Monthly Archives: January 2011

Bugzilla Hosting: All Instances Upgraded to 3.6.4

All Bugzilla hosting customers have been upgraded to Bugzilla 3.6.4. You can read more about the release at the Bugzilla site.

Some highlights:

  • When replying to a comment with a link like “attachment 1234 [details]”, the “[details]” link will no longer be duplicated in your reply. (Bug 474766)
  • Using Quicksearch no longer requires that the List::MoreUtils module be installed. (Bug 611129)
  • When using config.cgi?ctype=rdf, information about products now includesallows_unconfirmed. (Bug 610217)
  • When using tabular reports, any value whose name started with a period or an underscore wasn’t being displayed. (Bug 617684)

A number of changes were also release to address this security advisory:

  • A weakness in Bugzilla could allow a user to gain unauthorized access  to another Bugzilla account.
  • If you put a harmful “javascript:” or “data:” URL into Bugzilla’s “URL” field, then there are multiple situations in which Bugzilla will unintentionally make that link clickable.
  • Various pages lack protection against cross-site request forgeries.

devZing – Instant Bugzilla Hosting

 

Bugzilla Problem: Bugzilla Always Prompting to Login

Having a probem where you can’t log in to your Bugzilla because it keeps asking you to log in? Your user name and password are correct because it dosen’t tell you that they are wrong, it just won’t let you in.

The most likely reason is that your ssl_redirect parameter is On, but your sslbase parameter is blank.

To test this try typing in the https version of your url e.g. https://app.devzing.com/demo/bugzilla/ and try logging on. If you are sucessful you will be able to navigate to the Administration page where you can either:

  • set the ssl_redirect parameter to Off, or
  • correctly fill out your sslbase parameter

Either will work, it just depends on whether you want a secure connection to your Bugzilla server.