aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Bugzilla/Constants: HTTP Strict Transport Security should be least 6 months ↵HEADmasterbugstestRobin H. Johnson2017-09-161-2/+2
| | | | | | per Mozilla. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* CGI: set Content-Security-Policy header.Robin H. Johnson2017-09-161-1/+2
| | | | Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* Gentoo: move sparc to unstable archesMichał Górny2017-09-122-2/+2
|
* comments template: Use relative (#) references to commentsMichał Górny2017-09-111-1/+1
|
* Gentoo: shorten URLs in addressbarMichał Górny2017-09-111-1/+20
|
* Convert HTTP to HTTPS links.Robin H. Johnson2017-09-104-10/+11
| | | | | Fixes: https://bugs.gentoo.org/show_bug.cgi?id=630608 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* Merge remote-tracking branch 'upstream/5.0'Robin H. Johnson2017-09-1018-45/+59
|\
| * Bug 1398100 - tiny tweaks to release notesGervase Markham2017-09-081-1/+2
| |
| * Revert "Bug 1306534 - Crash when pasting UTF8 text as an attachment"Dylan William Hardison2016-10-191-1/+0
| | | | | | | | This reverts commit 89cb60fe38a7962c876bce18368db90cedda84eb.
| * Bug 1310728 - editflagtypes.cgi crashes when classifications are enabled and ↵Frédéric Buclin2016-10-171-1/+1
| | | | | | | | | | | | the user hasn't global editcomponents privs r/a=dkl
| * Bug 1306534 - Crash when pasting UTF8 text as an attachmentMatt Tyson2016-10-111-0/+1
| | | | | | | | r=dylan
| * nit: wrong method call in Bugzilla::MigrateDylan William Hardison2016-10-081-1/+1
| |
| * Bug 1300437 - DateTime::TimeZone::offset_as_string called incorrectly (#19)Dylan William Hardison2016-10-082-2/+2
| |
| * Bug 1303702 - bug history table 'when' column shows 00:00 only using sqliteAndrea Orsini2016-09-191-0/+1
| | | | | | | | r/a=dylan
| * - New CI docker image for testingDavid Lawrence2016-09-071-17/+19
| |
| * Bug 1292510 - replace references to git.mozilla.org with references to ↵Gervase Markham2016-08-057-6/+18
| | | | | | | | github. r=dylan
| * Fix the default API URLFrédéric Buclin2016-06-011-2/+2
| |
| * Bug 1269266 - API links for Bugzilla 5+ not working anymoreFrédéric Buclin2016-06-012-6/+5
| |
| * Bug 1273846 - Checksetup fails to update chart storage during pre-3.6 -> 5.0 ↵Frédéric Buclin2016-05-201-9/+8
| | | | | | | | | | | | upgrade r/a=dkl
| * Bumped version post-releaseDavid Lawrence2016-05-161-1/+1
| |
* | Match file_write permissions.Robin H. Johnson2017-06-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | text_write was introduced for bug 1301887 per commit df4677439d7b3658e2d896ffaab903b01c2e2fe6, but had slightly different semantics than the original File::Slurp file_write function. Specifically, file_write applied the umask for new files, while text_write is based on File::Temp and uses 0600 for new files. Add a permission grant so that new files respect the umask instead. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* | Bug 1301887 - File::Slurp triggers warnings on perl 5.24 and it is ↵Dylan William Hardison2017-06-195-20/+40
| | | | | | | | | | | | | | | | recommended to not use it (#21) r=mtyson (cherry picked from commit df4677439d7b3658e2d896ffaab903b01c2e2fe6) Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* | Merge tag 'release-5.0.3' into bugstestChristian Ruppert2016-06-1859-452/+463
|\ \ | |/
| * Bumped version to 5.0.3David Lawrence2016-05-161-1/+1
| |
