[ANN] Release of Bugzilla 3.2.1, 3.0.7, 2.22.7, and 3.3.2

  Today we have some major security improvements for Bugzilla in the
form of four releases. We strongly recommend that all Bugzilla
administrators read the Security Advisory for these releases, which is
linked below in this email.

  Bugzilla 3.2.1 is our latest stable release. It contains various
useful bug fixes in addition to major security improvements.

  Bugzilla 3.0.7 and Bugzilla 2.22.7 are security updates for their
branches.

  Bugzilla 3.3.2 is an unstable development release. In addition to the
security fixes that all the other releases contain, this release
contains numerous new features and improvements. For details on
what's new, see our latest Status Update, linked below in this email.
Note that 3.3.2 is very unstable and should not be used in a production
environment.

Download
--------
Bugzilla is available at:

  http://www.bugzilla.org/download/


Security Advisory
-----------------
We recommend that all Bugzilla administrators (and particularly those
upgrading to these releases) read the Security Advisory that we are
sending out along with these releases:

  http://www.bugzilla.org/security/2.22.6/


Release Notes & Changes
-----------------------
Before installing or upgrading, you should read the Release Notes for
the version of Bugzilla you are installing:

  3.2.1: http://www.bugzilla.org/releases/3.2.1/release-notes.html
  3.0.7: http://www.bugzilla.org/releases/3.0.7/release-notes.html
  2.22.7: http://www.bugzilla.org/releases/2.22.7/release-notes.html

It is particularly important to read the Release Notes if you are
upgrading from one major version to another (like 3.0.x to 3.2.x).

To see a list of all changes between your version of Bugzilla and
the current version of Bugzilla, you can use the chart at:

  http://www.bugzilla.org/status/changes.html


Status Update
-------------
Our latest Status Update has all kinds of useful information about
our latest development release:

  http://www.bugzilla.org/status/2009-02-02.html


Report Bugs
-----------
If you find a bug in Bugzilla, please report it! Instructions are
at this URL:

  http://www.bugzilla.org/developers/reporting_bugs.html


Try Out Bugzilla
----------------
If you'd like to test-drive Bugzilla, you can use the demo
installations of Bugzilla at:

  http://landfill.bugzilla.org/


Support
-------
You can ask questions for free on the mailing lists (or in IRC)
about Bugzilla, or you can hire a paid consultant to help you out:

  Free Support: http://www.bugzilla.org/support/
  Paid Support: http://www.bugzilla.org/support/consulting.html


About Bugzilla
--------------
  Bugzilla is a "Defect Tracking System" or "Bug-Tracking System."
Defect Tracking Systems allow individuals or groups of developers
to keep track of outstanding bugs in their product effectively.
Most commercial defect-tracking software vendors charge enormous
licensing fees. Despite being "free", Bugzilla has many features
its expensive counterparts lack. Consequently, Bugzilla has quickly
become a favorite of hundreds of organizations across the globe, and
is widely regarded as one of the top defect-tracking systems available.

  See http://www.bugzilla.org/about/ for more details.

  -Max Kanat-Alexander
  Release Manager, Bugzilla Project
0
Max
2/3/2009 1:40:41 AM
mozilla.support.bugzilla 10158 articles. 0 followers. Post Follow

0 Replies
1106 Views

Similar Articles

[PageSpeed] 36

Reply:

Similar Artilces:

[ANN] Release of Bugzilla 3.2.7, 3.4.7, 3.6.1, and 3.7.1
Today we have four new releases! One new development snapshot (3.7.1), two new stable releases (3.6.1 and 3.4.7) and one update for the legacy 3.2 branch (3.2.7). Bugzilla 3.6.1 is our latest stable release. It contains some significant bug fixes for the 3.6 branch. Bugzilla 3.4.7 is the last bug-fix release for the 3.4 series. After this, there will only be additional 3.4 releases if there are security issues discovered in the 3.4 series. Bugzilla 3.2.7 is a security update for the 3.2 branch. Bugzilla 3.7.1 is our first unstable development release on the road to ...

