Bugzilla: Difference between revisions

Line 1:

{{Infobox software

Line 33:

'''Bugzilla''' is a [[World Wide Web|web]]-based general-purpose [[bug tracking system]] and [[Test automation|testing tool]] originally developed and used by the [[Mozilla]] project, and [[software license|licensed]] under the [[Mozilla Public License]].

Released as [[open-source software]] by [[Netscape Communications]] in 1998, it has been adopted by a variety of organizations for use as a [[bug tracking system]] for both [[free and open-source software]] and [[proprietary software|proprietary]] projects and products. Bugzilla is used, among others, by the [[Mozilla Foundation]], [[WebKit]], [[Linux kernel]], [[FreeBSD]],<ref>{{cite web|url=https://lists.freebsd.org/pipermail/freebsd-announce/2014-June/001559.html|title=Announcement of Migration from GNATS to Bugzilla on the FreeBSD mailing list|date=3 June 2014 |quote=Bugzilla supports finer granularity for categories and keywords and over time we will adopt more of these, making it easier to filter bugs into specific target areas. It is now easy for multiple people to track a single bug, without having to have them assigned to custom mailing lists, add attachments to bugs, and so on. Many features that people expect from a modern bug tracker are simply not present in GNATS.}}</ref> [[KDE]], [[Apache Software Foundation|Apache~~]], [[Eclipse (software)|Eclipse~~]] and [[LibreOffice]].<ref>{{cite web|url=http://www.bugzilla.org/installation-list/|title=Installation List|work=bugzilla.org}}</ref> Red Hat uses it, but is gradually migrating its product to use [[Jira (software)|Jira]].<ref>{{Cite web |title=[CentOS-devel] RHEL moving to issues.redhat.com only long term |url=https://lists.centos.org/pipermail/centos-devel/2022-March/120269.html |access-date=2022-04-19}}</ref><ref>{{Cite web |title=CentOS Community Newsletter, April 2022 – Blog.CentOS.org |url=https://blog.centos.org/2022/04/centos-community-newsletter-april-2022/ |access-date=2022-04-19 |language=en-US}}</ref> It is also [[Self-hosting (compilers)|self-hosting]].<ref>{{Cite web|url = http://www.bugzilla.org/developers/reporting_bugs.html|title = Reporting Bugs|date = 31 December 2014|access-date = 9 January 2014|website = Bugzilla}}</ref>

Released as [[open-source software]] by [[Netscape Communications]] in 1998, it has been adopted by a variety of organizations for use as a [[bug tracking system]] for both [[free and open-source software]] and [[proprietary software|proprietary]] projects and products. Bugzilla is used, among others, by the [[Mozilla Foundation]], [[WebKit]], [[Linux kernel]], [[FreeBSD]],<ref>{{cite web|url=https://lists.freebsd.org/pipermail/freebsd-announce/2014-June/001559.html|title=Announcement of Migration from GNATS to Bugzilla on the FreeBSD mailing list|date=3 June 2014 |quote=Bugzilla supports finer granularity for categories and keywords and over time we will adopt more of these, making it easier to filter bugs into specific target areas. It is now easy for multiple people to track a single bug, without having to have them assigned to custom mailing lists, add attachments to bugs, and so on. Many features that people expect from a modern bug tracker are simply not present in GNATS.}}</ref> [[KDE]], [[Apache Software Foundation|Apache]] and [[LibreOffice]].<ref>{{cite web|url=http://www.bugzilla.org/installation-list/|title=Installation List|work=bugzilla.org}}</ref> Red Hat uses it, but is gradually migrating its product to use [[Jira (software)|Jira]].<ref>{{Cite web |title=[CentOS-devel] RHEL moving to issues.redhat.com only long term |url=https://lists.centos.org/pipermail/centos-devel/2022-March/120269.html |access-date=2022-04-19}}</ref><ref>{{Cite web |title=CentOS Community Newsletter, April 2022 – Blog.CentOS.org |url=https://blog.centos.org/2022/04/centos-community-newsletter-april-2022/ |access-date=2022-04-19 |language=en-US}}</ref> It is also [[Self-hosting (compilers)|self-hosting]].<ref>{{Cite web|url = http://www.bugzilla.org/developers/reporting_bugs.html|title = Reporting Bugs|date = 31 December 2014|access-date = 9 January 2014|website = Bugzilla}}</ref>

