Open source software library / BUG tracking management / BugZilla

BugZilla Defect tracking system

Collection one hundred and thirty-nine
comment two
error correction
BugZilla is attending 2021 OSC China Open Source Project Selection , please vote for it!
BugZilla is in 2021 OSC China Open Source Project Selection {{projectVoteCount} has been obtained in, please vote for it!
2021 OSC China Open Source Project Selection It is in hot progress. Come and vote for your favorite open source project!
2021 OSC China Open Source Project Selection>>> Midfield Review
BugZilla won the 2021 OSC China Open Source Project Selection "The Best Popularity Project" !
Authorization Agreement MPL-2.0
development language Perl View source code »
operating system Linux
Software type Open source software
Classification development tool BUG tracking management
Open source organizations nothing
region Unknown
deliverer Unknown
intended for unknown
Recording time 2008-09-11
Software Home Page
Software documentation
Official download
Fast download
  • overview
  • information
  • Blog
  • Q&A
  • security information

Software Introduction

Bugzilla is a powerful and mature defect tracking system (or error tracking system). The defect tracking system allows the team of developers to effectively track unresolved defects, problems, issues, enhancements, and other change requests in the product. Simple defect tracking is usually built into Github or other integrated source code management environments based on network or local installation.

Bugzilla is a web-based system, but it needs to be installed on your server to use it. However, the installation is not complicated.

Bugzilla development should focus on becoming a bug system. Although there is potential in the code to transform Bugzilla into a technical support ticket system, task management tool or project management tool, the development team focuses on the task of designing a system to track software defects. In the development process, the following design principles shall be followed:

  • Bugzilla must run on free open source tools. Bugzilla support should be extended to support commercial databases, tools and operating systems, but not at the expense of open source databases, tools and operating systems.
  • Speed and efficiency should be maintained at all costs. One of the main attractions of Bugzilla is its lightweight implementation and speed. Try to reduce calls to the database as much as possible, do not generate slow HTML, do not get more data than you need, and so on.
  • ANSI SQL calls and data types must be used in all new queries and tables. Avoid database specific calls and data types as much as possible. Existing SQL calls and data types should be converted to ANSI SQL.
  • The HTML and form generation should be browser independent, which means cleaning up the HTML output of Bugzilla and following all applicable standards.

Expand to read the full text

code

Gitee index of is
exceed Items for

comment

Click to join the discussion 🔥 (2) Post and join the discussion 🔥
Score the software:
Boiled water without sugar
Boiled water without sugar
Published information
2022/12/16 08:10

The Bugzilla project leader "returned" and resumed updating after a long silence

After a period of silence, Dave Miller, the project leader of Bugzilla, announced that the project was updated again. Surprise! Bugzilla is not dead yet.: -) A few months ago, I published a lot of such content in the developer mailing list, but now it's time for more people to see it.: -) Bugzilla was originally designed and developed by the developer Terry Weissman for the Mozilla.org project in 1998. It is a general web-based bug tracking system and testing tool; Dave Miller became the project leader in July 2001. Now Bugzilla has been supported by the Mozilla Foundation

one
three
report
Darwin
Darwin
Published information
2018/03/15 07:35

Bugzilla 5.0.4, 5.1.2 and 4.4.13 released, security fix update

Bugzilla 5.0.4, 5.1.2 and 4.4.13 were released. Bugzilla 5.0.4 is the latest stable version. It contains several important bug fixes as well as security fixes for the 5.0 branch. Bugzilla 4.4.13 is a security repair update for branch 4.4. 5.1.2 is an unstable development version, which is not recommended to be used in the production environment. The main updates are as follows: The current stable version (5.0.4) only includes error repair and performance improvement. There is no new function or large-scale performance improvement. There is no database schema change. There are some document changes. There is no modification of templates that are not error repair, except for typography or syntax correction

zero
two
report
oschina
oschina
Published information
2015/09/05 00:00

After being invaded, Mozilla should improve the security of Bugzilla

The Mozilla blog revealed that their bug tracking system, Bugzilla, was stolen by an attacker with "sensitive security information", which is related to an undisclosed vulnerability in Firefox - the PDFViewer exploit found on August 5. The blog said that Mozilla is currently taking measures to reduce the risk of Bugzilla being used for attacks in the future. "The first step is that all users who access security sensitive information will be asked to change their passwords and use two factorauthentication. We will reduce the number of users with access privileges and limit the privileges of these privileged users. In other words

