You can also follow a number of our contributors (some of whom don't blog) on Twitter.
Bugzilla Project Updates
As you know, we’re working on two fronts in Bugzilla Development:
A quality-of-life release (5.2) which includes support for utf8mb4,
MySQL 8 compatibility, and compatibility with the latest versions of perl.
A feature-packed release (6.0) which includes the UX/UI from bugzilla.mozilla.org, based on mojolicious.
The 5.2 Update
At the behest of justdave I’ve focused my attention on the quality of life release (5.2). I had desired to be able to release that this week, but this has fallen short because of unforeseen complications.
Here’s a list of things that are ready in the 5.2 branch:
- MySQL 8 regexp compatibility (it turns out our default emailregexp wasn’t compatible with MySQL 8)
- SQLite works again (sqlite was broken and is untested in the 5.2 branch)
- Fixing Safe.pm bug in latest perl (the latest perl has a bug with Safe and Bugzilla must work around it)
- checksetup.pl completes and large parts of the code work on MySQL 8
The problems remaining are that it is there are many places where snippets of sql are generated and it is non-obvious where and when to quote them. There are cases where an ORDER BY
must be quoted, for instance.
Because the patch set to quote all occurrences of is already quite large, I began exploring a more comprehensive fix on February 3rd. This approach is promising, and may result in a bit of reusable code useful to other Perl applications that have forbidden column or table names that used to work.
At the time of writing, I have written a mysql expression parser that can handle nearly every SQL expression used in Bugzilla. It takes a SQL expression and then quotes all column and table references. While the parser is over 300 lines, it means the overall patch is localized to one new file and a minor change to Bugzilla::DB
. I hope to finish the parser this week, and have the patch in review over the weekend (Feb 8/Feb 9).
The 6.0 Update
Since the last meeting, I came up with this (rough) release plan. I’m working on the second version of this, but the gist here is very accurate. We know the “6.0” release will work, because we know bugzilla.mozilla.org works every day.
- Delete Mozilla-specific code and branding
- The Mozilla logo
- Make it so nobody@mozilla.org is not hard-coded anywhere
- Remove the
Bugzilla::Report::*
classes as those are specific reporting features of BMO that
- Ensure a migration (schema migration) is possible from 5.0 to 6.0.
- This is mainly a matter of reversing the “multiple aliases” support that was added in 5.0 but is not going to be present in 6.0.
- There are complications involving the db schema and how email works that are TBD
- If possible, some dependencies that are difficult to package (or not maintained well) must be dropped.
- Mostly this is
Data::Password::passwdqc
. - As we will not add new features, this means forgoing password complexity checks which is actually a good thing as passwdqc rejects perfectly fine randomly generated passwords and people hate it.
- Mostly this is
- Validate that we can run against PostgreSQL
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1541303] Default component bug type is not set as expected; enhancement severity is still used for existing bugs
- [1543760] When cloning a bug, the bug is added to ‘Regressed by’ of the new bug
- [1543718] Obsolete attachments should have a strikethrough
- [1543798] Do not treat email addresses with invalid.bugs as unassigned when displaying bugs
- [1544304] Wrong escaping of quotes in attachment titles.
- [1541555] Add facility for requiring an API Key to always come from the same IP address
- [1545295] socorro lens chart for crash statistics blocked by CSP (Blocked by Content Security Policy)
- [1543163] Make Toolkit :: Blocklist Policy Request component private by default
- [1545269] Request for Bug Dependency Graphs return a 404
discuss these changes on mozilla.tools.bmo.
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1523317] Exclude Graveyard products from QuickSearch results
- [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage
- [1524213] phabricator revisions list on bug page has extra / in the revision link
- [1523404] Cannot clear all scopes when editing an oauth2 client. Throws DB error
- [1525308] Custom Bug Entry Form for Blocklist Policy Requests
- [1525451] Update triage owner report defaults
- [1524158] markdown generated by approval comment form could be improved
- [1525808] Remove CC changes from activity stream
- [1476111] Enable syntax highlighting in comment code blocks
- [1528334] Adding image to main bugzilla screen for User Research
- [1047539] Bugmails including “See Also” bug links do not include a “Referenced Bugs” section with the summary of the other bug
- [1402894] Remove “Restrict this session to this IP” option from login page
- [1461492] Add an optional regressed-by field in bugs
- [1528277] Add “Has STR” and “Has Regression Range” fields for the ‘External Software Affecting Firefox’ product
discuss these changes on mozilla.tools.bmo.
