- Multiple Selection Box: Adds a box that allows you to choose multiple items from a list.
- Date/Time: Displays a date and time, along with a JavaScript calendar popup to make picking a date easier.
Easier Installation
Bugzilla now comes with a script called install-module.pl that can automatically download and install all of the required Perl modules for Bugzilla. It stores them in a directory inside your Bugzilla installation, so you can use it even if you don't have administrator-level access to your machine, and without modifying your main Perl install.
checksetup.pl will print out instructions for using install-module.pl, or you can read its documentation.
Experimental Oracle Support
Bugzilla 3.2 contains experimental support for using Oracle as its database. Some features of Bugzilla are known to be broken on Oracle, but hopefully will be working by our next major release.
The Bugzilla Project, as an open-source project, of course does not recommend the use of proprietary database solutions. However, if your organization requires that you use Oracle, this will allow you to use Bugzilla!
The Bugzilla Project thanks Oracle Corp. for their extensive development contributions to Bugzilla which allowed this to happen!
Improved UTF-8 Support
Bugzilla 3.2 now has advanced UTF-8 support in its code, including correct handling for truncating and wrapping multi-byte languages. Major issues with multi-byte or unusual languages are now resolved, and Bugzilla should now be usable by users in every country with little (or at least much less) customization.
Group Icons
Administrators can now specify that users who are in certain groups should have an icon appear next to their name whenever they comment. This is particularly useful for distinguishing developers from bug reporters.
Other Enhancements and Changes
These are either minor enhancements, or enhancements that have very short descriptions. Some of these are very useful, though!
Enhancements For Users
- Bugs: You can now reassign a bug at the same time as you are changing its status.
- Bugs: When entering a bug, you will now see the description of a component when you select it.
- Bugs: The bug view now contains some Microformats, most notably for users' names and email addresses.
- Bugs: You can now remove a QA Contact from a bug simply by clearing the QA Contact field.
- Bugs: There is now a user preference that will allow you to exclude the quoted text when replying to comments.
- Bugs: You can now expand or collapse individual comments in the bug view.
- Attachments: There is now "mid-air collision" protection when editing attachments.
- Attachments: Patches in the Diff Viewer now show line numbers (Example).
- Attachments: After creating or updating an attachment, you will be immediately shown the bug that the attachment is on.
- Search: You can now reverse the sort of a bug list by clicking on a column header again.
- Search: Atom feeds of bug lists now contain more fields.
- Search: QuickSearch now supports searching flags and groups. It also now includes the OS field in the list of fields it searches by default.
- Search: "Help" text can now appear on query.cgi for Internet Explorer and other non-Firefox browsers. (It always could appear for Firefox.)
- Bugzilla now ships with an icon that will show up next to the URL in most browsers. If you want to replace it, it's in images/favicon.ico.
- You can now set the Deadline when using "Change Several Bugs At Once"
- Saved Searches now save their column list, so if you customize the list of columns and save your search, it will always contain those columns.
- Saved Searches: When you share a search, you can now see how many users have subscribed to it, on userprefs.cgi.
- Saved Searches: You can now see what group a shared search was shared to, on the list of available shared searches in userprefs.cgi.
- Flags: If your installation uses drop-down user lists, the flag requestee box will now contain only users who are actually allowed to take requests.
- Flags: If somebody makes a request to you, and you change the requestee to somebody else, the requester is no longer set to you. In other words, you can "redirect" requests and maintain the original requester.
- Flags: Emails about flags now will thread properly in email clients to be a part of a bug's thread.
- When using email_in.pl, you can now add users to the CC list by just using @cc as the field name.
- Many pages (particularly administrative pages) now contain links to the relevant section of the Bugzilla Guide, so you can read the documentation for that page.
- Dependency Graphs should render more quickly, as they now (by default) only include the same bugs that you'd see in the dependency tree.
Enhancements For Administrators
- Admin UI: Instead of having the Administration Control Panel links in the footer, there is now just one link called "Administration" that takes you to a page that links to all the administrative controls for Bugzilla.
- Admin UI: Administrative pages no longer display confirmation pages, instead they redirect you to some useful page and display a message about what changed.
- Admin UI: The interface for editing group inheritance in editgroups.cgi is much clearer now.
- Admin UI: When editing a user, you can now see all the components where that user is the Default Assignee or Default QA Contact.
- Email: For installations that use SMTP to send mail (as opposed to Sendmail), Bugzilla now supports SMTP Authentication, so that it can log in to your mail server before sending messages.