seven
six
report
oschina
oschina
Published information
2015/07/31 00:00

New features of Bugzilla 5.0: new REST APIs, etc

Two years after the last version was released, Bugzilla released version 5.0. In this version, the program error tracking tool has added many new features and optimizations, such as the ability to add labels in comments, a new group membership check mechanism, and an optimized network service API. Web Services API: Bugzilla 5.0 adds a new REST like endpoint, allowing clients to use standard HTTP calls. The existing XML-RPC and JSON-RPC have been abandoned and may be removed in Bugzilla 7.0. The major optimization brought by the class REST interface is the support for API keys, so that the client no longer needs to use

three
eleven
report
oschina
oschina
Published information
2015/01/27 00:00

Bugzilla 5.0rc1/4.4.7/4.2.12/4.0.16 released

Bugzilla 5.0rc1/4.4.7/4.2.12/4.0.16 was released, which is the first RC version of BugZilla 5.0, as well as the latest stable version and two 4.2. x and 4.0. x security updates. Bugzilla 5.0rc1 has passed the QA test and is more stable than the previous development version. Of course, it is not stable enough. If the feedback is good, it is estimated that the final version will be released in a few weeks. If the feedback is not good enough, the RC version will continue to be released. Bugzilla 4.4.7 is the latest stable version, including various bug fixes and security improvements. Bugzilla 4.2.12 and 4.0.16 are installed

four
three
report
oschina
oschina
Published information
2014/10/07 00:00

Bugzilla full system updates are released to fix important vulnerabilities

Today, updated versions of Bugzilla have been released, including 4.4.6, 4.2.11, 4.0.15 and development version 4.5.6 These versions have fixed some of the 0day security problems that were just found. At present, 4.4.6 is the latest stable version. Security issues include: * The 'realname' parameter is not filtered when registering an account * Cross site scripting attacks are found in many places * Private comments can be displayed to the recipient of Flagmail, who actually does not have the right to view them * If the CSV search results are exported with special values, the user's computer will be attacked. In addition, Bugzilla 5.0 is also on

two
eight
report
oschina
oschina
Published information
2014/04/20 00:00

Bugzilla 4.5.4, 4.4.4, 4.2.9, And 4.0.13 release

Bugzilla has released three versions today, namely 4.4.4, 4.2.9, and 4.0.13, as well as the 4.5.4 development version. Download address: http://www.bugzilla.org/download/ Improvement record: 4.4.4: http://www.bugzilla.org/releases/4.4.4/release-notes.html 4.2.9: http://www.bugzilla.org/releases/4.2.9/release-notes.html 4.0.13: http://www.bugzilla.org/releases/4.0.13/release-notes.html...

zero
four
report
oschina
oschina
Published information
2014/01/29 00:00

Bugzilla 4.5.2 and 4.4.2 release

Bugzilla released two new versions today, namely 4.5.2 and 4.4.2. 4.4.2 is a bugfix version. 4.5.2 is for 5.0. When 5.0 is officially released, 4. x will end its mission. Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development.

four
three
report
oschina
oschina
Published information
2013/05/23 00:00

BugZilla 4.4 and 4.2.6 release

Today, the Bugzilla project is very happy to announce the official release of version 4.4. It has been more than a year since the last version 4.2 was released. We have made a lot of improvements to this version, including Web services, rewriting the tag system, real attachment MIME type automatic detection, improved Oracle support and performance improvement. Bugzilla 4.4 is the best version at present. I hope you like it. Bugzilla 4.2.6 is a bugfix version. At the same time, the release of version 4.4 also announced that version 3.6 no longer provides support and further updates. Release Notes: 4.4: http:

five
ten
report
oschina
oschina
Published information
2013/02/20 00:00

Bugzilla 4.4rc2, 4.2.5, 4.0.10, And 3.6.13

BugZilla released four updated versions today, namely 4.4rc2, 4.2.5, 4.0.10, and 3.6.13. These versions are all released to fix some security vulnerabilities. Related link: 4.2.5: http://www.bugzilla.org/releases/4.2.5/release-notes.html 4.0.10: http://www.bugzilla.org/releases/4.0.10/release-notes.html 3.6.13: http://www.bugzilla.org/releases/3.6.13/release-notes.html...

zero
zero
report
oschina
oschina
Published information
2012/11/15 00:00

BugZilla released 4.4rc1, 4.2.4, 4.0.9, and 3.612

Today BugZilla released versions 4.2.4, 4.0.9, 3.6.12, and 4.4 RC1. These versions are mainly security patches. It is recommended to upgrade them. Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development.

