Release Notes for Bugzilla 3.0.1

Table of Contents

• Introduction
• Updates In This 3.0.x Release
• Minimum Requirements
• New Features and Improvements
• Outstanding Issues
• Security Fixes In This Release
• How to Upgrade From An Older Version
• Code Changes Which May Affect Customizations
• Release Notes for Previous Versions

Introduction

Welcome to Bugzilla 3.0! It's been over eight years since we released
Bugzilla 2.0, and everything has changed since then. Even just since our
previous release, Bugzilla 2.22, we've added a lot of new features. So
enjoy the release, we're happy to bring it to you.

If you're upgrading, make sure to read How to
Upgrade From An Older Version. If you are upgrading from a release before
2.22, make sure to read the release notes for all the previous versions in between your version and Bugzilla
3.0.

Updates in this 3.0.x Release

This section describes what's changed in the most recent bug-fix
releases of Bugzilla after 3.0. We only list the most important fixes in each
release. If you want a detailed list of everything that's changed since
3.0, you should use our Change Log Page.

3.0.1

• For users of Firefox 2, the show_bug.cgi user interface should
  no longer "collapse" after you modify a bug. (Bug 370739)
• If you can bless a group, and you share a saved search with that group, it
  will no longer automatically appear in all of that group's footers unless you
  specifically request that it automatically appear in their footers. (Bug 365890)
• There is now a parameter to allow users to perform searches without any
  search terms. (In other words, to search for just a Product and Status on the
  Simple Search page.) The parameter is called
  specific_search_allow_empty_words. (Bug 385910)
• If you attach a file that has a MIME-type of text/x-patch or
  text/x-diff, it will automatically be treated as a patch by
  Bugzilla. (Bug
  365756)
• Dependency Graphs now work correctly on all mod_perl installations. There
  should now be no remaining signficant problems with running Bugzilla under
  mod_perl. (Bug
  370398)
• If moving a bug between products would remove groups from the bug, you are
  now warned. (Bug
  303183)
• On IIS, whenever Bugzilla threw a warning, it would actually appear on the
  web page. Now warnings are suppressed, unless you have a file in the
  data directory called errorlog, in which case warnings
  will be printed there. (Bug 390148)
• If you used email_in.pl to edit a bug that was protected by
  groups, all of the groups would be cleared. (Bug 385453)
• PostgreSQL users: New Charts were failing to collect data over time. They
  will now start collecting data correctly. (Bug 257351)
• Some flag mails didn't specify who the requestee was. (Bug 379787)
• Instead of throwing real errors, collectstats.pl would just say
  that it couldn't find ThrowUserError. (Bug 380709)
• Logging into Bugzilla from the home page works again with IIS5. (Bug 364008)
• If you were using SMTP for sending email, sometimes emails would be missing
  the Date header. (Bug 304999).
• In the XML-RPC WebService, Bug.legal_values now
  correctly returns values for custom fields if you request values for custom
  fields. (Bug
  381737)
• The "Bug-Writing Guidelines" page has been shortened and re-written. (Bug 378590)
• If your urlbase parameter included a port number, like
  www.domain.com:8080, SMTP might have failed. (Bug 384501)
• For SMTP users, there is a new parameter, smtp_debug. Turning
  on this parameter will log the full information about every SMTP session to your
  web server's error log, to help with debugging issues with SMTP. (Bug 384497)
• If you are a "global watcher" (you get all mails from every bug), you can
  now see that in your Email Preferences. (Bug 365302)
• The Status and Resolution of bugs are now correctly localized in CSV search
  results. (Bug
  389517)
• The "Subject" line of an email was being mangled if it contained non-Latin
  characters. (Bug
  387860)
• Editing the "languages" parameter using editparams.cgi would
  sometimes fail, causing Bugzilla to throw an error. (Bug 335354)

Minimum Requirements

Any requirements that are new since 2.22 will look like this.

