Our regular monthly project meeting video conference call for April will be Wednesday, April 3 at 8pm UTC / 4pm EDT / 1pm PDT. We’re getting close (relatively) with Bugzilla 6 – currently estimating end of summer or early fall, and we’ll be having some live demos of some of the recent new features and user experience improvements in Bugzilla at this month’s meeting, so you won’t want to miss it.
April 03, 2019
Bugzilla Update
Demo of new Bugzilla features and UX at April 3 project meeting
December 20, 2018
Bugzilla Update
January Bugzilla Meeting will be January 9
Our regular meeting schedule dictates that our meetings are held on the first Wednesday of every month at 21:00 London Time. Since the first Wednesday of January is the 2nd and a lot of people will still be on vacation then (and we’ll have issues getting resources for the meeting) we’ll be holding our January meeting on January 9th instead. You can still find all the details at https://wiki.mozilla.org/Bugzilla:Meetings
The Upcoming events in the sidebar here will update to reflect that whenever WordPress’s cache expires.
December 06, 2018
Bugzilla Update
Lots of Bugzilla 6 info and some questions for YOU!
Yesterday, we had our monthly project meeting, and did it panel-discussion style from the Mozilla AllHands meeting in Orlando, FL. We ended up with quite an interesting discussion with lots of good info about Bugzilla 6, and some questions for users of Bugzilla (feel free to comment here with your answers!). The recorded video is here:
December 05, 2018
Bugzilla Update
Bugzilla Meeting live from Orlando
This month’s Bugzilla Project meeting coincides with the Mozilla Allhands in Orlando, and since most of our usual participants will be here in person we’ll be holding it panel-discussion style from the Europe 2 conference room on the Lobby level of the Dolphin at 4pm Eastern. Anyone who’s at the Allhands is welcome to come see us. Of course, it’ll still be streamed on Air Mozilla at 21:00 UTC as usual, and dial-in will be available for anyone remote who wants to talk or ask questions. All the details (Sched link, Video stream links, dial-in info) is at https://wiki.mozilla.org/Bugzilla:Meetings
August 27, 2018
Bugzilla Update
Happy 20th birthday, Bugzilla!
The open source release of Bugzilla turns 20 years old today!
The first two paragraphs lifted from our Bugzilla history:
When mozilla.org first came online in 1998, one of the first products that was released was Bugzilla, a bug system implemented using freely available open source tools. Bugzilla was originally written in TCL by Terry Weissman for use at mozilla.org to replace the in-house system then in use at Netscape. The initial installation of Bugzilla was deployed to the public on a mozilla.org server on April 6, 1998.
After a few months of testing and fixing on a public deployment, Bugzilla was finally released as open source via anonymous CVS and available for others to use on August 26, 1998. At this point. Terry decided to port Bugzilla to Perl, with the hopes that more people would be able to contribute to it, since Perl seemed to be a more popular language. The completion of the port to Perl was announced on September 15, 1998, and committed to CVS later that night.
20 years later, Bugzilla is still alive and kicking, and about to get a major facelift that’s about 10 years overdue. I had really hoped to be announcing the release of Bugzilla 6 with this post, but we’re not quite there yet. Dylan has been making great progress with the recent merges from bugzilla.mozilla.org, though, and I’m hopeful that we’ll have something that people can at least try out in the really near future. Realistically we’re a few months away from having a full release though.
Over the last 20 years we’ve had about 300 contributors to the Bugzilla code. Here’s a few words from the very first one:
I am in complete shock and awe that Bugzilla has lasted this long. 20 years? Hardly any software lasts more than 5. I’m so very proud that it’s still going strong after these years.
20 years ago from tomorrow (on August 27th, 1998) I filed several bugs against Bugzilla, known problems that I thought would want to get fixed. I’m delighted to point out that one of these bugs <https://bugzilla.mozilla.org/show_bug.cgi?id=540> is STILL open. After all, you need long-living bugs if you’re going to have a long-living bug system!
— Terry Weissman
And that bug is finally about to get fixed.
Other exciting developments include running as a standalone daemon with Mojolicious and the multitude of user experience enhancements by BugzillaUX in the pipeline make the future look bright!
Here’s to the next 20 years!
June 07, 2018
Bugzilla Update
Watch the June 6 Bugzilla Project Meeting
- Short meeting this week because Dylan is traveling and either in an airport or on a plane right now
- Updates from Dave
- As noted at previous meetings Mozilla is downsizing and trying to find external hosting for the Bugzilla Project which they’ll still pay for, they just want to get out of the hosting bussiness.
- Bugzilla needs to exist as a separate legal entity from the Mozilla Foundation for purposes of contracting with a hosting company, so our current status is waiting on the legal work to get done to create a Bugzilla subsidiary of Mozilla Foundation.
- The top condender for hosting right now is Linode. Other possibilities are OSUOSL and Eclipse (Emmanual reminded us of their offer)
- https://landfill.bugzilla.org/ has been closed up – static page announcing that it’s closing will be in place until the end of July. Contact Dave if you need something retrieved from it before July.
- Development updates:
- Dylan has Bugzilla mostly running in Mojolicious. https://github.com/mozilla-bteam/bmo/pull/517
- Next meeting is scheduled for July 4th. Watch for announcements on social media channels closer to that date whether it’ll happen then or not (it’s a US holiday)
June 06, 2018
Bugzilla Update
June 6 Project Meeting – new URL
For those that hadn’t already seen it, Air Mozilla is in the process of switching over to a new platform. They’ve already discontinued posting new content on the old platform, and the new platform doesn’t have anonymous access available yet (but it’s coming at the end of June). This means the old URL for watching our meetings live isn’t going to work this month. Fortunately, public meetings on the new platform are mirrored to Youtube, so you’ll be able to watch it at https://www.youtube.com/watch?v=A7OC8CXMGyo
Of course, if you want to participate instead of just watch, feel free to join us using one of the methods on the wiki.
Today’s meeting will probably be short – Dylan is traveling and won’t be able to attend. The only thing currently on the agenda is an update on our hosting situation. If you have anything else you’d like to discuss, attend the meeting and ask!
See you there!
May 24, 2018
Dylan Hardison
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1459336] feed daemon skips setting r+ for accepted revision if the same user already has a flag set even if flag is status of ?
- [1460466] Phab bot does not create r+ for acceptance when there are still blocking reviewers
- [1440086] Refactor PhabBugz extension code to use new User.pm module for better type checking
- [1458664
May 17, 2018
Dylan Hardison
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1454647] Mirror all BMO groups as Phabricator projects and keep them in sync
- [1452984] double-check new accounts with BMO to catch and notify of username squatting
- [1453759] Port OrangeFactor extension to treeherder
- [1413328] Use tct (tocotrienol on npm) to encrypt bugmail
discuss these changes on mozilla.tools.bmo.
May 11, 2018
Dylan Hardison
Changes to Secure Bugmail on bugzilla.mozilla.org
There’s a big change coming on May 16th, 2018:
We’ve replaced the encryption code for secure bugmail.
All OpenPGP-formatted bugmail will be encrypted using the openpgp.js library.
There are no changes to the S/MIME encryption, and if you’re already using S/MIME my recommendation is to continue using it.There are upsides (such as a new feature and several bugfixes) and only a single downside to…
May 02, 2018
Bugzilla Update
No Bugzilla Meeting today (May 2)
Dylan is out sick today, and we don’t have any major updates to share at the moment anyway, so we’re cancelling today’s meeting. We’ll see you on June 6th.
April 26, 2018
Dylan Hardison
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1450325] Update email templates with instructions for unsubscribing from all emails
- [1451599] Checkbox for agreement terms at create account page should be on the left side
- [1438205] Preserve comments in progress across page reloads
- [1452531] PhabBugz code should add allow visibility to reviewers when creating custom…
April 13, 2018
Dylan Hardison
Happy BMO Push Day!
