Release of Bugzilla 2.18.6, 2.20.3, 2.22.1, and 2.23.3

  We have many releases for you, today!
  
  Bugzilla 2.18.6 and 2.20.3 are security-fix releases for our older
branches.

  Bugzilla 2.22.1 is our first bugfix release in the 2.22 series,
and contains many useful fixes that improve the experience of using
Bugzilla.

  Finally, we are releasing an unstable development snapshot, Bugzilla
2.23.3. This snapshot has both custom fields and mod_perl support,
but has not been tested as thoroughly as our other releases. The 2.23
series will eventually culminate in Bugzilla 3.0.

  Users of the 2.18.x series should note that 2.18.x will reach
End Of Life when Bugzilla 3.0 is released. There are more details
in our Status Update.

  We hope you enjoy all our new releases!


Download
--------
Bugzilla is available at:

http://www.bugzilla.org/download/


Release Notes & Changes
-----------------------
Before installing or upgrading, it is VERY IMPORTANT to read
the Release Notes:

2.18.6: http://www.bugzilla.org/releases/2.18.6/release-notes.html
2.20.3: http://www.bugzilla.org/releases/2.20.3/release-notes.html
2.22.1: http://www.bugzilla.org/releases/2.22.1/release-notes.html

To see a list of all changes between your version of Bugzilla and
the current version of Bugzilla, you can use the chart at:

http://www.bugzilla.org/status/changes.html


Security Advisory
-----------------
All of our releases contain important security fixes. Read about 
them here:

http://www.bugzilla.org/security/2.18.5/


Status Update
-------------
To see what's new with the Bugzilla Project, including all the features
of our latest Development Release, see our latest Status Update:

http://www.bugzilla.org/status/2006-10-15.html


Try Out Bugzilla
----------------
If you'd like to test-drive Bugzilla, you can use the demo
installations of Bugzilla at:

http://landfill.bugzilla.org/


Support
-------
You can ask questions for free on the mailing lists (or in IRC)
about Bugzilla, or you can hire a paid consultant to help you out:

Free Support: http://www.bugzilla.org/support/
Paid Support: http://www.bugzilla.org/support/consulting.html


About Bugzilla
--------------
Bugzilla is a "Defect Tracking System" or "Bug-Tracking System."
Defect Tracking Systems allow individual or groups of developers
to keep track of outstanding bugs in their product effectively.
Most commercial defect-tracking software vendors charge enormous
licensing fees. Despite being "free", Bugzilla has many features
its expensive counterparts lack. Consequently, Bugzilla has quickly
become a favorite of hundreds of organizations across the globe, and
is widely regarded as one of the top defect-tracking systems available.

See http://www.bugzilla.org/about/ for more details.

-Max Kanat-Alexander
Release Manager, Bugzilla Project

0
Max
10/15/2006 10:10:02 AM
mozilla.support.bugzilla 10120 articles. 0 followers. Post Follow

4 Replies
1005 Views

Similar Articles

[PageSpeed] 5

Max Kanat-Alexander wrote:
<snip>
> 
> Download
> --------
> Bugzilla is available at:
> 
> http://www.bugzilla.org/download/
> 
> 

</snip>

I have been trying most of the morning to download the new security 
fixes into my test system, and continually get the following error:

   codeserver:/usr/local/testbugs # cvs login
   Logging in to :pserver:anonymous@cvs-mirror.mozilla.org:2401/cvsroot
   CVS password:
   cvs [login aborted]: reading from server: Connection reset by peer

I am running 2.23.2 currently, but I don't think that makes any 
difference at this point in my issue.

Anyone have any ideas?

Regards,
Frank
0
Frank
10/16/2006 2:21:27 PM
Hi Frank
I'm sorry I'm replying in this post. I couldn't reply to your other one
about your commit-mysql.pl script. It was closed by a manager the
message said. I was trying to use the script but I think I am doing
something wrong. Below is how I call it. Is that correct or am I doing
something booboo here. By the way I'm running bugzilla 2.22 and
subversion 1.41 and I want to get those commits in Bugzilla. Any help
please?