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1511490] BMO’s oauth tokens should be use jwt
- [1519782] The OrangeFactor extension should link back to Intermittent Failure View using ‘&tree=all’
- [1523004] Sort Phabricator revisions by numeric value instead of alphabetically
- [1523172] Advanced Search link on home page doesn’t always take me to Advanced Search
- [1523365] Ensure all requests have the HSTS header (if configured)
- [1433080] No longer show the template for tracking & release notes requests
- [1522731] When you click “Update comment”, the button changes size and the “Cancel” button jumps underneath your cursor, causing momentary panic that you canceled your edit
- [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage
discuss these changes on mozilla.tools.bmo.
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1511261] request queue page shows ‘Bugzilla::User=HASH(…)’ instead of username
- [1520856] “Opt out of these emails” at bottom of overdue request nagging emails doesn’t open desired page
- [1520011] Phabbugz panel short description missing
- [1518886] Remove outdated build plan code from PhabBugz extension used to move revisions from draft mode.
- [1509329] Do not display revisions that have moved out of the bug, but note the move in the bug history
- [1520533] Utilize Markdown in uplift form comments
- [1521653] Cannot edit comments after creating or updating an attachment
- [1518268] Re-style all markdown content, consistently
- [1520202] Sometimes the browser can cache the wrong version of an asset
- [1517429] Search: Filter out by default Product containing “Graveyard”
- [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage
- [1520582] Block ips of users that get too many page errors
- [1522155] Closed bug links don’t get their strike-through
discuss these changes on mozilla.tools.bmo.
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1487171] Allow setting bug flags when creating/updating attachment with API
- [1497077] Convert links, image/iframe sources, form actions to absolute path
- [1469733] Fix scrolling glitch on Safari
- [1496057] Security bugs report october update
- [1499905] Update BMO enter bug workflow to include Data Science
- [1370855] Add a Referrer-Policy response header
- [1501893] Tell robots to leave the graphs alone, and leave a trap
- [1501133] Attachment flags layout on new bug page is broken
- [1501888] Implement Bugzilla::Util::remote_ip() in terms of Mojolicious API
- [1502181] MockParams should set user/verify authentication classes to match production
- [1501849] Speed up IP blocked page
- [1502198] GitHubAuth cannot be removed from user_info_class in data/params if extension enabled or all logins will no longer work
- [1497230] Several custom form routes are not resolved, leading to 404 page not found, including Trademark Usage Requests
- [1502739] Disabled account doesn’t show any indication on the profile page
- [1479535] BUGZILLA.bug_url is wrong on bug page after POSTed, Copy Summary doesn’t work as expected
- [1501966] Security Bugs Report: Warn when there are outdated products or components in the teams list
discuss these changes on mozilla.tools.bmo.
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1496803] Suggested component links ignore cloned bug data
- [1497234] Remove Personas Plus GitHub link from Custom Bug Entry Forms index
- [1497070] In-page links are broken due to <base href> added during Mojo migration
- [1497437] The crash graph should display Exact Match results by default
- [623384] Use Module::Runtime instead of eval { require } or eval “use”
- [1496832] Add monitoring and preventative measures for feed daemon becoming unresponsive
- [1497343] Add some rudimentary type checking to Bugzilla::WebServe::Util::validate()
discuss these changes on mozilla.tools.bmo.