- Email: Using the "Test" mail delivery method now creates a valid mbox file to make testing easier.
- Authentication: Bugzilla now correctly handles LDAP records which contain multiple email addresses. (The first email address in the list that is a valid Bugzilla account will be used, or if this is a new user, the first email address in the list will be used.)
- Authentication: Bugzilla can now take a list of LDAP servers to try in order until it gets a successful connection.
- Authentication: Bugzilla now supports RADIUS authentication.
- Security: The login cookie is now created as "HTTPOnly" so that it can't be read by possibly malicious scripts. Also, if SSL is enabled on your installation, the login cookie is now only sent over SSL connections.
- Security: The
sslparameter now protects every page a logged-in user accesses, when set to "authenticated sessions." Also, SSL is now enforced appropriately in the WebServices interface when the parameter is set. - Database: Bugzilla now uses transactions in the database instead of table locks. This should generally improve performance with many concurrent users. It also means if there is an unexpected error in the middle of a page, all database changes made during that page will be rolled back.
- Database: You no longer have to set
max_packet_sizein MySQL to add large attachments. However, you may need to set it manually if you restore a mysqldump into your database. - New WebService functions: Bug.add_comment and Bugzilla.extensions.
- You can now delete custom fields, but only if they have never been set on any bug.
- There is now a --reset-password argument to checksetup.pl that allows you to reset a user's password from the command line.
- There is now a script called sanitycheck.pl that you can run from the command line. It works just like sanitycheck.cgi. By default, it only outputs anything if there's an error, so it's ideal for administrators who want to run it nightly in a cron job.
- The strict_isolation parameter now prevents you from setting users who cannot see a bug as a CC, Assignee, or QA Contact. Previously it only prevented you from adding users who could not edit the bug.
- Extensions can now add their own headers to the HTML <head> for things like custom CSS and so on.
- sanitycheck.cgi has been templatized, meaning that the entire Bugzilla UI is now contained in templates.
- When setting the sslbase parameter, you can now specify a port number in the URL.
- When importing bugs using importxml.pl, attachments will have their actual creator set as their creator, instead of the person who exported the bug from the other system.
- The voting system is off by default in new installs. This is to prepare for the fact that it will be moved into an extension at some point in the future.
- The
shutdownhtmlparameter now works even when Bugzilla's database server is down.
Enhancements for Localizers (or Localized Installations)
- The documentation can now be localized--in other words, you can have documentation installed for multiple languages at once and Bugzilla will link to the correct language in its internal documentation links.
- Bugzilla no longer uses the languages parameter. Instead it reads the template/ directory to see which languages are available.
- Some of the messages printed by checksetup.pl can now be localized. See template/en/default/setup/strings.txt.pl.
Outstanding Issues
- Bug 423439: Tabs in comments will be converted to four spaces, due to a bug in Perl as of Perl 5.8.8.
- Bug 69621: If you rename or remove a keyword that is in use on bugs, you will need to rebuild the "keyword cache" by running sanitycheck.cgi and choosing the option to rebuild the cache when it asks. Otherwise keywords may not show up properly in search results.
- Bug 89822: When changing multiple bugs at the same time, there is no "mid-air collision" protection.
- Bug 276230: The support for restricting access to
particular Categories of New Charts is not complete. You should treat
the 'chartgroup' Param as the only access mechanism available.
However, charts migrated from Old Charts will be restricted to the groups that are marked MANDATORY for the corresponding Product. There is currently no way to change this restriction, and the groupings will not be updated if the group configuration for the Product changes. - Bug 370370: mod_perl support is currently not working on Windows machines.
How to Upgrade From An Older Version
Notes For Upgraders
- If you upgrade by CVS, the extensions and skins/contrib directories are now in CVS instead of being created by checksetup.pl If you do a cvs update from 3.0, you will be told that your directories are "in the way" and you should delete (or move) them and then do cvs update again. Also, the docs directory has been restructured and after you cvs update you can delete the docs/html, docs/pdf, docs/txt, and docs/xml directories.
- If you are using MySQL, you should know that Bugzilla now uses InnoDB for all tables. checksetup.pl will convert your tables automatically, but if you have InnoDB disabled, the upgrade will not be able to complete (and checksetup.pl will tell you so).
- You should also read the Bugzilla 3.0 Notes For Upgraders section of the previous release notes if you are upgrading from a version before 3.0.
Steps For Upgrading
Once you have read the notes above, see the Upgrading documentation for instructions on how to upgrade.
Code Changes Which May Affect Customizations
More Hooks!
