[ANNOUNCEMENT] Mozilla Bugzilla 4.0 Upgrade Testing and Feedback Needed - April 16th, 2011

Skip to first unread message

David Lawrence

Mar 14, 2011, 10:46:52 AM3/14/11
to dev-pl...@lists.mozilla.org, ever...@mozilla.com

Following on the heels of another popular 4.0 release happening
currently, the Mozilla Bugzilla team is happy to announce the first test
release of the next version of Bugzilla based on the upstream 4.0 code base.

We are hoping to have the upgrade completed by April 16th, 2011. Please
let us know if that date will have any negative impact on development

For more detailed project information as well as the full schedule, see:

Please test drive at:

Over the years Mozilla has made substantial customizations to Bugzilla
to help streamline Engineering processes. Over time the upstream has
incorporated some of these customizations or solved them in different
ways. Upgrading still reduces our customization footprint (and thus
maintenance) while bringing many bug fixes & enhancements. In our
current code, most of the customizations are directly in the Bugzilla
code itself. With the new 4.0 BMO release, most of the customizations
were moved to a new BMO Bugzilla extension. This will help
with future upgrade efforts.

The main area of focus for our test releases are stability.
Functionality that currently works in our 3.6 code base should continue
to work as expected in the new version 4.0. Please let us know of any
customizations that are missing as well.

In addition to basic functionality and stability, some new features
added by the Mozilla Bugzilla team for 4.0 that are ready for testing
and feedback:

Splinter: The Splinter patch review system as been revamped and will be
enabled at the time of 4.0 release. It has been rewritten as a Bugzilla
extension and accesses Bugzilla data directly so there is no longer a
need for use of the webservices API. It has also been converted from
jQuery to YUI. https://bugzilla.mozilla.org/show_bug.cgi?id=570786

SecureMail: The SecureMail Bugzilla extension has been included in the
BMO 4.0 code and will also be enabled for the rollout of 4.0. This will
allow for email notifications for specific secure bugs to be encrypted
before being delivered. Users will need to upload their S/MIME
certificates or public PGP keys to Bugzilla so they can decrypt the
Bugzilla emails. Otherwise the email will only include limited
information. More information on this feature can be viewed at

Component Watching: Currently BMO only allows for watching of particular
user accounts. Users of BMO would like to also be able to receive bug
notifications on bugs assigned specific Bugzilla field values such as
components. https://bugzilla.mozilla.org/show_bug.cgi?id=634531

Splinter, SecureMail, and Component Watching are currently undergoing
security reviews by the Mozilla Security Team.

*Note*: Once the security reviews have been completed we will be able to
open the testing up to external users as well. Currently you will
require a permitted LDAP account to access the test instance.

Other features we are currently working on and hoping to have available
for the 4.0 release:

Pulse: The Pulse Bugzilla extension will send messages to a message
broker via AMQP or STOMP whenever an object (bug, keyword, component,
etc) is created or modified. Application developers can then monitor the
AMQP server for changes they are interested in. For more information,
please see https://wiki.mozilla.org/BMO/Pulse.

SiteMap: The SiteMap Bugzilla extension will allow various search
engines to index bugs in BMO.

There are numerous other changes behind the scenes that we haven't
listed. The goal is to make sure that functionality that people have
come to expect in 3.6 is still possible in the new system.

Please feel free to point your various scripts and third party
applications that use the XMLRPC/JSON API at the test server to make
sure they continue to function properly.

There are also numerous new features/fixes that are part of the upstream
version 4.0. Some more notable updates include enhanced WebService support,
UI enhancements, automatic duplicate detection, enhanced custom field
functionality, autocomplete for users, and search improvements. For more
detailed information on what has changed since the last upstream
release, check out the full release notes page at

The database is a recent snapshot of the live database so should be
useful for testing to make sure the information is displayed properly
and changeable. Also with a full snapshot it is possible to test for any
performance related issues.

*Note*: Email has been disabled so that unnecessary spam is not sent
out. So feel free to make changes to bugs to verify proper working
order. We realize this may make it difficult to fully test some of the
features of Bugzilla and we are working on a suitable solution.

We are asking for everyone to get involved as much as possible with
testing and feedback on all of the test releases to help us make this
the most robust and stable roll out as possible.

Please file any enhancement requests or bug reports in the production
Bugzilla system at

Thanks, The Mozilla Bugzilla Team

Gervase Markham

Mar 14, 2011, 2:40:20 PM3/14/11
On 14/03/11 14:46, David Lawrence wrote:
> *Note*: Once the security reviews have been completed we will be able to
> open the testing up to external users as well. Currently you will
> require a permitted LDAP account to access the test instance.

To clarify here: until OpSec have done a security review on the new
code, they require that access to the test system be restricted, because
it is running against a full copy of the BMO database, including
security bugs.

At the moment, it is restricted to the BugzillaTesters group in
Mozilla's LDAP system. If you otherwise have an LDAP account (i.e.,
basically, you have commit access to something) and have interest in
testing Bugzilla, then contact just...@mozilla.com to be made a member.

We hope to remove the access controls soon, but OpSec are a busy group :-)


Dave Miller

Mar 14, 2011, 10:56:28 PM3/14/11
In article <dqSdnRbfxvqI_OPQ...@mozilla.org>, Gervase
Markham <ge...@mozilla.org> wrote:

Just to follow up on this, please don't email me for this unless you're
also a member of the core security group in Bugzilla. I can't let
anyone in beyond that at this time, unfortunately. We'll be dropping
the auth altogether once the security review is done (which probably
won't happen until after Firefox 4 releases).

Apologies to everyone for the wide distribution, the intent of this
mailing was more for scheduling purposes to make sure there weren't
major conflicts the the planned release date. The widespread call for
testers should have waited a bit yet. We'll let you all in soon.

Dave Miller
Systems Administrator, Mozilla Corporation

Reply all
Reply to author
0 new messages