/home/./commit-mysql.pl -u root -p password23 -d bugs -h localhost -l
/var/log/svncommits -t mysql

Frank wrote:
> Max Kanat-Alexander wrote:
> <snip>
> >
> > Download
> > --------
> > Bugzilla is available at:
> >
> > http://www.bugzilla.org/download/
> >
> >
>
> </snip>
>
> I have been trying most of the morning to download the new security
> fixes into my test system, and continually get the following error:
>
>    codeserver:/usr/local/testbugs # cvs login
>    Logging in to :pserver:anonymous@cvs-mirror.mozilla.org:2401/cvsroot
>    CVS password:
>    cvs [login aborted]: reading from server: Connection reset by peer
>
> I am running 2.23.2 currently, but I don't think that makes any
> difference at this point in my issue.
> 
> Anyone have any ideas?
> 
> Regards,
> Frank

0
petros
12/2/2006 12:19:53 AM
> 
> > Below is how I call
> > it. Is that correct or am I doing something booboo here. By 
> > the way I'm running bugzilla 2.22 and subversion 1.41 and I 
> > want to get those commits in Bugzilla. Any help please?
> > 
> > /home/./commit-mysql.pl -u root -p password23 -d bugs -h  
> localhost -l 
> > /var/log/svncommits -t mysql
> > 
> >
> 
> If you are running this script on a Linux or UNIX system as 
> the user you want, and the script is in the user's home 
> directory, then I think you want this:
> 
> ~/commit-mysql.pl -u root -p password23 -d bugs -h localhost 
> -l /var/log/svncommits -t mysql
> 
> because '~' should expand to the user's home directory, 
> wherever that his.  The period is an expression for the 
> current working directory, which can be anywhere.
> 


0
Erik
12/4/2006 1:29:51 PM
petros.fraser@gmail.com wrote:
> Hi Frank
> I'm sorry I'm replying in this post. I couldn't reply to your other one
> about your commit-mysql.pl script. It was closed by a manager the
> message said. I was trying to use the script but I think I am doing
> something wrong. Below is how I call it. Is that correct or am I doing
> something booboo here. By the way I'm running bugzilla 2.22 and
> subversion 1.41 and I want to get those commits in Bugzilla. Any help
> please?
> 
> /home/./commit-mysql.pl -u root -p password23 -d bugs -h localhost -l
> /var/log/svncommits -t mysql
> 


Petros,

Sorry it took me so long to respond.  Work has been terrible and I 
haven't had much time to check the list.

There are a couple things wrong with the way you called the script.

First, you need to make sure to pass the appropriate Subversion changes. 
  This is done with the $REPOS and $REV parameters.  This should get 
assigned in the standard post-commit hook.  These are mandatory 
parameters for the script to work.

Second, the /./ notation in your path.  You need to explicitly state 
which home directory you want to go to.  The setting you have now will 
make the system look in the /home/ directory for the script.

Third, if you don't need to use the root user to Mysql, avoid it.  Try 
to use the actual database user.  This is more of a safety and security 
thing than anything else...

So the total call should look something like:

/home/myuser/commit-mysql.pl "$REPOS" "$REV" -u root -p password23 -d 
bugs -h localhost -l /var/log/svncommits -t mysql


Keep in mind that there are default values in the script (although I 
think I buried them near the bottom).  If you don't pass any extra 
parameters then the system assumes the username, password, and database 
values are all "bugs", the host name is localhost, and the database type 
is mysql.

Hope that helps.

Regards,
Frank
0
Frank
12/19/2006 4:16:58 PM
Reply:

Similar Artilces:

Testopia 1.3 (Bugzilla 3.0) and Testopia 1.2.2 (Bugzilla 2.22.x) Released
Testopia 1.3 has been released.=20 This Testopia is compatible with Bugzilla 3.0 and mod_perl and provides Postgres support. For those of you still running Bugzilla 2.22.x, I am also releasing 1.2.2 which is a (major) bug fix release. They are available from the project home page at http://www.mozilla.org/projects/testopia Thanks for all the feedback. Keep it coming. Greg Hendricks ...

[ANN] Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3
Summary =3D=3D=3D=3D=3D=3D=3D Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security issues that have recently been fixed in the Bugzilla code: + A possible cross-site scripting (XSS) vulnerability in Atom feeds produced by Bugzilla. + Web server settings given by Bugzilla which provide security settings to protect data files from access via the web are overridden by the mod_perl startup script when running under mod_perl (development snapshot only). We strongly advise that 2.20.x users should up...

