Bugzilla 2.16.4 and 2.17.5 ReleasedMonday November 3rd, 2003Vlad Dascalu writes: "The Bugzilla team yesterday released two new versions, 2.16.4 (based on the stable branch) and 2.17.5 (the development version). Release notes, a security advisory and a status update are available from the Bugzilla homepage. "Both versions fix multiple security bugs found during the development process. The Bugzilla team recommends upgrading to the latest stable version to ensure security and proper operation. "The status update includes information about the new features found in the development version, as well as details about the road towards Bugzilla 2.18. "Bugzilla is a open-source bug-tracking system released under the MPL license that is currently used by the Mozilla Foundation in order to assist with its software development." I can't use the b.m.o sidebar because they didn't upgrade their version of Bugzilla. Maybe this will encourage them to do that. Maybe, but b.m.o. has got further behind before, and I can't see that any of these security issues are very relevant on b.m.o. - the products on b.m.o. aren't secret; I don't think there's anyone untrusted that has the ability to edit keywords; and accessing the summaries of security bugs via votes doesn't seem significant either - seems you would have to know that someone had voted on a particular bug to find that. When security bugs in Bugzilla are discovered, b.m.o. normally applies the patches directly. So none of these issues will affect it even if we don't upgrade for a little while. Gerv #5 Re: Re: Re: Maybe now bugzilla.mozilla.org will upby alanjstr Wednesday November 5th, 2003 12:07 PM Its not just the security bugs I want to see fixed. Bug 73665 is on the "to do list", accorting to the status update. It blocks bug 83245 http://bugzilla.mozilla.org/show_bug.cgi?id=83245 which is the main contributor to bugzilla "spam" (you know, those annoying "Bug xxxx has been marked as a duplicate of this bug" messages). |