There are more code hooks in 3.2 than there were in 3.0. See the documentation of Bugzilla::Hook for more details.
Search.pm Rearchitecture
Bugzilla/Search.pm has been heavily modified, to be much easier to read and use. It contains mostly the same code as it did in 3.0, but it has been moved around and reorganized significantly.
lib Directory
As part of implementing install-module.pl, Bugzilla was given a local lib directory which it searches for modules, in addition to the standard system path.
This means that all Bugzilla scripts now start with
use lib qw(. lib); as one of the first lines.
Other Changes
- You should now be using
get_status('NEW')instead ofstatus_descs.NEWin templates. - The
[%# version = 1.0 %]comment at the top of every template file has been removed.
Release Notes For Previous Versions
Bugzilla 3.0.x Release Notes
Table of Contents
- Introduction
- Updates In This 3.0.x Release
- Minimum Requirements
- New Features and Improvements
- Outstanding Issues
- Security Fixes In This Release
- How to Upgrade From An Older Version
- Code Changes Which May Affect Customizations
- Release Notes for Previous Versions
Introduction
Welcome to Bugzilla 3.0! It's been over eight years since we released Bugzilla 2.0, and everything has changed since then. Even just since our previous release, Bugzilla 2.22, we've added a lot of new features. So enjoy the release, we're happy to bring it to you.
If you're upgrading, make sure to read How to Upgrade From An Older Version. If you are upgrading from a release before 2.22, make sure to read the release notes for all the previous versions in between your version and this one.
Updates in this 3.0.x Release
This section describes what's changed in the most recent bug-fix releases of Bugzilla after 3.0. We only list the most important fixes in each release. If you want a detailed list of everything that's changed in each version, you should use our Change Log Page.
3.0.6
- Before 3.0.6, unexpected fatal WebService errors would result in
a
faultCodethat was a string instead of a number. (Bug 446327) - If you created a product or component with the same name as one you previously deleted, it would fail with an error about the series table. (Bug 247936)
See also the Security Advisory section for information about a security issue fixed in this release.
3.0.5
- If you don't have permission to set a flag, it will now appear unchangeable in the UI. (Bug 433851)
- If you were running mod_perl, Bugzilla was not correctly closing its connections to the database since 3.0.3, and so sometimes the DB would run out of connections. (Bug 441592)
- The installation script is now clear about exactly which
Email::modules are required in Perl, thus avoiding the problem where emails show up with a body like SCALAR(0xBF126795). (Bug 441541) - email_in.pl is no longer case-sensitive for values of @product. (Bug 365697)
See also the Security Advisory section for information about security issues fixed in this release.
3.0.4
- Bugzilla administrators were not being correctly notified about new releases. (Bug 414726)
- There could be extra whitespace in email subject lines. (Bug 411544)
- The priority, severity, OS, and platform fields were always required by the Bug.create WebService function, even if they had defaults specified. (Bug 384009)
- Better threading of bugmail in some email clients. (Bug 376453)
- There were many fixes to the Inbound Email Interface (email_in.pl). (Bug 92274, Bug 377025, Bug 412943, Bug 413672, and Bug 431721)
- checksetup.pl now handles UTF-8 conversion more reliably during upgrades. (Bug 374951)
- Comments written in CJK languages are now correctly word-wrapped. (Bug 388723)
- All emails will now be sent in the correct language, when the user has chosen a language for emails. (Bug 405946)
- On Windows, temporary files created when uploading attachments are now correctly deleted when the upload is complete. (Bug 414002)
- checksetup.pl now prints correct installation instructions for Windows users using Perl 5.10. (Bug 414430)
See also the Security Advisory section for information about security issues fixed in this release.
3.0.3
- mod_perl no longer compiles Bugzilla's code for each Apache process individually. It now compiles code only once and shares it among each Apache process. This greatly improves performance and highly decreases the memory footprint. (Bug 398241)
- You can now search for '---' (without quotes) in versions and milestones. (Bug 362436)
- Bugzilla should no longer break lines unnecessarily in email subjects. This was causing trouble with some email clients. (Bug 374424)
- If you had selected "I'm added to or removed from this capacity" option for the "CC" role in your email preferences, you wouldn't get mail when more than one person was added to the CC list at once. (Bug 394796)
- Deleting a user account no longer deletes whines from another user who has the deleted account as addressee. The schedule is simply removed, but the whine itself is left intact. (Bug 395924)
- contrib/merge-users.pl now correctly merges all required fields when merging two user accounts. (Bug 400160)
- Bugzilla no longer requires Apache::DBI to run under mod_perl. It caused troubles such as lost connections with the DB and didn't give any important performance gain. (Bug 408766)
3.0.2
- Bugzilla should now work on Perl 5.9.5 (and thus the upcoming Perl 5.10.0). (Bug 390442)
See also the Security Advisory section for information about an important security issue fixed in this release.