April 08, 2018
Dylan Hardison
Bugzilla Harmony Beta
Bugzilla Harmony Beta - Testers Wanted
In addition to the Mojolicious ❤️, we’re also focused on more near-term gains. Specifically getting the Bugzilla/Harmony branch running under PSGI, and being a thing you can download and use. I am happy to announce today that the master branch is in a beta-quality state as of today, At the moment, the following installation scenarios have been tested: checkout the code run cpanm –installdeps…
April 05, 2018
Dylan Hardison
happy bmo push day!
release tag the following changes have been pushed to bugzilla.mozilla.org: [1448681] Bugmail Message-ID header format changed without changing In-Reply-To/References, breaking threading [1440829] Bugzilla comment for Phabricator commit should include entire commit message, not just first line [1449413] Refactor circleci container building stuff [1449156] Bugzilla::Memcached should use smaller…
Bugzilla Update
Watch the April 4 Bugzilla Project Meeting
Below are the minutes from today’s Bugzilla meeting along with a link to the video recording of the meeting.
- Updates from Dylan
- CyberShadow is a big help getting Harmony in shape to be run by itself
- If you’re making a large change, make lots of small pull requests if possible (they can be on the same bug) as it makes it easier to review. That’s been working very well with CyberShadow’s changes.
- Bugzilla (Harmony) now working with Mojolicious which is a big deal (mostly for OAuth2 compatibility)
- “Rake me over the coals if there’s no 5.0.{next} release by the next meeting”
- Updates from Dave
- Still waiting on hosting info for our bots and email from Mozilla, hopefully soon
- History section on the website has been moved to the About page. It’s been updated with the help of Asa Dotzler correcting some inaccuracies and expanding it based on old Mozilla press releases and commit records. https://www.bugzilla.org/about/
- Next meeting is on Wednesday, May 2, at 9pm BST (UTC+1), 4pm EDT (UTC-4), 1pm PDT (UTC-7)
Dylan Hardison
Bugzilla ❤️ Mojolicious
The rumors are true: Bugzilla ❤️ Mojolicious

In this pull request it is possible to: Call Bugzilla’s authentication function from Mojolicious controllers Render Bugzilla’s templates (which are template toolkit) from Mojo’s render (no small thing as we do some odd things to TT2) Parts of bugzilla that need to examine the HTTP request can (mostly) do so now This patch does a lot of plumbing, but the result of this work is that you could…
March 20, 2018
Dylan Hardison
happy bmo push day!
release tag the following changes have been pushed to bugzilla.mozilla.org: [1443559] Remove “Urgency” (mapped to priority) field from the “form.doc” bug form for MDN content bugs [1441903] Cleanup Makefile.PL [1444088] review link for patches on the requests page no longer shows up [1444627] Display saved searches on MyDashboard as an inline list [1439993] Remove COMPILE_DIR => setting from…
March 18, 2018
Dylan Hardison
bugzilla harmony news
Thanks to the near-heroic efforts of CyberShadow the unstable harmony branch is getting quite close to being able to run as an independent Bugzilla install. For a number of reasons, bmo has a separate repo for managing its dependencies. Mostly this is about efficiency — dependencies change less often then the code, and we can have much faster builds and CI. In a step towards independence I have…
March 12, 2018
Dylan Hardison
bugzilla/harmony unstable is kinda sorta working
bugzilla/harmony unstable is kinda sorta working
So after staring at a wall for a while, I realized it was lingering code in the ‘BMO’ extension causing my non-working-ness from Saturday. So current status is that a checkout of bugzilla/harmony‘s unstable branch should be runnable now. cpanm –with-feature=bmo –installdeps . perl checksetup.pl then edit localconfig to point db_host to a mysql db, set urlbase to http://localhost:5000/, and then…
March 10, 2018
Dylan Hardison
bugzilla harmony saturday update
What have I been hacking on this Saturday?
PSGI seems pretty stable, so now to make the rest actually work! First I’m moving schema changes out of extensions. This doesn’t pass tests yet — and it is not complete. I’ll have to update templates as well. Next, a lot of our UX code assumes a workflow that is different than the default values. Ideally we’d support changing the workflow, but for the moment the default workflow provided should…
March 07, 2018
Bugzilla Update
Watch the March 7 Bugzilla Project Meeting
There was a lot of good information in today’s project meeting. Below are the minutes from the meeting as well as a link to the video recording of the meeting. Be sure to check out and comment on the new project roadmaps!
video recording of this meeting
- Appoint note taker and get them editing the Etherpad
- justdave
- We now have a new set of roadmaps
- Dylan gave a walkthrough of the new roadmaps – https://github.com/bugzilla/harmony/wiki
- watch the meeting video recording for commentary (it’s good stuff!)
- Infrastructure updates
- http://www.bugzilla.org was switched over to GitHub Pages finally – this gets it out of Mozilla’s internal hosting infrastructure and into somewhere the Bugzilla project has some amount of control over.
- typo fixes and other pull requests welcome at https://github.com/bugzilla/bugzilla.github.io
- We have a couple leads on hosting for the remaining Bugzilla project infrastructure – will hopefully have movement on this in the next month or so. (we have until August to get out of Mozilla’s old datacenter)
- http://www.bugzilla.org was switched over to GitHub Pages finally – this gets it out of Mozilla’s internal hosting infrastructure and into somewhere the Bugzilla project has some amount of control over.
- Any other business
- none brought up.
The next meeting will be on Wednesday, April 4, at 20:00 UTC (9pm BST / 4pm EDT / 1pm PDT)
March 06, 2018
Dylan Hardison
happy bmo push day!
This push includes 21 updates from 6 contributors; two of those are first-time contributors.
release tag the following changes have been pushed to bugzilla.mozilla.org: [1437383] Create User.pm PhabBugz class for loading of a user object from phabricator [1441329] Fix typos in the PhahBugz User.pm module [1438206] Process SES email bounces properly [1441475] BMO is vulnerable to reverse tabbnabbing [1437384] phabbugz_feed.pl in PhabBugz extension should be extended to also query for new…
March 05, 2018
Dylan Hardison
Small Pull Requests, a week-ish later
I think my new name might be Dylan “Twenty Unreviewed Pull Requests” Hardison.
I think this “chains of PRs” thing is working quite well. I’ve been playing around with how I name the branches, and thinking harder about automating it. Of course it’s really ballooning the number unreviewed PRs I have. I think my new name might be Dylan “Twenty Unreviewed Pull Requests” Hardison. But some observations: Even with no automation, this isn’t much more work for me. Smaller commits…
March 01, 2018
Dylan Hardison
How does `cd` work?
