Bugzilla Changelog

What's new in Bugzilla 5.0.6

Apr 18, 2019

This release contains a schema change to the flagtypes table, allowing for many more flagtypes.
The flagtypes table should have been using a mediumint for several releases, but due to a bug in the schema migration code this never happened.

New in Bugzilla 5.0.5 (Apr 18, 2019)

New in Bugzilla 5.1.2 Development (Feb 17, 2018)

New in Bugzilla 5.0.4 (Feb 17, 2018)

New in Bugzilla 5.0.3 (Apr 4, 2017)

New in Bugzilla 5.0.2 (Dec 22, 2015)

New in Bugzilla 5.0.1 (Sep 10, 2015)

New in Bugzilla 5.0 (Jul 8, 2015)

Improved WebServices:
This release has major improvements in the WebServices interface. One big addition is a new REST-like endpoint alongside the existing XML-RPC and JSON-RPC endpoints. This will allow clients to access Bugzilla data using standard HTTP calls for easy development. Note: XML-RPC and JSON-RPC are deprecated in favor of REST and will likely be removed in the Bugzilla 7.0 release.
Also API key support has been added so that API calls will no longer need to use cookies or a user's login and password. Users can create a different API key for each application and revoke API keys that have been compromised or are no longer needed. The API key will simply be passed to each call as credentials.
Several methods have been added and existing ones improved to allow returning data that was not available before such as Group.get. Bug.search is now as full featured as the Advanced Query UI allowing for the same searches to be executed. Attachment data such as flags and other metadata can now be updated through the API. Other WebService changes are detailed below.
Improved Caching using Memcached:
Bugzilla now has the ability to connect to a Memcached server running either locally or on the network to allow fast access to different types of data. This cuts down on the amount of database hits and can improve performance. Other areas have been improved as well to take advantage of caching in memory for objects that are retrieved multiple times during a request such as user data, etc.
Ability to Tag Bug Comments:
Users can add tags, visible to other users, to bug comments. This gives the users the ability to thread conversations, mark comments as spam, identify important comments, etc. Users can hide comments that contain specific tags if desired. The tag input field also supports autocompletion so commonly used tags can be selected. Administrators can make specifically tagged comments be automatically hidden from view.
Improved Bug Group Membership Checking:
In the past, Bugzilla restricted who can view a bug to everyone who was a member of ALL the groups the bug was in. That is, the groups were ANDed together. This made some access control scenarios rather difficult to achieve. So now, Bugzilla defaults to (and can be switched to, in existing installations) a mode where the bug can be viewed by everyone who is a member of ANY group the bug is in. That is, the groups are ORed together. This give more flexibility in the way bugs are made private to specific groups of users.
Note: Group memberships for bugs and users are not changed at all when this setting is switched. When switching from AND to OR, this means that bugs may be more widely viewable than previously. It is the responsibility of the administrator to make sure that no bugs are accidentally revealed to the wrong people when changing this setting.
Improved Documentation for Users and Administrators:
The standard documentation that is shipped along with the Bugzilla code has been rewritten and improved using the reStructuredText format. This allows the documentation to be easily hosted at sites such as ReadTheDocs.org and can also be more easily converted into different formats such as HTML and PDF. A new section dedicated to the new REST WebService API has also been added, significantly improving on the old WebService documentation.
Other Enhancements and Changes:
Enhancements for Users:
Bugs: The deadline field is now visible to users not in the the timetracking group.
Bugs: There is now a "Preview" mode when creating a new comment that allows you to see how the comment will look before committing to the database.
Bugs: The reporter is now allowed to enter keywords at time of bug creation.
Bugs: "See Also" now allows spaces as well as commas to delimit multiple values.
Bugs: Auto linkification in comments of bug IDs and comment IDs has been improved.
Bugs: Bugs can now have multiple aliases assigned to them. Before each bug could only have a single value. Also, aliases are now visible in the browser's title bar.
Bugs: Users can now change the flags of multiple bugs at once using the mass-edit form.
Charts and Reports: UTF-8 characters are now correctly displayed in "New Charts" and graphical reports.
Charts and Reports: Custom multi-select fields are now available as report axis options. This makes them usable for categorizing bugs in reports.
Email: You can now choose to not receive any mail at all about a particular bug, even if you continue to have a role on that bug (e.g. reporter).
Email: When adding or removing a bug as a dependency, the summary of the bug is included in the email notification.
Requests: request.cgi can now output results in CSV format.
Requests: X-Bugzilla-* headers are now included in flag notification emails.
Searches: Some useful searches have been added to the Bugzilla home page.
Searches: Quicksearch now allows for use of comparison operators such as !=, >=, >,

New in Bugzilla 4.4.9 (Apr 16, 2015)

New in Bugzilla 4.4.8 (Jan 28, 2015)

New in Bugzilla 4.4.7 (Jan 22, 2015)

New in Bugzilla 4.4.6 (Oct 7, 2014)

New in Bugzilla 4.4.5 (Jul 25, 2014)

New in Bugzilla 4.4.4 (Apr 24, 2014)

New in Bugzilla 4.4.3 (Apr 18, 2014)

New in Bugzilla 4.4.2 (Jan 28, 2014)

New in Bugzilla 4.4.1 (Oct 18, 2013)

New in Bugzilla 4.4 (May 23, 2013)

