Software update: Bugzilla 2.16.6
Following some security issues Mozilla.org has released version 2.16.6 of this program. Bugzilla uses Perl and MySQL, and is so-called ‘bug tracking software’. With such a program developers can clearly prioritize the reported bug reports and feature requests from users and then deal with them. Besides Mozilla.org itself, Bugzilla is being used by a lot of other developers used† The release notes announce the following changes:
- If Bugzilla is configured to hide entire products from some users, both duplicates.cgi and the form for mass-editing a list of bugs in buglist.cgi can disclose the names of those hidden products to such users. (bugs 234825 and 234855)
- Several administration CGIs echo invalid data back to the user without escaping it. (bug 235265)
- A user with privileges to grant membership to any group (ie usually an administrator) can trick editusers.cgi into executing arbitrary SQL. (bug 244272)
- Allow XML import to function when there are regexp metacharacters in product names (bug 237591)
- Allow the bug_email.pl contrib script to work with useqacontact (bug 239912)
- Improve the error message used by checksetup.pl when the MySQL requirements are not met (bug 240228)
- Eliminate the warning in checksetup.pl about the minimum sendmail version (bug 240060)
- $webservergroup now defaults to group ‘apache’ in new installations (bug 224477)
- Correct a situation where a bugmail message could be sent twice to a user being added to the CC list if the address was entered in a different case than the user registered with. (bug 117297)
- Various documentation updates
Version number | 2.16.6 |
Website | bugzilla |
Download | |
License type | Conditions (GNU/BSD/etc.) |