== History ==

Bugzilla was originally devised by Terry Weissman in 1998 for the nascent [[Mozilla.org]] project, as an [[Open-source software|open source]] application to replace the in-house system then in use at Netscape Communications for tracking defects in the [[Netscape Communicator]] suite. Bugzilla was originally written in [[Tcl]], but Weissman decided to port it to [[Perl]] before its release as part of Netscape's early open-source code drops, in the hope that more people would be able to contribute to it, given that Perl seemed to be a more popular language at the time.<ref>{{cite web | url = http://www.bugzilla.org/status/roadmap.html#history | title = Brief History | work = Development Roadmap | publisher = Mozilla.org | access-date = 2006-11-22 }}</ref>

Bugzilla was originally devised by Terry Weissman in 1998 for the nascent [[Mozilla.org]] project, as an [[Open-source software|open source]] application to replace the in-house system then in use at Netscape Communications for tracking defects in the [[Netscape Communicator]] suite. Bugzilla was originally written in [[Tcl (programming language)|Tcl]], but Weissman decided to port it to [[Perl]] before its release as part of Netscape's early open-source code drops, in the hope that more people would be able to contribute to it, given that Perl seemed to be a more popular language at the time.<ref>{{cite web | url = http://www.bugzilla.org/status/roadmap.html#history | title = Brief History | work = Development Roadmap | publisher = Mozilla.org | access-date = 2006-11-22 }}</ref>

Bugzilla 2.0 was the result of that port to Perl, and the first version was released to the public via anonymous [[Concurrent Versions System|CVS]]. In April 2000, Weissman handed over control of the Bugzilla project to [[Tara Hernandez]]. Under her leadership, some of the regular contributors were coerced into taking more responsibility, and Bugzilla development became more community-driven. In July 2001, facing distraction from her other responsibilities in Netscape, Hernandez handed control to Dave Miller, who was still in charge {{as of|2020|lc=on}}.<ref name="bugzilla-dev-profiles">{{cite web | url = http://www.bugzilla.org/developers/profiles.html | title = Developer Profiles | work = Bugzilla Website | publisher = Mozilla.org | access-date = 2013-07-02 }}</ref>

Line 50:

Define $now = 28/11/~~2024~~

Define $now = 03/10/2025

Define $width = 556

Define $warning = 436 # $width – 120

Line 61:

Legend = orientation:vertical position:bottom columns:1

~~##################################################~~

# Color definitions #

~~##################################################~~

Colors =

id:col2.0 value:orange Legend:Bugzilla_2.0-2.12

Line 410:

Line 409:

# 4.4 filled bar #

##################################################

bar:4.4 width:35 from:24/05/2013 till:~~$now~~ color:col4.4 mark:(line,col4.4)

bar:4.4 width:35 from:24/05/2013 till:03/01/2025 color:col4.4 mark:(line,col4.4)

##################################################

Line 519:

Line 518:

WONTFIX is used as a label on issues in Bugzilla and other systems.<ref name="opensuse">{{cite web|title=Bug Status WONTFIX - openSUSE|url=https://en.opensuse.org/Bug_Status_WONTFIX|website=en.opensuse.org|access-date=9 May 2018|language=en}}</ref> It indicates that a verified issue will not be resolved for one of several possible reasons including fixing would be too expensive, complicated or risky.<ref>{{cite web |url=https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |title=What to do and what not to do in Bugzilla |access-date=2018-05-09 |archive-date=2018-06-29 |archive-url=https://web.archive.org/web/20180629235829/https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |url-status=dead }}</ref><ref>{{cite web |url=https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |title=Bug Status WONTFIX |access-date=2018-05-09 |archive-date=2018-06-29 |archive-url=https://web.archive.org/web/20180629235829/https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |url-status=dead }}</ref>

== Security criticism ==

=== 2003 denial-of-service attack on Mozilla development infrastructure ===

In July 2003, the development servers of the Mozilla project were disrupted by a sustained [[denial-of-service attack]], rendering multiple services unavailable, including the Bugzilla bug tracking system and CVSWeb system. According to statements from the mozdev project, the servers had been subjected to weeks of excessive request traffic, ultimately causing system failures and prompting plans to accelerate a migration to more powerful infrastructure.<ref>{{Cite web |title=Mozilla-Projekt unter Beschuss |url=https://www.derstandard.at/story/1352098/mozilla-projekt-unter-beschuss |access-date=2026-01-11 |website=DER STANDARD |language=de-AT}}</ref>