• Perl
• For MySQL Users
• For PostgreSQL Users
• Required Perl Modules
• Optional Perl Modules

Perl

• Perl v5.8.0 (non-Windows
  platforms)
• Perl v5.8.1 (Windows platforms)

For MySQL Users

• MySQL v4.1.2
• perl module: DBD::mysql v2.9003

For PostgreSQL Users

• PostgreSQL v8.00.0000
• perl module: DBD::Pg v1.45

Required Perl Modules

Module	Version
CGI	2.93
Date::Format	2.21
DBI	1.41
File::Spec	0.84
Template	2.12
Email::Send	2.00
Email::MIME::Modifier	(Any)

Optional Perl Modules

The following perl modules, if installed, enable various features of
Bugzilla:

Module	Version	Enables Feature
LWP::UserAgent	(Any)	Automatic Update Notifications
Template::Plugin::GD::Image	(Any)	Graphical Reports
GD::Graph	(Any)	Graphical Reports
GD::Text	(Any)	Graphical Reports
GD	1.20	Graphical Reports, New Charts, Old Charts
Email::MIME::Attachment::Stripper	(Any)	Inbound Email
Email::Reply	(Any)	Inbound Email
Net::LDAP	(Any)	LDAP Authentication
HTML::Parser	3.40	More HTML in Product/Group Descriptions
HTML::Scrubber	(Any)	More HTML in Product/Group Descriptions
XML::Twig	(Any)	Move Bugs Between Installations
MIME::Parser	5.406	Move Bugs Between Installations
Chart::Base	1.0	New Charts, Old Charts
Image::Magick	(Any)	Optionally Convert BMP Attachments to PNGs
PatchReader	0.9.4	Patch Viewer
SOAP::Lite	(Any)	XML-RPC Interface
mod_perl2	1.999022	mod_perl
CGI	3.11	mod_perl
Apache::DBI	0.96	mod_perl

New Features and Improvements

• Custom Fields
• mod_perl Support
• Shared Saved Searches
• Attachments and Flags on New Bugs
• Custom Resolutions
• Per-Product Permissions
• User Interface Improvements
• XML-RPC Interface
• Skins
• Unchangeable Fields Appear Unchangeable
• All Emails in Templates
• No More Double-Filed Bugs
• Default CC List for Components
• File/Modify Bugs By Email
• Users Who Get All Bug Notifications
• Improved UTF-8 Support
• Automatic Update Notification
• Welcome Page for New Installs
• Other Enhancements and Changes

Custom Fields

Bugzilla now includes very basic support for custom fields.

Users in the admin group can add plain-text or drop-down custom
fields. You can edit the values available for drop-down fields using the "Field
Values" control panel.

Don't add too many custom fields! It can make Bugzilla very difficult to use.
Try your best to get along with the default fields, and then if you find that
you can't live without custom fields after a few weeks of using Bugzilla, only
then should you start your custom fields.

mod_perl Support

Bugzilla 3.0 supports mod_perl, which allows for extremely enhanced page-load
performance. mod_perl trades memory usage for performance, allowing
near-instantaneous page loads, but using much more memory.

If you want to enable mod_perl for your Bugzilla, we recommend a minimum of
1.5GB of RAM, and for a site with heavy traffic, 4GB to 8GB.

If performance isn't that critical on your installation, you don't have the
memory, or you are running some other web server than Apache, Bugzilla still
runs perfectly as a normal CGI application, as well.

Shared Saved Searches

Users can now choose to "share" their saved searches with a certain group.
That group will then be able to "subscribe" to those searches, and have them
appear in their footer.

If the sharer can "bless" the group he's sharing to, (that is, if he can add
users to that group), it's considered that he's a manager of that group, and his
queries show up automatically in that group's footer (although they can
unsubscribe from any particular search, if they want.)

In order to allow a user to share their queries, they also have to be a
member of the group specified in the querysharegroup parameter.

Users can control their shared and subscribed queries from the "Preferences"
screen.

Attachments and Flags on New Bugs

You can now add an attachment while you are filing a new bug.

You can also set flags on the bug and on attachments, while filing a new
bug.

Custom Resolutions

You can now customize the list of resolutions available in Bugzilla,
including renaming the default resolutions.

The resolutions FIXED, DUPLICATE and
MOVED have a special meaning to Bugzilla, though, and cannot be
renamed or deleted.