zero
three
report
oschina
oschina
Published information
2012/08/29 00:00

Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10 released

According to the message from BugZilla mailing list, BugZilla has released updated versions. These versions fix the same security problems and also include some minor improvements. Download address: http://www.bugzilla.org/download/ Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development

three
zero
report
sweet potato
sweet potato
Published information
2010/07/04 00:00

Bugzilla localconfig file information disclosure vulnerability

Release date: June 24, 2010 Update date: June 28, 2010 Affected system: Mozilla Bugzilla 3. x Mozilla Bugzilla 2. x Unaffected system: Mozilla Bugzilla 3.7.1 Mozilla Bugzilla 3.6.1 Mozilla Bugzilla 3.4.7 Mozilla Bugzilla 3.2.7 Description: ----------------------------------------------------------------------------- BUGTRAQ ID: 41144 CVE-20 CVE-20 010-0180 Bugzilla is a web-based bug tracking system used by many software projects. If you are in loc

zero
zero
report
sweet potato
sweet potato
Published information
2010/04/18 00:00

Bugzilla 3.6 release, defect tracking system

Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development. Changes: The new features in this major release include migration from other bug tracking systems, a simple "Browse" interface for browsing open bugs in a system, some usability improvements... resulting from a scientific usability study conducted on B...

zero
two
report
sweet potato
sweet potato
Published information
2010/03/13 00:00

Bugzilla 3.6 RC1 Release

Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development. Bugzilla 3.6 is a new version, which will include many new functions, mainly including the following aspects: General Usability Improvements New Extensions System Improved Quicksearch Simple "Browse" Interface SUExec Support Experimental mod_perl Support on Windows Send Attachments by Em

zero
one
report
sweet potato
sweet potato
Published information
2010/02/08 00:00

Bugzilla 3.4.5 Release

This version contains some useful bug fixes and security patches. Download address: http://www.bugzilla.org/download/

zero
zero
report
sweet potato
sweet potato
Published information
2009/11/06 00:00

Bugzilla 3.4.3/3.5.1 Release

Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development. BugZilla 3.4.2 mainly fixes some bugs, while BugZilla 3.5.1 continues to improve before the release of version 3.6. Download address: http://www.bugzilla.org/download/

zero
zero
report
sweet potato
sweet potato
Published information
2009/09/12 00:00

Bugzilla 3.4.2

Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development. This version fixes a serious security problem, and of course contains other minor bugs and improvements. Download address: http://www.bugzilla.org/download/

zero
zero
report
sweet potato
sweet potato
Published information
2009/08/02 00:00

Bugzilla 3.4.1 Release

The official version of BugZilla 3.4 was just released a few days ago. Since a serious security vulnerability was found, the 3.4.1 version was urgently released to fix this vulnerability. Download address: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-3.4.1.tar.gz

zero
zero
report
sweet potato
sweet potato
Published information
2009/07/28 00:00

Bugzilla 3.4 official release

Bugzilla is an open source bug tracking system, which can manage the whole life cycle of defect submission (new), resolution, and closure in software development. This is a major upgrade version, which contains a large number of new features, including a greatly simplified bug release page, a new home page, hidden user's email address, background email transmission, shorter search URL address, enhancement of custom domain, allowing to reference other bugs in BugZilla system, and so on. Upgrading is strongly recommended. Download address: http://ftp.mozilla.org/pub/m...

zero
zero
report
No more
Loading failed, please refresh the page
Click to load more
Loading
next page
{{o.author.name}}
Blogged
{{o.pubDate | formatDate}}

{{formatAllHtml(o.title)}}

{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
report
No more
No content temporarily
{{o.author.name}}
Issued a question and answer
{{o.pubDate | formatDate}}

{{formatAllHtml(o.title)}}

{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
report
No more
No content temporarily
No content temporarily