happy bmo push day (last friday)
(a few things went out on friday because of some API breakage, and didn’t get posted. woops)
the following changes have been pushed to bugzilla.mozilla.org:
- [1495349] Remove Persona extension
- [1263502] Add duplicates to /rest/bug/id
- [1495906] After mojo update /latest/configuration API call no longer works and gives page not found
- [1496233] “Dunno” -> “Don’t know” in approval request form
- [1489120] Add a rest API to get triage owners for each product/component pair
- [1495901] SES type checking error
- [1495746] /app/static/metricsgraphics/css/google-OpenSans.css missing in app container
- [1496570] Bugzilla doesn’t attempt to decode form-urlencoded data without a content-type header
- [1496172] Attachments with unicode filenames cause timeout errors when retreiving attachments
discuss these changes on mozilla.tools.bmo.
happy bmo push day – mojolicious edition
As previously announced at FOSDEM 2018 and then re-announced at MojoConf, bugzilla.mozilla.org is now running on Mojolicious “A next generation web framework for the Perl programming language”
This release incorporates 28 changes and the Mojolicious migration is the least interesting to the end-user, but it is pretty important in terms of being able to deliver rich experiences moving forward.
As an aside, it’s very possible to just download and run bugzilla now,
and the Bugzilla Harmony initiative could use some help cranking out a first release. Interested parties can reach out to me or find us in #bugzilla on irc.mozilla.org
the following changes have been pushed to bugzilla.mozilla.org:
- [1455495] Replace apache with Mojolicious
- [1487422] Remove Phabricator section from MyDashboard and related WebService API
- [1490687] Stop setting r+s on Phabricator attachments
- [1490708] Ensure we always call DBIx::Connector->dbh before any DBI method
- [1491973] Add GeckoView to BMO::Data special casing
- [1345673] Open Bugzilla History in a New Window or Tab
- [1490901] ReviewBoard stub attachments no longer make a redirect, download a text file instead
- [1492850] Remove places where headers are printed
- [1468489] Documentation points to https://landfill.bugzilla.org that is no longer maintained and will be shut down
- [1492511] Code to updating subscriber values for current private bugs is throwing errors in the phabbugz log
- [1470536] Add new GeckoView product to easy product selector on Browse and Enter Bug pages
- [1492346] scripts/syncflags.pl should also add the target product to any tracking flags that the source product is a member of
- [1492926] Handle DBIx::Connectors more appropriately
- [1473417] Show often/recently used products/components on New Bug page
- [1490595] Bugzilla update check should use https
- [1491850] restoreSavedBugComment takes a really long time (100ms)
- [1493295] Add short URL to each bug
- [1494065] Add a basic test using Test::Mojo
- [1489718] Insert form widgets for approval flag requests instead of free-form comment text
- [1493847] Fix buglist.cgi link label on product/component dropdown lists
- [1493500] Remove all trailing whitespaces from all files
- [1493490] Remove navigator.buildID usage from Bugzilla Helper
- [1494645] Allow customizing HTML <title> of search results
- [1421032] Detect Markdown attachment files as text/plain so Firefox can display the content
- [1418378] Use Material Icons on Bugzilla home page instead of low-res images
- [1495071] Mojolicious Cleanup
- [1495834] xmlrpc.cgi outputs headers in request-body
- [1495869] Crash graph not found after mojo migration
discuss these changes on mozilla.tools.bmo.
happy bmo push day!
the following changes have been pushed to bugzilla.mozilla.org:
- [1479350] “Phabricator Reviews Requested of You” lists bugs which I have reviewed
- [1374266] Improve the “Zarro Boogs found” message
- [1480169] Consider reducing the verbosity of phabricator ‘Revision Approved’ bugzilla comments
- [1478897] ensure phabbugs doesn’t fail outright when encountering invalid bug ids
- [1480599] Add “File new bug” menu to product/component hovercard
- [1481207] POST /rest/bug_user_last_visit returns random number instead of bug ID
- [1446855] enter_bug.cgi: Searching for duplicate bugs should trigger on changes to the Summary, not on all keystrokes
- [1480473] Component description page: highlighted component lacks padding
- [1474809] add “new to bugzilla” tag to non-comment changes
- [1480897] When making a revision public, make the revision editable only by the bmo-editbugs-team project (editbugs)
discuss these changes on mozilla.tools.bmo.