In my last blog post, I dove into some of the code behind the
sudo
command. I thought this was pretty fun.sudo
is one of those commands that I use quite often but haven’t had the chance to look into truly. I started thinking about other commands that I use on a daily basis but had little understanding of the internals of. The first command that came to mind iscd
.cd
stands for change directory. Simply put, it allows you to set your current working directory to a different directory.$ pwd ~ $ cd dev $ pwd ~/dev
So, the first thing I did was figure out what exactly was invoked when I ran
cd
on the command line. I used thewhich
command which displays the path of the binary associated with a particular command.$ which cd /usr/bin/cd $ cat /usr/bin/cd #!/bin/sh # $FreeBSD: src/usr.bin/alias/generic.sh,v 1.2 2005/10/24 22:32:19 cperciva Exp $ # This file is in the public domain. builtin `echo ${0##*/} | tr \[:upper:] \[:lower:]` ${1+"$@"}
Oh, bother! Reading shell scripts can be such a hassle sometimes. I know the
tr
command is used to translate characters. In this particular case, the second half of the command, the part after the pipe symbol, basically converts the commandcd dev
toCD dev
. I have no idea why this is. In any case, this modified command is passed to thebuiltin
command which is handled by the shell (Bourne shell) that we are using.I decided to dive into the code for the Bourne shell to see what I might be able to figure out about these builtins. I came across the definition of the
cd
builtin here. I’ll admit that it was a hassle to read this file. For one, the source for Bash does not have a mirror on GitHub, so I had to browse through a hosted version with a somewhat cumbersome file browser.Nonetheless, I read through some of the code that was defined in this file. Some of it was in functions, and other bits were in templates, but after a while, I figured that most of the code was a wrapper around a function called
chdir
. A lot of the functions defined in thecd.def
file linked above actually just invokechdir
and handle errors and parameter cleaning.I did some Googling on what the
chdir
function is. It’s a function that is a standard part of Unix. So to figure out more about howchdir
worked, I had to dive into the code for the Linux kernel which can be found here.I started, as I usually do, by searching for the term “chdir” using the GitHub search bar. I find that it is accessible and useful. After scrolling through some of the results, I realized that OMG something I learned at university was going to come handy to me.
The
chdir
function implements a system call. What’s a system call? A system call is a process by which a user program (like Bash) requests access from the kernel to execute a command. Usually, this is done for commands that require a certain amount of privilege. Changing into a directory is a privileged command from the operating system perspective. You’re essentially giving the user access to a new portion of the file system on the machine so it makes sense that programs would have to pass that request to the kernel for security reasons.So all in all, here is what happens when you run
cd
on the command line.
- The
cd
builtin is invoked as part of the Bash shell.- The Bash shell invokes the
chdir
function.- The
chdir
function is part of Unix and invokes thechdir
system call.- The Unix kernel executes the
chdir
call and does its own low-level thing.I could dive in a little bit more into how #4 works, but let’s be honest, I’ve already read too much code at this point, and my eyes are starting to hurt.
I hope reading this was illuminating for you!
UPDATE: After reading this blog post, Julia Evans (@bork), provided the following insights on why
cd
is implemented the way it is through an email.So!! Why is cd a builtin function in bash and not a program? Some builtins (like time) are bash builtins but they would also work as standalone programs. Is cd one of those?
It turns out that cd HAS to be a shell builtin otherwise it wouldn’t work! Here’s why:
Every process has a set of attributes that the Linux kernel stores. These attributes are things like environment variables, signal handlers, and – the process’s current working directory!!!
Processes aren’t allowed to change each other’s attributes (if I’m a program, I can’t change the working directory or environment variables of another process).
SO!! If you had a /usr/bin/cd program that ran chdir, that would be fine, but when you started it it would change its own working directory and exit which is not very helpful. It wouldn’t change the working directory of you (the parent process)
So bash has to call the chdir syscall itself which is why it’s a builtin.
Thanks, Julia!
February 27, 2018
Dylan Hardison
An experiment for making big changes with smaller commits on GitHub.
An experiment for making big changes with smaller commits on GitHub.
It is safe to say that smaller commits is a perennial topic at Mozilla. On the reviewer side, I definitely prefer smaller commits. I find it’s easier — and faster — to review them. Often not in the neighborhood of microcommits, but at least 300-400 line patches. For the thing I work on we use GitHub, and PRs seem to work best on small things. When tasked with a large task, it seems that many…
February 23, 2018
Dylan Hardison
happy 3rd bmo push day
changes, on a friday? Almost never, but content changes? lgtm.
release tag the following changes have been pushed to bugzilla.mozilla.org: [1439693] Update bug form.mdn for developer.mozilla.org product name [1440107] Allow ‘self’ frames in bug modal again (fix socorro lens) discuss these changes on mozilla.tools.bmo.
February 21, 2018
Dylan Hardison
happy bmo supplemental push for mdn day
bmo ❤️ mdn (https://developer.mozilla.org), so we did a special push to fix their custom form
release tag the following changes have been pushed to bugzilla.mozilla.org: [1439693] Update bug form.mdn for developer.mozilla.org product name [1439797] Enable reporting-only CSP by default discuss these changes on mozilla.tools.bmo.
February 20, 2018
Dylan Hardison
happy bmo push day!
release tag the following changes have been pushed to bugzilla.mozilla.org: [1433993] Outdated FreeOTP link in user preferences [1433833] Add index to email_rates.message_ts [1436301] Exempt bot accounts from idle group removal [1430259] Update policy code in BMO PhabBugz extension to update custom policy if a private bugs groups have changed. [1343248] Migrate secbugstats scripts to bmo…
February 16, 2018
Bugzilla Update
Release of Bugzilla 5.1.2, 5.0.4, and 4.4.13
Today we have several new releases.
All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.
Bugzilla 5.0.4 is our latest stable release. It contains various useful bug fixes and security improvements:
- Download 5.0.4
- Release Notes for 5.0.4
Bugzilla 4.4.13 is a security update for the 4.4 branch:
- Download 4.4.13
- Release Notes for 4.4.13
Bugzilla 5.1.2 is an unstable development release. This release has not received QA testing from the Bugzilla Project, and should not be used in production environments. Development releases exist as previews of the features that the next major release of Bugzilla will contain. They also exist for testing purposes, to collect bug reports and feedback, so if you find a bug in this development release (or you don’t like how some feature works) please tell us.
Dylan Hardison
Profiling as validation

Among a bunch of other things that are going on, we’re migrating bugzilla.mozilla.org to a new home in AWS. So the team (bobm and ckolos) have been very dedicated to validating the new stuff is as good, and hopefully better than the old stuff. To this end they’ve been working with another engineer (rpapa) to do load testing. Some of the load testing results have been a bit unusual, perhaps even…
February 07, 2017
Bugzilla Tips
Autolinkification
Bugzilla comments are, by default, plain text – so typing <U> will produce less-than, U, greater-than rather than underlined text. However, Bugzilla will automatically make hyperlinks out of certain sorts of text in comments. For example, the text http://www.bugzilla.org will be turned into a link: http://www.bugzilla.org. Other strings which get linkified in the obvious manner are:
- bug 12345
- comment 7
- bug 23456, comment 53
- attachment 4321
- mailto:george@example.com
- george@example.com
- ftp://ftp.mozilla.org
A corollary here is that if you type one or more bug numbers in a comment, you should put the word “bug” before each of them, so they gets autolinkified for the convenience of others.
But also, if you have some text you want linkified in this way, perhaps for use in a blog post, status report, wiki page or other place, you can use the handy linkifier, which will do exactly that for you.
August 06, 2016
Emmanuel Seyman
Installing Bugzilla on RHEL/Centos 7.x
One recurring subject on the bugzilla support mailing list is the installation of the Perl modules that Bugzilla requires to function. When you are installing on a Linux distribution, the recommended course of action is to use the packages supplied by the distribution. But, on some distributions, these can be of a version lower than what is required by Bugzilla.
One such distribution is RHEL. Version 7 came out in 2014 and its long support life cycle make it popular for people to use it as a base for their bugzilla instance. Using Bugzilla 4.4 is easy because all Bugzilla's mandatory Perl packages are available by default but Bugzilla 5.0 came out after RHEL7 was released and a number of Perl modules aren't available or are outdated. Users then try to install the missing modules themselves, which is something easy to get wrong. I decided to see if this could be made simpler.
My first step was to see if the modules could be supplied in EPEL, a third-party software repository for RHEL and CentOS but some of the modules concerned are in RHEL which makes them impossible to update via EPEL. Another solution is the use of Fedora's COPR, an easy way for Fedora developers to maintain third party repositories for Fedora and/or RHEL.
