Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bumped version to 5.0.3 | David Lawrence | 2016-05-16 | 1 | -1/+1 |
| | |||||
* | Bug 1253263 - (CVE-2016-2803) [SECURITY] XSS vulnerability in dependency ↵ | Frédéric Buclin | 2016-05-16 | 1 | -1/+7 |
| | | | | | | graphs via bug summary r/a=dkl | ||||
* | Bug 1269388 - Release notes for Bugzilla 5.0.3 | Frédéric Buclin | 2016-05-13 | 1 | -0/+34 |
| | | | | r=dkl | ||||
* | Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if ↵ | Dylan William Hardison | 2016-05-13 | 1 | -1/+1 |
| | | | | tab.link is user-controlled | ||||
* | Add build.platform = linux64, machine.platform = linux64 to taskgraph.json ↵ | David Lawrence | 2016-05-02 | 1 | -6/+42 |
| | | | | to remove b2gtest from Treeherder results | ||||
* | Bug 1259881 - CSV export vulnerable to formulae injection (again) | Frédéric Buclin | 2016-04-25 | 1 | -3/+4 |
| | | | | r=sgreen a=dkl | ||||
* | Bug 542239 - Accept pronouns everywhere in query.cgi | Albert Ting | 2016-04-20 | 2 | -2/+3 |
| | | | | r=dkl,a=dkl | ||||
* | Bug 1232171 - 'make clean' shouldn't delete rst/, images/ and Makefile, only ↵ | Frédéric Buclin | 2016-04-15 | 1 | -1/+1 |
| | | | | | | generated files r=gerv | ||||
* | Email::MIME::Attachment::Stripper is no longer used, see bug 437076 | Frédéric Buclin | 2016-04-10 | 1 | -2/+1 |
| | |||||
* | Fix an incorrect URL in the documentation | Frédéric Buclin | 2016-04-09 | 1 | -1/+1 |
| | |||||
* | Bug 1204957 - Locally compiled POD documentation is no longer accessible ↵ | Frédéric Buclin | 2016-04-09 | 4 | -12/+25 |
| | | | | | | from docs/en/html/api/ r=dkl | ||||
* | Bug 1246228 - Email addresses must not be encoded | Frédéric Buclin | 2016-04-06 | 2 | -14/+4 |
| | | | | r/a=dkl | ||||
* | Bug 1261124: When deleting a component, this component is listed again | Frédéric Buclin | 2016-04-05 | 1 | -1/+4 |
| | | | | r/a=dkl | ||||
* | Bug 1260027: Document how to compile the documentation on Windows | Frédéric Buclin | 2016-04-01 | 2 | -12/+32 |
| | | | | r=gerv | ||||
* | Bug 1200010: The Quick Start doc should stop assuming Bugzilla is your ↵ | Frédéric Buclin | 2016-04-01 | 1 | -16/+12 |
| | | | | | | single application r=gerv | ||||
* | Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry Perl | Frédéric Buclin | 2016-03-27 | 1 | -0/+1 |
| | |||||
* | Bug 1255619: CGI scripts should not send duplicated headers | Frédéric Buclin | 2016-03-21 | 4 | -36/+7 |
| | | | | r/a=dkl | ||||
* | Bug 1230932: Providing a condition as an ID to the webservice results in a ↵ | Frédéric Buclin | 2016-03-19 | 4 | -3/+23 |
| | | | | | | taint error r/a=dkl | ||||
* | Bug 1253267: Possible DOT injection vulnerability in dependency graphs if ↵ | Frédéric Buclin | 2016-03-15 | 1 | -0/+3 |
| | | | | | | long bug summaries are wrapped r/a=dkl | ||||
* | Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵ | Thorsten Schöning | 2016-03-09 | 1 | -2/+2 |
| | | | | | | bug depending or blocking another one r=LpSolit a=dkl | ||||
* | Bug 1234977: Replace \d+ by [0-9]+ in critical validation places | Frédéric Buclin | 2016-03-09 | 5 | -21/+22 |
| | | | | r=dylan a=dkl | ||||
* | IIS instructions work with Windows 10 too | Frédéric Buclin | 2016-03-06 | 1 | -1/+2 |
| | |||||
* | Bug 1250354: The "Forgot password" link should not be displayed if users ↵ | Frédéric Buclin | 2016-02-23 | 1 | -23/+25 |
| | | | | | | are not allowed to change it r/a=dkl | ||||
* | Bug 1250264: Extensions have no easy way to override favicon.ico | Frédéric Buclin | 2016-02-22 | 1 | -1/+2 |
| | | | | r/a=dkl | ||||
* | - task.expires needs to be greater than artifacts.expires | David Lawrence | 2016-02-22 | 1 | -0/+6 |