[ANN] Release of Bugzilla 3.2.1, 3.0.7, 2.22.7, and 3.3.2
Today we have some major security improvements for Bugzilla in the form of four releases. We strongly recommend that all Bugzilla administrators read the Security Advisory for these releases, which is linked below in this email. Bugzilla 3.2.1 is our latest stable release. It contains various useful bug fixes in addition to major security improvements. Bugzilla 3.0.7 and Bugzilla 2.22.7 are security updates for their branches. Bugzilla 3.3.2 is an unstable development release. In addition to the security fixes that all the other releases contain, this release contains n...

[ANN] Release of Bugzilla 3.0.1, 3.1.1, 2.22.3, and 2.20.5
--Sig_nEH4Ypdt2vWEVOYyO6=XaoK Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Today the Bugzilla project has four releases! 3.0.1 is the first bug-fix release for the 3.0 series. 3.0 was very stable, but 3.0.1 adds a lot of little polish fixes that greatly improve the experience of using Bugzilla. 3.1.1 is our first development release toward Bugzilla 3.2. It has a huge number of new features, but is EXTREMELY UNSTABLE. It has not been tested, and should not be used in a production environment. It may fail in critical ways, or destro...

Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2
Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers six security issues that have recently been fixed in the Bugzilla code: + Sometimes the information put into the <h1> and <h2> tags in Bugzilla was not properly escaped, leading to a possible XSS vulnerability. + Bugzilla administrators were allowed to put raw, unfiltered HTML into many fields in Bugzilla, leading to a possible XSS vulnerability. Now, the HTML allowed in those fields is limited. + attachment.cgi could leak the n...

[ANN] Release of Bugzilla 3.0.4, 3.1.4, 2.22.4, and 2.20.6
--Sig_/APAQZZ+qGwu.Hq/UgkhiOAo Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable The Bugzilla project has four releases today! Bugzilla 3.0.4 is the latest stable version of Bugzilla, containing several useful bug fixes over 3.0.3, particularly for the inbound email interface. Bugzilla 3.1.4 is our latest unstable development preview. It should be more stable than 3.1.3, though we still don't recommend it for production environments. Provided we don't find too many major issues in this release, our next release will be Bugzilla...

[ANN] Release of Bugzilla 2.22 (also 2.20.2 and 2.23.1)
The Bugzilla Project is proud to announce the official release of Bugzilla 2.22. Bugzilla 2.22 is a major new feature release for Bugzilla, containing a large number of bug fixes and enhancements, including complete PostgreSQL support, UTF-8 support, user-impersonation capabilities, and more. You can see a description of all the new features in Bugzilla 2.22 at: http://www.bugzilla.org/releases/2.22/new-features.html The Bugzilla Project is also releasing 2.20.2, a bug-fix release for the 2.20 branch recommended for all 2.20 branch users. We also have a development snapshot, B...

Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5
--Sig_/7+QS=YT68me2o8pI2lL1LPd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Summary =3D=3D=3D=3D=3D=3D=3D Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security issues that have recently been fixed in the Bugzilla code: * Users without the "canconfirm" privilege could enter a bug as NEW or ASSIGNED by using the XML-RPC interface. * When viewing several bugs at once, there was a Cross-Site Scripting hole. * The inbound email interface allowed you t...

From 2.1.2 to 3.1 or 2.1.2 to 3.0.13 to 3.1
I'm checking back in after being away for a couple of months and I missed the 3.1 release. I can't seem to find any info on what's new in 3.1 and also what the upgrade path should be. So, is the recommended path for upgrading from v 2.1.2 to go directly to 3.1 or do I need to go to 3.0.13 first? Are there any big issues in 3.1 that make it a "gotta have it" version?I did a couple of 2.1.2 to 3.0.12 upgrades but haven't upgraded to or tested 3.1 yet. I have one 2.1.2 site that is commercial and I need it to be down as little time as possible. It also has a lot of third party modules...

[ANN] Release of Bugzilla 2.20.4, 2.22.2, and 2.23.4
--Sig_kEOxU8nT+82tg4POD=3FoiU Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Three Bugzilla releases today! They're mostly security-fix and=20 bug-fix updates. Bugzilla 2.22.2 is a bug-fix and security-fix release for the Bugzilla 2.22 series. Bugzilla 2.20.4 is a security-fix release for the Bugzilla 2.20 series. Bugzilla 2.23.4 is our unstable development release. However, it should be considerably more stable than 2.23.3, since it is currently running on https://bugzilla.mozilla.org/ and has received some "live tes...

