aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bumped version to 5.0.3David Lawrence2016-05-161-1/+1
|
* Bug 1253263 - (CVE-2016-2803) [SECURITY] XSS vulnerability in dependency ↵Frédéric Buclin2016-05-161-1/+7
| | | | | | graphs via bug summary r/a=dkl
* Bug 1269388 - Release notes for Bugzilla 5.0.3Frédéric Buclin2016-05-131-0/+34
| | | | r=dkl
* Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if ↵Dylan William Hardison2016-05-131-1/+1
| | | | tab.link is user-controlled
* Add build.platform = linux64, machine.platform = linux64 to taskgraph.json ↵David Lawrence2016-05-021-6/+42
| | | | to remove b2gtest from Treeherder results
* Bug 1259881 - CSV export vulnerable to formulae injection (again)Frédéric Buclin2016-04-251-3/+4
| | | | r=sgreen a=dkl
* Bug 542239 - Accept pronouns everywhere in query.cgiAlbert Ting2016-04-202-2/+3
| | | | r=dkl,a=dkl
* Bug 1232171 - 'make clean' shouldn't delete rst/, images/ and Makefile, only ↵Frédéric Buclin2016-04-151-1/+1
| | | | | | generated files r=gerv
* Email::MIME::Attachment::Stripper is no longer used, see bug 437076Frédéric Buclin2016-04-101-2/+1
|
* Fix an incorrect URL in the documentationFrédéric Buclin2016-04-091-1/+1
|
* Bug 1204957 - Locally compiled POD documentation is no longer accessible ↵Frédéric Buclin2016-04-094-12/+25
| | | | | | from docs/en/html/api/ r=dkl
* Bug 1246228 - Email addresses must not be encodedFrédéric Buclin2016-04-062-14/+4
| | | | r/a=dkl
* Bug 1261124: When deleting a component, this component is listed againFrédéric Buclin2016-04-051-1/+4
| | | | r/a=dkl
* Bug 1260027: Document how to compile the documentation on WindowsFrédéric Buclin2016-04-012-12/+32
| | | | r=gerv
* Bug 1200010: The Quick Start doc should stop assuming Bugzilla is your ↵Frédéric Buclin2016-04-011-16/+12
| | | | | | single application r=gerv
* Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry PerlFrédéric Buclin2016-03-271-0/+1
|
* Bug 1255619: CGI scripts should not send duplicated headersFrédéric Buclin2016-03-214-36/+7
| | | | r/a=dkl
* Bug 1230932: Providing a condition as an ID to the webservice results in a ↵Frédéric Buclin2016-03-194-3/+23
| | | | | | taint error r/a=dkl
* Bug 1253267: Possible DOT injection vulnerability in dependency graphs if ↵Frédéric Buclin2016-03-151-0/+3
| | | | | | long bug summaries are wrapped r/a=dkl
* Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵Thorsten Schöning2016-03-091-2/+2
| | | | | | bug depending or blocking another one r=LpSolit a=dkl
* Bug 1234977: Replace \d+ by [0-9]+ in critical validation placesFrédéric Buclin2016-03-095-21/+22
| | | | r=dylan a=dkl
* IIS instructions work with Windows 10 tooFrédéric Buclin2016-03-061-1/+2
|
* Bug 1250354: The "Forgot password" link should not be displayed if users ↵Frédéric Buclin2016-02-231-23/+25
| | | | | | are not allowed to change it r/a=dkl
* Bug 1250264: Extensions have no easy way to override favicon.icoFrédéric Buclin2016-02-221-1/+2
| | | | r/a=dkl
* - task.expires needs to be greater than artifacts.expiresDavid Lawrence2016-02-221-0/+6
|
* - Update artifact expiration dateDavid Lawrence2016-02-221-12/+12
|
* Bug 1242263: The web server and SQL server sections are not correctly ↵Frédéric Buclin2016-02-175-19/+35
| | | | | | referenced in the documentation r=gerv
* Travis CI config file no longer necessaryDavid Lawrence2016-02-081-78/+0
|
* Bug 1246531: REST_DOC should point to bugzilla.readthedocs.org instead of ↵Frédéric Buclin2016-02-081-1/+1
| | | | | | bugzilla.org r/a=dkl
* Bug 1046241: All links to the documentation displayed besides error messages ↵Frédéric Buclin2016-02-083-79/+77
| | | | | | are broken r=gerv a=dkl
* Bug 1240752 - Attachment data submitted via REST API must always be base64 ↵David Lawrence2016-01-261-4/+2
| | | | | | encoded r=gerv,a=dkl
* Bug 1235271: Remove .htaccess from .gitignoreFrédéric Buclin2016-01-081-0/+1
| | | | r/a=dkl
* Bug 402039: Exporting CSV from chart.cgi doesn't set mimetype, ↵Frédéric Buclin2016-01-071-6/+5
| | | | | | content_disposition, or filename r/a=dkl
* Bug 324242: Unsetting shutdownhtml requires too much intimate knowledgeFrédéric Buclin2016-01-071-2/+9
| | | | r/a=dkl
* Addl. fix for bug 1089448: also detaint $ENV{WINDIR} on WindowsFrédéric Buclin2016-01-071-1/+1
|
* Bug 1235270: Set submitter_id before calling _check_data()Mahdi Mokhtari2016-01-051-1/+2
| | | | r=LpSolit a=dkl
* Bug 1045782: Existing URLs in the See Also field should not throw an error ↵Frédéric Buclin2016-01-051-2/+3
| | | | | | when the bug is displayed r/a=dkl
* Bug 1191706: When editing flag types, components do not match the selected ↵Frédéric Buclin2016-01-047-86/+51
| | | | | | product when classifications are enabled r/a=dkl
* Bug 1235395 - whine.pl broken due to a missing generate_email() routineDylan Hardison2016-01-022-2/+67
| | | | r=lpsolit,a=dylan
* Bug 1235271: Remove .htaccess from .gitignoreFrédéric Buclin2015-12-292-2/+0
| | | | r/a=dkl
* Bug 1235415: Use "AllowOverride All" everywhereFrédéric Buclin2015-12-281-1/+1
|
* Bumped version post-releaseDavid Lawrence2015-12-221-1/+1
|
* Revert "Add missing use List::MoreUtils"David Lawrence2015-12-221-1/+0
| | | | This reverts commit d4470f34b627bb5a15a0af496db67185a922f4f5.
* Revert "Bug 1230932 - Providing a condition as an ID to the webservice ↵David Lawrence2015-12-224-20/+0
| | | | | | results in a taint error" This reverts commit 396ae88235ef68ed45978dfb36774c5fe9a2d699.
* Add missing use List::MoreUtilsDylan Hardison2015-12-221-0/+1
|
* Bumped version to 5.0.2David Lawrence2015-12-221-1/+1
|
* Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid ↵Dylan Hardison2015-12-221-0/+3
| | | | | | javascript in some browsers r=dkl,a=dkl
* Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when ↵Frédéric Buclin2015-12-221-5/+8
| | | | | | displaying the bug summary r=gerv a=dkl
* Bug 1230932 - Providing a condition as an ID to the webservice results in a ↵Dylan Hardison2015-12-224-1/+21
| | | | | | taint error r=dkl,a=dkl
* Update release notesFrédéric Buclin2015-12-221-1/+1
|