[ANN] Security Advisory for Bugzilla 3.2.7, 3.4.7, 3.6.1, and 3.7.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * It was possible to (at least partially) determine the membership of any group using the Search interface. * It was possible to use the 'sudo' feature without sending a notification to the user being impersonated. * The 'Reports' and 'Duplicates' pages let you guess the name of products you could not see, due to the error message ...

[ANN] Security Advisory for Bugzilla 3.2.1, 3.3.2, and 3.0.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, generated insufficiently random numbers, resulting in all random tokens being the same, all CSRF protection being defeated, and the new attachment_base functionality being compromised. Only these releases were affected--earlier releases are not affected. All affected installations are encouraged to upgrade as soon as possible. Vulnerability Details =========...

[ANN] Release of Bugzilla 3.0.1, 3.1.1, 2.22.3, and 2.20.5
--Sig_nEH4Ypdt2vWEVOYyO6=XaoK Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Today the Bugzilla project has four releases! 3.0.1 is the first bug-fix release for the 3.0 series. 3.0 was very stable, but 3.0.1 adds a lot of little polish fixes that greatly improve the experience of using Bugzilla. 3.1.1 is our first development release toward Bugzilla 3.2. It has a huge number of new features, but is EXTREMELY UNSTABLE. It has not been tested, and should not be used in a production environment. It may fail in critical ways, or destro...

[ANN] Release of Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
Today we have four new releases. One new development snapshot (3.7.3), one new stable release (3.6.2) and two security updates for the old stable releases (3.4.8 and 3.2.8). Bugzilla 3.6.2 is our latest stable release. It contains various useful bug fixes and security improvements for the 3.6 branch. Bugzilla 3.4.8 and 3.2.8 are security updates for the 3.4 branch and the 3.2 branch, respectively. Bugzilla 3.7.3 is our third unstable development release leading to Bugzilla 4.0. We have done a fair amount of QA on this release. However, QA found many bugs that have not ye...

[ANN] Release of Bugzilla 3.2.2, 3.0.8, and 3.3.3
Bugzilla 3.2.1, 3.0.7, and 3.3.2 contained a bug that was critical for any installation running under mod_perl, due to an unintentional interaction between the various security fixes in those releases. We are releasing three new releases today to fix the critical issue: 3.2.2, 3.0.8, and 3.3.3. They are identical to the previous release except that they have this one fix for installations running under mod_perl. Download -------- Bugzilla is available at: http://www.bugzilla.org/download/ Security Advisory ----------------- Details of the fix are in the Security Adviso...

Testopia 1.3 (Bugzilla 3.0) and Testopia 1.2.2 (Bugzilla 2.22.x) Released
Testopia 1.3 has been released.=20 This Testopia is compatible with Bugzilla 3.0 and mod_perl and provides Postgres support. For those of you still running Bugzilla 2.22.x, I am also releasing 1.2.2 which is a (major) bug fix release. They are available from the project home page at http://www.mozilla.org/projects/testopia Thanks for all the feedback. Keep it coming. Greg Hendricks ...

Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5
--Sig_/7+QS=YT68me2o8pI2lL1LPd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Summary =3D=3D=3D=3D=3D=3D=3D Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security issues that have recently been fixed in the Bugzilla code: * Users without the "canconfirm" privilege could enter a bug as NEW or ASSIGNED by using the XML-RPC interface. * When viewing several bugs at once, there was a Cross-Site Scripting hole. * The inbound email interface allowed you t...

[ANN] Release of Bugzilla 4.3.2, 4.2.2, 4.0.7, and 3.6.10
Today we are releasing 4.2.2, 4.0.7, 3.6.10, and the unstable development snapshot 4.3.2. All of today's releases contain security fixes. We recommend all Bugzilla administrators to read the Security Advisory linked below. Bugzilla 4.2.2 is our latest stable release. It contains various useful bug fixes and security fixes for the 4.2 branch. Bugzilla 4.0.7 and 3.6.10 are security updates for the 4.0 branch and the 3.6 branch, respectively. 4.0.7 also contains several bug fixes. Note that 4.3.2 is an unstable development release and should not be used in producti...

[ANN] Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability. * It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names. * YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contain...