| * Bug 1253263 - (CVE-2016-2803) [SECURITY] XSS vulnerability in dependency ↵Frédéric Buclin2016-05-161-1/+7
| | | | | | | | | | | | graphs via bug summary r/a=dkl
| * Bug 1269388 - Release notes for Bugzilla 5.0.3Frédéric Buclin2016-05-131-0/+34
| | | | | | | | r=dkl
| * Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if ↵Dylan William Hardison2016-05-131-1/+1
| | | | | | | | tab.link is user-controlled
| * Add build.platform = linux64, machine.platform = linux64 to taskgraph.json ↵David Lawrence2016-05-021-6/+42
| | | | | | | | to remove b2gtest from Treeherder results
| * Bug 1259881 - CSV export vulnerable to formulae injection (again)Frédéric Buclin2016-04-251-3/+4
| | | | | | | | r=sgreen a=dkl
| * Bug 542239 - Accept pronouns everywhere in query.cgiAlbert Ting2016-04-202-2/+3
| | | | | | | | r=dkl,a=dkl
| * Bug 1232171 - 'make clean' shouldn't delete rst/, images/ and Makefile, only ↵Frédéric Buclin2016-04-151-1/+1
| | | | | | | | | | | | generated files r=gerv
| * Email::MIME::Attachment::Stripper is no longer used, see bug 437076Frédéric Buclin2016-04-101-2/+1
| |
| * Fix an incorrect URL in the documentationFrédéric Buclin2016-04-091-1/+1
| |
| * Bug 1204957 - Locally compiled POD documentation is no longer accessible ↵Frédéric Buclin2016-04-094-12/+25
| | | | | | | | | | | | from docs/en/html/api/ r=dkl
| * Bug 1246228 - Email addresses must not be encodedFrédéric Buclin2016-04-062-14/+4
| | | | | | | | r/a=dkl
| * Bug 1261124: When deleting a component, this component is listed againFrédéric Buclin2016-04-051-1/+4
| | | | | | | | r/a=dkl
| * Bug 1260027: Document how to compile the documentation on WindowsFrédéric Buclin2016-04-012-12/+32
| | | | | | | | r=gerv
| * Bug 1200010: The Quick Start doc should stop assuming Bugzilla is your ↵Frédéric Buclin2016-04-011-16/+12
| | | | | | | | | | | | single application r=gerv
| * Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry PerlFrédéric Buclin2016-03-271-0/+1
| |
| * Bug 1255619: CGI scripts should not send duplicated headersFrédéric Buclin2016-03-214-36/+7
| | | | | | | | r/a=dkl
| * Bug 1230932: Providing a condition as an ID to the webservice results in a ↵Frédéric Buclin2016-03-194-3/+23
| | | | | | | | | | | | taint error r/a=dkl
| * Bug 1253267: Possible DOT injection vulnerability in dependency graphs if ↵Frédéric Buclin2016-03-151-0/+3
| | | | | | | | | | | | long bug summaries are wrapped r/a=dkl
| * Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵Thorsten Schöning2016-03-091-2/+2
| | | | | | | | | | | | bug depending or blocking another one r=LpSolit a=dkl
| * Bug 1234977: Replace \d+ by [0-9]+ in critical validation placesFrédéric Buclin2016-03-095-21/+22
| | | | | | | | r=dylan a=dkl
| * IIS instructions work with Windows 10 tooFrédéric Buclin2016-03-061-1/+2
| |
| * Bug 1250354: The "Forgot password" link should not be displayed if users ↵Frédéric Buclin2016-02-231-23/+25
| | | | | | | | | | | | are not allowed to change it r/a=dkl
| * Bug 1250264: Extensions have no easy way to override favicon.icoFrédéric Buclin2016-02-221-1/+2
| | | | | | | | r/a=dkl
| * - task.expires needs to be greater than artifacts.expiresDavid Lawrence2016-02-221-0/+6
| |
| * - Update artifact expiration dateDavid Lawrence2016-02-221-12/+12
| |
| * Bug 1242263: The web server and SQL server sections are not correctly ↵Frédéric Buclin2016-02-175-19/+35
| | | | | | | | | | | | referenced in the documentation r=gerv