{"id":48,"date":"2012-02-13T14:30:00","date_gmt":"2012-02-13T14:30:00","guid":{"rendered":"http:\/\/devzing.com\/blog2\/all-instances-upgraded-to-4\/"},"modified":"2015-03-04T23:06:48","modified_gmt":"2015-03-04T23:06:48","slug":"all-instances-upgraded-to-4","status":"publish","type":"post","link":"https:\/\/devzing.com\/blog\/index.php\/all-instances-upgraded-to-4\/","title":{"rendered":"All Instances upgraded to 4.0.4"},"content":{"rendered":"<p>All <a href=\"\/bugzilla\">Bugzilla hosting<\/a> customers have been upgraded to Bugzilla 4.0.4.<\/p>\n<p>You can read more about the release at the <a href=\"http:\/\/www.bugzilla.org\/news\/#release404\">Bugzilla site<\/a>.<\/p>\n<p>A number of changes were released to address this <a href=\"http:\/\/www.bugzilla.org\/security\/3.4.13\/\">http:\/\/www.bugzilla.org\/security\/3.4.13\/<\/a>:<\/p>\n<ul>\n<li>When a user creates a new account, Bugzilla doesn&#8217;t              correctly reject email addresses containing non-ASCII              characters, which could be used to impersonate another              user account. Such email addresses could look visually              identical to other valid email addresses, and an attacker              could try to confuse other users and be added to bugs he              shouldn&#8217;t have access to. <\/li>\n<li>Due to a lack of validation of the Content-Type header              when making POST requests to jsonrpc.cgi, a possible              CSRF vulnerability was discovered. If a user visits an              HTML page with some malicious JS code in it, an attacker              could make changes to a remote Bugzilla installation on              behalf of the victim&#8217;s account by using the JSON-RPC API.              The user would have had to be already logged in to the              target site for the vulnerability to work.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>All Bugzilla hosting customers have been upgraded to Bugzilla 4.0.4.<br \/>\nYou can read more about the release at the Bugzilla site.<br \/>\nA number of changes were released to address this http:\/\/www.bugzilla.org\/security\/3.4.13\/:<\/p>\n<p>When a user creates a new acc&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,4],"tags":[],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-bugzilla","category-news","entry"],"_links":{"self":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=48"}],"version-history":[{"count":1,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/48\/revisions"}],"predecessor-version":[{"id":63,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/48\/revisions\/63"}],"wp:attachment":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}