happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1200600] message about 2fa’s interaction with api authentication should be visible when 2fa is enabled
  • [1200610] jsonrpc API requests do not work when “Require API-Key authentication for API requests” is enabled due to missing API tokens
  • [1200618] Layout of the TOTP 2FA leads to missing the token time window and thus frustration
  • [1200957] when a non-admin edits a user the 2fa setting is incorrectly reported
  • [1200974] “API-Key” in 2fa text should be “API key” to match the rest of bugzilla
  • [1196618] add support for group owners
  • [1196508] Intern Request Metric Dashboard
  • [1200961] switching to the modal view doesn’t force the mozilla skin
  • [1201116] remove the duo mobile client from suggested apps due to its lack of handling of expired codes

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1197073] add support for 2fa using totp (eg. google authenticator)
  • [1199136] security bug group moves for new core-security-release group
  • [1199941] inactive sessions should expire faster (a week)

today’s push lands initial support for two-factor authentication on BMO. we currently support time-based one-time passwords (totp) with protection around just logging in. 2fa protection will be extended to protect other actions in the upcoming weeks.

visit the ‘two-factor authentication‘ section under your user preferences to enable 2fa.

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1195362] Quicksearch error pages (“foo is not a field” and friends) should still fill in search into quicksearch box
  • [1190476] set Comment field in GPG email to the URL of the bug
  • [1195645] don’t create a new session for every authenticated REST/BzAPI call
  • [1197084] No mail sent when bugs added to or removed from *-core-security groups
  • [1196614] restrict the ability for users with editusers/creategroups to alter admins and the admin group
  • [1196092] Switch logincookies primary key to auto_incremented id, make cookie a secondary UNIQUE key
  • [1197699] always store the ip address in the logincookies table
  • [1197696] group_members report doesn’t display nested inherited groups
  • [1196134] add ability for admins to force a user to change their password on next login
  • [1192687] add the ability for users to view and revoke existing sessions
  • [1195836] Remove install-module.pl from bmo
  • [1180733] “An invalid state parameter was passed to the GitHub OAuth2 callback” error when logging in with github

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1194584] “has cert” and “member of secure group” shouldn’t be visible when creating a user
  • [1181596] Modal UI doesn’t honor the “where to put the additional comment textarea” preference
  • [1193190] ‘view account history’ on edituser should include audit_log entries
  • [979441] Under mod_perl, some modules aren’t preloaded at startup
  • [981487] change bugs_fulltext from myisam to innodb
  • [1195315] Use of uninitialized value in string eq at Bugzilla/Product.pm line 99
  • [1195593] Able to delete any Bugzilla user’s Bugmail Filter
  • [1195598] The “unknown_action” error message could confuse the user
  • [1195620] stop sending http cookies to sentry
  • [1194250] ‘take’ button should uncheck “reset assignee to default”

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1191016] Additional changes needed to the Intern Request Form
  • [1167622] red border in confirmation of changes is misleading – should be green as the text
  • [1153108] add page allowing users to grant canconfirm rights onto themselves
  • [1146761] clicking on a date/flag/etc should scroll to the corresponding change
  • [1192893] Deactivated keywords cause the table on the keyword descriptions page to render strangely
  • [1187220] develop a script to remove non-public data from the bmo database

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1189075] keyboard shortcut for going into edit mode conflicts with Firefox’s tab groups feature
  • [1188339] Increase length of all tokens value for greater security
  • [1185856] Tabbing out of the keyword field should not select the first available keyword
  • [1189172] remove link to ‘release notes’ from index page, and point ‘help’ to bmo.readthedocs.org
  • [1188561] Pre-populate form.fxos.feature fields with GET parameters
  • [1189362] Fix memory leak in Bugzilla::Bug->comments
  • [1190255] modal UI is used immediately after bug creation when using a non-standard form, even if preferenced off

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1185823] add additional [audit] syslog entries
  • [1187184] Minor updates to gear form
  • [1184828] api searches should honour the same fields in its “order” parameter as the web UI
  • [1186803] remove %product_sec_groups from bmo/lib/data.pm
  • [1186776] allow users to set keywords on bug creation (via API/internally only)
  • [1181453] Amend https://bugzilla.mozilla.org/form.fxos.feature form
  • [1186788] disabling an account should always disable bugmail
  • [1171806] add the ability for a user to disable/”remove” their own account
  • [1187498] Disable SiteMapIndex extension if running on under development site instead of production

discuss these changes on mozilla.tools.bmo.