All Bugzilla hosting customers have been upgraded to Bugzilla 3.6.4. You can read more about the release at the Bugzilla site.
Some highlights:
- When replying to a comment with a link like “attachment 1234 [details]”, the “[details]” link will no longer be duplicated in your reply. (Bug 474766)
- Using Quicksearch no longer requires that the List::MoreUtils module be installed. (Bug 611129)
- When using config.cgi?ctype=rdf, information about products now includesallows_unconfirmed. (Bug 610217)
- When using tabular reports, any value whose name started with a period or an underscore wasn’t being displayed. (Bug 617684)
A number of changes were also release to address this security advisory:
- A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account.
- If you put a harmful “javascript:” or “data:” URL into Bugzilla’s “URL” field, then there are multiple situations in which Bugzilla will unintentionally make that link clickable.
- Various pages lack protection against cross-site request forgeries.
devZing – Instant Bugzilla Hosting