We finally released Bugzilla 3.2.3 and Bugzilla 3.3.4 last night, March 30. All existing Bugzilla 3.x installations will get automatic notifications within 24 hours (if administrators enabled this feature).
Bugzilla 3.2.3 fixes some important bugs:
- One of the security fixes implemented in Bugzilla 3.2.1 broke the ability to edit several bugs at once if the installation was using a shadow DB with the –read-only option (Bugzilla was trying to write into the shadow DB instead of the master DB). Installations not using a shadow DB are not affected by this issue.
- Due to our new token protection implemented in Bugzilla 3.2.1 to prevent unwanted bug changes, some Bugzilla clients were unable to edit bugs anymore as they had no valid token in hands. The XML format of bugs now contains a valid token which can be used to edit them (keep in mind that the token is generated based on the user ID, so you cannot use your own token with someone else, which is the goal of using tokens!).
- Saved searches with UT8 characters in their name no longer crash Bugzilla (again a regression due to one of the security fixes implemented in Bugzilla 3.2.1).
- Due to a change in MySQL 5.1.31 and newer, "SET SESSION max_allowed_packet" is no longer allowed, making previous versions of Bugzilla 3.2.x to fail. This problem is now fixed.
- Attachments now have the same token protection as bugs themselves. This is our last security fix related to cross-site request forgery (read the previous security advisory if you want to see which other areas were fixed in our previous security release).
All known regressions introduced in Bugzilla 3.2.1/3.2.2 have been fixed in Bugzilla 3.2.3. This means you really should upgrade your installation to 3.2.3.
Bugzilla 3.3.4 is our last development release before Bugzilla 3.4rc1. This means it’s feature complete and we will now only focus on bug fixes (enhancements are no longer allowed on this branch). Newly introduced features are listed in the Status Update. The most significant change is the new front page (screenshot). Feedback is much welcome! Please keep in mind that Bugzilla 3.3.4 got no QA at all, meaning that it’s potentially unstable. If you need a stable release, use Bugzilla 3.2.3.
To developers, note that we have reopened the trunk and new enhancements are again allowed. The current trunk version is Bugzilla 3.5 (which will become Bugzilla 3.6 when it’s stable). The 3.4 branch is tagged BUGZILLA-3_4-BRANCH.