Bugzilla Hosting: All Instances Upgraded to 3.6.4

All Bugzilla hosting customers have been upgraded to Bugzilla 3.6.4. You can read more about the release at the Bugzilla site.

Some highlights:

  • When replying to a comment with a link like “attachment 1234 [details]”, the “[details]” link will no longer be duplicated in your reply. (Bug 474766)
  • Using Quicksearch no longer requires that the List::MoreUtils module be installed. (Bug 611129)
  • When using config.cgi?ctype=rdf, information about products now includesallows_unconfirmed. (Bug 610217)
  • When using tabular reports, any value whose name started with a period or an underscore wasn’t being displayed. (Bug 617684)

A number of changes were also release to address this security advisory:

  • A weakness in Bugzilla could allow a user to gain unauthorized access  to another Bugzilla account.
  • If you put a harmful “javascript:” or “data:” URL into Bugzilla’s “URL” field, then there are multiple situations in which Bugzilla will unintentionally make that link clickable.
  • Various pages lack protection against cross-site request forgeries.

devZing – Instant Bugzilla Hosting