[bugzilla-gnome-org-upstream/4.4] Bug 1269389 - Release notes for Bugzilla 4.4.12 r=dkl

From: Andrea Veri <av src gnome org>
To: commits-list gnome org
Cc:
Subject: [bugzilla-gnome-org-upstream/4.4] Bug 1269389 - Release notes for Bugzilla 4.4.12 r=dkl
Date: Wed, 18 May 2016 11:57:49 +0000 (UTC)

commit 3cbbb6a019dc977f7defca23acee143de4bf4b35
Author: Frédéric Buclin <LpSolit gmail com>
Date:   Fri May 13 20:34:38 2016 +0200

    Bug 1269389 - Release notes for Bugzilla 4.4.12
    r=dkl

 template/en/default/pages/release-notes.html.tmpl |   25 +++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)
---
diff --git a/template/en/default/pages/release-notes.html.tmpl 
b/template/en/default/pages/release-notes.html.tmpl
index 7763413..7b35f74 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -45,6 +45,31 @@
 
 <h2 id="v44_point">Updates in this 4.4.x Release</h2>
 
+<h3>4.4.12</h3>
+
+<p>This release fixes one security issue. See the
+  <a href="https://www.bugzilla.org/security/4.4.11/";>Security Advisory</a>
+  for details.</p>
+
+<p>This release also contains the following [% terms.bug %] fixes:</p>
+
+<ul>
+  <li>The <kbd>Encode</kbd> module changed the way it encodes strings, causing
+    email addresses in emails sent by [%terms.Bugzilla %] to be encoded,
+    preventing emails from being correctly delivered to recipients.
+    We now encode email headers correctly.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1246228";>[% terms.Bug %] 1246228</a>)</li>
+  <li>When exporting a buglist as a CSV file, fields starting with either
+    "=", "+", "-" or "@" are preceded by a space to not trigger formula
+    execution in Excel.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1259881";>[% terms.Bug %] 1259881</a>)</li>
+  <li>An extension which allows user-controlled data to be used as a link in
+    tabs could trigger XSS if the data is not correctly sanitized.
+    [%+ terms. Bugzilla %] no longer relies on the extension to do the sanity
+    check. A vanilla installation is not affected as no tab is user-controlled.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1250114";>[% terms.Bug %] 1250114</a>)</li>
+</ul>
+
 <h3>4.4.11</h3>
 
 <p>This release fixes two security issues. See the

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]