It took some amount of tweaking to find the package versions that allow you to run Bugzilla 5.0.x without replacing RHEL7's entire Perl stack but the end result is here. Activating a COPR repo is pretty straightforward:
- dnf install dnf-plugins-core
- dnf copr enable eseyman/bugzilla-5.0
At which point, you can install bugzilla just like any other application:
- dnf install bugzilla
The bugzilla package will be updated everytime a new version of Bugzilla is released and its support will end when the Bugzilla developers end support for the 5.0 branch.
May 19, 2016
Bugzilla Update
Release of Bugzilla 4.4.12, 5.0.3, and 5.1.1
Today we have several new releases for you!
All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the
Security Advisory that was published along with these releases.
Bugzilla 5.0.3 is our latest stable release. It contains various
useful bug fixes and security improvements:
- Download 5.0.3
- Release Notes for 5.0.3
Bugzilla 4.4.12 is a security update for the 4.4 branch:
- Download 4.4.12
- Release Notes for 4.4.12
Bugzilla 5.1.1 is an unstable development release.
This release has not received QA testing from the Bugzilla Project, and should not
be used in production environments. Development releases exist as previews of the
features that the next major release of Bugzilla will contain. They also exist for
testing purposes, to collect bug reports and feedback, so if you find a bug in this
development release (or you don’t like how some feature works) please
tell us.
Note:Make sure ImageMagick is up-to-date if the BmpConvert extension is enabled.
If no updated ImageMagick version is available for your OS, we recommend to disable the BmpConvert
extension for now (bug 1269793).
December 22, 2015
Bugzilla Update
Release of Bugzilla 5.0.2, 4.4.11, and 4.2.16
Today we have several new releases for you!
All of today’s releases contain two security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.
Bugzilla 5.0.2 is our latest stable release. It contains various useful bug fixes and security improvements:
- Download 5.0.2
- Release Notes for 5.0.2
Bugzilla 4.4.11 is a security update for the 4.4 branch:
- Download 4.4.11
- Release Notes for 4.4.11
Bugzilla 4.2.16 is a security update for the 4.2 branch:
- Download 4.2.16
- Release Notes for 4.2.16
September 10, 2015
Bugzilla Update
Release of Bugzilla 5.0.1, 4.4.10, and 4.2.15
Today we have several new releases for you!
All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.
Bugzilla 5.0.1 is our latest stable release. It contains various useful bug fixes and security improvements:
- Download 5.0.1
- Release Notes for 5.0.1
Bugzilla 4.4.10 is a security and bug fix update for the 4.4 branch:
- Download 4.4.10
- Release Notes for 4.4.10
Bugzilla 4.2.15 is a security and bug fix update for the 4.2 branch:
- Download 4.2.15
- Release Notes for 4.2.15
September 08, 2015
Bugzilla Tips
Better Bugzilla Documentation
The recent release of Bugzilla 5.0 was the first release sporting the new, improved Bugzilla documentation, which has been moved from DocBook XML to reStructuredText to make it easier to edit and so more likely to be up-to-date :-).
Readers of this blog may be particularly interested in the User Guide. Feedback on the new docs is welcome, particularly suggestions for where it is lacking – please use the bug filing link at the bottom of each docs page.
August 07, 2015
Bugzilla Tips
New Modal UI for show_bug on BMO
For the past few months, a new experimental modal bug view has been available on bugzilla.mozilla.org. This hides a lot of complexity both through being read-only initially, and also through having expandable and collapsible sections. It is also quicker and less resource-intensive to load. It requires you to click an “Edit” button, which reveals much more UI, when you want to do more than the common operations – add a comment, CC/NI people, or change the Status or Resolution. It is also more dynamic – for example, there are no more interstital pages when moving bugs between Products, because when you change the Product, the new lists of Components, Milestones etc. load into the widgets automatically.
A picture is worth a thousand words. Here’s the initial view:
And here’s the Edit view:
You can enable it in the Preferences – change “Use experimental user interface” to “On”.
Thanks to glob for doing the hard work on making this happen. This view has not yet made it upstream to Bugzilla itself.
July 30, 2015
Bugzilla Update
Bugzilla 4.2 will be EOL on 2015/11/30
As discussed on the Bugzilla developers mailing list/newsgroup and confirmed by project leads, Bugzilla’s new release policy is to end-of-life the oldest supported major version four months after a new major release. Since this is the first time we’re enacting this policy, we’ve extended the date to be 4 months from today rather than from Bugzilla 5.0’s exact release date (July 7th).
Thus Bugzilla 4.2 will be end-of-lifed on 30 November 2015. This means no fixes of any kind will be issued for Bugzilla 4.2 from that date onwards. As usual, all Bugzilla admins are encouraged to upgrade to the latest version of Bugzilla as soon as possible, especially those running 4.2 or earlier.
To expand a bit further on our new EOL process, after a new major release, we will support three major releases (including the new one) for four months. After four months, we will drop support for the oldest one. We will continue to support the remaining two until four months after the next release.
For example, currently we support 4.2, 4.4, and 5.0. In four months’ time we will drop support for 4.2 and support only 4.4 and 5.0. When the next major version comes out, perhaps 5.2*, we will support 4.4, 5.0, and 5.2. Four months later, we will drop support for 4.4 and support only 5.0 and 5.2.
Mark Côté
Assistant Project Lead, Bugzilla
* It may be 6.0 if there are major and/or breaking changes.
July 07, 2015
Bugzilla Update
Release of Bugzilla 5.0
Today the Bugzilla Project is extremely proud to announce the release of Bugzilla 5.0!
It has been slightly over two years since we released Bugzilla 4.4 on May 2013. This new major release comes with many new features and improvements to WebServices and performance.
We hope that you enjoy and appreciate the results of the past two years of hard work by our entirely-volunteer community.
- Download 5.0
- Release Notes for 5.0
EOL for 4.0.x
Please note that the release of Bugzilla 5.0 also marks End Of Life for the Bugzilla 4.0 series, meaning that there will be no further updates for the 4.0.x series, even if there are serious security
issues found in that series. We recommend that all installations running the 4.0 series upgrade as soon as possible to 5.0.
April 21, 2015
Bugzilla Update
VCS updates: bzr moving, cvs ending
- CVS support is officially dropped as of now. 4.0 is the last version that was released on CVS, and it will be EOLed when 5.0 comes out (very soon; rc3 was just released). In the event of a release on the 4.0 branch before it is EOLed, any Bugzilla installations that have not migrated to bzr or git will have to apply patches to upgrade, which will continue to be distributed as usual. Bugzilla site admins are strongly encouraged to migrate to pulling from git.mozilla.org as soon as possible.
- Bazaar hosting has been officially switched from bzr.mozilla.org to bzr.bugzilla.org. bzr.bugzilla.org is already active and syncing changes from git.mozilla.org. bzr.mozilla.org is no longer syncing changes and will soon be shut down. Any sites upgrading from bzr.mozilla.org must do one of the following to apply any future upgrades, in order of preference:
- Switch to upgrading from git.mozilla.org.
- Switch to pulling from bzr.bugzilla.org. See instructions at http://bzr.bugzilla.org/.
- Apply the released patch.
bzr.bugzilla.org will continue to mirror changes from git.mozilla.org for the 4.0, 4.2, and 4.4 branches as long as they are supported. Note that, at the moment, master/trunk is being mirrored as well, but no other branches, including and subsequent to 5.0, will be mirrored to bzr.bugzilla.org, and trunk mirroring may cease at any time.
Note that bzr.bugzilla.org is waiting on a proper certificate; please use plain http until this is resolved.
The Bugzilla team apologizes for any inconvenience. Please see our support options if you have trouble migrating.