Allow Multiple Search Criteria to Match one Field:
In the "Advanced Search" page, it is now possible to build queries using multiple custom search criteria against the same field. In Bugzilla 4.2 and older, queries of the form   "Status changed to VERIFIED" AND "Status changed by [email protected]"   were returning all bugs which had their status changed to VERIFIED by some user and which were edited by [email protected] once, but both actions could be independent. In Bugzilla 4.4, you can now decide if both criteria must match the exact same action or not, i.e. if you want bugs whose status has been set to VERIFIED by [email protected] himself. In the same way, queries of the form   "Flags changed to approval+" AND "Flags changed by [email protected]"   can now return bugs for which the approval flag has been set to "+" by [email protected] himself. In previous versions, both actions were treated independently and bugs for which [email protected] set the approval flag to "?" and which is then set to "+" by someone else were also returned.
This new feature gives you the ability to build more accurate queries and to get more relevant results.
Improved Performance for Searches:
The search system got a performance boost which in some cases decreases the time spent to run queries from several minutes to a few seconds only. The more complex your queries are, and the more visible the performance win should be.
Overhaul of the Tagging System:
The old tagging system which was in the footer of all pages had severe design and usability limitations and has been replaced by a shiny new one which lets you tag bugs from the bug report directly. Tags now mostly work like keywords, but with two major differences. First of all, they are personal, meaning that tags you set on bugs are only visible by you, and nobody else is notified nor can see which tags you set. This behavior is the same as the old tagging system and so this feature didn't change. The second major difference is that the list of available tags is unlimited and is in no way hardcoded by administrators. You can type either a new tag of your choice, or you can select one from an auto-generated list of tags which you already used in other bugs. Again, this feature was already present in the old tagging system, but its usability has been greatly improved. In particular, this means that tags are now displayed in bug reports directly, so that you immediately know which tags you already set for that bug. This feature is new in this release.
Another new feature is that your personal tags can now be listed in buglists. They can also be used as search criteria in your queries. If you decide to share a saved search which uses tags as criteria, this will work too! Note that when you add a new tag, no saved search based on this tag is created anymore, as you can easily create it yourself if you really need it.
The tags set with the old tagging system are automatically migrated to the new system.
Auto-Detection of the Attachment MIME Type:
When a user uploads a new attachment and lets the "Content Type" field set to "auto-detect", Bugzilla now does its own MIME type detection if the web browser tells him that the attachment is of type "application/octet-stream", in an attempt to make a better guess than the web browser. In all other cases, Bugzilla still trusts what the browser tells him.
Check the list of optional Perl modules to know which modules to install in order to enable MIME type sniffing.
Saving Tabular and Graphical Reports:
It is now possible to save tabular and graphical reports in the same way as you save searches. Saved reports will appear in the footer of pages, below saved searches.
Unlike saved searches, it is not yet possible to share saved reports with other users.
Custom Columns in Whine Emails:
The list of columns to display in buglists contained in emails sent by the whining system on a regular basis is no longer hardcoded. If the saved search used for whining emails contains a list of columns, these columns are used to be displayed in the emails. If no custom list is found, the default column list is used instead.
This means that depending on the kind of email notifications you want, you can fully customize data to return, on a per saved search basis!
Improved WebServices:
This release got major improvements in its WebServices interface. Many new methods have been implemented to let third-party applications interact with Bugzilla even more closely. For instance, it is now possible to know what parameters are set to using Bugzilla.parameters. It is now also possible to update tags, products, groups or user accounts using our API.
Several existing methods have also been improved to return data which weren't available till now, such as bug and attachment flags using Bug.get, Bug.attachments or Product.get. Users can also get their saved searches and reports using User.get; and much more, see the detailed list below.
New Apache Configuration:
For improved security, Bugzilla now prevents directory browsing by default. If you run Bugzilla under Apache (as most people do), you most likely require a new Apache configuration for this version of Bugzilla. See the Notes On Upgrading From a Previous Version section for details.
Other Enhancements and Changes:
Enhancements for Users:
Bugs: It is now possible to add yourself to the CC list when uploading an attachment and when editing an existing one.
Bugs: There is a new user preference to be automatically added to the CC list of bugs for which a flag request is addressed to you (the flag has you as the requestee).
Bugs: Changes to the CC list no longer causes midair collisions.
Bugs: There is now a (take) link besides the QA Contact field to easily set yourself as QA contact.
Bugs: Bugs are no longer reassigned to the default assignee when moving the bug into another product or component if the current assignee is not the default one. Same goes for the QA contact.
Bugs: When reporting a new bug, flags which are not available for the selected component and those which the reporter cannot edit are now hidden instead of being disabled. For existing bugs, unset flags are also hidden by default. Clicking the (set flags) or (more flags) link will make them appear.
Bugs: When viewing a bug, the list of duplicated bugs is now listed near the top of the page.
Bugs: Private comments now always remain visible to their author. Previously, the author of a comment couldn't see it anymore if the comment was marked private and the author isn't in the insider group.
Bugs: The See Also field now supports URLs pointing to GitHub by default. If the new MoreBugUrl extension included in this release is enabled, then you can also add URLs pointing to: bugs.php.net, RT, appspot.com (Rietveld), Review Board, and getsatisfaction.com.
Searches: The alias of bugs you cannot see are no longer resolved to their bug ID, meaning that it is no longer possible to connect an alias with its ID unless you can see the bug.
Searches: Custom multi-select fields are now available in the "Search By Change History" section of the query page.
Searches: The changed by operator in boolean charts now accepts pronouns.
Searches: The requester and requestee fields in boolean charts now accept pronouns.
Searches: It is now possible to hide the description of queries appearing at the top of buglists.
Requests: The "My Requests" page now displays an AND/OR radio button to define the interaction between the requester and requestee fields.
Email Notifications: There is a new user preference to not prepend "New:" to the subject of bugmails when reporting a new bug. Some email clients couldn't thread emails correctly due to this.
Email Notifications: There is a new email event to get notifications when the product or component of a bug changes.
Email Notifications: All bugmails now have a X-Bugzilla-Flags email header, listing currently set flags.
Email Notifications: All bugmails now have a X-Bugzilla-Version email header with the current product version.
Whining: The sort order of the saved search is used to sort bugs in the emails.
User Accounts: To confirm an email address change, the password is now requested instead of the old email address.
Graphical Reports: The size of graphical reports is now set dynamically to fit within the window of the web browser. The Taller/Thinner/Fatter/Shorter links are now gone.
Incoming Emails: email_in.pl now accepts HTML-only emails to create and edit bugs by email.
Incoming Emails: When creating a new bug, email_in.pl will look at the Importance and X-Priority email headers to increase or decrease the initial priority of the bug, unless the priority is already explicitly set in the email itself.
Skins: Bugzilla no longer fetches all skins available when viewing a page. It only loads the skin selected by the user in his preferences, which results in less requests to the server.
Enhancements for Administrators and Developers:
License: The Bugzilla code is now released under the MPL 2.0 license (previously was MPL 1.1).
Installation: On mod_perl, templates now remain in memory for one hour, which can cause an increase in memory requirements. This also means that it can take up to one hour before changes in templates become active (unless you restart Apache).
Installation: Running checksetup.pl [email protected] now automatically re-enables the user account if it was disabled.
Configuration: A new parameter smtp_ssl can be turned on to enable SSL connections to the SMTP server to send email notifications.
Administration: Custom fields now have a new Long description attribute to better describe what the custom field is about. This description then appears as a tooltip when hovering the custom field in bug reports.
Administration: When creating a new product, the form lets you add a component at the same time.
Administration: When viewing a user account in editusers.cgi, the date of the last login is displayed. Users who did not log in since you upgraded to 4.4 will have this field empty.
Administration: It is now possible to exclude disabled user accounts when running a query in editusers.cgi.
Administration: The default CC list is now also displayed when listing components in editcomponents.cgi.
Administration: Target milestones can now be 64 characters long, for consistency with versions (previously was limited to 20 characters only).
Administration: The result code returned by contrib/bugzilla-queue.rhel when it's not running is now 2 instead of 0.
Database: Support for MySQL 5.6 has been added.
Database: Support for Oracle has been greatly improved.
Security: For improved security, the "X-Content-Type-Options: nosniff" and "X-XSS-Protection: block" headers are now sent with every response.
Security: Tokens are now generated using HMAC SHA-256 instead of MD5.
Documentation: The documentation is now generated with xmlto and dblatex instead of jade.
WebService Changes:
Several new methods have been added: Bug.update_tags, Bugzilla.parameters, Bugzilla.last_audit_time, Classification.get, Group.update, Product.update, User.update.
Bug.add_attachment now only returns the ID of the newly created attachments instead of all the attachment data.
Bug.attachments now also returns the size field containing the size of the attachment.
Bug.attachments and Bug.get now return data about flags.
Bug.comments now also returns creation_time which is exactly the same as time, but is provided for consistency with Bug.get and Bug.attachments. The time field may be deprecated and removed in a future release, so you should use creation_time instead.
Bug.comments now also returns the count field containing the comment ID relative to the bug it belongs to. This is the same comment ID as the one you can see in bug reports.
It is now possible to create new bugs with a closed status with Bug.create.
The bug_status field returned by Bug.fields now also includes bug statuses available on bug creation.
Bug.fields now also returns keyword descriptions, not only their names.
Bug.fields now also returns the is_active field for product-specific fields.
For users in the timetracking group, Bug.get now also returns the actual_time field with the total number of hours spent in the bug.
Field names returned in the field_name field of the Bug.history method have changed to be consistent with other methods.
The Bug.search method was returning all visible bugs when called with no arguments, ignoring the max_search_results and search_allow_no_criteria parameters. This has been fixed.
Product.get now also returns the flag_types field containing all the relevant data for attachment and bug flag types.
Product.get now throws an error if neither ids nor names is passed to the method.
When requesting data for your own account using User.get, this method now returns two additional fields: saved_searches and saved_reports containing all your saved searches and graphical and tabular reports.
User.get now also returns the groups field containing the list of groups the user belongs to. The list is filtered based on your privileges.

New in Bugzilla 4.2.5 (Feb 20, 2013)

New in Bugzilla 4.4 RC 2 (Feb 20, 2013)