3.0.1
- For users of Firefox 2, the
show_bug.cgiuser interface should no longer "collapse" after you modify a bug. (Bug 370739) - If you can bless a group, and you share a saved search with that group, it will no longer automatically appear in all of that group's footers unless you specifically request that it automatically appear in their footers. (Bug 365890)
- There is now a parameter to allow users to perform searches without
any search terms. (In other words, to search for just a Product
and Status on the Simple Search page.) The parameter is called
specific_search_allow_empty_words. (Bug 385910) - If you attach a file that has a MIME-type of
text/x-patchortext/x-diff, it will automatically be treated as a patch by Bugzilla. (Bug 365756) - Dependency Graphs now work correctly on all mod_perl installations. There should now be no remaining signficant problems with running Bugzilla under mod_perl. (Bug 370398)
- If moving a bug between products would remove groups from the bug, you are now warned. (Bug 303183)
- On IIS, whenever Bugzilla threw a warning, it would
actually appear on the web page. Now warnings are suppressed,
unless you have a file in the
datadirectory callederrorlog, in which case warnings will be printed there. (Bug 390148) - If you used email_in.pl to edit a bug that was protected by groups, all of the groups would be cleared. (Bug 385453)
- PostgreSQL users: New Charts were failing to collect data over time. They will now start collecting data correctly. (Bug 257351)
- Some flag mails didn't specify who the requestee was. (Bug 379787)
- Instead of throwing real errors, collectstats.pl would
just say that it couldn't find
ThrowUserError. (Bug 380709) - Logging into Bugzilla from the home page works again with IIS5. (Bug 364008)
- If you were using SMTP for sending email, sometimes emails would
be missing the
Dateheader. (Bug 304999). - In the XML-RPC WebService,
Bug.legal_valuesnow correctly returns values for custom fields if you request values for custom fields. (Bug 381737) - The "Bug-Writing Guidelines" page has been shortened and re-written. (Bug 378590)
- If your
urlbaseparameter included a port number, likewww.domain.com:8080, SMTP might have failed. (Bug 384501) - For SMTP users, there is a new parameter,
smtp_debug. Turning on this parameter will log the full information about every SMTP session to your web server's error log, to help with debugging issues with SMTP. (Bug 384497) - If you are a "global watcher" (you get all mails from every bug), you can now see that in your Email Preferences. (Bug 365302)
- The Status and Resolution of bugs are now correctly localized in CSV search results. (Bug 389517)
- The "Subject" line of an email was being mangled if it contained non-Latin characters. (Bug 387860)
- Editing the "languages" parameter using editparams.cgi would sometimes fail, causing Bugzilla to throw an error. (Bug 335354)
Minimum Requirements
Any requirements that are new since 2.22 will look like this.
Perl
- Perl v5.8.0 (non-Windows platforms)
- Perl v5.8.1 (Windows platforms)
For MySQL Users
- MySQL v4.1.2
- perl module: DBD::mysql v2.9003
For PostgreSQL Users
- PostgreSQL v8.00.0000
- perl module: DBD::Pg v1.45
Required Perl Modules
| Module | Version |
|---|---|
| CGI | 2.93 |
| Date::Format | 2.21 |
| DBI | 1.41 |
| File::Spec | 0.84 |
| Template | 2.12 |
| Email::Send | 2.00 |
| Email::MIME | 1.861 |
| Email::MIME::Modifier | 1.442 |
Optional Perl Modules
The following perl modules, if installed, enable various features of Bugzilla:
| Module | Version | Enables Feature |
|---|---|---|
| LWP::UserAgent | (Any) | Automatic Update Notifications |
| Template::Plugin::GD::Image | (Any) | Graphical Reports |
| GD::Graph | (Any) | Graphical Reports |
| GD::Text | (Any) | Graphical Reports |
| GD | 1.20 | Graphical Reports, New Charts, Old Charts |
| Email::MIME::Attachment::Stripper | (Any) | Inbound Email |
| Email::Reply | (Any) | Inbound Email |
| Net::LDAP | (Any) | LDAP Authentication |
| HTML::Parser | 3.40 | More HTML in Product/Group Descriptions |
| HTML::Scrubber | (Any) | More HTML in Product/Group Descriptions |
| XML::Twig | (Any) | Move Bugs Between Installations |
| MIME::Parser | 5.406 | Move Bugs Between Installations |
| Chart::Base | 1.0 | New Charts, Old Charts |
| Image::Magick | (Any) | Optionally Convert BMP Attachments to PNGs |
| PatchReader | 0.9.4 | Patch Viewer |
| SOAP::Lite | (Any) | XML-RPC Interface |
| mod_perl2 | 1.999022 | mod_perl |
| CGI | 3.11 | mod_perl |
New Features and Improvements
- Custom Fields
- mod_perl Support
- Shared Saved Searches
- Attachments and Flags on New Bugs
- Custom Resolutions
- Per-Product Permissions
- User Interface Improvements
- XML-RPC Interface
- Skins
- Unchangeable Fields Appear Unchangeable
- All Emails in Templates
- No More Double-Filed Bugs
- Default CC List for Components
- File/Modify Bugs By Email
- Users Who Get All Bug Notifications
- Improved UTF-8 Support
- Automatic Update Notification
- Welcome Page for New Installs
- Other Enhancements and Changes
Custom Fields
Bugzilla now includes very basic support for custom fields.
