We’ve updated our online XML-RPC client to include: Many Trac templates – you can now easily test the Trac XML-RPC interface. Basic Auth support – for those APIs (Trac) that require basic authentication you can now supply the username and password.
Category Archives: News
Bugzilla 5.0 is right around the corner
Bugzilla 5.0 is right around the corner and honestly we’re a little excited. Are you an early adopter? Bugzilla 5.0rc2 is available now if you like to live on the bleeding edge. There aren’t any changes expected between now and when 5.0 is officially released in a couple of weeks. If you are interested in …
GHOST Attack
Another exploit has been discovered which affects many Linux servers. The moniker is GHOST. During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it …
Attack of the Poodle
A new security attack (dubbed the POODLE attack) makes continued use of SSLv3 dangerous. So effective immediately, we are dropping support for SSLv3. Browser users will likely see minimal-to-no impact. If you are having an issue please try a newer version of your browser. Extremely old browsers (specifically IE 6 users on Windows XP) will no …
September Downtime Complete
It took a few hours longer than planned due to the SAN reporting some issues after restarting, but we are back up and running.
XML-RPC Client
From time to time we’ve had people wonder if the XML-RPC API is turned on for their Bugzilla installation. The answer is yes in all cases. Nevertheless it is difficult to verify as Bugzilla will not give you a meaningful response if you go to https://<mybugzilla>/xmlrpc.cgi in your browser. Other clients want to verify some …
All Bugzilla Accounts Upgraded to 4.4.5
Bugzilla 4.4.5 is a security release which addresses the following issue: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla’s JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. For more details see: https://bugzilla.mozilla.org/show_bug.cgi?id=1036213 …
Bugzilla 4.0.5 Released
The Bugzilla team has released a security fix for Bugzilla 4.0.x.
A CSRF vulnerability in the implementation of the XML-RPC API when running under mod_perl could be used to make changes to bugs or execute some admin tasks without the victim’s knowled…
All Instances upgraded to 4.0.4
All Bugzilla hosting customers have been upgraded to Bugzilla 4.0.4.
You can read more about the release at the Bugzilla site.
A number of changes were released to address this http://www.bugzilla.org/security/3.4.13/:
When a user creates a new acc…
December Downtime, Revised
Please be advised that there will be an extended system outage starting December 10 03:00 UTC (Dec 9 22:00 New York, Dec 10 14:00 Sydney).
This downtime will last approximately 10 hours.
During this time all equipment will be moved to a new data cente…