Allow Multiple Search Criteria to Match one Field:
In the "Advanced Search" page, it is now possible to build queries using multiple custom search criteria against the same field. In Bugzilla 4.2 and older, queries of the form  "Status changed to VERIFIED" AND "Status changed by [email protected]"  were returning all bugs which had their status changed to VERIFIED by some user and which were edited by [email protected] once, but both actions could be independent. In Bugzilla 4.4, you can now decide if both criteria must match the exact same action or not, i.e. if you want bugs whose status has been set to VERIFIED by [email protected] himself. In the same way, queries of the form  "Flags changed to approval+" AND "Flags changed by [email protected]"  can now return bugs for which the approval flag has been set to "+" by [email protected] himself. In previous versions, both actions were treated independently and bugs for which [email protected] set the approval flag to "?" and which is then set to "+" by someone else were also returned.
This new feature gives you the ability to build more accurate queries and to get more relevant results.
Improved Performance for Searches:
The search system got a performance boost which in some cases decreases the time spent to run queries from several minutes to a few seconds only. The more complex your queries are, and the more visible the performance win should be.
Overhaul of the Tagging System:
The old tagging system which was in the footer of all pages had severe design and usability limitations and has been replaced by a shiny new one which lets you tag bugs from the bug report directly. Tags now mostly work like keywords, but with two major differences. First of all, they are personal, meaning that tags you set on bugs are only visible by you, and nobody else is notified nor can see which tags you set. This behavior is the same as the old tagging system and so this feature didn't change. The second major difference is that the list of available tags is unlimited and is in no way hardcoded by administrators. You can type either a new tag of your choice, or you can select one from an auto-generated list of tags which you already used in other bugs. Again, this feature was already present in the old tagging system, but its usability has been greatly improved. In particular, this means that tags are now displayed in bug reports directly, so that you immediately know which tags you already set for that bug. This feature is new in this release.
Another new feature is that your personal tags can now be listed in buglists. They can also be used as search criteria in your queries. If you decide to share a saved search which uses tags as criteria, this will work too! Note that when you add a new tag, no saved search based on this tag is created anymore, as you can easily create it yourself if you really need it.
The tags set with the old tagging system are automatically migrated to the new system.
Auto-Detection of the Attachment MIME Type:
When a user uploads a new attachment and lets the "Content Type" field set to "auto-detect", Bugzilla now does its own MIME type detection if the web browser tells him that the attachment is of type "application/octet-stream", in an attempt to make a better guess than the web browser. In all other cases, Bugzilla still trusts what the browser tells him.
Check the list of optional Perl modules to know which modules to install in order to enable MIME type sniffing.
Saving Tabular and Graphical Reports:
It is now possible to save tabular and graphical reports in the same way as you save searches. Saved reports will appear in the footer of pages, below saved searches.
Unlike saved searches, it is not yet possible to share saved reports with other users.
Custom Columns in Whine Emails:
The list of columns to display in buglists contained in emails sent by the whining system on a regular basis is no longer hardcoded. If the saved search used for whining emails contains a list of columns, these columns are used to be displayed in the emails. If no custom list is found, the default column list is used instead.
This means that depending on the kind of email notifications you want, you can fully customize data to return, on a per saved search basis!
Improved WebServices:
This release got major improvements in its WebServices interface. Many new methods have been implemented to let third-party applications interact with Bugzilla even more closely. For instance, it is now possible to know what parameters are set to using Bugzilla.parameters. It is now also possible to update tags, products, groups or user accounts using our API.
Several existing methods have also been improved to return data which weren't available till now, such as bug and attachment flags using Bug.get, Bug.attachments or Product.get. Users can also get their saved searches and reports using User.get; and much more, see the detailed list below.
New Apache Configuration:
For improved security, Bugzilla now prevents directory browsing by default. If you run Bugzilla under Apache (as most people do), you most likely require a new Apache configuration for this version of Bugzilla. See the Notes On Upgrading From a Previous Version section for details.
Enhancements for Users:
Bugs: It is now possible to add yourself to the CC list when uploading an attachment and when editing an existing one.
Bugs: There is a new user preference to be automatically added to the CC list of bugs for which a flag request is addressed to you (the flag has you as the requestee).
Bugs: Changes to the CC list no longer causes midair collisions.
Bugs: There is now a (take) link besides the QA Contact field to easily set yourself as QA contact.
Bugs: Bugs are no longer reassigned to the default assignee when moving the bug into another product or component if the current assignee is not the default one. Same goes for the QA contact.
Bugs: When reporting a new bug, flags which are not available for the selected component and those which the reporter cannot edit are now hidden instead of being disabled. For existing bugs, unset flags are also hidden by default. Clicking the (set flags) or (more flags) link will make them appear.
Bugs: When viewing a bug, the list of duplicated bugs is now listed near the top of the page.
Bugs: Private comments now always remain visible to their author. Previously, the author of a comment couldn't see it anymore if the comment was marked private and the author isn't in the insider group.
Bugs: The See Also field now supports URLs pointing to GitHub by default. If the new MoreBugUrl extension included in this release is enabled, then you can also add URLs pointing to: bugs.php.net, RT, appspot.com (Rietveld), Review Board, and getsatisfaction.com.
Searches: The alias of bugs you cannot see are no longer resolved to their bug ID, meaning that it is no longer possible to connect an alias with its ID unless you can see the bug.
Searches: Custom multi-select fields are now available in the "Search By Change History" section of the query page.
Searches: The changed by operator in boolean charts now accepts pronouns.
Searches: The requester and requestee fields in boolean charts now accept pronouns.
Searches: It is now possible to hide the description of queries appearing at the top of buglists.
Requests: The "My Requests" page now displays an AND/OR radio button to define the interaction between the requester and requestee fields.
Email Notifications: There is a new user preference to not prepend "New:" to the subject of bugmails when reporting a new bug. Some email clients couldn't thread emails correctly due to this.
Email Notifications: There is a new email event to get notifications when the product or component of a bug changes.
Email Notifications: All bugmails now have a X-Bugzilla-Flags email header, listing currently set flags.
Email Notifications: All bugmails now have a X-Bugzilla-Version email header with the current product version.
Whining: The sort order of the saved search is used to sort bugs in the emails.
User Accounts: To confirm an email address change, the password is now requested instead of the old email address.
Graphical Reports: The size of graphical reports is now set dynamically to fit within the window of the web browser. The Taller/Thinner/Fatter/Shorter links are now gone.
Incoming Emails: email_in.pl now accepts HTML-only emails to create and edit bugs by email.
Incoming Emails: When creating a new bug, email_in.pl will look at the Importance and X-Priority email headers to increase or decrease the initial priority of the bug, unless the priority is already explicitly set in the email itself.
Skins: Bugzilla no longer fetches all skins available when viewing a page. It only loads the skin selected by the user in his preferences, which results in less requests to the server.
Enhancements for Administrators and Developers:
License: The Bugzilla code is now released under the MPL 2.0 license (previously was MPL 1.1).
Installation: On mod_perl, templates now remain in memory for one hour, which can cause an increase in memory requirements. This also means that it can take up to one hour before changes in templates become active (unless you restart Apache).
Installation: Running checksetup.pl [email protected] now automatically re-enables the user account if it was disabled.
Configuration: A new parameter smtp_ssl can be turned on to enable SSL connections to the SMTP server to send email notifications.
Administration: Custom fields now have a new Long description attribute to better describe what the custom field is about. This description then appears as a tooltip when hovering the custom field in bug reports.
Administration: When creating a new product, the form lets you add a component at the same time.
Administration: When viewing a user account in editusers.cgi, the date of the last login is displayed. Users who did not log in since you upgraded to 4.4 will have this field empty.
Administration: It is now possible to exclude disabled user accounts when running a query in editusers.cgi.
Administration: The default CC list is now also displayed when listing components in editcomponents.cgi.
Administration: Target milestones can now be 64 characters long, for consistency with versions (previously was limited to 20 characters only).
Administration: The result code returned by contrib/bugzilla-queue.rhel when it's not running is now 2 instead of 0.
Database: Support for Oracle has been greatly improved.
Security: For improved security, the "X-Content-Type-Options: nosniff" and "X-XSS-Protection: block" headers are now sent with every response.
Security: Tokens are now generated using HMAC SHA-256 instead of MD5.
Documentation: The documentation is now generated with xmlto and dblatex instead of jade.
WebService Changes:
Several new methods have been added: Bug.update_tags, Bugzilla.parameters, Bugzilla.last_audit_time, Classification.get, Group.update, Product.update, User.update.
Bug.add_attachment now only returns the ID of the newly created attachments instead of all the attachment data.
Bug.attachments now also returns the size field containing the size of the attachment.
Bug.attachments and Bug.get now return data about flags.
Bug.comments now also returns creation_time which is exactly the same as time, but is provided for consistency with Bug.get and Bug.attachments. The time field may be deprecated and removed in a future release, so you should use creation_time instead.
Bug.comments now also returns the count field containing the comment ID relative to the bug it belongs to. This is the same comment ID as the one you can see in bug reports.
It is now possible to create new bugs with a closed status with Bug.create.
The bug_status field returned by Bug.fields now also includes bug statuses available on bug creation.
Bug.fields now also returns keyword descriptions, not only their names.
Bug.fields now also returns the is_active field for product-specific fields.
For users in the timetracking group, Bug.get now also returns the actual_time field with the total number of hours spent in the bug.
Field names returned in the field_name field of the Bug.history method have changed to be consistent with other methods.
Product.get now also returns the flag_types field containing all the relevant data for attachment and bug flag types.
Product.get now throws an error if neither ids nor names is passed to the method.
When requesting data for your own account using User.get, this method now returns two additional fields: saved_searches and saved_reports containing all your saved searches and graphical and tabular reports.
User.get now also returns the groups field containing the list of groups the user belongs to. The list is filtered based on your privileges.

New in Bugzilla 4.2.3 (Aug 31, 2012)

New in Bugzilla 4.2.2 (Jul 27, 2012)

New in Bugzilla 4.2.1 (Apr 19, 2012)

New in Bugzilla 4.2 RC1 (Dec 29, 2011)

