• Contribute!
• Features
• Download
• Support
• Docs
• News
• About

• About
  • Who Uses Bugzilla?
  • Roadmap
  • Meet the Team
  • Release Information
• News
  • Planet Bugzilla
  • Security Advisories
  • Change Logs
• Download
  • Extensions
  • Requirements
• Support
  • Free Support
  • Paid Support
  • Documentation
  • Wiki
  • Report a Bug
• Developer Resources
• How To Help Out

Security Advisories

Bugzilla is a rapidly evolving product. As we get more people involved, and more sites using Bugzilla, the code is becoming much better-defined and much better-reviewed. The current developer community is very much concerned with the security of your site and your Bugzilla data. As such, we make every attempt to seal up any security holes as soon as possible after they are found. Although no guarantees are made that Bugzilla is perfectly secure, the more secure it gets, the better.

The following is a list of the security advisories that were issued with each of our releases that included security-related fixes. Consequently, as of this writing, this is almost every version we've ever released since 2.10. Some might say this makes Bugzilla sound pretty insecure (in fact, this is actually very true of the older versions), but it really means we've been paying a lot more attention to security matters recently.

• [2016-05-16] Security advisory for versions prior to 4.4.12 and 5.0.3
• [2015-12-22] Security advisory for versions prior to 4.2.16, 4.4.11, and 5.0.2
• [2015-09-10] Security advisory for versions prior to 4.2.15, 4.4.10, and 5.0.1
• [2015-01-21] Security advisory for versions prior to 4.0.16, 4.2.12, 4.4.7, and 5.0rc1
• [2014-10-06] Security advisory for versions prior to 4.0.15, 4.2.11, 4.4.6, and 4.5.6
• [2014-07-24] Security advisory for versions prior to 4.0.14, 4.2.10, 4.4.5, and 4.5.5
• [2014-04-17] Security advisory for versions prior to 4.0.12, 4.2.8, 4.4.3, and 4.5.3
• [2013-10-16] Security advisory for versions prior to 4.0.11, 4.2.7, and 4.4.1
• [2013-02-19] Security advisory for versions prior to 3.6.13, 4.0.10, 4.2.5, and 4.4rc2
• [2012-11-13] Security advisory for versions prior to 3.6.12, 4.0.9, 4.2.4, and 4.4rc1
• [2012-08-30] Security advisory for versions prior to 3.6.11, 4.0.8, 4.2.3, and 4.3.3
• [2012-07-26] Security advisory for versions prior to 3.6.10, 4.0.7, 4.2.2, and 4.3.2
• [2012-04-18] Security advisory for versions prior to 3.6.9, 4.0.6, and 4.2.1
• [2012-02-22] Security advisory for versions prior to 4.0.5 and 4.2
• [2012-01-31] Security advisory for versions prior to 3.4.14, 3.6.8, 4.0.4, and 4.2rc2
• [2011-12-28] Security advisory for versions prior to 3.4.13, 3.6.7, 4.0.3, and 4.2rc1
• [2011-08-04] Security advisory for versions prior to 3.4.12, 3.6.6, 4.0.2, and 4.1.3
• [2011-01-24] Security advisory for versions prior to 3.2.10, 3.4.10, 3.6.4, and 4.0rc2
• [2010-11-02] Security advisory for versions prior to 3.2.9, 3.4.9, 3.6.3, and 4.0rc1
• [2010-08-05] Security advisory for versions prior to 3.2.8, 3.4.8, 3.6.2, and 3.7.3
• [2010-07-05] Security advisory for 3.7 versions prior to 3.7.2
• [2010-06-24] Security advisory for versions prior to 3.2.7, 3.4.7, 3.6.1, and 3.7.1
• [2010-01-31] Security advisory for versions prior to 3.0.11, 3.2.6, 3.4.5, and 3.5.3
• [2009-11-18] Security advisory for versions prior to 3.4.4 and 3.5.2
• [2009-09-11] Security advisory for versions prior to 3.4.2, 3.2.5, and 3.0.9
• [2009-08-01] Security advisory for versions prior to 3.4.1
• [2009-07-08] Security advisory for versions prior to 3.4rc1 and 3.2.4
• [2009-03-30] Security advisory for versions prior to 3.2.3 and 3.3.4
• [2009-02-03] Security advisory for versions prior to 3.2.2, 3.0.8, and 3.3.3
• [2009-02-02] Security advisory for versions prior to 3.2.1, 3.0.7, 2.22.7, and 3.3.2
• [2008-11-06] Security advisory for versions prior to 3.2rc2, 3.0.6, 2.22.6, and 2.20.7
• [2008-08-12] Security advisory for versions prior to 3.0.5, 3.2rc1, and 2.22.4
• [2007-05-04] Security advisory for versions prior to 3.0.4, 3.1.4, 2.22.4, and 2.20.6
• [2007-09-18] Security advisory for versions prior to 3.0.2 and 3.1.2
• [2007-08-23] Security advisory for versions prior to 2.20.5, 2.22.3, 3.0.1 and 3.1.1
• [2007-02-02] Security advisory for versions prior to 2.20.4, 2.22.2, and 2.23.4
• [2006-10-15] Security advisory for versions prior to 2.18.6, 2.20.3, 2.22.1, and 2.23.3.
• [2006-02-20] Security advisory for versions prior to 2.18.5/2.20.1/2.22rc1
• [2005-12-27] Security advisory for versions prior to 2.16.11
• [2005-09-30] Security advisory for versions prior to 2.18.4/2.20/2.21.1
• [2005-07-07] Security advisory for versions prior to 2.18.2/2.20rc1
• [2005-05-11] Security advisory for versions prior to 2.16.9/2.18.1/2.19.3
• [2005-01-06] Security advisory for versions prior to 2.16.8/2.18/2.19.2
• [2004-10-24] Security advisory for versions prior to 2.16.7/2.18rc3/2.19.1
• [2004-07-10] Security advisory for versions prior to 2.16.6/2.18rc1
• [2003-11-02] Security advisory for versions prior to 2.16.4/2.17.5
• [2003-04-24] Security advisory for versions prior to 2.16.3/2.17.4
• [2003-01-02] Security advisory for versions prior to 2.14.5/2.16.2/2.17.3
• [2002-11-26] Security advisory for versions prior to 2.14.5/2.16.2/2.17.1 that also upgraded from 2.10 or earlier
• [2002-10-01] Security advisory for versions prior to 2.14.4 and 2.16.x prior to 2.16.1
• [2002-06-08] Security advisory for release versions prior to 2.14.2 and development versions prior to 2.16rc2
• [2002-01-05] Security advisory for release versions prior to 2.14.1 and development version 2.15 checked out of CVS prior to 03 January 2002
• [2001-08-30] Security advisory for versions prior to 2.14
• [2001-04-27] Security advisory for versions prior to 2.12
• [2000-05-09] Security advisory for versions prior to 2.10