Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2
Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers six security issues that have recently been fixed in the Bugzilla code: + Sometimes the information put into the <h1> and <h2> tags in Bugzilla was not properly escaped, leading to a possible XSS vulnerability. + Bugzilla administrators were allowed to put raw, unfiltered HTML into many fields in Bugzilla, leading to a possible XSS vulnerability. Now, the HTML allowed in those fields is limited. + attachment.cgi could leak the n...

[ANN] Release of Bugzilla 2.20.4, 2.22.2, and 2.23.4
--Sig_kEOxU8nT+82tg4POD=3FoiU Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Three Bugzilla releases today! They're mostly security-fix and=20 bug-fix updates. Bugzilla 2.22.2 is a bug-fix and security-fix release for the Bugzilla 2.22 series. Bugzilla 2.20.4 is a security-fix release for the Bugzilla 2.20 series. Bugzilla 2.23.4 is our unstable development release. However, it should be considerably more stable than 2.23.3, since it is currently running on https://bugzilla.mozilla.org/ and has received some "live tes...

[ANN] Release of Bugzilla 2.22 (also 2.20.2 and 2.23.1)
The Bugzilla Project is proud to announce the official release of Bugzilla 2.22. Bugzilla 2.22 is a major new feature release for Bugzilla, containing a large number of bug fixes and enhancements, including complete PostgreSQL support, UTF-8 support, user-impersonation capabilities, and more. You can see a description of all the new features in Bugzilla 2.22 at: http://www.bugzilla.org/releases/2.22/new-features.html The Bugzilla Project is also releasing 2.20.2, a bug-fix release for the 2.20 branch recommended for all 2.20 branch users. We also have a development snapshot, B...

Updating Bugzilla 2.22 to 2.22.2
I don't have a lot of time left to repair my Bugzilla installation beacuse people have to use it. I already made a post about my error - I don't think I will be able to solve it in time so I decided to upgrade Bugzilla. Can anyone tell me why I lose my system parameters when upgrading Bugzilla? I've put the new files (2.22.2) in the docroot /path/to/wwwroot and ran checksetup.pl. Everything looked just fine, I was able to login and all the users / other entries were there. But the system configuration seems to be lost (bug maintainer, urlbase, .....). Is it not saved in ...

Release of Bugzilla 2.18.6, 2.20.3, 2.22.1, and 2.23.3
We have many releases for you, today! Bugzilla 2.18.6 and 2.20.3 are security-fix releases for our older branches. Bugzilla 2.22.1 is our first bugfix release in the 2.22 series, and contains many useful fixes that improve the experience of using Bugzilla. Finally, we are releasing an unstable development snapshot, Bugzilla 2.23.3. This snapshot has both custom fields and mod_perl support, but has not been tested as thoroughly as our other releases. The 2.23 series will eventually culminate in Bugzilla 3.0. Users of the 2.18.x series should note that 2.18.x will r...

Problem migrating database from bugzilla 2.20.2 to bugzilla 3.0
hi all, I installed bugzilla 3.0 and was working fine till I tried migrating the mysql db from previous version of bugzilla 2.20.2. These two versions are on different machines. I created .dmp file to get the data in bugzilla 2.20.2 to update it to bugzilla 3.0. Tables seemed to be updated(not sure if there is mismatch between the table structure), but after that upon trying to run checksetup.pl script, I am getting the following message ------------------------------------------------ "There was an error connecting to MySQL: Access denied for user 'bugs'@'localh...

[ANN] Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3
Summary =3D=3D=3D=3D=3D=3D=3D Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security issues that have recently been fixed in the Bugzilla code: + A possible cross-site scripting (XSS) vulnerability in Atom feeds produced by Bugzilla. + Web server settings given by Bugzilla which provide security settings to protect data files from access via the web are overridden by the mod_perl startup script when running under mod_perl (development snapshot only). We strongly advise that 2.20.x users should up...

Bugzilla 2.16 to 2.22 migration
Has anybody make the migration from Bugzilla 2.16.1 to Bugzilla 2.22.1 ? I am trying exporting the data, and manipulating it in order to adapt it to be loaded again into the new 2.22 database structure. Regards, ***********Internet Email Confidentiality Footer************* This email and any files transmitted with it are confidential and intended solely for the use of the organization or individual to whom they are addressed. It is expressly forbidden to retransmit or copy email and/or this attached files without our permission . If you are not the addressee indicated i...