Experimental SQLite Support:
SQLite is now supported by Bugzilla and becomes the 4th supported database besides MySQL, PostgreSQL and Oracle. SQLite support must be considered as experimental, at least till the next major release.
Note that use of SQLite is only recommended for small installations. Larger installations should use MySQL, PostgreSQL, or Oracle.
Creating an Attachment by Pasting Text Into a Text Field:
You can now create a new attachment simply by pasting some text into a text field, in addition to the normal upload process for attachments.
HTML Bugmail:
By default, bugmails (email notifications about changes to bugs) are now sent in an HTML format that is more readable than the old text format. Those who prefer the old text format can still choose it in their Preferences, however.
Improved Searching System:
The Custom Search section in the Advanced Search page has been redesigned to work in a more sensible way. Complex queries are easier to build and have more sensible results, as they are built using a more intuitive logic. Some very complicated queries are still impossible to generate, though. Things should improve in future releases.
Disabling Old Components, Versions and Milestones:
Older components, versions and milestones can now be disabled. Bugs already using them are not affected, but these values will no longer be available for new bugs.
Displaying a Custom Field Value Based on Multiple Values of Another Field:
A custom field can now be displayed based on multiple values of another field. (For example, one custom field could now appear in multiple products.) Previously, you could only display a custom field based on a single value of another field.
Auditing of All Changes Within Bugzilla:
Most changes made through the admin interface are now logged to the database, in the audit_log table. There is no UI to access this table yet, but developers are free to create their own tools to track changes made into their installation. This is only a first step, and improvements are expected in future releases.
Accessibility Improvements:
A project has started thanks to Francisco Donalisio from IBM to make Bugzilla compliant with the W3C Web Accessibility Initiative standards. A lot more work still needs to be done, but we expect a much better compatibility for the next major release.
Other Enhancements and Changes:
Enhancements for Users:
Bugs: Users without editbugs privileges can no longer remove other users from the CC list of bugs.
Bugs: Local bug IDs are now valid in the See Also field. Adding such an ID will also add a reciprocal link in the other bug.
Bugs: After editing a bug or an attachment, the URL is automatically changed to show_bug.cgi instead of post_bug.cgi, process_bug.cgi or attachment.cgi so that reloading the page (for instance when restarting the web browser) displays the right page. This feature is supported by Firefox, Chrome and Safari, but not by Internet Explorer 9.
Bugs: Inactive accounts are no longer displayed in user fields when user-autocompletion is enabled.
Bugs: User-autocompletion is now much faster on installations with many user accounts.
Bugs: The See Also field now accepts URLs pointing to MantisBT, Trac, JIRA and the sourceforge.net bug trackers.
Bugs: Displaying a bug with many dependencies is now much faster.
Attachments: The encoding of text files can be automatically detected when uploading them as attachments.
Flags: Changing the requestee of a flag no longer changes the requester.
Reports: If JavaScript is enabled in your web browser, tabular reports are now sortable based on any displayed column.
Dependency graphs: The Show every bug in the system with dependencies option has been removed.
Searches: The columns displayed by default in buglists have changed. These columns are now displayed by default unless otherwise specified: product | component | assignee | bug status | resolution | bug summary | last change date This means that the priority, severity and operating system columns are no longer displayed by default.
Searches: Buglists will now only display the first 500 bugs by default. It is still possible to display the whole list, though.
Searches: When using relative dates and times, -1w is now a synonym for -7d and means exactly 7 days. Previously, -1w meant the beginning of the week, which was confusing some users. The same confusion existed for -1d which was different from -24h, and for -1m which was different from -30d. Now if you really want the beginning of the day, week or month, you must use -1ds, -1ws, and -1ms respectively, where "s" means "start of". This change will affect existing saved searches using relative dates.
Searches: A new Include fulltext when performing quick searches user preference has been added which permits users to include or exclude comments when using quicksearches.
Searches: It is now possible to query for bugs based on personal tags in the Custom Search section in the Advanced Search page.
Email notifications: The date and time of comments are no longer displayed in the comment header in bugmails. This information is already available in the email header itself.
Enhancements for Administrators and Developers:
Installation: checksetup.pl is now much quieter when creating a new database.
Security: Bugzilla 4.0 is using Math::Random::Secure to generate cryptographically secure pseudorandom numbers, but it appeared that installing this Perl module from CPAN caused a lot of trouble for some people due to its numerous dependencies. So the RNG code has been rewritten to only depend on Math::Random::ISAAC, which was already in use in previous versions of Bugzilla.
Security: X-Frame-Options = SAMEORIGIN is now passed to all page headers (except when viewing attachments, as they can be on a different host) to protect users from framing and subsequent possible clickjacking problems.
Configuration: A new parameter password_complexity has been added (default: no_constraints) which allows admins to force users to use passwords with a higher complexity, such as a combination of uppercase and lowercase letters, numbers and special characters, or a subset of them.
Configuration: A new parameter search_allow_no_criteria has been added (default: on) which allows admins to forbid queries with no criteria. This is particularly useful for large installations with several tens of thousands bugs where returning all bugs doesn't make sense and would have a performance impact on the database.
Configuration: A new parameter default_search_limit has been added (default: 500) which limits the number of bugs displayed by default in a buglist. The user can ask to see a larger list, though.
Configuration: A new parameter max_search_results has been added (default: 10000) which limits the number of bugs a user can request at once in a buglist. This is a hard limit and a user cannot bypass this value.
Configuration: A new parameter ajax_user_autocompletion has been added (default: on) to allow administrators to disable auto-completion when typing characters in user fields. This parameter should only be disabled if your installation is unable to support the load generated by this feature.
Configuration: The config_modify_panels hook now lets you add additional parameters to existing parameters panels.
Flags: Users with local editcomponents privileges can now edit flag types for products they can administer.
Quips: A new system group bz_quip_moderators has been created to moderate quips. Till now, you had to be in the admin group to do that.
importxml.pl now inserts each comment separately into the imported bug instead of concatenating them all into a single comment.
email_in.pl now ignores auto-submitted incoming emails (for instance, all these "out of office" emails).
New code hooks: email_in_before_parse, email_in_after_parse, install_filesystem, install_update_db_fielddefs, job_map, object_end_of_create, quicksearch_map, user_preferences.
WebService Changes:
Two new methods have been added: Product.create and Group.create.
Bug.update no longer throws an error when passing an empty string to see_also. It now simply ignores this empty value.
Product.get now also returns data about the classification it belongs to as well as its components, milestones and versions. It also returns the default_milestone and has_unconfirmed attributes.
In Bug.fields, the sortkey attribute used in values has been renamed to sort_key.
In Bug.attachments and Bug.add_attachment, the is_url attribute no longer exists.
Outstanding Issues:
Bug 89822: When changing multiple bugs at the same time, there is no "mid-air collision" protection.
Bug 276230: The support for restricting access to particular Categories of New Charts is not complete. You should treat the chartgroup parameter as the only access mechanism available.
Bug 584742: When viewing a bug, WebKit-based browsers can automatically reset a field's selected value when the field has disabled values.
Bug 706753: Automatic bug detection and user auto-completion do not work with JSON::RPC 1.x due to a backwards incompatible change. You should install JSON::RPC 0.96 instead.
Code Changes Which May Affect Customizations and Extensions:
The email/newchangedmail.txt.tmpl template is now fully templatized, meaning that the diff table displaying changes in bug fields is now generated in the template itself. This means bugmails are now fully localizable.
The bugmail_recipients hook has been modified to pass diffs with changes made to the bug as well as users including recipients of the email notification.
YUI has been upgraded to 2.9.0.
Due to the major code refactor of Bugzilla/Search.pm, any customization made against this file will probably need to be rewritten.
long_list.cgi, showattachment.cgi and xml.cgi have been removed from the codebase. As announced in the release notes of Bugzilla 4.0, these scripts were deprecated since Bugzilla 2.19.
sidebar.cgi has been removed, because Gecko-based browsers no longer support remote XUL, and its popularity is very low.
contrib/yp_nomail.sh has been removed. This script is no longer useful since Bugzilla 3.0.
contrib/bugzilla_ldapsync.rb has been removed. This script didn't work for a long time.

New in Bugzilla 4.0.1 (Apr 28, 2011)

New in Bugzilla 3.6.4 (Jan 25, 2011)

New in Bugzilla 4.0 rc1 (Nov 6, 2010)

New in Bugzilla 3.6.3 (Nov 3, 2010)

New in Bugzilla 3.6.2 (Aug 6, 2010)

New in Bugzilla 3.6.1 (Jun 25, 2010)

New in Bugzilla 3.6 (Apr 13, 2010)

