Bugzilla 5.0 is right around the corner   Recently updated !

Bugzilla 5.0 is right around the corner and honestly we’re a little excited. Are you an early adopter? Bugzilla 5.0rc2 is available now if you like to live on the bleeding edge. There aren’t any changes expected between now and when 5.0 is officially released in a couple of weeks. If you are interested in upgrading just let support know and we’ll take care of it. Don’t have Bugzilla? Support can add it to your account at any time. Don’t have an account? Get started in under a minute. For everyone else we will follow our typical upgrade process. We will test 5.0 ourselves and monitor any issues other people in the community are running into. Once we are confident that 5.0 is stable enough we will send out an announcement about when the upgrade will happen and give you the option to opt out. Here are some highlights of what you have to look forward to: Improved WebServices This release has major improvements in the WebServices interface. One big addition is a new REST-like endpoint alongside the existing XML-RPC and JSON-RPC endpoints. This will allow clients to access Bugzilla data using standard HTTP calls for easy development. Several methods […]


GHOST Attack   Recently updated !

Another exploit has been discovered which affects many Linux servers. The moniker is GHOST. During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it — and its impact — thoroughly, and named this vulnerability “GHOST”. As of yesterday all our servers were patched with the newest glibc version.


Attack of the Poodle   Recently updated !

A new security attack (dubbed the POODLE attack) makes continued use of SSLv3 dangerous. So effective immediately, we are dropping support for SSLv3. Browser users will likely see minimal-to-no impact. If you are having an issue please try a newer version of your browser. Extremely old browsers (specifically IE 6 users on Windows XP) will no longer be able to connect to devZing pages. We performed a traffic analysis that shows this would have affected no customers in the last 90 days.


Github Integration

This integration will allow you to use GetHub commit comments to update bugs This will cause any commit comments to be added to bugs references by the comment. E.g. the commit comment “This fixes bug 123″ will cause “This fixes bug 123″ to be added as a comment to bug 123. You must configure both Github and devZing to make this work. Github configuration To configure GitHub click Settings when viewing your repository Click Webhooks & Services   Click Add Webhook       Fill in the Payload URL: If using the US datacenter use https://app.devzing.com/<account>/bugzilla/extensions/GithubWebhook/ If using the UK datacenter https://uk-bz1.devzing.com/<account>/extensions/GithubWebhook/ Content type can be either application/json or application/x-www-form-urlencoded Feel free to add a secret as we will be supporting this soon. Make sure you have selected “Just the push event” as other event types will be ignored. Then click Add Webhook to save your webhook. devZing configuration Next log into your devZing account and click “Manage Global Settings” In the “Github Integration” section select a Bugzilla user that will be used for the integration. Click Save. Using In daily use just include the keyword “bug” next to the Bugzilla defect ID you want to update in the commit message. […]


September Downtime Complete   Recently updated !

It took a few hours longer than planned due to the SAN reporting some issues after restarting, but we are back up and running.


XML-RPC Client

From time to time we’ve had people wonder if the XML-RPC API is turned on for their Bugzilla installation. The answer is yes in all cases. Nevertheless it is difficult to verify as Bugzilla will not give you a meaningful response if you go to https://<mybugzilla>/xmlrpc.cgi in your browser. Other clients want to verify some off error message they are getting from a tool that integrates with Bugzilla through the XML-RPC API. To solve these questions we have deployed our online XML-RPC client. By default it has the URL and credentials for our Bugzilla demo, but you can point it to any Bugzilla with XML-RPC enabled (even https://bugzilla.mozilla.org/). The tricky bit is the parameter XML. Bugzilla XML-RPC expects a single <struct> element. The names of the parameters listed in the API docs for each function are the <name> element for the struct <member>s. See Bugzilla::WebService::Server::XMLRPC and Bugzilla::WebService for more information. For example <param> <struct> <member> <name>Bugzilla_login</name> <value>demo@devzing.com</value> </member> <member> <name>Bugzilla_password</name> <value>password</value> </member> </struct> </param> This is the minimum set of parameters for Bugzilla 4.4.x as almost all methods require authentication. To retrieve a bug you need to set the method to Bug.get and parameter XML to something like the following: <param> <struct> <member> <name>Bugzilla_login</name> <value>demo@devzing.com</value> […]


September Downtime Notice

We have scheduled a 6 hour downtime window on Sunday Sept 28 starting at 02:00 GMT. During this downtime we will be performing some major infrastructure upgrades including: New redundant routers, switches and firewalls. 10Gbps Internet connectivity to multiple carriers. New redundant 8Gbps fiber channel switching fabrics (A and B side fabrics) for storage. 5 new SANs (Storage frames). Upgraded power. The bulk of this new equipment is already installed and tested. During the downtime we will be physically moving the servers to the new cabinets and verifying the final configuration. We are doing everything possible ahead of time to ensure a smooth and trouble free upgrade.


All Bugzilla Accounts Upgraded to 4.4.5

Bugzilla 4.4.5 is a security release which addresses the following issue: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla’s JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. For more details see: https://bugzilla.mozilla.org/show_bug.cgi?id=1036213 Interestingly this bug only seems to affect Firefox users.


Bugzilla API for Haskell

Version 0.2.1.1 of this package has been released. A Haskell interface to the Bugzilla native REST API This package is designed to provide an easy-to-use, typesafe interface to querying Bugzilla from Haskell. See: http://hackage.haskell.org/package/bugzilla-0.2.1.1 Or at Github: https://github.com/sethfowler/hsbugzilla  


Bugzilla XMLRPC access module for Python

python-bugzilla 1.1.0 is a Bugzilla XMLRPC access module for python that provides a kinda pythonic interface to Bugzilla over XMLRPC. It was originally written specifically for Red Hat’s Bugzilla instance, but it is intended to work with any bugzilla instance. https://pypi.python.org/pypi/python-bugzilla/1.1.0