Mark Côté
Assistant Project Lead, Bugzilla
April 15, 2015
Bugzilla Update
Release of Bugzilla 5.0rc3, 4.4.9, 4.2.14, and 4.0.18
Today we have several new releases for you!
Bugzilla 5.0rc3 is our third Release Candidate for Bugzilla 5.0. This release has received QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk.
If feedback from this release candidate indicates that it is mostly stable, then Bugzilla 5.0 will be released in a few weeks. If feedback indicates that more extensive fixes are needed, there may be another release candidate after this one.
- Download 5.0rc3
- Release Notes for 5.0rc3
Bugzilla 4.4.9 is our latest stable release. It contains various useful bug fixes:
- Download 4.4.9
- Release Notes for 4.4.9
Bugzilla 4.2.14 is a bugfix update for the 4.2 branch:
- Download 4.2.14
- Release Notes for 4.2.14
Bugzilla 4.0.18 is a bugfix update for the 4.0 branch:
- Download 4.0.18
- Release Notes for 4.0.18
February 18, 2015
Gervase Markham
R.I.P. api-dev.bugzilla.mozilla.org
Complaining about bugzilla.mozilla.org (BMO) is a Mozilla project activity as old as the hills. Back in 2009, it was realised by the Foundation that to make everyone happy was (and still is) an impossible task, and I was given a mandate to “help people solve their own problems”. So around September 2009, I released the first version of my Bugzilla API proxy software, BzAPI. This software presented a clean, well-documented RESTful interface on the front end, and did all sorts of things on the back end (XML, CSV, RPC, HTML scraping) that developers no longer had to worry about. We made a dev server VM for it so people could try it out – api-dev.bugzilla.mozilla.org.
It was popular. Extremely popular. People started building things, and then more things, all of which depended on this server for Bugzilla data. For various reasons, IT never got around to building a production instance, and so over the last five years, I’ve been maintaining this core piece of Mozilla project infrastructure, which was depended on by TBPL and many, many other tools which interfaced with Bugzilla. At its peak, it serviced 400,000 requests per day.
Over the intervening years, BMO itself acquired a REST API which slowly became more capable, and then a BzAPI-compatible API shim was implemented on top of it by the excellent dkl, so people could change their code to access BMO directly just by updating the endpoint URL. After a few false starts, requests to api-dev.bugzilla.mozilla.org are now served directly by BMO, via that shim code. Earlier today, the api-dev VM was finally powered down.
Here’s to you, api-dev. Good job.
Bugzilla Tips
Bugzilla Has New Documentation
The Bugzilla team recently finished a big project to update, rewrite, improve and centralize Bugzilla’s documentation. You can find it at http://bugzilla.readthedocs.org/. In particular, there’s a User Guide which will be useful to, er, Bugzilla users.
If you have suggestions for further improvements to the documentation, please let the team know.
January 27, 2015
Bugzilla Update
Release of Bugzilla 5.0rc2, 4.4.8, 4.2.13, and 4.0.17
Sorry for the new release so soon, but we found a regression in the release last week and felt it would be best to get the fix out now rather than wait.
Bugzilla 5.0rc2 is our second Release Candidate for Bugzilla 5.0. This release has receive QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk.
If feedback from this release candidate indicates that it is mostly stable, then Bugzilla 5.0 will be released in a few weeks. If feedback indicates that more extensive fixes are needed, there may be another release candidate after this one.
- Download 5.0rc2
- Release Notes for 5.0rc2
Bugzilla 4.4.8 is our latest stable release. It contains an important bug fix:
- Download 4.4.8
- Release Notes
for 4.4.8
Bugzilla 4.2.13 is a bug fix update for the 4.2 branch:
- Download 4.2.13
- Release Notes
for 4.2.13
Bugzilla 4.0.17 is a bug fix update for the 4.0 branch:
- Download 4.0.17
- Release Notes
for 4.0.17
January 21, 2015
Bugzilla Update
Release of Bugzilla 4.4.7, 4.2.12, 4.0.16, and 5.0rc1
Today we have several new releases for you!
All of today’s releases contain security fixes. We recommend that all Bugzilla administrators read the Security Advisory that was published along with these releases.
Bugzilla 5.0rc1 is our first Release Candidate for Bugzilla 5.0. This release has received QA testing, and should be considerably more stable than the development releases before it. It is still not considered fully stable, and so you should understand that if you use it, you use it at your own risk.
If feedback from this release candidate indicates that it is mostly stable, then Bugzilla 5.0 will be released in a few weeks. If feedback indicates that more extensive fixes are needed, there may be another release candidate after this one.
- Download 5.0rc1
- Release Notes for 5.0rc1
Bugzilla 4.4.7 is our latest stable release. It contains various useful bug fixes and security improvements:
- Download 4.4.7
- Release Notes for 4.4.7
Bugzilla 4.2.12 is a security and bugfix update for the 4.2 branch:
- Download 4.2.12
- Release Notes for 4.2.12
Bugzilla 4.0.16 is a security and bugfix update for the 4.0 branch:
- Download 4.0.16
- Release Notes for 4.0.16
December 06, 2014
Bugzilla Tips
Making Bugzilla Searches Faster
People often wonder how to make searches in Bugzilla faster on large installations. Two things will give you the most bang for the buck:
- Specify you only want open bugs (if that’s true)
- Specify a product (and, if you know it, a component) to search
Do those two things, and your searches will be much faster.
Coincidentally enough, Bugzilla’s “Simple Search” (BMO version) allows you to specify precisely those two things.
December 01, 2014
Gervase Markham
Search Bugzilla with Yahoo!
The Bugzilla team is aware that there are currently 5 different methods of searching Bugzilla (as explained in yesterday’s presentation) – Instant Search, Simple Search, Advanced Search, Google Search and QuickSearch. It has been argued that this is too many, and that we should simplify the options available – perhaps building a search which is all three of Instant, Simple and Quick, instead of just one of them. Some Bugzilla developers have sympathy with that view.
I, however, having caught the mood of the times, feel that Mozilla is all about choice, and there is still not enough choice in Bugzilla search. Therefore, I have decided to add a sixth option for those who want it. As of today, December 1st, by installing this GreaseMonkey script, you can now search Bugzilla with Yahoo! Search. (To do this, obviously, you will need a copy of GreaseMonkey.) It looks like this:
In the future, I may create a Bugzilla extension which allows users to fill the fourth tab on the search page with the search engine of their choice, perhaps leveraging the OpenSearch standard. Then, you will be able to search Bugzilla using the search engine which provides the best experience in your locale.
Viva choice!
November 28, 2014
Gervase Markham
Bugzilla for Humans, II
In 2010, johnath did a very popular video introducing people to Bugzilla, called “Bugzilla for Humans“. While age has been kind to johnath, it has been less kind to his video, which now contains several screenshots and bits of dialogue which are out of date. And, being a video featuring a single presenter, it is somewhat difficult to “patch” it.
Enter Popcorn Maker, the Mozilla Foundation’s multimedia presentation creation tool. I have written a script for a replacement presentation, voiced it up, and used Popcorn Maker to put it together. It’s branded as being in the “Understanding Mozilla” series, as a sequel to “Understanding Mozilla: Communications” which I made last year.
So, I present “Understanding Mozilla: Bugzilla“, an 8.5 minute introduction to Bugzilla as we use it here in the Mozilla project:
Because it’s a Popcorn presentation, it can be remixed. So if the instructions ever change, or Bugzilla looks different, new screenshots can be patched in or erroneous sections removed. It’s not trivial to seamlessly patch my voiceover unless you get me to do it, but it’s still much more possible than patching a video. (In fact, the current version contains a voice patch.) It can also be localized – the script is available, and someone could translate it into another language, voice it up, and then remix the presentation and adjust the transitions accordingly.