General Usability Improvements:
A scientific usability study was done on Bugzilla by researchers from Carnegie-Mellon University. As a result of this study, several usability issues were prioritized to be fixed, based on specific data from the study.
As a result, you will see many small improvements in Bugzilla's usability, such as using Javascript to validate certain forms before they are submitted, standardizing the words that we use in the user interface, being clearer about what Bugzilla needs from the user, and other changes, all of which are also listed individually in this New Features section.
Work continues on improving usability for the next release of Bugzilla, but the results of the research have already had an impact on this 3.6 release.
New Extensions System - Bugzilla has a brand-new Extensions system. The system is consistent, fast, and fully documented. It makes it possible to easily extend Bugzilla's code and user interface to add new features or change existing features. There's even a script that will create the basic layout of an extension for you, to help you get started. For more information about the new system, see the Extensions documentation.
If you had written any extensions using Bugzilla's previous extensions system, there is a script to help convert old extensions into the new format.
Improved Quicksearch - The "quicksearch" box that appears on the front page of Bugzilla and in the header/footer of every page is now simplified and made more powerful. There is a [?] link next to the box that will take you to the simplified Quicksearch Help, which describes every single feature of the system in a simple layout, including new features such as the ability to use partial field names when searching.
Quicksearch should also be much faster than it was before, particularly on large installations.
Note that in order to implement the new quicksearch, certain old and rarely-used features had to be removed:
+ as a prefix to mean "search additional resolutions", and + as a prefix to mean "search just the summary". You can instead use summary: to explicitly search summaries.
Searching the Severity field if you type something that matches the first few characters of a severity. You can explicitly search the Severity field if you want to find bugs by severity.
Searching the Priority field if you typed something that exactly matched the name of a priority. You can explicitly search the Priority field if you want to find bugs by priority.
Searching the Platform and OS fields if you typed in one of a certain hard-coded list of strings (like "pc", "windows", etc.). You can explicitly search these fields, instead, if you want to find bugs with a specific Platform or OS set.
Simple "Browse" Interface - There is now a "Browse" link in the header of each Bugzilla page that presents a very basic interface that allows users to simply browse through all open bugs in particular components.
SUExec Support - Bugzilla can now be run in Apache's "SUExec" mode, which is what control panel software like cPanel and Plesk use (so Bugzilla should now be much easier to install on shared hosting). SUExec support shows up as an option in the localconfig file during installation.
Experimental mod_perl Support on Windows - There is now experimental support for running Bugzilla under mod_perl on Windows, for a significant performance enhancement (in exchange for using more memory).
Send Attachments by Email -
The email_in script now supports attaching multiple attachments to a bug by email, both when filing and when updating a bug.
JSON-RPC Interface - Bugzilla now has support for the JSON-RPC WebServices protocol via jsonrpc.cgi. The JSON-RPC interface is experimental in this release--if you want any fundamental changes in how it works, let us know, for the next release of Bugzilla.
Migration From Other Bug-Trackers - Bugzilla 3.6 comes with a new script, migrate.pl, which allows migration from other bug-tracking systems. Among the various features of the migration system are:
It is non-destructive--you can migrate into an existing Bugzilla installation without destroying any data in the installation.
It has a "dry-run" mode so you can test your migration before actually running it.
It is relatively easy to write new migrators for new systems, if you know Perl. The basic migration framework does most of the work for you, you just have to provide it with the data from your bug-tracker. See the Bugzilla::Migrate documentation and see our current migrator, Bugzilla/Migrate/GNATS.pm for information on how to make your own migrator.
The first migrator that has been implemented is for the GNATS bug-tracking system. We'd love to see migrators for other systems! If you want to contribute a new migrator, see our development process for details on how to get code into Bugzilla.
Enhancements for Users:
Bug Filing: When filing a bug, Bugzilla now visually indicates which fields are mandatory.
Bug Filing: "Bookmarkable templates" now support the "alias" and "estimated hours" fields.
Bug Editing: In previous versions of Bugzilla, if you added a private comment to a bug, then none of the changes that you made at that time were sent to users who couldn't see the private comment. Now, for users who can't see private comments, public changes are sent, but the private comment is excluded from their email notification.
Bug Editing: The controls for groups now appear to the right of the attachment and time-tracking tables, when editing a bug.
Bug Editing: The "Collapse All Comments" and "Expand All Comments" links now appear to the right of the comment list instead of above it.
Bug Editing: The See Also field now supports URLs for Google Code Issues and the Debian Bug-Tracking System.
Bug Editing: There have been significant performance improvements in show_bug.cgi (the script that displays thebug-editing form), particularly for bugs that have lots of comments or attachments.
Attachments: The "Details" page of an attachment now displays itself as uneditable if you can't edit the fields there.
Attachments: We now make sure that there is a Description specified for an attachment, using JavaScript, before the form is submitted.
Attachments: There is now a link back to the bug at the bottom of the "Details" page for an attachment.
Attachments: When you click on an "attachment 12345" link in a comment, if the attachment is a patch, you will now see the formatted "Diff" view instead of the raw patch.
Attachments: For text attachments, we now let the browser auto-detect the character encoding, instead of forcing the browser to always assume the attachment is in UTF-8.
Search: You can now display bug flags as a column in search results.
Search: When viewing search results, you can see which columns are being sorted on, and which direction the sort is on, as indicated by arrows next to the column headers.
Search: You can now search the Deadline field using relative dates (like "1d", "2w", etc.).
Search: The iCalendar format of search results now includes a PRIORITY field.
Search: It is no longer an error to enter an invalid search order in a search URL--Bugzilla will simply warn you that some of your order options are invalid.
Search: When there are no search results, some helpful links are displayed, offering actions you might want to take.
Search: For those who like to make their own buglist.cgi URLs (and for people working on customizations), buglist.cgi now accepts nearly every valid field in Bugzilla as a direct URL parameter, like &field=value.
Requests: When viewing the "My Requests" page, you can now see the lists as a normal search result by clicking a link at the bottom of each table.
Requests: When viewing the "My Requests" page, if you are using Classifications, the Product drop-down will be grouped by Classification.
Inbound Email: When filing a bug by email, if the product that you are filing the bug into has some groups set as Default for you, the bug will now be placed into those groups automatically.
Inbound Email: The field names that can be used when creating bugs by email now exactly matches the set of valid parameters to the Bug.create WebService function. You can still use most of the old field names that 3.4 and earlier used for inbound emails, though, for backwards-compatibility.
If there are multiple languages available for your Bugzilla, you can now select what language you want Bugzilla displayed in using links at the top of every page.
When creating a new account, you will be automatically logged in after setting your password.
There is no longer a maximum password length for accounts.
In the Dusk skin, it's now easier to see links.
In the Whining system, you can now choose to receive emails even if there are no bugs that match your searches.
The arrows in dependency graphs now point the other way, so that bugs point at their dependencies.
New Charts: You can now convert an existing Saved Search into a data series for New Charts.
New Charts: There is now an interface that allows you to delete data series.
New Charts: When deleting a product, you now have the option to delete the data series that are associated with that product.
Enhancements for Administrators and Developers:
Depending on how your workflow is set up, it is now possible to have both UNCONFIRMED and REOPENED show up as status choices for a closed bug. If you only want one or the other to show up, you should edit your status workflow appropriately (possibly by removing or disabling the REOPENED status).
You can now "disable" field values so that they don't show up as choices on a bug unless they are already set as the value for that bug. This doesn't work for the per-product field values (component, target_milestone, and version) yet, though.
Users are now locked out of their accounts for 30 minutes after trying five bad passwords in a row during login. Every time a user is locked out like this, the user in the "maintainer" parameter will get an email.
The minimum length allowed for a password is now 6 characters.
The UNCONFIRMED status being enabled in a product is now unrelated to the voting parameters. Instead, there is a checkbox to enable the UNCONFIRMED status in a product.
Information about duplicates is now stored in the database instead of being stored in the data/ directory. On large installations this could save several hundred megabytes of disk space.
Installation: When installing Bugzilla, the "maintainer" parameter will be automatically set to the administrator that was created by checksetup.pl.
Installation: checksetup.pl now prints out certain errors in a special color so that you know that something needs to be done.
Installation: checksetup.pl is now much faster at upgrading installations, particularly older installations. Also, it's been made faster to run for the case where it's not doing an upgrade.
Installation: If you install Bugzilla using the tarball, the CGI.pm module from CPAN is now included in the lib/ dir. If you would rather use the CGI.pm from your global Perl installation, you can delete CGI.pm and the CGI directory from the lib/ directory.
When editing a group, you can now specify that members of a group are allowed to grant others membership in that group itself.
The ability to compress BMP attachments to PNGs is now an Extension. To enable the feature, remove the file extensions/BmpConvert/disabled and then run checksetup.pl.
The default list of values for the Priority field are now clear English words instead of P1, P2, etc.
There is now a system in place so that all field values can be localized. See the value_descs variable in template/en/default/global/field-descs.none.tmpl.
config.cgi now returns an ETag header and understands the If-None-Match header in HTTP requests.
The XML format of show_bug.cgi now returns more information: the numeric id of each comment, whether an attachment is a URL, the modification time of an attachment, the numeric id of a flag, and the numeric id of a flag's type.
Parameters: Parameters that aren't actually required are no longer in the "Required" section of the Parameters page. Instead, some are in the new "General" section, and some are in the new "Advanced" section.
Parameters: The old ssl parameter has been changed to ssl_redirect, and can only be turned "on" or "off". If "on", then all users will be forcibly redirected to SSL whenever they access Bugzilla. When the parameter is off, no SSL-related redirects will occur (even if the user directly accesses Bugzilla via SSL, they will not be redirected to a non-SSL page).
Parameters: In the Advanced parameters, there is a new parameter, inbound_proxies. If your Bugzilla is behind a proxy, you should set this parameter to the IP address of that proxy. Then, Bugzilla will "believe" any "X-Forwarded-For" header sent from that proxy, and correctly use the X-Forwarded-For as the end user's IP, instead of believing that all traffic is coming from the proxy.
Removed Parameter: The loginnetmask parameter has been removed. Since Bugzilla sends secure cookies, it's no longer necessary to always restrict logins to a specific IP or block of addresses.
Removed Parameter: The quicksearch_comment_cutoff parameter is gone. Quicksearch now always searches comments; however, it uses a much faster algorithm to do it.
Removed Parameter: The usermatchmode parameter has been removed. User-matching is now always done.
Removed Parameter: The useentrygroupdefault parameter has been removed. Bugzilla now always behaves as though that parameter were off.
The t/001compile.t test should now always pass, no matter what configuration of optional modules you do or don't have installed.
New script: contrib/console.pl, which allows you to have a "command line" into Bugzilla by inputting Perl code or using a few custom commands.
WebService Changes:
The WebService now returns all dates and times in the UTC timezone. Bugzilla.time now acts as though the Bugzilla server were in the UTC timezone, always. If you want to write clients that are compatible across all Bugzilla versions, check the timezone from Bugzilla.timezone or Bugzilla.time, and always input times in that timezone and expect times to be returned in that format.
You can now log in by passing Bugzilla_login and Bugzilla_password as arguments to any WebService function. See the Bugzilla::WebService documentation for details.
New Method: Bug.attachments which allows getting information about attachments.
New Method: Bug.fields, which gets information about all the fields that a bug can have in Bugzilla, include custom fields and legal values for all fields. The Bug.legal_values method is now deprecated.
In the Bug.add_comment method, the "private" parameter has been renamed to "is_private" (for consistency with other methods). You can still use "private", though, for backwards-compatibility.
The WebService now has Perl's "taint mode" turned on. This means that it validates all data passed in before sending it to the database. Also, all parameter names are validated, and if you pass in a parameter whose name contains anything other than letters, numbers, or underscores, that parameter will be ignored. Mostly this just affects customizers--Bugzilla's WebService is not functionally affected by these changes.
In previous versions of Bugzilla, error messages were sent word-wrapped to the client, from the WebService. Error messages are now sent as one unbroken line.

New in Bugzilla 3.6 RC 1 (Mar 8, 2010)