Awesome software

Change
HeidiSQL -Database management client
EncFSMP -Cross platform encryption tool
SuperTinyIcons -Super tiny social icon
PeaZip -Compression tool
Worker file manager -File manager under UN * X system
OpenRA -"Command and Conquer: Red Alert" game engine
Go Search Extension -Browser extension for retrieving Go documents
Asylo -Application and development framework of next generation secret computing
NocoBase -No code development platform
Zorin OS -Linux distribution
DualSPHysics -Smooth particle hydrodynamics model
AWTK -Open source GUI engine
Solus -Linux distribution
Saltcorn -Codeless Database Manager Web Application
Liferea -RSS Reader under Linux
Gitako -GitHub/Gitee file tree plug-in
Groundhog life -Elderly care hang up game
FreeCAD -Open source CAD/CAE tools
classical Chinese -Classical Chinese Programming Language
DroneCode -Open source UAV aviation operating system
Feather icons -Simple and beautiful open source icon library
Plausible Analytics -Website traffic analysis tool
BELLE -Open source Chinese dialogue model
Simulated insect population -Placement Incremental Games
Code Llama -AI code generation model based on Llama 2
tealdeer -Lightweight Linux Command Line Manual
RWKV-LM -Linear Transformer Model
Cead Consent Manager -Lightweight cookie tracking consent manager
Incremental Adventure -Incremental Adventures in Chinese
Chuanhu ChatGPT -ChatGPT Web graphical interface

Hot content

More highlights
DB Engines was acquired by Redgate, a British database software developer
Kugua Cloud Classroom (Enterprise Edition) v1.2.8 release, knowledge payment solution
: fire:: fire: Super SDK version manager VMR v0.6.1 preview version surprise release! Support more than 60 languages and tools!
Top 10 distinctive highlights of the new ORM mybatis mp
The first anniversary of open source, the new version of Qinghua was released
MooTool 1.6.1 is released, and developers always have small tools
Jboot v4.1.6 release, based on JFinal microservice framework
Blazork8s released a new version, updated AI execution command logic, and added multiple AI functions
Kangaroo database tool v5.0 has been released
Open Source Daily | Out of the box ChatTTS installation package; Scaling Law is an empirical formula; Two baby dads AI revive old toys; Academicians of the Chinese Academy of Engineering talk about AI; The story of autonomous kernel MCU is hard to tell? TikTok "American Special Edition" recommended algorithm
SQLE 3.2405.0 Release
Maximizing the Effective Throughput of LLM Serving
State fine-tuning, PointRWKV, Chinese documents online... The latest news of RWKV community in May is coming!
Java AI has a bright future
Databases that do not need data
This PHP application server looks a bit trendy! FrankenPHP
The Code R&D management platform - the innovative realization of the integration of daily reports and working hours
The easy-to-use ORM framework mybatis-mp 1.5.3 was released
GRPC 1.64.1 release, cross language RPC framework
Malware is rampant in pirated Microsoft Office
Live | Dialogue V God&Ethereum Core Researcher: ETH2.0 is ready, how should we participate?
No.12 - Chapter I Sailing - Data Analysis Application - Development of Epidemic Prevention and Control Demand
No.7 - Chapter I Sailing - Industrial Smelting Energy Consumption Control (IoT) Scenario | Case Analysis
Happy Women's Day | Women, make technology more romantic!
How can the 2020 Development Ceremony in the summer get fewer big shots from the Open Source Agency?
According to Apache, Chinese open source projects have gone global!
How to become a GitHub Star
No.3 Course Overview | Flink Knows Why
No.2 Chapter I Sail | Flink Knows Why
Apache CarbonData 2.0 Online Release
Virus science? New Crown rehabilitation? Blockchain tracking? What! So the first batch of projects came out?
Let me Kangkang, who entered the Hack for wuhan preliminary contest?
Summer 2020 Sun Jincheng, the "Big Man Says Open Source": The Right Posture to Participate in ASF Open Source Contribution
Summer 2020: "Big Masters Talk about Open Source" | Li Jiansheng: "Hidden" Rules in the Open Source World
Wang Hailiang: Open source leads information technology innovation
I, a farmer who earns a living by GitHub rewards, earn 100000 dollars annually
Linux Foundation: Open source technology is not subject to EAR restrictions of the US Export Control Regulations and can be freely used
We Want You
Google Open Source Internal Code Review Specification
Zhang Wenli Olivia became one of the first GitHub Stars!
Analysis on the evolution of open source software from the perspective of technology economy paradigm (5)
China's open source summer is coming!
No.4 - Chapter 1 Sailing - What is Event Driven Application | Flink Knows Why
Open source, a new entrepreneurial model, is quietly coming
Technology Radar Summit 2020: Viewing Industry Challenges from Technology Trends
Win in Apache - Asynchronous Decision Process
Zhang Wenli Olivia became one of the first GitHub Stars!