Props go to the Popcorn team for making such a great tool, and the Developer Tools team for Responsive Design View and the Screenshot button, which makes it trivial to reel off a series of screenshots of a website in a particular custom size/shape format without any need for editing.
November 25, 2014
Bugzilla Tips
Email Filtering on bugzilla.mozilla.org
Vanilla Bugzilla lets you decide which bugmail you receive based on what changed about a bug. But there are a couple of extensions which give you even more control, and both are installed on bugzilla.mozilla.org. So the new email filtering pipeline is as follows:
Firstly, ComponentWatching, as the name implies, lets you “watch” particular products or components, so you get put on the list to receive bugmail for all changes to any bugs in those products or components. This is very useful if you have an interest in a particular area of the project. You can also watch particular users – that function is built-in.
Secondly, the normal email filters run, which exclude or include you from emails based on the particular fields which have been changed in the bug update.
Lastly, the BugmailFilter extension allows you to define “include” or “exclude” rules based on any one of:
- the field changed
- the current product
- the current component
- your relationship to the bug
- who made the change (useful to exclude changes made by bots).
Using these three capabilities in tandem, it should be possible to carefully control how much bugmail you receive, even if you are using a system like Gmail which does not have good client-side filtering.
November 19, 2014
Gervase Markham
BMO show_bug Load Times 2x Faster Since January
The load time for viewing bugs on bugzilla.mozilla.org has got 2x faster since January. See this tweet for graphical evidence.
If you are looking for a direction in which to send your bouquets, glob is your man.
October 06, 2014
Gervase Markham
New Class of Vulnerability in Perl Web Applications
We did a Bugzilla security release today, to fix some holes responsibly disclosed to us by Check Point Vulnerability Research, to whom we are very grateful. The most serious of them would allow someone to create and control an account for an arbitrary email address they don’t own. If your Bugzilla gives group permissions based on someone’s email domain, as some do, this could be a privilege escalation.
(Update 2014-10-07 05:42 BST: to be clear, this pattern is most commonly used to add “all people in a particular company” to a group, using an email address regexp like .*@mozilla.com$
. It is used this way on bugzilla.mozilla.org to allow Mozilla Corporation employees access to e.g. Human Resources bugs. Membership of the Mozilla security group, which has access to unfixed vulnerabilities, is done on an individual basis and could not be obtained using this bug. The same is true of BMO admin privileges.)
These bugs are actually quite interesting, because they seem to represent a new Perl-specific security problem. (At least, as far as I’m aware it’s new, but perhaps we are about to find that everyone knows about it but us. Update 2014-10-08 09:20 BST: everything old is new again; but the level of response, including changes to CGI.pm, suggest that this had mostly faded from collective memory.) This is how it works. I’m using the most serious bug as my example. The somewhat less serious bugs caused by this pattern were XSS holes. (Check Point are going to be presenting on this vulnerability at the 31st Chaos Communications Congress in December in Hamburg, so check their analysis out too.)
Here’s the vulnerable code:
my $otheruser = Bugzilla::User->create({ login_name => $login_name, realname => $cgi->param('realname'), cryptpassword => $password});
This code creates a new Bugzilla user in the database when someone signs up. $cgi
is an object representing the HTTP request made to the page.
The issue is a combination of two things. Firstly, the $cgi->param()
call is context-sensitive – it can return a scalar or an array, depending on the context in which you call it – i.e. the type of the variable you assign the return value to. The ability for functions to do this is a Perl “do what I mean” feature.
Let’s say you called a page as follows, with 3 instances of the same parameter:
index.cgi?foo=bar&foo=baz&foo=quux
If you call param()
in an array context (the @ sigil represents a variable which is an array), you get an array of values:
@values = $cgi->param('foo'); --> ['bar', 'baz', 'quux']
If you call it in a scalar context (the $ sigil represents a variable which is a scalar), you get a single value, probably the first one:
$value = $cgi->param('foo'); --> 'bar'
So what context is it being called in, in the code under suspicion? Well, that’s exactly the problem. It turns out that functions called during hash value assignment are evaluated in a list context. However, when the result comes back, that value or those values are assigned to be part of uthe hash as if they were a set of individual, comma-separated scalars. I suspect this behaviour exists because of the close relationship of lists and hashes; it allows you to do stuff like:
my @array = ("foo", 3, "bar", 6); my %hash = @array; --> { "foo" => 3, "bar" => 6 }
Therefore, when assigning the result of a function call as a hash value, if the return value is a single scalar, all goes as you would expect, but if it’s an array, the second and subsequent values end up being added as key/value pairs in the hash as well. This allows an attacker to override values already in the hash (specified earlier), which may have already been validated, with values controlled by them. In our case, real_name
can be any string, so doesn’t need validation, but login_name
most definitely does, and it already has been by the time this code is called.
So, in the case of the problematic code above, something like:
index.cgi?realname=JRandomUser&realname=login_name&realname=admin@mozilla.com
would end up overriding the already-validated login_name
variable, giving the attacker control of the value used in the call to Bugzilla::User->create()
. Oops.
We found 15 instances of this pattern in our code, four of which were exploitable to some degree. If you maintain a Perl web application, you may want to audit it for this pattern. Clearly, CGI.pm param()
calls are the first thing to look for, but it’s possible that this pattern could occur with other modules which use the same context-sensitive return feature. The generic fix is to require the function call to be evaluated in scalar context:
my $otheruser = Bugzilla::User->create({ login_name => $login_name, realname => scalar $cgi->param('realname'), cryptpassword => $password});
I’d say it might be wise to not ever allow hash values to be assigned directly from functions without a call to scalar
.
May 03, 2014
Gervase Markham
Bugzilla 1,000,000 Bug Sweepstake Results
Milestone bugzilla.mozilla.org bug 1,000,000 was filed on 2014-04-23 at 01:10 ZST by Archaeopteryx (although rumour has it he used a script, as he also filed the 12 previous bugs in quick succession). The title of the bug was initially “Long word suggestions can move/shift keyboard partially off screen so it overflows” (a Firefox OS Gaia::Keyboard bug, now bug 1000025), but has since been changed to “Celebrate 1000000 bugs, bring your own drinks.”
The winner of the sweepstake to guess the date and time is Gijs Kruitbosch, who guessed 2014-04-25 05:43:21 – which is 2 days, 4 hours, 33 minutes and 5 seconds out. This is a rather wider error, measured in seconds, than the previous sweepstake, but this one had a much longer time horizon – it was instituted 9 months ago. So that’s an error of about 0.95%. The 800,000 bug winner had an error of about 1.55% using the same calculation, so in those terms Gijs’ effort is actually better.
Gijs writes:
I’m Dutch, recently moved to Britain, and I’ll be celebrating my 10th “mozversary” sometime later this year (for those who are counting, bugs had 6 digits and started with “2” when I got going). Back in 2004, I got started by working on ChatZilla, later the Venkman JS debugger and a bit of Firefox, and last year I started working on Firefox as my day job. Outside of Mozilla, I play the piano every now and then, and try to adjust to living in a nation that puts phone booths in its cycle paths.
The two runners-up are Håvard Mork (2d 14h 50m 52s out) and Mark Banner (8d 8h 24m 36s out). Håvard writes:
My name is Håvard Mork. I’m a Java software developer, working with Firefox and web localization to Norwegian. I’ve been involved with localization since 2003. I think localization is rewarding, because it is a process of understanding the mindset of the users, and their perception of IT.