| | |||||
* | - Update artifact expiration date | David Lawrence | 2016-02-22 | 1 | -12/+12 |
| | |||||
* | Bug 1242263: The web server and SQL server sections are not correctly ↵ | Frédéric Buclin | 2016-02-17 | 5 | -19/+35 |
| | | | | | | referenced in the documentation r=gerv | ||||
* | Travis CI config file no longer necessary | David Lawrence | 2016-02-08 | 1 | -78/+0 |
| | |||||
* | Bug 1246531: REST_DOC should point to bugzilla.readthedocs.org instead of ↵ | Frédéric Buclin | 2016-02-08 | 1 | -1/+1 |
| | | | | | | bugzilla.org r/a=dkl | ||||
* | Bug 1046241: All links to the documentation displayed besides error messages ↵ | Frédéric Buclin | 2016-02-08 | 3 | -79/+77 |
| | | | | | | are broken r=gerv a=dkl | ||||
* | Bug 1240752 - Attachment data submitted via REST API must always be base64 ↵ | David Lawrence | 2016-01-26 | 1 | -4/+2 |
| | | | | | | encoded r=gerv,a=dkl | ||||
* | Bug 1235271: Remove .htaccess from .gitignore | Frédéric Buclin | 2016-01-08 | 1 | -0/+1 |
| | | | | r/a=dkl | ||||
* | Bug 402039: Exporting CSV from chart.cgi doesn't set mimetype, ↵ | Frédéric Buclin | 2016-01-07 | 1 | -6/+5 |
| | | | | | | content_disposition, or filename r/a=dkl | ||||
* | Bug 324242: Unsetting shutdownhtml requires too much intimate knowledge | Frédéric Buclin | 2016-01-07 | 1 | -2/+9 |
| | | | | r/a=dkl | ||||
* | Addl. fix for bug 1089448: also detaint $ENV{WINDIR} on Windows | Frédéric Buclin | 2016-01-07 | 1 | -1/+1 |
| | |||||
* | Bug 1235270: Set submitter_id before calling _check_data() | Mahdi Mokhtari | 2016-01-05 | 1 | -1/+2 |
| | | | | r=LpSolit a=dkl | ||||
* | Bug 1045782: Existing URLs in the See Also field should not throw an error ↵ | Frédéric Buclin | 2016-01-05 | 1 | -2/+3 |
| | | | | | | when the bug is displayed r/a=dkl | ||||
* | Bug 1191706: When editing flag types, components do not match the selected ↵ | Frédéric Buclin | 2016-01-04 | 7 | -86/+51 |
| | | | | | | product when classifications are enabled r/a=dkl | ||||
* | Bug 1235395 - whine.pl broken due to a missing generate_email() routine | Dylan Hardison | 2016-01-02 | 2 | -2/+67 |
| | | | | r=lpsolit,a=dylan | ||||
* | Bug 1235271: Remove .htaccess from .gitignore | Frédéric Buclin | 2015-12-29 | 2 | -2/+0 |
| | | | | r/a=dkl | ||||
* | Bug 1235415: Use "AllowOverride All" everywhere | Frédéric Buclin | 2015-12-28 | 1 | -1/+1 |
| | |||||
* | Bumped version post-release | David Lawrence | 2015-12-22 | 1 | -1/+1 |
| | |||||
* | Revert "Add missing use List::MoreUtils" | David Lawrence | 2015-12-22 | 1 | -1/+0 |
| | | | | This reverts commit d4470f34b627bb5a15a0af496db67185a922f4f5. | ||||
* | Revert "Bug 1230932 - Providing a condition as an ID to the webservice ↵ | David Lawrence | 2015-12-22 | 4 | -20/+0 |
| | | | | | | results in a taint error" This reverts commit 396ae88235ef68ed45978dfb36774c5fe9a2d699. | ||||
* | Add missing use List::MoreUtils | Dylan Hardison | 2015-12-22 | 1 | -0/+1 |
| | |||||
* | Bumped version to 5.0.2 | David Lawrence | 2015-12-22 | 1 | -1/+1 |
| | |||||
* | Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid ↵ | Dylan Hardison | 2015-12-22 | 1 | -0/+3 |
| | | | | | | javascript in some browsers r=dkl,a=dkl | ||||
* | Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when ↵ | Frédéric Buclin | 2015-12-22 | 1 | -5/+8 |
| | | | | | | displaying the bug summary r=gerv a=dkl | ||||
* | Bug 1230932 - Providing a condition as an ID to the webservice results in a ↵ | Dylan Hardison | 2015-12-22 | 4 | -1/+21 |
| | | | | | | taint error r=dkl,a=dkl | ||||
* | Update release notes | Frédéric Buclin | 2015-12-22 | 1 | -1/+1 |
| |