Per-Product Permissions

You can now grant users editbugs and canconfirm for
only certain products. You can also grant users editcomponents on a
product, which means they will be able to edit that product including
adding/removing components and other product-specific controls.

User Interface Improvements

There has been some work on the user interface for Bugzilla 3.0,
including:

• There is now navigation and a search box a the top of each page, in
  addition to the bar at the bottom of the page.
• A re-designed "Format for Printing" page for bugs.
• The layout of show_bug.cgi (the bug editing page) has been
  changed, and the attachment table has been redesigned.

XML-RPC Interface

Bugzilla now has a Web Services interface using the XML-RPC protocol. It can
be accessed by external applications by going to the xmlrpc.cgi on
your installation.

Documentation can be found in the Bugzilla API Docs, in the
various Bugzilla::WebService modules.

Skins

Bugzilla can have multiple "skins" installed, and users can pick between
them. To write a skin, you just have to write several CSS files. See the Custom Skins
Documentation for more details.

We currently don't have any alternate skins shipping withBugzilla. If you
write an alternate skin, please let us know!

Unchangeable Fields Appear Unchangeable

As long as you are logged in, when viewing a bug, if you cannot change a
field, it will not look like you can change it. That is, the value will just
appear as plain text.

All Emails in Templates

All outbound emails are now controlled by the templating system. What used to
be the passwordmail, whinemail,
newchangedmail and voteremovedmail parameters are now
all templates in the template/ directory.

This means that it's now much easier to customize your outbound emails, and
it's also possible for localizers to have more localized emails as part of their
language packs, if they want.

We also added a mailfrom parameter to let you set who shows up
in the From field on all emails that Bugzilla sends.

No More Double-Filed Bugs

Users of Bugzilla will sometimes accidentally submit a bug twice, either by
going back in their web browser, or just by refreshing a page. In the past, this
could file the same bug twice (or even three times) in a row, irritating
developers and confusing users.

Now, if you try to submit a bug twice from the same screen (by going back or
by refreshing the page), Bugzilla will warn you about what you're doing, before
it actually submits the duplicate bug.

Default CC List for Components

You can specify a list of users who will always be added to the CC
list of new bugs in a component.

File/Modify Bugs By Email

You can now file or modify bugs via email. Previous versions of Bugzilla
included this feature only as an unsupported add-on, but it is now an official
interface to Bugzilla.

For more details see the documentation for
email_in.pl.

Users Who Get All Bug Notifications

There is now a parameter called globalwatchers. This is a
comma-separated list of Bugzilla users who will get all bug notifications
generated by Bugzilla.

Group controls still apply, though, so users who can't see a bug still won't
get notifications about that bug.

Improved UTF-8 Support

Bugzilla users running MySQL should now have excellent UTF-8 support if they
turn on the utf8 parameter. (New installs have this parameter on by
default.) Bugzilla now correctly supports searching and sorting in non-English
languages, including multi-bytes languages such as Chinese.

Automatic Update Notification

If you belong to the admin group, you will be notified when you
log in if there is a new release of Bugzilla available to download.

You can control these notifications by changing the
upgrade_notification parameter.

If your Bugzilla installation is on a machine that needs to go through a
proxy to access the web, you may also have to set the proxy_url
parameter.

Welcome Page for New Installs

When you log in for the first time on a brand-new Bugzilla installation, you
will be presented with a page that describes where you should go from here, and
what parameters you should set.

QuickSearch Plugin for IE7 and Firefox 2

Firefox 2 users and Internet Explorer 7 users will be presented with the
option to add Bugzilla to their search bar. This uses the QuickSearch
syntax.

Other Enhancements and Changes

These are either minor enhancements, or enhancements that have very short
descriptions. Some of these are very useful, though!

