happy bmo push day!

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1174057 : Authentication Delegation should add an App
ID column to associate api keys with specific callbacks
https://bugzil.la/1163761 : Allow MozReview to skip user consent screen
for Authentication Delegation
https://bugzil.la/825946 : tracking flags should be cleared when a bug
is moved to a product/component where they are not valid
https://bugzil.la/1149593 : Hovering over "Copy Summary" changes the
button to a grey box
https://bugzil.la/1171523 : Change Loop product to Hello
https://bugzil.la/1175928 : flag changes made at the same time as a cc
change are not visible without showing cc changes
https://bugzil.la/1175644 : The cpanfile created by checksetup.pl
defines the same feature multiple times, breaking cpanm
https://bugzil.la/1176362 : [Voting] When a user votes enough to confirm
an individual bug, the bug does not change to CONFIRMED properly
https://bugzil.la/1176368 : [Voting] When updating votestoconfirm to a
new value, bugs with enough votes are not moved to CONFIRMED properly
https://bugzil.la/1161797 : Use document.execCommand("copy") instead of
flash where it is available
https://bugzil.la/1177239 : Please create a "Taskcluster Platform" product
https://bugzil.la/1144485 : Adapt upstream Selenium test suite to BMO
https://bugzil.la/1178301 : webservice_bug_update.t Parse errors: Bad
plan. You planned 927 tests but ran 921
https://bugzil.la/1163170 : Giving firefox-backlog-drivers rights to
edit the Rank field anywhere it appears in bugzilla
https://bugzil.la/1171758 : Persistent xss is possible on Firefox

--
byron jones - :glob - bugzilla.mozilla.org team lead -

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1178231 : When the tracking section is collapsed,
keywords are displayed like they are in the whiteboard
https://bugzil.la/1180449 : The modal user interface has changed the
behavior of ctype=xml URLs
https://bugzil.la/1180711 : invalid_cookies_or_token should have a real
error code
https://bugzil.la/1172968 : Move the scripts we want to keep from
contrib/* and place them in scripts/ directory. Remove contrib from repo
https://bugzil.la/1180788 : b.m.o modal UI "fixed in" label isn't quite
right for B2G
https://bugzil.la/1180776 : Mozilla Recruiting Requisition Opening
Process Template: Job Description Update

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1143132 : emails about redirected attachment urls link
to attachment-edit instead of the actual url (mozreview, github, etc)
https://bugzil.la/1181410 : "To see this bug, you must first log in to
an account" link is bright blue on red
https://bugzil.la/1181759 : After bug 1181410, test_bug_edit.t is
failing due to change in error message wording
https://bugzil.la/1181637 : Update Req Opening Process (Cost Center list
on 2015-07-08)
https://bugzil.la/1173442 : Implement admin UI changes to allow
selecting default product security group instead of editing code
https://bugzil.la/1178031 : Add an "applies to all platforms" link next
to "use my platform"
https://bugzil.la/1182375 : unable to create a database from scratch:
Unknown column 'secure_mail' in 'field list'
https://bugzil.la/1182387 : add bug.votes to api responses
https://bugzil.la/1182498 : Assignee not displayed when the assignee's
email address contains ".bugs"
https://bugzil.la/1180880 : Make the "URL" field in the new UI more
prominent
https://bugzil.la/1182500 : Clearing group flag doesn't work when also
moving bug to a different component
https://bugzil.la/1123143 : Make Bugzilla link to MozReview link
directly to diff instead of review request page.
https://bugzil.la/1182676 : form.dev-engagement-event: [existing field
modification]
https://bugzil.la/984438 : Don't send 'Your Overdue Requests' reminder
emails on weekends
https://bugzil.la/1182909 : Prevent new accounts from CCing large
numbers of users
https://bugzil.la/1180570 : store attachment size in the database