Bugzilla 2.20 to 2.22 upgrade on a debian.
I have a bugzilla 2.20 on a debian. Today I did a apt-get -u dist-upgrade and it told it will upgrade bugzilla. At the end of upgrade I cannot connect anymore to bugzilla and I get the following error message: No value for param utf8 (try running checksetup.pl again) at /usr/share/perl5/Bugzilla/Config.pm line 224. I tried to run checksetup.pl, but it tell me I miss Mail::Mailer module. I don't need utf8. Any idea on how I can have bugzilla back to work? TIA -- manuel 'fmf' ferrero | http://www.fmf.it/blog/ "I don't have any taglines to give you. Go away.&...

Problem upgrading from 2.20.2 to 2.22
I am trying to upgrade from 2.20.2 to 2.22 via cvs. I am running on RHEL4. I made a copy of my existing bugzilla install and db so as not to 'break' my production install. When I run checksetup.pl, I get the following errors in the output - any ideas? Checking perl modules ... Checking for AppConfig (v1.52) ok: found v1.56 Checking for CGI (v2.93) ok: found v3.05 Checking for Data::Dumper (any) ok: found v2.121 Checking for Date::Format (v2.21) ok: found v2.22 Checking for DBI (v1.38) ok: found v1.40 Checking for ...

Migrating from Bugzilla 2.18/MySQL 4.1.11 to Bugzilla 2.22/Postgres 8.1.3
What is the best way to migrate a bugzilla installation 2.18/MySQL 4.1.11 on machine A to a bugzilla installation 2.22/Postgres 8.1.3 on machine B? Thanks, Ey�un E. Jacobsen On Wed, 2006-04-26 at 00:25 +0100, "Eyðun E. Jacobsen" wrote: > What is the best way to migrate a bugzilla installation 2.18/MySQL > 4.1.11 on machine A to a bugzilla installation 2.22/Postgres 8.1.3 on > machine B? 1. Upgrade the MySQL/2.18 to 2.22. (Follow the upgrade instructions in the release notes.) 2. Run checksetup in a Pg version of 2.22. 3. Use contrib/bzdbcopy.pl. ...

bugzilla upgrade 2.18rc2 to 2.22.2 error
Hi, I am trying to upgrade my bugzilla 2.18rc2 to 2.22.2. What I have done is as following. 1. copied the localconfig & data to bugzilla 2.22.2 folder. 2. ran ./checksetup.pl 3. It asked me to drop the bz_schema table which I did. 4. again ran ./checksetup.pl Got up error : Migrating email preferences to new table ... DBD::mysql::st execute failed: Duplicate entry '1-0-2' for key 1 [for Statement "INSERT into email_setting (user_id, relationship, event) VALUES (1, ?, ?)"] at ./checksetup.pl line 3937 How to rectify this ? -- Thanks & Regards ...

upgrading from 2.16.2 to 2.20.2
Hi, I have Bugzilla 2.16.2 installed on RedHat 9, which is working fine. I want to upgrade to 2.20.2. I am using the tarball method mentioned in the bugzilla upgrade guide. bash$ tar xvf bugzilla-STABLE.tar bash$ cd bugzilla-2.20 bash$ cp ../bugzilla/localconfig* . bash$ cp -r ../bugzilla/data . bash$ cd .. bash$ mv bugzilla bugzilla.old bash$ mv bugzilla-2.20 bugzilla after this I tryed to run ./checksetup.pl. at last it gives the following error ---------------------------------- If you want to see pretty HTML views of patches, you sho...

Bugzilla 2.22.2
I installed Bugzilla and have a question. The e-mail that I receive contains only last comment when I add it to bug. How can I receive all comments in bug when I add � new comment? Sorry for my English :-) Evgeniy Belov Telma soft. Evgeny, 2007/4/19, Evgeny Below <bea@telma.ru>: > I installed Bugzilla and have a question. The e-mail that I receive > contains only last comment when I add it to bug. How can I receive all > comments in bug when I add =C1 new comment? Bugzilla does not support this out of the box. People receiving an e-mail can...