happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1207926] change treeherder@bots.tld to orangefactor@bots.tld
  • [1204683] Add whoami endpoint
  • [1208135] security not being mailed when bugs change core-security-release state
  • [1199090] add printable recovery 2fa codes
  • [1204623] timestamp on flags should reference the latest updated activity, not the first
  • [1209745] Update get_permissions.html.tmpl to reflect new self-canconfirm process

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1203991] change the suggested fxos 2fa app (again)
  • [1204704] Backport upstream testsuite changes to test against bug 1202447
  • [1205683] Feature request: STR and regression-range pulldowns
  • [1199087] extend 2fa protection beyond login
  • [1204645] the ‘last seen’ value in the group membership report should use a profile’s last-seen date, not the cookie

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1201415] add message informing users to check their mobile device’s time if they have issues enrolling
  • [1202461] Missing real email syntax check
  • [1201954] Add a “forgot password” link to user preferences -> account
  • [1202147] Performing a Simple Search results in the message “invalid column names: relevance desc”
  • [1202845] Update to Recruiting form (HRBP list, Textio component)
  • [1202975] warning about api key requirement is no longer shown when enabling 2fa
  • [1202976] change the suggested fxos 2fa app

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1200600] message about 2fa’s interaction with api authentication should be visible when 2fa is enabled
  • [1200610] jsonrpc API requests do not work when “Require API-Key authentication for API requests” is enabled due to missing API tokens
  • [1200618] Layout of the TOTP 2FA leads to missing the token time window and thus frustration
  • [1200957] when a non-admin edits a user the 2fa setting is incorrectly reported
  • [1200974] “API-Key” in 2fa text should be “API key” to match the rest of bugzilla
  • [1196618] add support for group owners
  • [1196508] Intern Request Metric Dashboard
  • [1200961] switching to the modal view doesn’t force the mozilla skin
  • [1201116] remove the duo mobile client from suggested apps due to its lack of handling of expired codes

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1197073] add support for 2fa using totp (eg. google authenticator)
  • [1199136] security bug group moves for new core-security-release group
  • [1199941] inactive sessions should expire faster (a week)

today’s push lands initial support for two-factor authentication on BMO. we currently support time-based one-time passwords (totp) with protection around just logging in. 2fa protection will be extended to protect other actions in the upcoming weeks.

2fa

visit the ‘two-factor authentication‘ section under your user preferences to enable 2fa.

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1195362] Quicksearch error pages (“foo is not a field” and friends) should still fill in search into quicksearch box
  • [1190476] set Comment field in GPG email to the URL of the bug
  • [1195645] don’t create a new session for every authenticated REST/BzAPI call
  • [1197084] No mail sent when bugs added to or removed from *-core-security groups
  • [1196614] restrict the ability for users with editusers/creategroups to alter admins and the admin group
  • [1196092] Switch logincookies primary key to auto_incremented id, make cookie a secondary UNIQUE key
  • [1197699] always store the ip address in the logincookies table
  • [1197696] group_members report doesn’t display nested inherited groups
  • [1196134] add ability for admins to force a user to change their password on next login
  • [1192687] add the ability for users to view and revoke existing sessions
  • [1195836] Remove install-module.pl from bmo
  • [1180733] “An invalid state parameter was passed to the GitHub OAuth2 callback” error when logging in with github

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1194584] “has cert” and “member of secure group” shouldn’t be visible when creating a user
  • [1181596] Modal UI doesn’t honor the “where to put the additional comment textarea” preference
  • [1193190] ‘view account history’ on edituser should include audit_log entries
  • [979441] Under mod_perl, some modules aren’t preloaded at startup
  • [981487] change bugs_fulltext from myisam to innodb
  • [1195315] Use of uninitialized value in string eq at Bugzilla/Product.pm line 99
  • [1195593] Able to delete any Bugzilla user’s Bugmail Filter
  • [1195598] The “unknown_action” error message could confuse the user
  • [1195620] stop sending http cookies to sentry
  • [1194250] ‘take’ button should uncheck “reset assignee to default”

discuss these changes on mozilla.tools.bmo.