June 17, 2014

Security updates included in v1.6.1052

A week ago we released v1.6.1052 which included a number of security fixes. The issues were reported to us by a security researcher on Saturday 7th June, 2014 (NZT). Within 24 hours, we had reviewed the reports and implemented fixes. The following 24 hours involved testing the updates, which was followed by a public release on Monday 9th June, 2014 (NZT). We then gave everyone a couple of days to update before detailing the security-related changes here.

The issues affected the Bugify web app – not bugify.com or any other apps/services.



June 10, 2014

Bugify version 1.6.1052 – Maintenance 5

This is the fifth maintenance release of v1.6 and also includes some important security updates.

The Security-related updates will be detailed in a blog post a few days after this release goes live. This is to give everyone sufficient time to upgrade.

  • Adding “closing”, “fixing”, “resolving” as words that can be used in commit messages.
  • Enabling nl_NL (Dutch) language file.
  • Updated pl_PL (Polish) language file.
  • Fixing issue with log files being filled up with warning about disabled extension.
  • Checking for XCache and eAccelerator (causes issues).
  • Fixing issues saving to the config file.
  • Fixed issue with editing labels.
  • Fixed issue with modal boxes displaying briefly on page load.
  • Significant update to the way config options are stored.
  • Fixed bug when searching with text and a label selected.

API Updates

  • Fixes bugs with listing issues via the API (particularly when viewing saved filters).
  • Returning comment id after adding new comment via the API.

Remember – if you’re working on language files, or have any custom code – make sure to take a backup before updating! Backing up before updating is always a good idea.