Enhancements for Users:
Bug Filing: When filing a bug, Bugzilla now visually indicates which fields are mandatory.
Bug Filing: "Bookmarkable templates" now support the "alias" and "estimated hours" fields.
Bug Editing: In previous versions of Bugzilla, if you added a private comment to a bug, then none of the changes that you made at that time were sent to users who couldn't see the private comment. Now, for users who can't see private comments, public changes are sent, but the private comment is excluded from their email notification.
Bug Editing: The controls for groups now appear to the right of the attachment and time-tracking tables, when editing a bug.
Bug Editing: The "Collapse All Comments" and "Expand All Comments" links now appear to the right of the comment list instead of above it.
Attachments: The "Details" page of an attachment now displays itself as uneditable if you can't edit the fields there.
Attachments: We now make sure that there is a Description specified for an attachment, using JavaScript, before the form is submitted.
Attachments: There is now a link back to the bug at the bottom of the "Details" page for an attachment.
Attachments: When you click on an "attachment 12345" link in a comment, if the attachment is a patch, you will now see the formatted "Diff" view instead of the raw patch.
Search: You can now display bug flags as a column in search results.
Search: When viewing search results, you can see which columns are being sorted on, and which direction the sort is on, as indicated by arrows next to the column headers.
Search: You can now search the Deadline field using relative dates (like "1d", "2w", etc.).
Search: The iCalendar format of search results now includes a PRIORITY field.
Search: It is no longer an error to enter an invalid search order in a search URL--Bugzilla will simply warn you that some of your order options are invalid.
Search: When there are no search results, some helpful links are displayed, offering actions you might want to take.
Search: For those who like to make their own buglist.cgi URLs (and for people working on customizations), buglist.cgi now accepts nearly every valid field in Bugzilla as a direct URL parameter, like &field=value.
Requests: When viewing the "My Requests" page, you can now see the lists as a normal search result by clicking a link at the bottom of each table.
Requests: When viewing the "My Requests" page, if you are using Classifications, the Product drop-down will be grouped by Classification.
Inbound Email: When filing a bug by email, if the product that you are filing the bug into has some groups set as Default for you, the bug will now be placed into those groups automatically.
Inbound Email: The field names that can be used when creating bugs by email now exactly matches the set of valid parameters to the Bug.create WebService function. You can still use most of the old field names that 3.4 and earlier used for inbound emails, though, for backwards-compatibility.
If there are multiple languages available for your Bugzilla, you can now select what language you want Bugzilla displayed in using links at the top of every page.
When creating a new account, you will be automatically logged in after setting your password.
There is no longer a maximum password length for accounts.
In the Dusk skin, it's now easier to see links.
In the Whining system, you can now choose to receive emails even if there are no bugs that match your searches.
The arrows in dependency graphs now point the other way, so that bugs point at their dependencies.
New Charts: You can now convert an existing Saved Search into a data series for New Charts.
New Charts: There is now an interface that allows you to delete data series.
New Charts: When deleting a product, you now have the option to delete the data series that are associated with that product.
Enhancements for Administrators and Developers:
Depending on how your workflow is set up, it is now possible to have both UNCONFIRMED and REOPENED show up as status choices for a closed bug. If you only want one or the other to show up, you should edit your status workflow appropriately (possibly by removing or disabling the REOPENED status).
You can now "disable" field values so that they don't show up as choices on a bug unless they are already set as the value for that bug. This doesn't work for the per-product field values (component, target_milestone, and version) yet, though.
Users are now locked out of their accounts for 30 minutes after trying five bad passwords in a row during login. Every time a user is locked out like this, the user in the "maintainer" parameter will get an email.
The minimum length allowed for a password is now 6 characters.
The UNCONFIRMED status being enabled in a product is now unrelated to the voting parameters. Instead, there is a checkbox to enable the UNCONFIRMED status in a product.
Information about duplicates is now stored in the database instead of being stored in the data/ directory. On large installations this could save several hundred megabytes of disk space.
Installation: When installing Bugzilla, the "maintainer" parameter will be automatically set to the administrator that was created by checksetup.pl.
Installation: checksetup.pl now prints out certain errors in a special color so that you know that something needs to be done.
Installation: checksetup.pl is now much faster at upgrading installations, particularly older installations. Also, it's been made faster to run for the case where it's not doing an upgrade.
When editing a group, you can now specify that members of a group are allowed to grant others membership in that group itself.
The ability to compress BMP attachments to PNGs is now an Extension. To enable the feature, remove the file extensions/BmpConvert/disabled and then run checksetup.pl.
The default list of values for the Priority field are now clear English words instead of P1, P2, etc.
There is now a system in place so that all field values can be localized. See the value_descs variable in template/en/default/global/field-descs.none.tmpl.
config.cgi now returns an ETag header and understands the If-None-Match header in HTTP requests.
The XML format of show_bug.cgi now returns more information: the numeric id of each comment, whether an attachment is a URL, the modification time of an attachment, the numeric id of a flag, and the numeric id of a flag's type.
Parameters: Parameters that aren't actually required are no longer in the "Required" section of the Parameters page. Instead, some are in the new "General" section, and some are in the new "Advanced" section.
Parameters: The old ssl parameter has been changed to ssl_redirect, and can only be turned "on" or "off". If "on", then all users will be forcibly redirected to SSL whenever they access Bugzilla. When the parameter is off, no SSL-related redirects will occur (even if the user directly accesses Bugzilla via SSL, they will not be redirected to a non-SSL page).
Parameters: In the Advanced parameters, there is a new parameter, inbound_proxies. If your Bugzilla is behind a proxy, you should set this parameter to the IP address of that proxy. Then, Bugzilla will "believe" any "X-Forwarded-For" header sent from that proxy, and correctly use the X-Forwarded-For as the end user's IP, instead of believing that all traffic is coming from the proxy.
Removed Parameter: The loginnetmask parameter has been removed. Since Bugzilla sends secure cookies, it's no longer necessary to always restrict logins to a specific IP or block of addresses.
Removed Parameter: The quicksearch_comment_cutoff parameter is gone. Quicksearch now always searches comments; however, it uses a much faster algorithm to do it.
Removed Parameter: The usermatchmode parameter has been removed. User-matching is now always done.
Removed Parameter: The useentrygroupdefault parameter has been removed. Bugzilla now always behaves as though that parameter were off.
The t/001compile.t test should now always pass, no matter what configuration of optional modules you do or don't have installed.
New script: contrib/console.pl, which allows you to have a "command line" into Bugzilla by inputting Perl code or using a few custom commands.
WebService Changes:
The WebService now returns all dates and times in the UTC timezone. Bugzilla.time now acts as though the Bugzilla server were in the UTC timezone, always. If you want to write clients that are compatible across all Bugzilla versions, check the timezone from Bugzilla.timezone or Bugzilla.time, and always input times in that timezone and expect times to be returned in that format.
You can now log in by passing Bugzilla_login and Bugzilla_password as arguments to any WebService function. See the Bugzilla::WebService documentation for details.
New Method: Bug.attachments which allows getting information about attachments.
New Method: Bug.fields, which gets information about all the fields that a bug can have in Bugzilla, include custom fields and legal values for all fields. The Bug.legal_values method is now deprecated.
In the Bug.add_comment method, the "private" parameter has been renamed to "is_private" (for consistency with other methods). You can still use "private", though, for backwards-compatibility.
The WebService now has Perl's "taint mode" turned on. This means that it validates all data passed in before sending it to the database. Also, all parameter names are validated, and if you pass in a parameter whose name contains anything other than letters, numbers, or underscores, that parameter will be ignored. Mostly this just affects customizers--Bugzilla's WebService is not functionally affected by these changes.

New in Bugzilla 3.4.6 (Mar 8, 2010)

New in Bugzilla 3.4.5 (Feb 1, 2010)

New in Bugzilla 3.5.2 (Nov 19, 2009)

New in Bugzilla 3.4.4 (Nov 19, 2009)

New in Bugzilla 3.4.3 (Nov 5, 2009)

New in Bugzilla 3.4.2 (Sep 12, 2009)

New in Bugzilla 3.4.1 (Aug 2, 2009)

New in Bugzilla 3.4 (Jul 28, 2009)

Simple Bug Filing:
When entering a new bug, the vast majority of fields are now hidden by default, which enormously simplifies the bug-filing form. You can click "Show Advanced Fields" to show all the fields, if you want them. Bugzilla remembers whether you last used the "Advanced" or "Simple" version of the bug-entry form, and will display the same version to you again next time you file a bug.
New Home Page:
Bugzilla's front page has been redesigned to be better at guiding new users into the activities that they most commonly want to do. Further enhancements to the home page are coming in future versions of Bugzilla.
Email Addresses Hidden From Logged-Out Users:
To help prevent spam to Bugzilla users, all email addresses stored in Bugzilla are now displayed only if you are logged in. If you are logged out, only the part before the "@" of the email address is displayed. This includes bug lists, viewing bugs, the XML format of a bug, and any other place in the web interface that an email address could appear.
Email addresses are not filtered out of bug comments. The WebService still returns full email addresses, even if you are logged out.
Shorter Search URLs:
When submitting a search, all the unused fields are now stripped from the URL, so search URLs are much more meaningful, and much shorter.
Asynchronous Email Sending:
The largest performance problem in former versions of Bugzilla was that when updating bugs, email would be sent immediately to every user who needed to be notified, and process_bug.cgi would wait for the emails to be sent before continuing.
Now Bugzilla is capable of queueing emails to be sent while a bug is being updated, and sending them in the background. This requires the administrator to run a daemon that comes with Bugzilla, named jobqueue.pl, and to enable the use_mailer_queue parameter.
Using the background email-sending daemon instead of sending mail directly should result in a very large speed-up for updating bugs, particularly on larger installations.
Dates and Times Displayed In User's Time Zone:
Users can now select what time zone they are in and Bugzilla will adjust displayed times to be correct for their time zone. However, times the user inputs are unfortunately still in Bugzilla's time zone.
Custom Fields That Only Appear When Another Field Has a Particular Value:
When creating a new custom field (or updating the definition of an existing custom field), you can now say that "this field only appears when field X has value Y". (In the future, you will be able to select multiple values for "Y", so a field will appear when any one of those values is selected.)
This feature only hides fields--it doesn't make their values go away. So bugs will still show up in searches for that field's value, but the field won't appear in the user interface.
This is a good way of making Product-specific fields.
Custom Fields Whose List of Values Change Depending on the Value of Another Field:
When creating a drop-down or multiple-selection custom field, you can now specify that another field "controls the values" of this field. Then, when adding values to this field, you can say that a particular value only appears when the other field is set to a particular value.
Here's an example: Let's say that we create a field called "Colors", and we make the Product field "control the values" for Colors. Then we add Blue, Red, Black, and Yellow as legal values for the "Colors" field. Now we can say that "Blue" and "Red" only appear as valid choices in Product A, "Yellow" only appears in Product B, but "Black" always appears.
One thing to note is that this feature only controls what values appear in the user interface. Bugzilla itself will still accept any combination of values as valid, in the backend.
New Custom Field Type: Bug ID:
You can now create a custom field that holds a reference to a single valid bug ID. In the future this will be enhanced to allow bugs to refer to each other via this field.
"See Also" Field:
We have added a new standard field called "See Also" to Bugzilla. In this field, you can put URLs to multiple bugs in any Bugzilla installation, to indicate that those bugs are related to this one. It also supports adding URLs to bugs in Launchpad.
Right now, the field just validates the URLs and then displays them, but in the future, it will grab information from the other installation about the bug and display it here, and possibly even update the other installation.
If your installation does not need this field, you can hide it by disabling the use_see_also parameter.
Re-order Columns in Search Results:
There is a new interface for choosing what columns appear in search results, which allows you to change the order in which columns appear from left to right when viewing the bug list.
Search Descriptions:
When displaying search results, Bugzilla will now show a brief description of what you searched for, at the top of the bug list.
Enhancements for Users:
You can now log in from every page, using the login form that appears in the header or footer when you click "Log In".
When viewing a bug, obsolete attachments are now hidden from the attachment list by default. You can show them by clicking "Show Obsolete" at the bottom of the attachment list.
In the Email Preferences, you can now choose to get email when a new bug report is filed and you have a particular role on it.
When resolving a mid-air collision, you can now choose to submit only your comment.
You can now set the Blocks and Depends On field on the "Change Several Bugs At Once" page.
If your installation uses the "insidergroup" feature, you can now add private comments on the "Change Several Bugs At Once" page.
When viewing a search result, you can now hover over any abbreviated field to see its full value.
When logging out, users are now redirected to the main page of Bugzilla instead of an empty page.
When editing a bug, text fields (except the comment box) now grow longer when you widen your browser window.
When viewing a bug, the Depends On and Blocks list will display a bug's alias if it has one, instead of its id. Also, closed bugs will be sorted to the end of the list.
If you use the time-tracking features of Bugzilla, and you enable the time-tracking related columns in a search result, then you will see a summary of the time-tracking data at the bottom of the search result.
For users of time-tracking, the summarize_time.cgi page now contains more data.
When viewing an attachment's details page while you are logged-out, flags are no longer shown as editable.
Cloning a bug will now retain the "Blocks" and "Depends On" fields from the bug being cloned.
Bugmail for new bugs will now indicate what security groups the bug has been restricted to.
You can now use any custom drop-down field as an axis for a tabular or graphical report.
The X-Bugzilla-Type header in emails sent by Bugzilla is now "new" for bugmail sent for newly-filed bugs, and "changed" for emails having to do with updated bugs.
Mails sent by the "Whining" system now contain the header X-Bugzilla-Type: whine.
bugmail now contains a X-Bugzilla-URL header to uniquely identify which Bugzilla installation the email came from.
If you input an invalid regular expression anywhere in Bugzilla, it will now tell you explicitly instead of failing cryptically.
The duplicates.xul page (which wasn't used by very many people) is now gone.
Enhancements for Administrators and Developers:
Bugzilla now uses the SHA-256 algorithm (a variant of SHA-2) to encrypt passwords in the database, instead of using Unix's "crypt" function. This allows passwords longer than eight characters to actually be effective. Each user's password will be converted to SHA-256 the first time they log in after you upgrade to Bugzilla 3.4 or later.
If you are using database replication with Bugzilla, many more scripts now take advantage of the read-only slave (the "shadowdb"). It may be safe to open up show_bug.cgi to search-engine indexing by editing your robots.txt file, now, if your Bugzilla is on fast-enough hardware.
The database now uses foreign keys to enforce the validity of relationships between tables. Not every single table has all its foreign keys yet, but most do.
Various parameters have been removed, in an effort to de-clutter the parameter interface and simplify Bugzilla's code. The parameters that were removed were: timezone, supportwatchers, maxpatchsize, commentonclearresolution, commentonreassignbycomponent, showallproducts. They have all been replaced with sensible default behaviors. (For example, user watching is now always enabled.)
When adding &debug=1 to the end of a buglist.cgi URL, Bugzilla will now also do an EXPLAIN on the query, to help debug performance issues.
When editing flag types in the administrative interface, you can now see how many flags of each type have been set.
WebService Changes:
Various functions have been added to the WebService: Bug.history, Bug.search, Bug.comments, Bug.update_see_also, User.get, and Bugzilla.time (Bugzilla.timezone is now deprecated).
For network efficiency, you can now limit which fields are returned from certain WebService functions, like User.get.
There is now a "permissive" argument for the Bug.get WebService function, which causes it not to throw an error when you ask for bugs you can't see.
The Bug.get method now returns many more fields.
The Bug.add_comment method now returns the ID of the comment that was just added.
The Bug.add_comment method will now throw an error if you try to add a private comment but do not have the correct permissions. (In previous versions, it would just silently ignore the private argument if you didn't have the correct permissions.)
Many WebService function parameters now take individual values in addition to arrays.
The WebService now validates input types--it makes sure that dates are in the right format, that ints are actually ints, etc. It will throw an error if you send it invalid data. It also accepts empty ints, doubles, and dateTimes, and translates them to undef.