Enhancements That Affect Bugzilla Users

• In comments, quoted text (lines that start with >) will be a
  different color from normal text.
• There is now a user preference that will add you to the CC list of any bug
  you modify. Note that it's on by default.
• Bugs can now be filed with an initial state of ASSIGNED, if you
  are in the editbugs group.
• By default, comment fields will zoom large when you are typing in them, and
  become small when you move out of them. You can disable this in your user
  preferences.
• You can hide obsolete attachments on a bug by clicking "Hide Obsolete" at
  the bottom of the attachment table.
• If a bug has flags set, and you move it to a different product that has
  flags with the same name, the flags will be preserved.
• You now can't request a flag to be set by somebody who can't set it
  (Bugzilla will throw an error if you try).
• Many new headers have been added to outbound Bugzilla bug emails:
  X-Bugzilla-Status, X-Bugzilla-Priority,
  X-Bugzilla-Assigned-To, X-Bugzilla-Target-Milestone,
  and X-Bugzilla-Changed-Fields, X-Bugzilla-Who. You can
  look at an email to get an idea of what they contain.
• In addition to the old X-Bugzilla-Reason email header which
  tells you why you got an email, if you got an email because you were watching
  somebody, there is now an X-Bugzilla-Watch-Reason header that tells
  you who you were watching and what role they had.
• If you hover your mouse over a full URL (like
  http://bugs.mycompany.com/show_bug.cgi?id=1212) that links to a
  bug, you will see the title of the bug. Of course, this only works for bugs in
  your Bugzilla installation.
• If your installation has user watching enabled, you will now see the users
  that you can remove from your watch-list as a multi-select box, much like the
  current CC list. (Previously it was just a text box.)
• When a user creates their own account in Bugzilla, the account is now not
  actually created until they verify their email address by clicking on a link
  that is emailed to them.
• You can change a bug's resolution without reopening it.
• When you view the dependency tree on a bug, resolved bugs will be hidden by
  default. (In previous versions, resolved bugs were shown by default.)
• When viewing bug activity, fields that hold bug numbers (such as "Blocks")
  will have the bug numbers displayed as links to those bugs.
• When viewing the "Keywords" field in a bug list, it will be sorted
  alphabetically, so you can sanely sort a list on that field.
• In most places, the Version field is now sorted using a version-sort (so
  1.10 is greater than 1.2) instead of an alphabetical sort.
• Options for flags will only appear if you can set them. So, for example, if
  you can't grant + on a flag, that option won't appear for you.
• You can limit the product-related output of config.cgi by
  specifying a product= URL argument, containing the name of a product.
  You can specify the argument more than once for multiple products.
• You can now search the boolean charts on whether or not a comment is
  private.

Enhancements For Administrators

• Administrators can now delete attachments, making them disappear entirely
  from Bugzilla.
• sanitycheck.cgi can now only be accessed by users in the
  editcomponents group.
• The "Field Values" control panel can now only be accessed by users in the
  admin group. (Previously it was accessible to anybody in the
  editcomponents group.)
• There is a new parameter announcehtml, that will allow you to
  enter some HTML that will be displayed at the top of every page, as an
  announcement.
• The loginnetmask parameter now defaults to 0 for new
  installations, meaning that as long as somebody has the right login cookie, they
  can log in from any IP address. This makes life a lot easier for dial-up users
  or other users whose IP changes a lot. This could be done because the login
  cookie is now very random, and thus secure.
• Classifications now have sortkeys, so they can be sorted in an order that
  isn't alphabetical.
• Authentication now supports LDAP over SSL (LDAPS) or TLS (using the STARTLS
  command) in addition to plain LDAP.
• LDAP users can have their LDAP username be their email address, instead of
  having the LDAP mail attribute be their email address. You may wish
  to set the emailsuffix parameter if you do this.
• Administrators can now see what has changed in a user account, when using
  the "Users" control panel.
• REMIND and LATER are no longer part of the default
  list of resolutions. Upgrading installations will not be affected--they will
  still have these resolutions.
• editbugs is now the default for the timetrackinggroup
  parameter, meaning that time-tracking will be on by default in a new
  installation.