I’m surprised that my estimate came that close. I spent almost an hour trying to figure out how much bug numbers grow, and estimate the exponential components. Unfortunately I lost the equation, so need to start over for the 2,000,000 sweepstakes…
Mark writes:
I’m Mark Banner, also known as Standard8 on irc, I work from home in the UK. I came to Mozilla through volunteering on Thunderbird, and then working at Mozilla Messaging. I still manage Thunderbird releases. Alongside those, I am working on the Loop project (formally Talkilla), which is aiming to provide a real time communications service for Mozilla products, built on top of WebRTC.
Gijs will get a Most Splendid Package, and also a knitted thing from Sheeri as a special bonus prize! The other winners will receive something a little less splendid, but I’m sure it’ll be worth having nevertheless.
April 28, 2014
Gervase Markham
bugzilla.mozilla.org Stats At 1,000,000
Thanks to glob, we’ve got some interesting stats from BMO as it crosses the 1M bug mark.
Statuses
UNCONFIRMED 23745 NEW 103655 ASSIGNED 8826 REOPENED 3598 RESOLVED 640326 VERIFIED 220235 CLOSED 1628
Resolutions
RESOLVED
DUPLICATE 119242 EXPIRED 10677 FIXED 303099 INCOMPLETE 30569 INVALID 58096 MOVED 27 WONTFIX 36179 WORKSFORME 82437
VERIFIED
DUPLICATE 64702 EXPIRED 27 FIXED 108935 INCOMPLETE 1746 INVALID 17099 MOVED 150 WONTFIX 6105 WORKSFORME 21471
- Total bugs fixed (RESOLVED/FIXED + VERFIED/FIXED): 412034
- Total duplicates: 183944
Bugs Filed Per Day (April)
2014-04-01 519 2014-04-02 531 2014-04-03 620 2014-04-04 373 2014-04-05 133 2014-04-06 132 2014-04-07 544 2014-04-08 622 2014-04-09 597 2014-04-10 571 2014-04-11 467 2014-04-12 156 2014-04-13 170 2014-04-14 573 2014-04-15 580 2014-04-16 574 2014-04-17 619 2014-04-18 356 2014-04-19 168 2014-04-20 118 2014-04-21 445 2014-04-22 635 2014-04-23 787 2014-04-24 562 2014-04-25 498 2014-04-26 173
Busiest Days Ever
2013-12-30 1360 (bulk import from another tracker) 2013-12-29 1081 (bulk import from another tracker) 2008-07-22 1037 (automated security scanner filing bugs) 2012-10-01 1013 (Gaia bugs import) 2014-02-11 805 2014-04-23 787 2014-02-04 678 2013-01-09 675 2013-11-19 647 2014-04-22 635
User Activity
- We think the earliest bug filed by someone who is still involved with Mozilla is bug 283, which was filed by Wan-Teh Chang on 1998-04-29.
- 2263 people who logged into Bugzilla at some point in April (i.e. are active users) have filed more than 10 bugs.
- The most active user by far is bz:
Bugs filed 4351 Comments made 148493 Assigned to 4029 Commented on 56138 QA-Contact 8 Patches submitted 8080 Patches reviewed 14872 Bugs poked 66215
(You can find these stats about yourself by going to your own user profile. If you are logged in, you can search for other users and see their stats.)
Top 10: Assignees
nobody@mozilla.org 349671 mscott@mozilla.org 16385 bugzilla@blakeross.com 15056 asa@mozilla.org 13350 sspitzer@mozilla.org 11974 bugs@bengoodger.com 10995 justdave@mozilla.com 4768 sean@mozilla.com 4697 oremj@mozilla.com 4672 mozilla@davidbienvenu.org 4273
Top 10: Reporters
jruderman@gmail.com 8037 timeless@bemail.org 6129 krupa.mozbugs@gmail.com 5032 pascalc@gmail.com 4789 bzbarsky@mit.edu 4351 philringnalda@gmail.com 4348 stephen.donner@gmail.com 4038 dbaron@dbaron.org 3680 cbook@mozilla.com 3651 bhearsum@mozilla.com 3528
Top 10: Commenters
tbplbot@gmail.com 347695 bzbarsky@mit.edu 148481 philringnalda@gmail.com 65552 dbaron@dbaron.org 58588 ryanvm@gmail.com 50560 bugzilla@mversen.de 48840 gerv@mozilla.org 48704 roc@ocallahan.org 47453 hskupin@gmail.com 43596 timeless@bemail.org 42885
Top 11: Patches Attached
bzbarsky@mit.edu 8080 dbaron@dbaron.org 4879 ehsan@mozilla.com 4502 roc@ocallahan.org 4397 masayuki@d-toybox.com 4079 neil@httl.net 3930 mozilla@davidbienvenu.org 3890 timeless@bemail.org 3739 brendan@mozilla.org 3659 bugs@pettay.fi 3530 wtc@google.com 3411
Top 11: Reviews
roc@ocallahan.org 15581 bzbarsky@mit.edu 14869 neil@httl.net 9424 jst@mozilla.org 8352 dbaron@dbaron.org 8103 benjamin@smedbergs.us 7272 mozilla@davidbienvenu.org 6198 dveditz@mozilla.com 5983 asa@mozilla.org 5499 mark.finkle@gmail.com 5346 gavin.sharp@gmail.com 5126
January 22, 2014
Gervase Markham
BzAPI App Author?
Have you written an app or system of some sort which uses the Bugzilla REST API (BzAPI)? If so, please do as the docs have long recommended and make sure you are a member of the mozilla.tools discussion forum. There are several upcoming announcements in the next few weeks and months which you will need to be aware of, and that is where they are going to be posted.
August 01, 2013
Gervase Markham
Bugzilla 1,000,000 Bug Sweepstake
[Note: The closing date for entries was midday ZST on Thursday 5th September 2013, i.e. a long time ago :-).]
Some of you may have noticed that, after a long history of contests, there was no competition to predict the time of arrival of the 900,000th bug on bugzilla.mozilla.org. This was because we were preparing for the big 1M.
Now we are over 9000,00 (can that really be right?), I can reveal that the prize for the Millionth Bug Sweepstake will be the top-of-the-range Most Splendid Package from the Mozilla Gear Store, which includes a black hoodie, a drawstring tote bag, a Moleskine notebook, and a Rickshaw laptop bag, all Firefox or Mozilla-branded.
The aim of the contest is simple – you need your guess to be the closest to the actual filing date of the one millionth bug in our Bugzilla installation.
To enter, email me a plain text email at gerv@mozilla.org, ideally using this link, filling in the date and time you think the one millionth bug will be filed, along with your Bugzilla ID or email address. As the link suggests, your entry should be on the first line of your email, and formatted as follows:
2010-09-08 06:54:32 bugzilla-id@example.com
All times are in ZST (‘Zilla Standard Time, a.k.a. Pacific Time, as displayed in Bugzilla timestamps unless you’ve changed a pref). If you prefer to be contacted on a different address, add that as well, in brackets on the end of the same line. We have ample graphs and charts (requires editbugs) to help you with your assessment. But if you can’t be bothered to do any research and analysis, just guess optimistically and hope!
This is a Mozilla community event. To keep it that way, entrants must have either a Bugzilla account on bugzilla.mozilla.org created before the end of July 2013, and which has done something useful in the past six months, or a Mozillians account vouched for before the same date. Anyone who meets those criteria can (and is encouraged to) enter, including Mozilla employees. Once the bug is filed, I’ll check those entries who are closest, and keep discarding them until I find one which meets these criteria. Therefore, there’s no point posting this to Slashdot or any other non-Mozilla-focussed news source. But please do post it in Mozilla news sources!
Badly-formatted entries may be discarded. The judge’s decision is final, and any funny business regarding the filing of bugs on or around the one million mark will be frowned upon. The closing date for entries is midday ZST on Thursday 5th September 2013.
