September Downtime Complete
It took a few hours longer than planned due to the SAN reporting some issues after restarting, but we are back up and running.
It took a few hours longer than planned due to the SAN reporting some issues after restarting, but we are back up and running.
From time to time we’ve had people wonder if the XML-RPC API is turned on for their Bugzilla installation. The answer is yes in all cases. Nevertheless it is difficult to verify as Bugzilla will not give you a meaningful response if you go to https://<mybugzilla>/xmlrpc.cgi in your browser.
Other clients want to verify some off error message they are getting from a tool that integrates with Bugzilla through the XML-RPC API.
To solve these questions we have deployed our online XML-RPC client.
By default it has the URL and credentials for our Bugzilla demo, but you can point it to any Bugzilla with XML-RPC enabled (even https://bugzilla.mozilla.org/).
The tricky bit is the parameter XML.
Bugzilla XML-RPC expects a single <struct> element. The names of the parameters listed in the API docs for each function are the <name> element for the struct <member>s. See Bugzilla::WebService::Server::XMLRPC and Bugzilla::WebService for more information.
For example
<param> <struct> <member> <name>Bugzilla_login</name> <value>demo@devzing.com</value> </member> <member> <name>Bugzilla_password</name> <value>password</value> </member> </struct> </param>
This is the minimum set of parameters for Bugzilla 4.4.x as almost all methods require authentication.
To retrieve a bug you need to set the method to Bug.get and parameter XML to something like the following:
<param> <struct> <member> <name>Bugzilla_login</name> <value>demo@devzing.com</value> </member> <member> <name>Bugzilla_password</name> <value>password</value> </member> <member> <name>ids</name> <value> <array> <data> <value><i4>12</i4></value> </data> </array> </value> </member> </struct> </param>
For more information on how to represent various data types see the XML-RPC specification.
We have scheduled a 6 hour downtime window on Sunday Sept 28 starting at 02:00 GMT.
During this downtime we will be performing some major infrastructure upgrades including:
The bulk of this new equipment is already installed and tested. During the downtime we will be physically moving the servers to the new cabinets and verifying the final configuration. We are doing everything possible ahead of time to ensure a smooth and trouble free upgrade.
Bugzilla 4.4.5 is a security release which addresses the following issue:
Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla’s JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
For more details see: https://bugzilla.mozilla.org/show_bug.cgi?id=1036213
Interestingly this bug only seems to affect Firefox users.
Version 0.2.1.1 of this package has been released.
A Haskell interface to the Bugzilla native REST API
This package is designed to provide an easy-to-use, typesafe interface to querying Bugzilla from Haskell.
See: http://hackage.haskell.org/package/bugzilla-0.2.1.1
Or at Github: https://github.com/sethfowler/hsbugzilla
python-bugzilla 1.1.0 is a Bugzilla XMLRPC access module for python that provides a kinda pythonic interface to Bugzilla over XMLRPC.
It was originally written specifically for Red Hat’s Bugzilla instance, but it is intended to work with any bugzilla instance.
Welcome to Bugzilla 4.4! This new major release comes with several new features and improvements. This release contains major improvements to WebServices, which was the main target in this release, a rewritten tagging system, a real MIME type auto-detection for attachments, performance improvements and lots of other enhancements.
The Bugzilla team announced the release of Bugzilla 4.2. The devZing team will be evaluating this release before scheduling upgrades for existing customers. If you are interested in upgrading right away please contact support.
New features:
The Bugzilla team has released a security fix for Bugzilla 4.0.x.
This defect does not affect any devZing customers. However, all new devZing hosted Bugzilla installs will be created with Bugzilla 4.0.5.
All Bugzilla hosting customers have been upgraded to Bugzilla 4.0.4.
You can read more about the release at the Bugzilla site.
A number of changes were released to address this http://www.bugzilla.org/security/3.4.13/: