Log in

No account? Create an account
To The Side

Bugzilla 3.2.1, etc.

So, today we released Bugzilla 3.2.1, which fixes the longest-standing security bugs in Bugzilla, in addition to a few other security issues. These long-standing security issues were actually public for many years, but it required a lot of re-architecture of Bugzilla before we could fix them.

We also released 3.3.2, which has a lot of cool new features, not the least of which is hiding email addresses from logged-out users.

And we put out Bugzilla 3.0.6 and Bugzilla 2.22.7 as security fixes for people still using those older branches.

Anyhow, you can read the news announcement for more details, and the Security Advisory if you want to read up on the security issues that were fixed.

It feels really great to have these releases out. Although I haven't ever heard of a successful exploit of these security issues, they've been around for so long that it was naggingly worrying to have them there, and it's a huge relief to have them fixed and see the fixes released!

Anyhow, here's a bit of news about Bugzilla trunk, which will be Bugzilla 3.4:

- Our current estimated release date is sometime in May, but that's a very rough estimate.

- We're now in a soft freeze (since Jan 29), which means that enhancements that had patches before Jan 29 can still go in, but any enhancements that didn't have patches at that time can't go in. This allows existing patches some time to pass review and to clean up any feature work that wasn't quite done before the freeze.

- There are a few nice enhancements that should still be coming, including a simplified bug entry page.

- If there are any other long-term major problems that you see in Bugzilla that we haven't fixed in 3.4, please let me know. Point me at a bug, or anything you want. And I don't mean minor things, like the positioning of a button or some text on a page, but big things like how emails used to be displayed to logged-out users. :-)

Tags: ,