March 08, 2013
Gervase Markham
Bugzilla API 1.3 Released
I am proud to announce the release of version 1.3 of the Bugzilla REST API. This maintenance release has a bug fix or two, and fully supports the version of Bugzilla 4.2 which has just been deployed on bugzilla.mozilla.org. For smooth interaction with BMO, you should be using this version.
The installation of BzAPI 1.1 on api-dev.bugzilla.mozilla.org will go away in 4 weeks, on 4th April. There is a limit to the number of old versions we can support on the server, particularly as the older ones can put a larger load on Bugzilla and may not work correctly. Please use either the /1.3 or the /latest endpoints. Now that BzAPI has been stable for some time, tools which earlier rejected using the /latest endpoint may want to reconsider.
January 23, 2013
Gervase Markham
Persona Login Now Fully Enabled On bugzilla.mozilla.org
[Update 2013-01-23 18:35 GMT – turns out there are a couple of Persona features we still need to be absolutely certain that this is a good thing. The change has been reverted until we’ve got those. Sorry for any confusion.]
In April last year, we enabled Persona logins on bugzilla.mozilla.org using a Bugzilla extension I wrote. However, we restricted this login method to low-privilege accounts only while Persona and the extension both matured.
I’m pleased to say that, as of now, unless you are a member of the administrative Bugzilla groups “admin”, “editusers” or “editgroups”, or the “legal” group, then you can now use Persona to log in to bugzilla.mozilla.org :-) In particular, this means all Mozilla employees and security group members can now log in this way.
Make sure you use the correct email address; if you pick a different one to your usual one, Bugzilla will auto-create a Bugzilla account for it.
If for some reason you want b.m.o. not to accept Persona logins for your account, you can do so; file a bug to have your account manually added back to the “no-browser-id” group.
January 18, 2013
Gervase Markham
Support for bugzilla.mozilla.org Users
BMO is a core tool in the Mozilla project. There is now a shared, curated space for people’s tips, ideas, best practices, FAQs and so on relating specifically to BMO: https://wiki.mozilla.org/BMO/Support.
This includes Things Every BMO User Really Should Do, and a BMO FAQ (currently in its infancy).
Suggestions for additional content would be very welcome.
December 21, 2012
Bugzilla Tips
Quicksearch Reference
“Quicksearch” is a way of searching Bugzilla using simple yet powerful syntax. The search box at the top of every page supports it.
Jesse Ruderman has written a wonderful Quicksearch Reference – a must-read if you search Bugzilla a lot.
December 07, 2012
Bugzilla Tips
Even Faster Quicksearches
To speed up quicksearches, limit the search by product or component. Add “comp: <string>” to your query to limit it to components whose names contain that string. As an abbreviation, you can simply use “:” instead of “comp:”, although that also searches in products whose names which contain the string.
By analogy with the use of “:”, there are abbreviations for some other common fields as well.
(Thanks to Ben Hearsum and Ed Morley)
December 01, 2012
Bugzilla Tips
Faster Quicksearches
Another guest post from Stefan Arentz:
“If you do a lot of quick searches to find bugs by summary and you don’t care about also looking into the comments of those bugs, flip the “Include comments when performing quick searches (slower)” to NO in your preferences.
A search for ‘radio antenna’ just went down from 30+ seconds to just a few seconds.”
November 29, 2012
Bugzilla Tips
HTML Email
Guest tip from Stefan Arentz:
“Bugzilla actually does have HTML emails! [As of version 4.2, but it’s been backported to bugzilla.mozilla.org’s 4.0 installation – Ed.] I always though that it did not because I did not look further than the “Email Preferences” tab. But there actually is a “Preferred email format” under the “General Preferences” tab.
This makes Bugzilla emails 100x easier to read on a phone.”
November 21, 2012
Gervase Markham
Bugzilla API 1.2 Released
I am proud to announce the release of version 1.2 of the Bugzilla REST API. This maintenance release has a bug fix or two, and some features useful to the admins of Bugzillas which BzAPI is pointed at.
The installation of BzAPI 1.0 on api-dev.bugzilla.mozilla.org will go away in 4 weeks, on 19th December. There is a limit to the number of old versions we can support on the server, particularly as the older ones can put a larger load on Bugzilla. Please use either the /1.2 or the /latest endpoints. Now that BzAPI has been stable for some time, tools which earlier rejected using the /latest endpoint may want to reconsider.
April 05, 2012
Gervase Markham
bugzilla.mozilla.org Now Supports BrowserID
You can now log in to bugzilla.mozilla.org using BrowserID, courtesy of a Bugzilla extension I wrote. Log out and then click the “Login” link in the header and then the orange “Sign in” button to try it.
You can do this – unless, that is, you are a member of certain particularly sensitive groups. While Mozilla has great confidence in the BrowserID technology, it does not have perfect confidence in my coding ;-) Therefore, we are restricting who can log in until we get a little more experience with my extension. Eventually, it’s possible that we might go the other way and require BrowserID for certain sensitive groups, once BrowserID primaries appear with 2-factor authentication. But that’s a little way off yet.
If you visit your permissions page, you can see if you should be able to log in using BrowserID. If you are listed as a member of the “no-browser-id” group, you shouldn’t. Otherwise, you should. The no-browser-id group is currently made up of members of the following groups: admin, bz_sudoers, autoland, generic-assignees, hr, infrasec, legal, and anything with “security” in its name.
Maintaining Multiple Versions of Documentation in a Wiki
Dear Lazyweb,
I know of some software, and it has documentation. I want to be able to maintain this documentation, for the general good of its userbase. At the moment, its documentation is XML files in a VCS, with their own special build procedure with prerequisites. That makes them hard to modify, and as a consequence they are often out of date and certainly not as good as they could be.
Requirement A): I’d like the documentation to be web-editable, because that makes it really easy for anyone to edit quickly, which makes it much more likely the documentation will actually be up-to-date. I want the URL for the “latest version” to always be the same URL.
Requirement B): My software has multiple versions. Once I release a version, I’d like to keep a copy of the documentation in the state that it applies to that version. It may not change much again, but needs to be able to accept bug fixes. However, trunk documentation development must continue. In other words, I need to be able to branch the documentation, check in independently to each branch, and give people URLs to either a branch or the trunk. Each version should have a URL containing the software version number.
Is there any software out there, ideally already in use by the Mozilla project, which can meet both A) and B)? A) is met by all wiki software. B) is met by all version control software. But I haven’t found wiki software with the concept of branches, and I haven’t found a VCS which can display documents prettily and has a web-based interface for editing.
These requirements don’t seem uncommon. Proprietary software solves them. Is there anything open source?
March 25, 2012
Emmanuel Seyman
Cleaning up Bugzilla
RPMFusion's Bugzilla has gathered a number of bugs over the years and, for lack of maintainance, bugs filed against EOL-ed versions of Fedora have never been closed. The result is a number of open bugs:
Fedora 8 | 2 |
Fedora 9 | 2 |
Fedora 10 | 13 |
Fedora 11 | 8 |
Fedora 12 | 10 |
Fedora 13 | 6 |
Fedora 14 | 45 |
I've added a new resolution, EXPIRED, in bugzilla.rpmfusion.org and I'll be using it over the next few weeks to close bugs filed against Fedora 8 through 14. Once a week, I'll be taking one version's bugs and closing them with the EXPIRED resolution and adding a comment on the next version's bugs warning that they will be closed a week later. Once we're done with those, it will probably be time to do the same thing to the Fedora 15 bugs. At that point, we'll probably join the Fedora bug triage cycle, doing this every 6 months.
May 04, 2011
David Miller
The hardware behind bugzilla.mozilla.org
November 11, 2009
David Miller
Upgrading bugzilla.mozilla.org to version 3.4.3
Continue reading "Upgrading bugzilla.mozilla.org to version 3.4.3"