Users in the admin group can add plain-text or drop-down custom fields. You can edit the values available for drop-down fields using the "Field Values" control panel.
Don't add too many custom fields! It can make Bugzilla very difficult to use. Try your best to get along with the default fields, and then if you find that you can't live without custom fields after a few weeks of using Bugzilla, only then should you start your custom fields.
mod_perl Support
Bugzilla 3.0 supports mod_perl, which allows for extremely enhanced page-load performance. mod_perl trades memory usage for performance, allowing near-instantaneous page loads, but using much more memory.
If you want to enable mod_perl for your Bugzilla, we recommend a minimum of 1.5GB of RAM, and for a site with heavy traffic, 4GB to 8GB.
If performance isn't that critical on your installation, you don't have the memory, or you are running some other web server than Apache, Bugzilla still runs perfectly as a normal CGI application, as well.
Shared Saved Searches
Users can now choose to "share" their saved searches with a certain group. That group will then be able to "subscribe" to those searches, and have them appear in their footer.
If the sharer can "bless" the group he's sharing to, (that is, if he can add users to that group), it's considered that he's a manager of that group, and his queries show up automatically in that group's footer (although they can unsubscribe from any particular search, if they want.)
In order to allow a user to share their queries, they also
have to be a member of the group specified in the
querysharegroup parameter.
Users can control their shared and subscribed queries from the "Preferences" screen.
Attachments and Flags on New Bugs
You can now add an attachment while you are filing a new bug.
You can also set flags on the bug and on attachments, while filing a new bug.
Custom Resolutions
You can now customize the list of resolutions available in Bugzilla, including renaming the default resolutions.
The resolutions FIXED, DUPLICATE
and MOVED have a special meaning to Bugzilla,
though, and cannot be renamed or deleted.
Per-Product Permissions
You can now grant users editbugs and canconfirm for only certain products. You can also grant users editcomponents on a product, which means they will be able to edit that product including adding/removing components and other product-specific controls.
User Interface Improvements
There has been some work on the user interface for Bugzilla 3.0, including:
- There is now navigation and a search box a the top of each page, in addition to the bar at the bottom of the page.
- A re-designed "Format for Printing" page for bugs.
- The layout of show_bug.cgi (the bug editing page) has been changed, and the attachment table has been redesigned.
XML-RPC Interface
Bugzilla now has a Web Services interface using the XML-RPC protocol. It can be accessed by external applications by going to the xmlrpc.cgi on your installation.
Documentation can be found in the Bugzilla API Docs, in the various Bugzilla::WebService modules.
Skins
Bugzilla can have multiple "skins" installed, and users can pick between them. To write a skin, you just have to write several CSS files. See the Custom Skins Documentation for more details.
We currently don't have any alternate skins shipping withBugzilla. If you write an alternate skin, please let us know!
Unchangeable Fields Appear Unchangeable
As long as you are logged in, when viewing a bug, if you cannot change a field, it will not look like you can change it. That is, the value will just appear as plain text.
All Emails in Templates
All outbound emails are now controlled by the templating system.
What used to be the passwordmail, whinemail,
newchangedmail and voteremovedmail
parameters are now all templates in the template/ directory.
This means that it's now much easier to customize your outbound emails, and it's also possible for localizers to have more localized emails as part of their language packs, if they want.