=== 2014 inadvertent exposure of Bugzilla user data ===

In September 2014, Mozilla disclosed that backups from a test instance of Bugzilla had been accidentally placed in a publicly accessible location, resulting in the exposure of data belonging to approximately 97,000 users. The leaked information included email addresses and hashed passwords, and the backups had been accessible for about three months before the issue was discovered. Mozilla stated that the incident posed a limited security risk due to the use of a test system, reset the affected passwords, and advised users to change reused passwords on other services.<ref>{{Cite web |title=Mozilla: An die 100.000 Nutzerdaten unabsichtlich offengelegt |url=https://www.derstandard.at/story/2000005015299/mozilla-an-die-100000-nutzerdaten-unabsichtlich-offengelegt |access-date=2026-01-11 |website=DER STANDARD |language=de-AT}}</ref>

=== 2015 security breach involving unauthorized access to undisclosed information ===

In September 2015, Mozilla disclosed that attackers had compromised a Bugzilla account and accessed sensitive information about undisclosed Firefox security vulnerabilities, which were potentially subsequently used in attacks against users. As a response, Mozilla reset Bugzilla passwords, introduced mandatory [[two-factor authentication]], and restricted access to sensitive bug data.<ref>{{Cite web |title=Bugzilla: Gestohlene Infos für Angriff auf Firefox-User verwendet |url=https://www.derstandard.at/story/2000021770456/bugzilla-gestohlene-infos-fuer-angriff-auf-firefox-user-verwendet |access-date=2026-01-11 |website=DER STANDARD |language=de-AT}}</ref>