Outstanding Issues

• Bug 69621:
  If you rename or remove a keyword that is in use on bugs, you will need to
  rebuild the "keyword cache" by running sanitycheck.cgi
  and choosing the option to rebuild the cache when it asks. Otherwise keywords
  may not show up properly in search results.
• Bug 99215:
  Flags are not protected by "mid-air collision" detection. Nor are any attachment
  changes.
• Bug 89822:
  When changing multiple bugs at the same time, there is no "mid-air collision"
  protection.
• Bug
  276230: The support for restricting access to particular Categories of New
  Charts is not complete. You should treat the 'chartgroup' Param as the only
  access mechanism available.
  However, charts migrated from Old Charts will be
  restricted to the groups that are marked MANDATORY for the corresponding
  Product. There is currently no way to change this restriction, and the groupings
  will not be updated if the group configuration for the Product changes.
• Bug
  370370: mod_perl support is currently not working on Windows machines.
• Bug
  361149: If you are using Perl 5.8.0, you may get a lot of warnings in your
  Apache error_log about "deprecated pseudo-hashes." These are harmless--they are
  a bug in Perl 5.8.0. Perl 5.8.1 and later do not have this problem.
• Bugzilla 3.0rc1 allowed custom field column names in the database to be
  mixed-case. Bugzilla 3.0 only allows lowercase column names. It will fix any
  column names that you have made mixed-case, but if you have custom fields that
  previously were mixed-case in any Saved Search, you will have to re-create that
  Saved Search yourself.

Security Updates in This Release

3.0.1

Bugzilla 3.0 had three security issues that have been fixed in this release:
one minor information leak, one hole only exploitable by an admin or using
email_in.pl, and one in an uncommonly-used template. For details,
see the Security
Advisory.

How to Upgrade From An Older Version

Notes For Upgraders

• If you upgrade by CVS, there are several .cvsignore files that are now in
  CVS instead of being locally created by checksetup.pl. This means
  that you will have to delete those files when CVS tells you there's a conflict,
  and then run cvs update again.
• In this version of Bugzilla, the Summary field is now limited to 255
  characters. When you upgrade, any Summary longer than that will be truncated,
  and the old summary will be preserved in a comment.
• If you have the utf8 parameter turned on, at some point you will
  have to convert your database. checksetup.pl will tell you when this
  is, and it will give you certain instructions at that time, that you have to
  follow before you can complete the upgrade. Don't do the conversion yourself
  manually--follow the instructions of checksetup.pl.
• If you ever ran 2.23.3, 2.23.4, or 3.0rc1, you will have to run
  ./collectstats.pl --regenerate at the command line, because the data
  for your Old Charts is corrupted. This can take several days, so you may only
  want to run it if you use Old Charts.
• You should also read the Outstanding Issues sections of older release notes if you are upgrading from a version
  lower than 2.22.

Steps For Upgrading

1. Read these entire Release Notes, particularly the "Notes for Upgraders"
   section above.
2. View the Sanity
   Check page on your installation before upgrading. Attempt to fix all
   warnings that the page produces before you go any further, or you may experience
   problems during your upgrade.
3. Make a backup of the Bugzilla database before you upgrade, perhaps by using
   mysqldump. THIS IS VERY IMPORTANT. If anything goes
   wrong during the upgrade, your installation can be corrupted beyond recovery.
   Having a backup keeps you safe.

   Example: mysqldump -u root -p bugs > bugs-db.sql

4. Replace the files in your installation with the new version of Bugzilla, or
   you can try to use CVS to upgrade.

   You can also use a brand-new Bugzilla directory, as long as you copy over the
   old data/ directory and the localconfig file to the new
   installation.

5. Now follow the standard Bugzilla
   installation process.
6. Run checksetup.pl after you install the new version.
7. View the Sanity
   Check page again after you run checksetup.pl.
8. It is recommended that, if possible, you fix any problems you find
   immediately. Failure to do this may mean that Bugzilla will not work correctly.
   Be aware that if the sanity check page contains more errors after an upgrade, it
   doesn't necessarily mean there are more errors in your database than there were
   before, as additional tests are added to the sanity check over time, and it is
   possible that those errors weren't being checked for in the old version.

Code Changes Which May Affect
Customizations

• Packagers: Location Variables Have
  Moved
• Hooks!
• API Documentation
• Elimination of globals.pl
• Cleaned Up Variable Scoping Issues
• No More SendSQL
• Auth Re-write
• Bugzilla::Object
• Bugzilla->request_cache
• Other Changes

Packagers: Location Variables Have
Moved

In previous versions of Bugzilla, Bugzilla::Config held all the
paths for different things, such as the path to localconfig and the path to the
data/ directory.