We also added a mailfrom parameter to let you set
who shows up in the From field on all emails that
Bugzilla sends.
No More Double-Filed Bugs
Users of Bugzilla will sometimes accidentally submit a bug twice, either by going back in their web browser, or just by refreshing a page. In the past, this could file the same bug twice (or even three times) in a row, irritating developers and confusing users.
Now, if you try to submit a bug twice from the same screen (by going back or by refreshing the page), Bugzilla will warn you about what you're doing, before it actually submits the duplicate bug.
Default CC List for Components
You can specify a list of users who will always be added to the CC list of new bugs in a component.
File/Modify Bugs By Email
You can now file or modify bugs via email. Previous versions of Bugzilla included this feature only as an unsupported add-on, but it is now an official interface to Bugzilla.
For more details see the documentation for email_in.pl.
Users Who Get All Bug Notifications
There is now a parameter called globalwatchers. This is a comma-separated list of Bugzilla users who will get all bug notifications generated by Bugzilla.
Group controls still apply, though, so users who can't see a bug still won't get notifications about that bug.
Improved UTF-8 Support
Bugzilla users running MySQL should now have excellent UTF-8 support if they turn on the utf8 parameter. (New installs have this parameter on by default.) Bugzilla now correctly supports searching and sorting in non-English languages, including multi-bytes languages such as Chinese.
Automatic Update Notification
If you belong to the admin group, you will be notified when you log in if there is a new release of Bugzilla available to download.
You can control these notifications by changing the upgrade_notification parameter.
If your Bugzilla installation is on a machine that needs to go through a proxy to access the web, you may also have to set the proxy_url parameter.
Welcome Page for New Installs
When you log in for the first time on a brand-new Bugzilla installation, you will be presented with a page that describes where you should go from here, and what parameters you should set.
QuickSearch Plugin for IE7 and Firefox 2
Firefox 2 users and Internet Explorer 7 users will be presented with the option to add Bugzilla to their search bar. This uses the QuickSearch syntax.
Other Enhancements and Changes
These are either minor enhancements, or enhancements that have very short descriptions. Some of these are very useful, though!
Enhancements That Affect Bugzilla Users
- In comments, quoted text (lines that start with >) will be a different color from normal text.
- There is now a user preference that will add you to the CC list of any bug you modify. Note that it's on by default.
- Bugs can now be filed with an initial state of ASSIGNED, if you are in the editbugs group.
- By default, comment fields will zoom large when you are typing in them, and become small when you move out of them. You can disable this in your user preferences.
- You can hide obsolete attachments on a bug by clicking "Hide Obsolete" at the bottom of the attachment table.
- If a bug has flags set, and you move it to a different product that has flags with the same name, the flags will be preserved.
- You now can't request a flag to be set by somebody who can't set it (Bugzilla will throw an error if you try).
- Many new headers have been added to outbound Bugzilla
bug emails:
X-Bugzilla-Status,X-Bugzilla-Priority,X-Bugzilla-Assigned-To,X-Bugzilla-Target-Milestone, andX-Bugzilla-Changed-Fields,X-Bugzilla-Who. You can look at an email to get an idea of what they contain. - In addition to the old
X-Bugzilla-Reasonemail header which tells you why you got an email, if you got an email because you were watching somebody, there is now anX-Bugzilla-Watch-Reasonheader that tells you who you were watching and what role they had. - If you hover your mouse over a full URL (like
http://bugs.mycompany.com/show_bug.cgi?id=1212) that links to a bug, you will see the title of the bug. Of course, this only works for bugs in your Bugzilla installation. - If your installation has user watching enabled, you will now see the users that you can remove from your watch-list as a multi-select box, much like the current CC list. (Previously it was just a text box.)
- When a user creates their own account in Bugzilla, the account is now not actually created until they verify their email address by clicking on a link that is emailed to them.
- You can change a bug's resolution without reopening it.
- When you view the dependency tree on a bug, resolved bugs will be hidden by default. (In previous versions, resolved bugs were shown by default.)
- When viewing bug activity, fields that hold bug numbers (such as "Blocks") will have the bug numbers displayed as links to those bugs.
- When viewing the "Keywords" field in a bug list, it will be sorted alphabetically, so you can sanely sort a list on that field.
- In most places, the Version field is now sorted using a version-sort (so 1.10 is greater than 1.2) instead of an alphabetical sort.
- Options for flags will only appear if you can set them. So, for example, if you can't grant + on a flag, that option won't appear for you.
- You can limit the product-related output of config.cgi by specifying a product= URL argument, containing the name of a product. You can specify the argument more than once for multiple products.