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1184454 : unable to create new products
https://bugzil.la/1184456 : cannot create a new product with 'detect' as
the default platform
https://bugzil.la/1183899 : Restricting access of bugs submitted from
the FSA Budget Request form
https://bugzil.la/1184755 : Update docker image runtests.sh to clone bmo
git repo with full history instead of --depth=1
https://bugzil.la/1180571 : remove the ability to search attachment data
https://bugzil.la/1183524 : api bustage caused by bug 1173442
https://bugzil.la/1183892 : Bugzilla disables browser context menu after
showing its username left-click menu
https://bugzil.la/1184984 : Current Selenium tests are failing due to
changes made by bug 1173442
https://bugzil.la/1184982 : The cpanfile generated by checksetup results
in an unsuccessful mod_perl install
https://bugzil.la/1185440 : activity bound to comments which are
default-hidden is not hidden by default
https://bugzil.la/1185455 : Remove use of non-standard flag argument of
String.prototype.replace in inline-history.js.
https://bugzil.la/1177497 : Backport upstreams 5.0 rST docs to BMO and
make publicly available at https://bmo.readthedocs.org
https://bugzil.la/1184001 : deliver error report to sentry via cron
instead of immediately
https://bugzil.la/1180572 : create attachment_storage parameter
https://bugzil.la/1185852 : sentry.pl should exit early if there aren't
any reports to send

to improve security bugzilla.mozilla.org now serves attachments from a
different domain - bmoattachments.org - instead of from a subdomain of
bugzilla.mozilla.org. all existing links should continue to work, and
will redirect to a bmoattachments.org url.

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1185823 : add additional [audit] syslog entries
https://bugzil.la/1185467 : jobqueue2.bugs.scl3.mozilla.com keeps
alerting for swap
https://bugzil.la/1187184 : Minor updates to gear form
https://bugzil.la/1184828 : api searches should honour the same fields
in its "order" parameter as the web UI
https://bugzil.la/1186803 : remove %product_sec_groups from bmo/lib/data.pm
https://bugzil.la/1186776 : allow users to set keywords on bug creation
(via API/internally only)
https://bugzil.la/1181453 : Amend
https://bugzilla.mozilla.org/form.fxos.feature form
https://bugzil.la/1186788 : disabling an account should always disable
bugmail
https://bugzil.la/1171806 : add the ability for a user to
disable/"remove" their own account
https://bugzil.la/1187498 : Disable SiteMapIndex extension if running on
under development site instead of production

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1189075 : keyboard shortcut for going into edit mode
conflicts with Firefox's tab groups feature
https://bugzil.la/1188339 : Increase length of all tokens value for
greater security
https://bugzil.la/1185856 : Tabbing out of the keyword field should not
select the first available keyword
https://bugzil.la/1189172 : remove link to 'release notes' from index
page, and point 'help' to bmo.readthedocs.org
https://bugzil.la/1188561 : Pre-populate form.fxos.feature fields with
GET parameters
https://bugzil.la/1189362 : Fix memory leak in Bugzilla::Bug->comments
https://bugzil.la/1190255 : modal UI is used immediately after bug
creation when using a non-standard form, even if preferenced off

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1191016 : Additional changes needed to the Intern
Request Form
https://bugzil.la/1167622 : red border in confirmation of changes is
misleading - should be green as the text
https://bugzil.la/1153108 : add page allowing users to grant canconfirm
rights onto themselves
https://bugzil.la/1146761 : clicking on a date/flag/etc should scroll to
the corresponding change
https://bugzil.la/1192893 : Deactivated keywords cause the table on the
keyword descriptions page to render strangely
https://bugzil.la/1187220 : develop a script to remove non-public data
from the bmo database

[Byron Jones]

today's out-of-band push brought to you by some important changes to the
intern request form :)

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1160929 : add support for storing attachments in s3
https://bugzil.la/1190693 : Rewrite auth delegation to use a server-side
POST instead of a client-side GET to delegate API Key
https://bugzil.la/1184332 : Add Restricted API calls for MozReview
https://bugzil.la/1190029 : Would like a way to see which groups are
'secure' groups in editusers.cgi when diagnosing password reset issues
https://bugzil.la/1193590 : Warning about obsolete patches on an
unassigned bug
https://bugzil.la/1036872 : Bugmail filtering allows through bugmail
that should be blocked when combined with the standard email prefs
https://bugzil.la/1192854 : change tabs on user preferences from
horizontal to vertical layout
https://bugzil.la/1193878 : Make a few more fields optional on the
intern request form
https://bugzil.la/1192688 : add ip to last used api key information

