Posts Tagged '3.2'

Release of Bugzilla 3.2.10, 3.4.10, 3.6.4, and 4.0rc2

We just released Bugzilla 3.2.10, 3.4.10, 3.6.4, and 4.0rc2. Mostly, these contain a lot of very important security fixes. One of the fixes in particular took over 100 hours of work from the Bugzilla team as a whole and a host of external contributors, and we’ll be blogging about that in more detail in the coming days or weeks. Right now, what’s important to know is that these issues are pretty serious and you should update as soon as possible.

Older versions of Bugzilla are also affected, even though they haven’t been patched because they have reached End Of Life. If you are running a version of Bugzilla earlier than 3.2, it is now very important that you upgrade so that you can remain secure.

Most of the issues that were fixed today were discovered as a result of Mozilla expanding their security bug bounty program to include web applications. We’d like to thank Mozilla for funding this initiative and helping us significantly improve the security of Bugzilla in various areas.

Progress Toward Bugzilla 4.0

With the release of Bugzilla 4.0rc2, we’re that much closer to Bugzilla 4.0! This second Release Candidate has a fully-tested Bug.update WebService method, so we don’t expect its API to change any more (although it has changed quite a bit since 4.0rc1 thanks to testing and bug fixes). The other new WebService methods may still change before the final release of 4.0, as we haven’t tested all of them yet.

4.0rc2 also contains a lot of bug fixes over rc1, and should be relatively stable. Now is the time to start trying out deployments of it to see if everything is okay in your environment. Our current plan is to release Bugzilla 4.0 on Tuesday, February 15, 2011 if everything goes well with this release.

-Max

Release of Bugzilla 3.2.7, 3.4.7, 3.6.1, and 3.7.1

(Translation available: Belorussian provided by PC)

So, today we had a bunch of releases. They are good. They fix stuff! Fixed stuff is good. :-)

Now, I could pretty much end the blog post there, but there is one…tiny…extra…thing to talk about. If you were paying attention, you might have noticed that the 3.7.1 release says that it’s leading up to Bugzilla 4.0! Yes, that’s right, the next major release of Bugzilla will be 4.0, and here’s a bit about it:

Why 4.0?

So what is it that makes this release worthy of being called 4.0? Well, the biggest thing is that there have been major UI improvements. The biggest one is that the Advanced Search page has been fully redesigned. You can see it at our test site. It’s going to get better than that, too. Also, if you review a lot of patches, you will probably appreciate the new attachment details UI (log in to see the full feature set).

Bugzilla 4.0 will also have cross-domain WebServices support, via JSONP. As a part of that, the JSON-RPC WebServices interface can also now be accessed using HTTP GET and a simple query string in the URL, instead of having to POST a JSON object.

Also in the area of WebServices, we’re planning to have our most-requested WebService function implemented, Bug.update, so that you can update all the attributes of a Bug via the WebServices. There may be other good WebServices improvements which make 4.0, too.

Also, a great feature for installations that get a lot of bugs is the new Automatic Duplicate Detection. To try it out, go to file a bug on our test installation, type a few (real) words in to the Summary field, and then click out of it.

We are also planning on changing the default statuses, based on our 12 years of experience since Bugzilla was first open-sourced. The current status workflow is simple and broadly applicable, but it is ambiguous or less-than-useful in some ways: for example, a NEW bug may not actually be NEW–it’s just not being worked on. And then what does ASSIGNED really mean? Does it mean that somebody is working on the bug, or just that it’s been assigned to somebody (which you can already tell from the Assigned To field)? So, to resolve these issues, the new workflow will be even simpler: UNCONFIRMED -> CONFIRMED -> IN_PROGRESS -> RESOLVED -> VERIFIED. Installations that are upgrading will keep the old workflow by default, although there will be a script included to convert them to the new workflow, if they want.

Features Already In 3.7.1

3.7.1 already has the new Search UI and the new Attachment Details UI, although further improvements to the Search UI are coming in later development releases. 3.7.1 also has automatic duplicate detection and JSONP support for the JSON-RPC WebService.