- You can now search the boolean charts on whether or not a comment is private.
Enhancements For Administrators
- Administrators can now delete attachments, making them disappear entirely from Bugzilla.
- sanitycheck.cgi can now only be accessed by users in the editcomponents group.
- The "Field Values" control panel can now only be accessed by users in the admin group. (Previously it was accessible to anybody in the editcomponents group.)
- There is a new parameter announcehtml, that will allow you to enter some HTML that will be displayed at the top of every page, as an announcement.
- The loginnetmask parameter now defaults to 0 for new installations, meaning that as long as somebody has the right login cookie, they can log in from any IP address. This makes life a lot easier for dial-up users or other users whose IP changes a lot. This could be done because the login cookie is now very random, and thus secure.
- Classifications now have sortkeys, so they can be sorted in an order that isn't alphabetical.
- Authentication now supports LDAP over SSL (LDAPS) or TLS (using the STARTLS command) in addition to plain LDAP.
- LDAP users can have their LDAP username be their email address, instead of having the LDAP mail attribute be their email address. You may wish to set the emailsuffix parameter if you do this.
- Administrators can now see what has changed in a user account, when using the "Users" control panel.
REMINDandLATERare no longer part of the default list of resolutions. Upgrading installations will not be affected--they will still have these resolutions.- editbugs is now the default for the timetrackinggroup parameter, meaning that time-tracking will be on by default in a new installation.
Outstanding Issues
- Bug 69621: If you rename or remove a keyword that is in use on bugs, you will need to rebuild the "keyword cache" by running sanitycheck.cgi and choosing the option to rebuild the cache when it asks. Otherwise keywords may not show up properly in search results.
- Bug 99215: Flags are not protected by "mid-air collision" detection. Nor are any attachment changes.
- Bug 89822: When changing multiple bugs at the same time, there is no "mid-air collision" protection.
- Bug 276230: The support for restricting access to
particular Categories of New Charts is not complete. You should treat
the 'chartgroup' Param as the only access mechanism available.
However, charts migrated from Old Charts will be restricted to the groups that are marked MANDATORY for the corresponding Product. There is currently no way to change this restriction, and the groupings will not be updated if the group configuration for the Product changes. - Bug 370370: mod_perl support is currently not working on Windows machines.
- Bug 361149: If you are using Perl 5.8.0, you may get a lot of warnings in your Apache error_log about "deprecated pseudo-hashes." These are harmless--they are a bug in Perl 5.8.0. Perl 5.8.1 and later do not have this problem.
- Bugzilla 3.0rc1 allowed custom field column names in the database to be mixed-case. Bugzilla 3.0 only allows lowercase column names. It will fix any column names that you have made mixed-case, but if you have custom fields that previously were mixed-case in any Saved Search, you will have to re-create that Saved Search yourself.
Security Updates in This Release
3.0.6
Bugzilla contains a minor security fix. For details, see the Security Advisory.
3.0.5
Bugzilla contains one security fix for importxml.pl. For details, see the Security Advisory.
3.0.4
Bugzilla 3.0.4 contains three security fixes. For details, see the Security Advisory.
3.0.3
No security fixes in this release.
3.0.2
Bugzilla 3.0.1 had an important security fix that is critical for public installations with "requirelogin" turned on. For details, see the Security Advisory
3.0.1
Bugzilla 3.0 had three security issues that have been
fixed in this release: one minor information leak, one hole only
exploitable by an admin or using email_in.pl, and one in an
uncommonly-used template. For details, see the
Security Advisory.
How to Upgrade From An Older Version
Notes For Upgraders
- If you upgrade by CVS, there are several .cvsignore files that are now in CVS instead of being locally created by checksetup.pl. This means that you will have to delete those files when CVS tells you there's a conflict, and then run cvs update again.
- In this version of Bugzilla, the Summary field is now limited to 255 characters. When you upgrade, any Summary longer than that will be truncated, and the old summary will be preserved in a comment.
- If you have the utf8 parameter turned on, at some point you will have to convert your database. checksetup.pl will tell you when this is, and it will give you certain instructions at that time, that you have to follow before you can complete the upgrade. Don't do the conversion yourself manually--follow the instructions of checksetup.pl.
- If you ever ran 2.23.3, 2.23.4, or 3.0rc1, you will have to run ./collectstats.pl --regenerate at the command line, because the data for your Old Charts is corrupted. This can take several days, so you may only want to run it if you use Old Charts.