Now, all of this data is stored in a subroutine,
Bugzilla::Constants::bz_locations.

Also, note that for mod_perl, bz_locations must return
absolute (not relative) paths. There is already code in that subroutine
to help you with this.

Hooks!

Bugzilla now supports a code hook mechanism. See the documentation for Bugzilla::Hook
for more details.

This gives Bugzilla very advanced plugin support. You can hook templates,
hook code, add new parameters, and use the XML-RPC interface. So we'd like to
see some Bugzilla plugins written! Let us know on the developers@bugzilla.org
mailing list if you write a plugin.

If you need more hooks, please File a
bug!

API Documentation

Bugzilla now ships with all of its perldoc built as HTML. Go ahead and read
the API Documentation
for all of the Bugzilla modules now! Even scripts like checksetup.pl
have HTML documentation.

Elimination of globals.pl

The old file globals.pl has been eliminated. Its code is now in
various modules. Each function went to the module that was appropriate for
it.

Usually we filed a bug in bugzilla.mozilla.org for each function
we moved. You can search there for the old name of the function, and that should
get you the information about what it's called now and where it lives.

Cleaned Up Variable Scoping Issues

In normal perl, you can have code like this:

my $var = 0;

sub y { $var++ }

However, under mod_perl that doesn't work. So variables are no longer
"shared" with subroutines--instead all variables that a subroutine needs must be
declared inside the subroutine itself.

No More SendSQL

The old SendSQL function and all of its companions are
gone. Instead, we now use DBI for all database interaction.

For more information about how to use DBI with Bugzilla, see the Developer's
Guide Section About DBI

Auth Re-write

The Bugzilla::Auth family of modules have been completely
re-written. For details on how the new structure of authentication, read the Bugzilla::Auth
API docs.

It should be very easy to write new authentication plugins, now.

Bugzilla::Object

There is a new base class for most of our objects, Bugzilla::Object.
It makes it really easy to create new objects based on things that are in the
database.

Bugzilla->request-cache

Bugzilla.pm used to cache things like the database connection in
package-global variables (like $_dbh). That doesn't work in mod_perl,
so instead now there's a hash that can be accessed through
Bugzilla->request_cache to store things for the rest of the
current page request.

You shouldn't access Bugzilla->request_cache directly, but
you should use it inside of Bugzilla.pm if you modify that. The only
time you should be accessing it directly is if you need to reset one of the
caches. Hash keys are always named after the function that they cache, so to
reset the template object, you'd do: delete
Bugzilla->request_cache->{template};.

Other Changes

• checksetup.pl has been completely re-written, and most of its
  code moved into modules in the Bugzilla::Install namespace. See the
  checksetup
  documentation and Bugzilla
  bug 277502 for details.
• Instead of UserInGroup(), all of Bugzilla now uses
  Bugzilla->user->in_group
• mod_perl doesn't like dependency loops in modules, so we now have a test for
  that detects dependency loops in modules when you run runtests.pl.
• globals.pl used to modify the environment variables, like
  PATH. That now happens in Bugzilla.pm.
• Templates can now link to the documentation more easily. See the
  global/code-error.html.tmpl and
  global/user-error.html.tmpl templates for examples. (Search for
  "docslinks.")
• Parameters are accessed through Bugzilla->params instead of
  using the Param() function, now.
• The variables from the localconfig file are accessed through the
  Bugzilla->localconfig hash instead of through
  Bugzilla::Config.
• Bugzilla::BugMail::MessageToMTA() has moved into its own module,
  along with other mail-handling code, called Bugzilla::Mailer
• The CheckCanChangeField() subroutine in
  process_bug.cgi has been moved to Bugzilla::Bug, and is
  now a method of a bug object.
• The code that used to be in the global/banner.html.tmpl template
  is now in global/header.html.tmpl. The banner still exists, but the
  file is empty.

Release Notes For Previous Versions

Release notes for versions of Bugzilla for versions prior to 3.0 are only
available in text format: Release
Notes for Bugzilla 2.22 and Earlier.