[ANN] Release of Bugzilla 3.0.2 and 3.1.2
--Sig_GocDqc0EbsEgFgVGupFMZs3 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Today the Bugzilla project has two releases, primarily to fix an important security issue discovered in the 3.0.x and 3.1.x series. 3.0.2 contains the security fix and a few other minor bug fixes. 3.1.2 also contains the security fix, but just like 3.1.1, it has had massive changes and received little or no testing. It should be considered unstable and only used in testing environments. Download -------- Bugzilla is available at: http://www.bugzilla...

From 2.1.2 to 3.1 or 2.1.2 to 3.0.13 to 3.1
I'm checking back in after being away for a couple of months and I missed the 3.1 release. I can't seem to find any info on what's new in 3.1 and also what the upgrade path should be. So, is the recommended path for upgrading from v 2.1.2 to go directly to 3.1 or do I need to go to 3.0.13 first? Are there any big issues in 3.1 that make it a "gotta have it" version?I did a couple of 2.1.2 to 3.0.12 upgrades but haven't upgraded to or tested 3.1 yet. I have one 2.1.2 site that is commercial and I need it to be down as little time as possible. It also has a lot of third party modules...

Release of Bugzilla 2.18.6, 2.20.3, 2.22.1, and 2.23.3
We have many releases for you, today! Bugzilla 2.18.6 and 2.20.3 are security-fix releases for our older branches. Bugzilla 2.22.1 is our first bugfix release in the 2.22 series, and contains many useful fixes that improve the experience of using Bugzilla. Finally, we are releasing an unstable development snapshot, Bugzilla 2.23.3. This snapshot has both custom fields and mod_perl support, but has not been tested as thoroughly as our other releases. The 2.23 series will eventually culminate in Bugzilla 3.0. Users of the 2.18.x series should note that 2.18.x will r...

[ANN] Release of Bugzilla 3.4.2, 3.2.5, and 3.0.9
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Today the Bugzilla Project is releasing Bugzilla 3.4.2, 3.2.5, and 3.0.9. All of these releases contain a VERY IMPORTANT SECURITY FIX. See the Security Advisory for details. If you are running 2.23 or later, you should upgrade immediately. If you are unable to update to the latest version, then please apply the patches for the issues as described in the Security Advisory. Bugzilla 3.4.2 is our latest stable release, and in addition to the security fixes, it contains various useful bug fixes and minor improvements. Bugzilla 3....

Web resources about - [ANN] Release of Bugzilla 3.2.1, 3.0.7, 2.22.7, and 3.3.2 - mozilla.support.bugzilla

Bugzilla - Wikipedia, the free encyclopedia
Bugzilla is a Web -based general-purpose bugtracker and testing tool originally developed and used by the Mozilla project, and licensed under ...

Bugzilla Main Page
This is the bug tracker for MediaWiki and its extensionsand site-specific problems on Wikimedia's wiki sites. Welcome to Bugzilla. To see what's ...

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws
Hackers could have had an inside track on unpatched flaws in major software projects because of a critical vulnerability in Bugzilla, a system ...

Bugzilla 0-day can reveal 0-day bugs in OSS giants like Mozilla, Red Hat
C Security firm Check Point Software Technologies used a flaw it discovered in the Perl programming language to hack into the popular Bugzilla ...

Mozilla loses more user info, this time data of 97,000 customers goes out through Bugzilla
... has come to light regarding the loss of another 97,000 emails and passwords that were left exposed. The latest issue comes via Bugzilla, and ...

Bugzilla, my first wiki
Bugzilla introduced me to the world of wikis. It took me a while to understand the power of wikis. But I remember years ago when I first used ...

Mozilla's Bugzilla Hacked, Exposing Firefox Zero-Days
The good news in this bad situation is that Firefox is already patched for all the issues.

Bugzilla Zero-Day Exposes Zero-Day Bugs
A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions ...

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws
Hackers could have had an inside track on unpatched flaws in major software projects because of a critical vulnerability in Bugzilla, a system ...

Bugzilla API - ProgrammableWeb
Bugzilla is the bug tracking and reporting system created and used by Mozilla. It is also available for use by other projects and organizations. ...

Resources last updated: 12/18/2015 6:18:35 AM