== See also ==

@@ Line 1: / Line 1: @@
-{{short description|Web-based general-purpose bugtracker}}
+{{short description|Web-based bugtracker}}
 {{primary sources|date=September 2011}}
 {{Infobox software
@@ Line 33: / Line 33: @@
 '''Bugzilla''' is a [[World Wide Web|web]]-based general-purpose [[bug tracking system]] and [[Test automation|testing tool]] originally developed and used by the [[Mozilla]] project, and [[software license|licensed]] under the [[Mozilla Public License]].
-Released as [[open-source software]] by [[Netscape Communications]] in 1998, it has been adopted by a variety of organizations for use as a [[bug tracking system]] for both [[free and open-source software]] and [[proprietary software|proprietary]] projects and products. Bugzilla is used, among others, by the [[Mozilla Foundation]], [[WebKit]], [[Linux kernel]], [[FreeBSD]],<ref>{{cite web|url=https://lists.freebsd.org/pipermail/freebsd-announce/2014-June/001559.html|title=Announcement of Migration from GNATS to Bugzilla on the FreeBSD mailing list|date=3 June 2014 |quote=Bugzilla supports finer granularity for categories and keywords and over time we will adopt more of these, making it easier to filter bugs into specific target areas. It is now easy for multiple people to track a single bug, without having to have them assigned to custom mailing lists, add attachments to bugs, and so on. Many features that people expect from a modern bug tracker are simply not present in GNATS.}}</ref> [[KDE]], [[Apache Software Foundation|Apache]], [[Eclipse (software)|Eclipse]] and [[LibreOffice]].<ref>{{cite web|url=http://www.bugzilla.org/installation-list/|title=Installation List|work=bugzilla.org}}</ref> Red Hat uses it, but is gradually migrating its product to use [[Jira (software)|Jira]].<ref>{{Cite web |title=[CentOS-devel] RHEL moving to issues.redhat.com only long term |url=https://lists.centos.org/pipermail/centos-devel/2022-March/120269.html |access-date=2022-04-19}}</ref><ref>{{Cite web |title=CentOS Community Newsletter, April 2022 – Blog.CentOS.org |url=https://blog.centos.org/2022/04/centos-community-newsletter-april-2022/ |access-date=2022-04-19 |language=en-US}}</ref> It is also [[Self-hosting (compilers)|self-hosting]].<ref>{{Cite web|url = http://www.bugzilla.org/developers/reporting_bugs.html|title = Reporting Bugs|date = 31 December 2014|access-date = 9 January 2014|website = Bugzilla}}</ref>
+Released as [[open-source software]] by [[Netscape Communications]] in 1998, it has been adopted by a variety of organizations for use as a [[bug tracking system]] for both [[free and open-source software]] and [[proprietary software|proprietary]] projects and products. Bugzilla is used, among others, by the [[Mozilla Foundation]], [[WebKit]], [[Linux kernel]], [[FreeBSD]],<ref>{{cite web|url=https://lists.freebsd.org/pipermail/freebsd-announce/2014-June/001559.html|title=Announcement of Migration from GNATS to Bugzilla on the FreeBSD mailing list|date=3 June 2014 |quote=Bugzilla supports finer granularity for categories and keywords and over time we will adopt more of these, making it easier to filter bugs into specific target areas. It is now easy for multiple people to track a single bug, without having to have them assigned to custom mailing lists, add attachments to bugs, and so on. Many features that people expect from a modern bug tracker are simply not present in GNATS.}}</ref> [[KDE]], [[Apache Software Foundation|Apache]] and [[LibreOffice]].<ref>{{cite web|url=http://www.bugzilla.org/installation-list/|title=Installation List|work=bugzilla.org}}</ref> Red Hat uses it, but is gradually migrating its product to use [[Jira (software)|Jira]].<ref>{{Cite web |title=[CentOS-devel] RHEL moving to issues.redhat.com only long term |url=https://lists.centos.org/pipermail/centos-devel/2022-March/120269.html |access-date=2022-04-19}}</ref><ref>{{Cite web |title=CentOS Community Newsletter, April 2022 – Blog.CentOS.org |url=https://blog.centos.org/2022/04/centos-community-newsletter-april-2022/ |access-date=2022-04-19 |language=en-US}}</ref> It is also [[Self-hosting (compilers)|self-hosting]].<ref>{{Cite web|url = http://www.bugzilla.org/developers/reporting_bugs.html|title = Reporting Bugs|date = 31 December 2014|access-date = 9 January 2014|website = Bugzilla}}</ref>
 == History ==
-Bugzilla was originally devised by Terry Weissman in 1998 for the nascent [[Mozilla.org]] project, as an [[Open-source software|open source]] application to replace the in-house system then in use at Netscape Communications for tracking defects in the [[Netscape Communicator]] suite. Bugzilla was originally written in [[Tcl]], but Weissman decided to port it to [[Perl]] before its release as part of Netscape's early open-source code drops, in the hope that more people would be able to contribute to it, given that Perl seemed to be a more popular language at the time.<ref>{{cite web | url = http://www.bugzilla.org/status/roadmap.html#history | title = Brief History | work = Development Roadmap | publisher = Mozilla.org | access-date = 2006-11-22 }}</ref>
+Bugzilla was originally devised by Terry Weissman in 1998 for the nascent [[Mozilla.org]] project, as an [[Open-source software|open source]] application to replace the in-house system then in use at Netscape Communications for tracking defects in the [[Netscape Communicator]] suite. Bugzilla was originally written in [[Tcl (programming language)|Tcl]], but Weissman decided to port it to [[Perl]] before its release as part of Netscape's early open-source code drops, in the hope that more people would be able to contribute to it, given that Perl seemed to be a more popular language at the time.<ref>{{cite web | url = http://www.bugzilla.org/status/roadmap.html#history | title = Brief History | work = Development Roadmap | publisher = Mozilla.org | access-date = 2006-11-22 }}</ref>