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1194584 : "has cert" and "member of secure group"
shouldn't be visible when creating a user
https://bugzil.la/1181596 : Modal UI doesn't honor the "where to put the
additional comment textarea" preference
https://bugzil.la/1193190 : 'view account history' on edituser should
include audit_log entries
https://bugzil.la/979441 : Under mod_perl, some modules aren't preloaded
at startup
https://bugzil.la/981487 : change bugs_fulltext from myisam to innodb
https://bugzil.la/1195315 : Use of uninitialized value in string eq at
Bugzilla/Product.pm line 99
https://bugzil.la/1195593 : Able to delete any Bugzilla user's Bugmail
Filter
https://bugzil.la/1195598 : The "unknown_action" error message could
confuse the user
https://bugzil.la/1195620 : stop sending http cookies to sentry
https://bugzil.la/1194250 : 'take' button should uncheck "reset assignee
to default"

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1195362 : Quicksearch error pages ("foo is not a
field" and friends) should still fill in search into quicksearch box
https://bugzil.la/1190476 : set Comment field in GPG email to the URL of
the bug
https://bugzil.la/1195645 : don't create a new session for every
authenticated REST/BzAPI call
https://bugzil.la/1197084 : No mail sent when bugs added to or removed
from *-core-security groups
https://bugzil.la/1196614 : restrict the ability for users with
editusers/creategroups to alter admins and the admin group
https://bugzil.la/1196092 : Switch logincookies primary key to
auto_incremented id, make cookie a secondary UNIQUE key
https://bugzil.la/1197699 : always store the ip address in the
logincookies table
https://bugzil.la/1197696 : group_members report doesn't display nested
inherited groups
https://bugzil.la/1196134 : add ability for admins to force a user to
change their password on next login
https://bugzil.la/1192687 : add the ability for users to view and revoke
existing sessions
https://bugzil.la/1195836 : Remove install-module.pl from bmo
https://bugzil.la/1180733 : "An invalid state parameter was passed to
the GitHub OAuth2 callback" error when logging in with github

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1197073 : add support for 2fa using totp (eg. google
authenticator)
https://bugzil.la/1199136 : security bug group moves for new
core-security-release group
https://bugzil.la/1199941 : inactive sessions should expire faster (a week)

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org (over the
last couple of days):

https://bugzil.la/1200600 : message about 2fa's interaction with api
authentication should be visible when 2fa is enabled
https://bugzil.la/1200610 : jsonrpc API requests do not work when
"Require API-Key authentication for API requests" is enabled due to
missing API tokens
https://bugzil.la/1200618 : Layout of the TOTP 2FA leads to missing the
token time window and thus frustration
https://bugzil.la/1200957 : when a non-admin edits a user the 2fa
setting is incorrectly reported
https://bugzil.la/1200974 : "API-Key" in 2fa text should be "API key" to
match the rest of bugzilla
https://bugzil.la/1196618 : add support for group owners
https://bugzil.la/1196508 : Intern Request Metric Dashboard
https://bugzil.la/1200961 : switching to the modal view doesn't force
the mozilla skin
https://bugzil.la/1201116 : remove the duo mobile client from suggested
apps due to its lack of handling of expired codes

[Byron Jones]

the following changes have been pushed to bugzilla.mozilla.org:

https://bugzil.la/1201415 : add message informing users to check their
mobile device's time if they have issues enrolling
https://bugzil.la/1202461 : Missing real email syntax check
https://bugzil.la/1201954 : Add a "forgot password" link to user
preferences -> account
https://bugzil.la/1202147 : Performing a Simple Search results in the
message "invalid column names: relevance desc"
https://bugzil.la/1202845 : Update to Recruiting form (HRBP list, Textio
component)
https://bugzil.la/1202975 : warning about api key requirement is no
longer shown when enabling 2fa
https://bugzil.la/1202976 : change the suggested fxos 2fa app