Some of the other new features and changes in 3.7.1 are:

  • There is AJAX auto-completion of usernames in the CC, Assignee, and QA Contact boxes.
  • The First/Last/Next/Prev and the “Show my last search results” links at the top of a bug now work with multiple searches, so doing a new search won’t “clobber” your old list.
  • Bug ID custom fields can now represent relationships, much like “Blocks/Depends On” do now.
  • You can now add Hours Worked to a bug without having to comment.
  • There are now calendar widgets on every date field in the UI.
  • The Voting system and the Bug Moving system have been moved into being extensions, and at some point will be maintained separately from the main Bugzilla codebase (though they still ship with Bugzilla, for now).
  • email_in.pl now takes command-line arguments that allow you to specify defaults for field values, or override the field values specified in the incoming email.
  • Multi-select custom fields can now be columns on bug lists.
  • There is a new user preference for whether the “Additional Comment” box should show up before or after the existing comments.
  • In the code, there is a new function $bug->set_all, which takes a bunch of arguments and updates a bug doing all the updates in the proper order, making it extremely easy for custom code to update bugs.
  • The Bugzilla/Search.pm file (which implements the searching logic in Bugzilla) has been majorly refactored to be much simpler to understand and customize.
  • When you do a quicksearch, the quicksearch boxes in the header and footer will contain your last search.
  • You can now restrict the values and visibility of custom fields by the value of the Component field.
  • Custom fields can now be marked as mandatory (that is, they must have a value).
  • The “fields.html” page now contains help for every single bug field in Bugzilla, and the fields display the help when you hover over their names, on enter_bug.cgi.
  • There are a lot of great new code hooks, including ones for adding new columns and validators to objects, and another for modifying bug field permissions (so you can make certain fields read-only for certain users, using a hook).
  • Bugzilla can now be installed using Strawberry Perl, on Windows.
  • Comments are no longer manually word-wrapped at 80 columns before being sent to the browser–they are just word-wrapped in the browser.
  • Any time checksetup.pl throws an error, it will make it red to make it clearer.
  • YUI has been updated to 2.8.1, and Bugzilla now contains almost all of YUI, so all YUI features are available to customizers.

Do remember, though, that this is an unstable release. It may have bugs. They might be really bad bugs. We have no idea, because we haven’t tested this release at all. If it pokes your best friend in the face when you file a new bug, don’t blame us–we warned you. :-)

The Plan

Right now we expect the 4.0 release to happen some time around the end of this year. To make this target, we’ll definitely need help with QA, so if you want to help out with Bugzilla, see if you can find/fix some bugs in 3.7.1, and also if you want, you can help out the QA Team write automated tests for 4.0!

-Max

Release of Bugzilla 3.0.11, 3.2.6, 3.4.5, and 3.5.3

Okay! So we’ve got four releases today! Bugzilla 3.4.5 is a bug-fix release, it’s got some good bug fixes and small improvements. Bugzilla 3.2.6 and 3.0.11 are only fixing a small security issue. Everything released today has security fixes, some of them could actually be important for your installation, depending on how you use Bugzilla. The Security Advisory has details.

We also have a development release, 3.5.3. We’re feature-frozen now, which means that there won’t be any major new features until 3.6 is released, but there still are a lot of bug fixes that need to be done, so it’s not stable yet. Here are some of the new features since 3.5.2:

  • If your Bugzilla is behind a proxy, you can tell it to accept X-Forwarded-For as the end user’s IP address, when the request comes from the proxy.
  • The “Required” parameters section now only lists actually required parameters. Other parameters have been moved to the “General” or “Advanced” section.
  • When installing Bugzilla, the “maintainer” parameter will automatically be set to the admin user you create during checksetup.pl.
  • “votestoconfirm” is now unrelated to the existence of the UNCONFIRMED status in a product. There is instead a checkbox to enable UNCONFIRMED.
  • QuickSearch has had a syntax overhaul to make it much simpler and also able to search more fields. Unfortunately, the documentation for this change didn’t make it into 3.5.3, but it will be in 3.6 at the latest.
  • New WebService function: Bug.fields.
  • The show_bug UI has had a few small changes.
  • The “milestoneurl” feature of a product has been removed.
  • The strings at the top of comments that say that you created or commented on an attachment are now localizable.
  • User accounts are now locked out on a particular IP for 30 minutes if they fail to log in 5 times from that IP.
  • There’s a new “Browse” interface–it’s actually just an updated interface to describecomponents.cgi, but it’s linked from the toolbar as “Browse” now.
  • You can now add attachments to a bug when using email_in.pl.
  • enter_bug.cgi now indicates in the UI which fields are mandatory.
  • mod_perl should be working on Windows now, though it hasn’t received a lot of testing from us.
  • There’s a whole awesome new Extensions system for Bugzilla (see below for more about that).