- You should also read the Outstanding Issues sections of older release notes if you are upgrading from a version lower than 2.22.
Steps For Upgrading
Once you have read the notes above, see the Upgrading documentation for instructions on how to upgrade.
Code Changes Which May Affect Customizations
- Packagers: Location Variables Have Moved
- Hooks!
- API Documentation
- Elimination of globals.pl
- Cleaned Up Variable Scoping Issues
- No More SendSQL
- Auth Re-write
- Bugzilla::Object
- Bugzilla->request_cache
- Other Changes
Packagers: Location Variables Have Moved
In previous versions of Bugzilla, Bugzilla::Config held all the paths for different things, such as the path to localconfig and the path to the data/ directory.
Now, all of this data is stored in a subroutine, Bugzilla::Constants::bz_locations.
Also, note that for mod_perl, bz_locations must return absolute (not relative) paths. There is already code in that subroutine to help you with this.
Hooks!
Bugzilla now supports a code hook mechanism. See the documentation for Bugzilla::Hook for more details.
This gives Bugzilla very advanced plugin support. You can hook templates, hook code, add new parameters, and use the XML-RPC interface. So we'd like to see some Bugzilla plugins written! Let us know on the developers@bugzilla.org mailing list if you write a plugin.
If you need more hooks, please File a bug!
API Documentation
Bugzilla now ships with all of its perldoc built as HTML. Go ahead and read the API Documentation for all of the Bugzilla modules now! Even scripts like checksetup.pl have HTML documentation.
Elimination of globals.pl
The old file globals.pl has been eliminated. Its code is now in various modules. Each function went to the module that was appropriate for it.
Usually we filed a bug in bugzilla.mozilla.org for each function we moved. You can search there for the old name of the function, and that should get you the information about what it's called now and where it lives.
Cleaned Up Variable Scoping Issues
In normal perl, you can have code like this:
my $var = 0;
sub y { $var++ }
However, under mod_perl that doesn't work. So variables are no longer "shared" with subroutines--instead all variables that a subroutine needs must be declared inside the subroutine itself.
No More SendSQL
The old SendSQL function and all of its companions are gone. Instead, we now use DBI for all database interaction.
For more information about how to use DBI with Bugzilla, see the Developer's Guide Section About DBI
Auth Re-write
The Bugzilla::Auth family of modules have been completely re-written. For details on how the new structure of authentication, read the Bugzilla::Auth API docs.
It should be very easy to write new authentication plugins, now.
Bugzilla::Object
There is a new base class for most of our objects, Bugzilla::Object. It makes it really easy to create new objects based on things that are in the database.
Bugzilla->request-cache
Bugzilla.pm used to cache things like the database
connection in package-global variables (like $_dbh).
That doesn't work in mod_perl, so instead now there's a hash
that can be accessed through Bugzilla->request_cache
to store things for the rest of the current page request.
You shouldn't access Bugzilla->request_cache directly,
but you should use it inside of Bugzilla.pm if you modify
that. The only time you should be accessing it directly is if you need
to reset one of the caches. Hash keys are always named after the function
that they cache, so to reset the template object, you'd do:
delete Bugzilla->request_cache->{template};.
Other Changes
checksetup.plhas been completely re-written, and most of its code moved into modules in the Bugzilla::Install namespace. See the checksetup documentation and Bugzilla bug 277502 for details.- Instead of UserInGroup(), all of Bugzilla now uses Bugzilla->user->in_group
- mod_perl doesn't like dependency loops in modules, so we now have a test for that detects dependency loops in modules when you run runtests.pl.
- globals.pl used to modify the environment variables, like PATH. That now happens in Bugzilla.pm.
- Templates can now link to the documentation more easily. See the global/code-error.html.tmpl and global/user-error.html.tmpl templates for examples. (Search for "docslinks.")
- Parameters are accessed through Bugzilla->params instead of using the Param() function, now.
- The variables from the localconfig file are accessed
through the
Bugzilla->localconfighash instead of through Bugzilla::Config. - Bugzilla::BugMail::MessageToMTA() has moved into its own module, along with other mail-handling code, called Bugzilla::Mailer
- The CheckCanChangeField() subroutine in process_bug.cgi has been moved to Bugzilla::Bug, and is now a method of a bug object.
- The code that used to be in the global/banner.html.tmpl template is now in global/header.html.tmpl. The banner still exists, but the file is empty.
Release Notes For Previous Versions
Release notes for versions of Bugzilla for versions prior to 3.0 are only available in text format: Release Notes for Bugzilla 2.22 and Earlier.