 Bugzilla 2.0 was the result of that port to Perl, and the first version was released to the public via anonymous [[Concurrent Versions System|CVS]]. In April 2000, Weissman handed over control of the Bugzilla project to [[Tara Hernandez]]. Under her leadership, some of the regular contributors were coerced into taking more responsibility, and Bugzilla development became more community-driven. In July 2001, facing distraction from her other responsibilities in Netscape, Hernandez handed control to Dave Miller, who was still in charge {{as of|2020|lc=on}}.<ref name="bugzilla-dev-profiles">{{cite web | url = http://www.bugzilla.org/developers/profiles.html | title = Developer Profiles | work = Bugzilla Website | publisher = Mozilla.org | access-date = 2013-07-02 }}</ref>
@@ Line 50: / Line 50: @@
 <timeline>
-Define $now = 28/11/2024
+Define $now = 03/10/2025
 Define $width = 556
 Define $warning = 436 # $width – 120
@@ Line 61: / Line 61: @@
 Legend = orientation:vertical position:bottom columns:1
-##################################################
 # Color definitions                              #
-##################################################
 Colors =
    id:col2.0     value:orange         Legend:Bugzilla_2.0-2.12
@@ Line 410: / Line 409: @@
    # 4.4 filled bar                                 #
    ##################################################
-   bar:4.4 width:35 from:24/05/2013 till:$now color:col4.4 mark:(line,col4.4)
+   bar:4.4 width:35 from:24/05/2013 till:03/01/2025 color:col4.4 mark:(line,col4.4)
    ##################################################
@@ Line 519: / Line 518: @@
 <!-- linked from redirects [[WONTFIX]] and [[Wontfix]]-->
 WONTFIX is used as a label on issues in Bugzilla and other systems.<ref name="opensuse">{{cite web|title=Bug Status WONTFIX - openSUSE|url=https://en.opensuse.org/Bug_Status_WONTFIX|website=en.opensuse.org|access-date=9 May 2018|language=en}}</ref> It indicates that a verified issue will not be resolved for one of several possible reasons including fixing would be too expensive, complicated or risky.<ref>{{cite web |url=https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |title=What to do and what not to do in Bugzilla |access-date=2018-05-09 |archive-date=2018-06-29 |archive-url=https://web.archive.org/web/20180629235829/https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |url-status=dead }}</ref><ref>{{cite web |url=https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |title=Bug Status WONTFIX |access-date=2018-05-09 |archive-date=2018-06-29 |archive-url=https://web.archive.org/web/20180629235829/https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla/What_to_do_and_what_not_to_do_in_Bugzilla |url-status=dead }}</ref>
+== Security criticism ==
+=== 2003 denial-of-service attack on Mozilla development infrastructure ===
+In July 2003, the development servers of the Mozilla project were disrupted by a sustained [[denial-of-service attack]], rendering multiple services unavailable, including the Bugzilla bug tracking system and CVSWeb system. According to statements from the mozdev project, the servers had been subjected to weeks of excessive request traffic, ultimately causing system failures and prompting plans to accelerate a migration to more powerful infrastructure.<ref>{{Cite web |title=Mozilla-Projekt unter Beschuss |url=https://www.derstandard.at/story/1352098/mozilla-projekt-unter-beschuss |access-date=2026-01-11 |website=DER STANDARD |language=de-AT}}</ref>
+=== 2014 inadvertent exposure of Bugzilla user data ===
+In September 2014, Mozilla disclosed that backups from a test instance of Bugzilla had been accidentally placed in a publicly accessible location, resulting in the exposure of data belonging to approximately 97,000 users. The leaked information included email addresses and hashed passwords, and the backups had been accessible for about three months before the issue was discovered. Mozilla stated that the incident posed a limited security risk due to the use of a test system, reset the affected passwords, and advised users to change reused passwords on other services.<ref>{{Cite web |title=Mozilla: An die 100.000 Nutzerdaten unabsichtlich offengelegt |url=https://www.derstandard.at/story/2000005015299/mozilla-an-die-100000-nutzerdaten-unabsichtlich-offengelegt |access-date=2026-01-11 |website=DER STANDARD |language=de-AT}}</ref>
+=== 2015 security breach involving unauthorized access to undisclosed information ===
+In September 2015, Mozilla disclosed that attackers had compromised a Bugzilla account and accessed sensitive information about undisclosed Firefox security vulnerabilities, which were potentially subsequently used in attacks against users. As a response, Mozilla reset Bugzilla passwords, introduced mandatory [[two-factor authentication]], and restricted access to sensitive bug data.<ref>{{Cite web |title=Bugzilla: Gestohlene Infos für Angriff auf Firefox-User verwendet |url=https://www.derstandard.at/story/2000021770456/bugzilla-gestohlene-infos-fuer-angriff-auf-firefox-user-verwendet |access-date=2026-01-11 |website=DER STANDARD |language=de-AT}}</ref>
 == See also ==

Bugzilla: Difference between revisions

Navigation menu

Search