[ANN] Release of Bugzilla 2.18.1, 2.19.3, and 2.16.9
Today we are releasing Bugzilla 2.18.1, a bug-fix release for the 2.18 series. It contains various useful bug and security fixes for the original 2.18 release. We are also releasing a *very unstable* development snapshot, 2.19.3, for those who want to track the bleeding edge of Bugzilla development. We expect our next development release after this to be Release Candidate 1 (2.20rc1). Finally, there is a security-fix release for the old 2.16 series, version 2.16.9. Users of 2.16 are still encouraged to ugprade to 2.18 as soon as it is possible. Download -------- Bugzilla i...

[ANN] Release of Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
Today we have four new releases. One new development snapshot (3.7.3), one new stable release (3.6.2) and two security updates for the old stable releases (3.4.8 and 3.2.8). Bugzilla 3.6.2 is our latest stable release. It contains various useful bug fixes and security improvements for the 3.6 branch. Bugzilla 3.4.8 and 3.2.8 are security updates for the 3.4 branch and the 3.2 branch, respectively. Bugzilla 3.7.3 is our third unstable development release leading to Bugzilla 4.0. We have done a fair amount of QA on this release. However, QA found many bugs that have not ye...

error after upgrading Bugzilla from 3.2.2 to 3.2.3
Hi, I have two Windows Server 2003 machines running Bugzilla 3.2.2 + Testopia 2.2, one is production and the other is for test, both have same configuration. I tried to upgrade it with patch file bugzilla-3.2.2-to-3.2.3.diff.gz, and my steps are: 1) Shut down your Bugzilla installation by putting some HTML or text in the shutdownhtml parameter 2) untar the .diff file and use unix2dos.exe to replace Unix line feed characters with Windows carriage returns 3) run the command: path -p1 < bugzilla-3.2.2-to-3.2.3.diff 4) run the command: perl checksetup.pl 5) remove the text of shut...

Migrating from Bugzilla 2.18/MySQL 4.1.11 to Bugzilla 2.22/Postgres 8.1.3
What is the best way to migrate a bugzilla installation 2.18/MySQL 4.1.11 on machine A to a bugzilla installation 2.22/Postgres 8.1.3 on machine B? Thanks, Ey�un E. Jacobsen On Wed, 2006-04-26 at 00:25 +0100, "Eyðun E. Jacobsen" wrote: > What is the best way to migrate a bugzilla installation 2.18/MySQL > 4.1.11 on machine A to a bugzilla installation 2.22/Postgres 8.1.3 on > machine B? 1. Upgrade the MySQL/2.18 to 2.22. (Follow the upgrade instructions in the release notes.) 2. Run checksetup in a Pg version of 2.22. 3. Use contrib/bzdbcopy.pl. ...

Web resources about - Release of Bugzilla 2.18.6, 2.20.3, 2.22.1, and 2.23.3 - mozilla.support.bugzilla

Bugzilla - Wikipedia, the free encyclopedia
Bugzilla is a Web -based general-purpose bugtracker and testing tool originally developed and used by the Mozilla project, and licensed under ...

Bugzilla Main Page
This is the bug tracker for MediaWiki and its extensionsand site-specific problems on Wikimedia's wiki sites. Welcome to Bugzilla. To see what's ...

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws
Hackers could have had an inside track on unpatched flaws in major software projects because of a critical vulnerability in Bugzilla, a system ...

Bugzilla 0-day can reveal 0-day bugs in OSS giants like Mozilla, Red Hat
C Security firm Check Point Software Technologies used a flaw it discovered in the Perl programming language to hack into the popular Bugzilla ...

Mozilla loses more user info, this time data of 97,000 customers goes out through Bugzilla
... has come to light regarding the loss of another 97,000 emails and passwords that were left exposed. The latest issue comes via Bugzilla, and ...

Bugzilla, my first wiki
Bugzilla introduced me to the world of wikis. It took me a while to understand the power of wikis. But I remember years ago when I first used ...

Mozilla's Bugzilla Hacked, Exposing Firefox Zero-Days
The good news in this bad situation is that Firefox is already patched for all the issues.

Bugzilla Zero-Day Exposes Zero-Day Bugs
A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions ...

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws
Hackers could have had an inside track on unpatched flaws in major software projects because of a critical vulnerability in Bugzilla, a system ...

Bugzilla API - ProgrammableWeb
Bugzilla is the bug tracking and reporting system created and used by Mozilla. It is also available for use by other projects and organizations. ...

Resources last updated: 11/28/2015 1:26:14 PM