New in Bugzilla 3.4 RC1 (Jul 8, 2009)

Simple Bug Filing - When entering a new bug, the vast majority of fields are now hidden by default, which enormously simplifies the bug-filing form. You can click "Show Advanced Fields" to show all the fields, if you want them. Bugzilla remembers whether you last used the "Advanced" or "Simple" version of the bug-entry form, and will display the same version to you again next time you file a bug.
New Home Page - Bugzilla's front page has been redesigned to be better at guiding new users into the activities that they most commonly want to do. Further enhancements to the home page are coming in future versions of Bugzilla.
Email Addresses Hidden From Logged-Out Users - To help prevent spam to Bugzilla users, all email addresses stored in Bugzilla are now displayed only if you are logged in. If you are logged out, only the part before the "@" of the email address is displayed. This includes bug lists, viewing bugs, the XML format of a bug, and any other place in the web interface that an email address could appear.
Email addresses are not filtered out of bug comments. The WebService still returns full email addresses, even if you are logged out.
Shorter Search URLs - When submitting a search, all the unused fields are now stripped from the URL, so search URLs are much more meaningful, and much shorter.
Asynchronous Email Sending - The largest performance problem in former versions of Bugzilla was that when updating bugs, email would be sent immediately to every user who needed to be notified, and process_bug.cgi would wait for the emails to be sent before continuing.
Now Bugzilla is capable of queueing emails to be sent while a bug is being updated, and sending them in the background. This requires the administrator to run a daemon that comes with Bugzilla, named jobqueue.pl, and to enable the use_mailer_queue parameter.
Using the background email-sending daemon instead of sending mail directly should result in a very large speed-up for updating bugs, particularly on larger installations.
Dates and Times Displayed In User's Time Zone - Users can now select what time zone they are in and Bugzilla will adjust displayed times to be correct for their time zone. However, times the user inputs are unfortunately still in Bugzilla's time zone.
Custom Fields That Only Appear When Another Field Has a Particular Value - When creating a new custom field (or updating the definition of an existing custom field), you can now say that "this field only appears when field X has value Y". (In the future, you will be able to select multiple values for "Y", so a field will appear when any one of those values is selected.)
This feature only hides fields--it doesn't make their values go away. So bugs will still show up in searches for that field's value, but the field won't appear in the user interface.
This is a good way of making Product-specific fields.
Custom Fields Whose List of Values Change Depending on the Value of Another Field - When creating a drop-down or multiple-selection custom field, you can now specify that another field "controls the values" of this field. Then, when adding values to this field, you can say that a particular value only appears when the other field is set to a particular value.
Here's an example: Let's say that we create a field called "Colors", and we make the Product field "control the values" for Colors. Then we add Blue, Red, Black, and Yellow as legal values for the "Colors" field. Now we can say that "Blue" and "Red" only appear as valid choices in Product A, "Yellow" only appears in Product B, but "Black" always appears.
One thing to note is that this feature only controls what values appear in the user interface. Bugzilla itself will still accept any combination of values as valid, in the backend.
New Custom Field Type: Bug ID - You can now create a custom field that holds a reference to a single valid bug ID. In the future this will be enhanced to allow bugs to refer to each other via this field.
"See Also" Field - We have added a new standard field called "See Also" to Bugzilla. In this field, you can put URLs to multiple bugs in any Bugzilla installation, to indicate that those bugs are related to this one. It also supports adding URLs to bugs in Launchpad.
Right now, the field just validates the URLs and then displays them, but in the future, it will grab information from the other installation about the bug and display it here, and possibly even update the other installation.
If your installation does not need this field, you can hide it by disabling the use_see_also parameter.
Re-order Columns in Search Results - There is a new interface for choosing what columns appear in search results, which allows you to change the order in which columns appear from left to right when viewing the bug list.
Search Descriptions - When displaying search results, Bugzilla will now show a brief description of what you searched for, at the top of the bug list.
Enhancements for Users:
You can now log in from every page, using the login form that appears in the header or footer when you click "Log In".
When viewing a bug, obsolete attachments are now hidden from the attachment list by default. You can show them by clicking "Show Obsolete" at the bottom of the attachment list.
In the Email Preferences, you can now choose to get email when a new bug report is filed and you have a particular role on it.
When resolving a mid-air collision, you can now choose to submit only your comment.
You can now set the Blocks and Depends On field on the "Change Several Bugs At Once" page.
If your installation uses the "insidergroup" feature, you can now add private comments on the "Change Several Bugs At Once" page.
When viewing a search result, you can now hover over any abbreviated field to see its full value.
When logging out, users are now redirected to the main page of Bugzilla instead of an empty page.
When editing a bug, text fields (except the comment box) now grow longer when you widen your browser window.
When viewing a bug, the Depends On and Blocks list will display a bug's alias if it has one, instead of its id. Also, closed bugs will be sorted to the end of the list.
If you use the time-tracking features of Bugzilla, and you enable the time-tracking related columns in a search result, then you will see a summary of the time-tracking data at the bottom of the search result.
For users of time-tracking, the summarize_time.cgi page now contains more data.
When viewing an attachment's details page while you are logged-out, flags are no longer shown as editable.
Cloning a bug will now retain the "Blocks" and "Depends On" fields from the bug being cloned.
Bugmail for new bugs will now indicate what security groups the bug has been restricted to.
You can now use any custom drop-down field as an axis for a tabular or graphical report.
The X-Bugzilla-Type header in emails sent by Bugzilla is now "new" for bugmail sent for newly-filed bugs, and "changed" for emails having to do with updated bugs.
Mails sent by the "Whining" system now contain the header X-Bugzilla-Type: whine.
bugmail now contains a X-Bugzilla-URL header to uniquely identify which Bugzilla installation the email came from.
If you input an invalid regular expression anywhere in Bugzilla, it will now tell you explicitly instead of failing cryptically.
The duplicates.xul page (which wasn't used by very many people) is now gone.
Enhancements for Administrators and Developers:
Bugzilla now uses the SHA-256 algorithm (a variant of SHA-2) to encrypt passwords in the database, instead of using Unix's "crypt" function. This allows passwords longer than eight characters to actually be effective. Each user's password will be converted to SHA-256 the first time they log in after you upgrade to Bugzilla 3.4 or later.
If you are using database replication with Bugzilla, many more scripts now take advantage of the read-only slave (the "shadowdb"). It may be safe to open up show_bug.cgi to search-engine indexing by editing your robots.txt file, now, if your Bugzilla is on fast-enough hardware.
The database now uses foreign keys to enforce the validity of relationships between tables. Not every single table has all its foreign keys yet, but most do.
Various parameters have been removed, in an effort to de-clutter the parameter interface and simplify Bugzilla's code. The parameters that were removed were: timezone, supportwatchers, maxpatchsize, commentonclearresolution, commentonreassignbycomponent, showallproducts. They have all been replaced with sensible default behaviors. (For example, user watching is now always enabled.)
When adding &debug=1 to the end of a buglist.cgi URL, Bugzilla will now also do an EXPLAIN on the query, to help debug performance issues.
When editing flag types in the administrative interface, you can now see how many flags of each type have been set.
WebService Changes:
Various functions have been added to the WebService: Bug.search, User.get, Bug.comments, Bugzilla.time (Bugzilla.timezone is now deprecated), and Bug.update_see_also.
For network efficiency, you can now limit which fields are returned from certain WebService functions, like User.get.
There is now a "permissive" argument for the Bug.get WebService function, which causes it not to throw an error when you ask for bugs you can't see.
The Bug.get method now returns many more fields.
The Bug.add_comment method now returns the ID of the comment that was just added.
Many WebService function parameters now take individual values in addition to arrays.
The WebService now validates input types--it makes sure that dates are in the right format, that ints are actually ints, etc. It will throw an error if you send it invalid data. It also accepts empty ints, doubles, and dateTimes, and translates them to undef.