The New Bugzilla::Extension System

One of the biggest new things in 3.5.3 is the new Bugzilla::Extension system, which is a complete overhaul of how extensions work. The new extensions system is consistent, fast, and fully documented. It makes it easy to create and distribute extensions. It’s even possible to distribute them via CPAN. And for people who were using the old system, the new system comes with a script to do some automatic conversion of older extensions.

If you want to know more about it, the Bugzilla::Extension documentation contains everything you need to know to write an extension. And you can get started quickly by using the extensions/create.pl script in Bugzilla itself.

Moving to Bzr

Very soon, Bugzilla development will be moving away from CVS and onto Bazaar (called “bzr” for short). CVS will still continue to work as a read-only repository though, so you’ll still be able to update your installations and check out via CVS if you want to. More details about bzr and how Bugzilla will use it will be available after we switch.

The Road to Bugzilla 3.6

The next steps on the road to Bugzilla 3.6 are for us to finish working on all the current blockers, then to write some QA scripts for 3.6, then to write the release notes, and then to do some release candidates, and then to release! The Bugzilla Calendar has more detail on the current estimated dates of release candidates and final release.

And that’s it for the Bugzilla Update for this time!

-Max

Bugzilla Update: Wednesday, July 8, 2009 (Release of Bugzilla 3.4rc1 and Bugzilla 3.2.4)

Well, it’s time for another Bugzilla update! And today I just did two releases, Bugzilla 3.4rc1 and Bugzilla 3.2.4.

Bugzilla 3.4rc1

Bugzilla 3.4rc1 is particularly exciting, because it’s our first Release Candidate for 3.4. We did a really good job on this Release Candidate, I think–there’s only one 3.4 blocker remaining (and it’s only still there because we’re waiting on an external party to do something). In other words, there are no known issues with the Release Candidate that are so bad that we couldn’t just call it 3.4 next week if all goes well, and we’ve never actually been in that state for a Release Candidate, at least not as long as I’ve been around the Bugzilla Project.

One of the particularly exciting thing about a Release Candidate is that it has release notes! That means that all the new features are listed. There’s a lot of really exciting stuff in 3.4, and you should take a look. There are some gems in the “Other Enhancements and Changes” section, too, so make sure you read that too. :-)

WebService Changes Since 3.3.4

Anybody who was writing WebService clients against 3.3.x development releases should know: we renamed the Bug.get_history method to Bug.history. You can still call it as Bug.get_history if you want, but that’s undocumented and not recommended.

Also, we don’t send <nil> for NULL items anymore–too many clients didn’t support it. Now we just remove items from the returned result if they are undefined. (This is documented in the Bugzilla::WebService documentation.)

Progress Toward Bugzilla 3.6

There’s been some activity on HEAD since our last update. We got a new WebService method to get attachment information, Bug.attachments. I’ve been working on making Quicksearch (the search box in the header and footer) even faster. Greg Hendricks (of Testopia fame) has been working on the ability for administrators to “disable” certain field values (so that they don’t show up as options anymore, but remain set on existing bugs). And Bradley Baetz has been adding new hooks and working on improving performance in some important areas.

There’s no ETA for Bugzilla 3.6, but if it works anything like how Bugzilla 3.4 works, we will have open development on it until two months after Bugzilla 3.4 is released, and then we will branch for 3.6 and the 3.6 branch will be “frozen” to only bug-fixes.

Bugzilla Meeting

We have a Bugzilla Meeting next week, on Tuesday, July 14. Just read the page if you want more information! Anybody is welcome to attend.



Follow

Get every new post delivered to your Inbox.

Join 584 other followers