New in Bugzilla 3.3.1 Dev (Jan 6, 2009)

New in Bugzilla 3.2 (Dec 1, 2008)

Major UI Improvements:
Bugzilla 3.2 has had some UI assistance from the NASA Human-Computer Interaction department and the new Bugzilla User Interface Team. In particular, you will notice a massively redesigned bug editing form, in addition to our new skin.
New Default Skin: Dusk:
Bugzilla 3.2 now ships with a skin called "Dusk" that is a bit more colorful than old default "Classic" skin. Upgrading installations will still default to the "Classic" skin--administrators can change the default in the Default Preferences control panel. Users can also choose to use the old skin in their Preferences (or using the View :: Page Style menu in Firefox).
The changes that Bugzilla required for Dusk made Bugzilla much easier to skin. See the Addons page for additional skins, or try making your own!
Custom Status Workflow:
You can now customize the list of statuses in Bugzilla, and transitions between them.
You can also specify that a comment must be made on certain transitions.
New Custom Field Types. Bugzilla 3.2 has support for three new types of custom fields:
Large Text: Adds a multi-line textbox to your bugs.
Multiple Selection Box: Adds a box that allows you to choose multiple items from a list.
Date/Time: Displays a date and time, along with a JavaScript calendar popup to make picking a date easier.
Easier Installation:
Bugzilla now comes with a script called install-module.pl that can automatically download and install all of the required Perl modules for Bugzilla. It stores them in a directory inside your Bugzilla installation, so you can use it even if you don't have administrator-level access to your machine, and without modifying your main Perl install.
checksetup.pl will print out instructions for using install-module.pl, or you can read its documentation.
Experimental Oracle Support:
Bugzilla 3.2 contains experimental support for using Oracle as its database. Some features of Bugzilla are known to be broken on Oracle, but hopefully will be working by our next major release.
The Bugzilla Project, as an open-source project, of course does not recommend the use of proprietary database solutions. However, if your organization requires that you use Oracle, this will allow you to use Bugzilla!
Improved UTF-8 Support:
Bugzilla 3.2 now has advanced UTF-8 support in its code, including correct handling for truncating and wrapping multi-byte languages. Major issues with multi-byte or unusual languages are now resolved, and Bugzilla should now be usable by users in every country with little (or at least much less) customization.
Group Icons:
Administrators can now specify that users who are in certain groups should have an icon appear next to their name whenever they comment. This is particularly useful for distinguishing developers from bug reporters.
Enhancements For Users:
Bugs: You can now reassign a bug at the same time as you are changing its status.
Bugs: When entering a bug, you will now see the description of a component when you select it.
Bugs: The bug view now contains some Microformats, most notably for users' names and email addresses.
Bugs: You can now remove a QA Contact from a bug simply by clearing the QA Contact field.
Bugs: There is now a user preference that will allow you to exclude the quoted text when replying to comments.
Bugs: You can now expand or collapse individual comments in the bug view.
Attachments: There is now "mid-air collision" protection when editing attachments.
Attachments: Patches in the Diff Viewer now show line numbers (Example).
Attachments: After creating or updating an attachment, you will be immediately shown the bug that the attachment is on.
Search: You can now reverse the sort of a bug list by clicking on a column header again.
Search: Atom feeds of bug lists now contain more fields.
Search: QuickSearch now supports searching flags and groups. It also now includes the OS field in the list of fields it searches by default.
Search: "Help" text can now appear on query.cgi for Internet Explorer and other non-Firefox browsers. (It always could appear for Firefox.)
Bugzilla now ships with an icon that will show up next to the URL in most browsers. If you want to replace it, it's in images/favicon.ico.
You can now set the Deadline when using "Change Several Bugs At Once"
Saved Searches now save their column list, so if you customize the list of columns and save your search, it will always contain those columns.
Saved Searches: When you share a search, you can now see how many users have subscribed to it, on userprefs.cgi.
Saved Searches: You can now see what group a shared search was shared to, on the list of available shared searches in userprefs.cgi.
Flags: If your installation uses drop-down user lists, the flag requestee box will now contain only users who are actually allowed to take requests.
Flags: If somebody makes a request to you, and you change the requestee to somebody else, the requester is no longer set to you. In other words, you can "redirect" requests and maintain the original requester.
Flags: Emails about flags now will thread properly in email clients to be a part of a bug's thread.
When using email_in.pl, you can now add users to the CC list by just using @cc as the field name.
Many pages (particularly administrative pages) now contain links to the relevant section of the Bugzilla Guide, so you can read the documentation for that page.
Dependency Graphs should render more quickly, as they now (by default) only include the same bugs that you'd see in the dependency tree.
Enhancements For Administrators:
Admin UI: Instead of having the Administration Control Panel links in the footer, there is now just one link called "Administration" that takes you to a page that links to all the administrative controls for Bugzilla.
Admin UI: Administrative pages no longer display confirmation pages, instead they redirect you to some useful page and display a message about what changed.
Admin UI: The interface for editing group inheritance in editgroups.cgi is much clearer now.
Admin UI: When editing a user, you can now see all the components where that user is the Default Assignee or Default QA Contact.
Email: For installations that use SMTP to send mail (as opposed to Sendmail), Bugzilla now supports SMTP Authentication, so that it can log in to your mail server before sending messages.
Email: Using the "Test" mail delivery method now creates a valid mbox file to make testing easier.
Authentication: Bugzilla now correctly handles LDAP records which contain multiple email addresses. (The first email address in the list that is a valid Bugzilla account will be used, or if this is a new user, the first email address in the list will be used.)
Authentication: Bugzilla can now take a list of LDAP servers to try in order until it gets a successful connection.
Authentication: Bugzilla now supports RADIUS authentication.
Security: The login cookies is now created as "HTTPOnly" so that it can't be read by possibly malicious scripts. Also, if SSL is enabled on your installation, the login cookie is now only sent over SSL connections.
Security: The ssl parameter now protects every page a logged-in user accesses, when set to "authenticated sessions." Also, SSL is now enforced appropriately in the WebServices interface when the parameter is set.
Database: Bugzilla now uses transactions in the database instead of table locks. This should generally improve performance with many concurrent users. It also means if there is an unexpected error in the middle of a page, all database changes made during that page will be rolled back.
Database: You no longer have to set max_packet_size in MySQL to add large attachments. However, you may need to set it manually if you restore a mysqldump into your database.
New WebService functions: Bug.add_comment and Bugzilla.extensions.
You can now delete custom fields, but only if they have never been set on any bug.
There is now a --reset-password argument to checksetup.pl that allows you to reset a user's password from the command line.
There is now a script called sanitycheck.pl that you can run from the command line. It works just like sanitycheck.cgi. By default, it only outputs anything if there's an error, so it's ideal for administrators who want to run it nightly in a cron job.
The strict_isolation parameter now prevents you from setting users who cannot see a bug as a CC, Assignee, or QA Contact. Previously it only prevented you from adding users who could not edit the bug.
Extensions can now add their own headers to the HTML for things like custom CSS and so on.
sanitycheck.cgi has been templatized, meaning that the entire Bugzilla UI is now contained in templates.
When setting the sslbase parameter, you can now specify a port number in the URL.
When importing bugs using importxml.pl, attachments will have their actual creator set as their creator, instead of the person who exported the bug from the other system.
The voting system is off by default in new installs. This is to prepare for the fact that it will be moved into an extension at some point in the future.
The shutdownhtml parameter now works even when Bugzilla's database server is down.
Enhancements for Localizers (or Localized Installations)
The documentation can now be localized--in other words, you can have documentation installed for multiple languages at once and Bugzilla will link to the correct language in its internal documentation links.
Bugzilla no longer uses the languages parameter. Instead it reads the template/ directory to see which languages are available.
Some of the messages printed by checksetup.pl can now be localized. See template/en/default/setup/strings.txt.pl.

New in Bugzilla 3.2 RC 1 (Aug 12, 2008)

New in Bugzilla 3.1.4 Beta (May 5, 2008)

New in Bugzilla 3.0.3 (Jan 10, 2008)

New in Bugzilla 3.0.2 (Sep 19, 2007)