Talking about the commercial road of open source from the gossip of WordPress community
Nvidia calls on global gamers to contribute your computer and join in the battle against the epidemic
Women's scientific and technological innovation, talking about innovation from her perspective, "March 28" online broadcast
No.8 - Chapter I Sailing - Scenario Case of Industrial Smelting Energy Consumption Control (IoT) | Development
Apache License for Authentic Human Language
Dialogue with Pioneers in IoT, Internet of Everything Helps New Infrastructure "May 23" Live Online
New Chinese members add firewood to ASF
Summer 2020 "Big Stars Talk about Open Source" | Chen Lijun: How Far Is Linux from Getting Started to Deepening the Kernel
How Open Source Changed Mylife
Apache DolphinScheduler&Doris online Meetup
Summer 2020: "Big boys talk about open source" | Wang Wei: tell the story of open source innovation in colleges and universities
A table tells you the main differences and similarities between Mulan loose license version 2 (MulanPSL v2) and mainstream licenses in the industry
Let's play the open source community in the journey of Linux kernel
Microsoft Build 2020 Developers Conference invites the Open Source Agency to take a new online journey
From Mechanic to Programmer -- Talking about self-study experience and career development
The top of the final | Hack for wuhan
The project has been open source for more than one year and graduated from ASF. What can developers learn from it
How can China's open source products go global?
No.13 - Chapter 1 Sailing - Data Analysis Application - Definition Abstraction and Batch Support
#Big Man Talks about Open Source # Open Source Story Zhuang Biaowei&Lin Lvqiang
Recruitment | Matrix: Re install ch ó ng
Mingshi Capital: 2020 Open Source Summit │ May 17
Is Java out of date!?
The ongoing hacker marathon, we need to hear your voice
What you need to know about "job burnout" in the open source community
GPL 2.0 protocol
Analysis on the evolution of open source software from the perspective of technology economy paradigm (4)
No.10 - Chapter I Sailing - Data Analysis Application - Epidemic Prevention and Control
Video | 60 year history of "open source" you don't know
Analysis on the evolution of open source software from the perspective of technology economy paradigm (I)
How to become a GitHub Star
ASF 2020 Renovation
go online! Chatopera Launches Open Source Dialogue Corpus for Psychological Counseling
Lightning speech, black master, what else can Hack for Wuhan do this week?
Wuhan 2020 volunteers | "War" around you
Recruitment of media group of Kaiyuan News Agency | Look for summer interns
Promote Mien and fight Miengrue, refute the "open source aggression theory"
How did the ASF Board of Directors develop?
Step by step interpretation of Apache license
Heavy | Open Student Application! 300+projects are all online!
No.5 - Chapter 1 Sailing - Architecture of Event Driven Applications | Flink Knows Why
Fedora 28 Dragon Core version Live6 release party | First broadcast of star lovers
No.6 - Chapter 1 Sailing - Industrial Smelting Energy Consumption Control (IoT) Scenarios | Flink Knows Why
Summer 2020 "Big Stars Talk about Open Source" - Wu Xue | Open Source Business Innovation
Ding~An interesting and brain burning programmer challenge game, waiting for you to play
Big Shot Talks about Open Source | Wang Wei: Tell the story of open source innovation in colleges and universities
This well prepared competition is our best gift to you
Yibai said open source, using the network effect of the To C era to build the To B basic software
Enter "SLASH Youth" Li Zhuohuan
No.1 Preface | Flink knows why
Summer 2020 "Big Stars Talk about Open Source" - Wu Sheng | How to be an Open Source Player
In summer 2020, Zhuang Biaowei&Lin Lvqiang, "Big Masters Talk about Open Source": What are the open source stories in your life experience?
Talking about the spirit of contract from MIT agreement

Popular comments of the whole site

F
Francesca 2024-05-19 18:00
Wine runs the Android emulator of Windows. Chrome OS is installed in the Android emulator. Linux environment is installed in chrome OS. Linux environment is installed in the Linux environment. Wine is installed in the Android emulator
All the way north GP
All the way north GP 2024-04-25 14:55
America, the future of mankind
M
MrChen89 2024-04-29 09:18
There are a group of people like this. I don't know what they have experienced. When it comes to HW, I can't say anything good, even if it's neutral
Rocket ship
Rocket ship 2024-05-31 19:22
It's a ghost anyway.
kangaroo
kangaroo 2024-06-01 22:23
The next version focuses on improving existing functions * improving internal power and qi * and continues to move towards the goal of Grand Master.
Brother Xiao Yang
Brother Xiao Yang 2024-06-01 20:39
Isn't Ali developed? What are you afraid of? There's no need for every family to set up a set
G
GDWhisperer 2024-05-15 17:23
I transferred tens of thousands of yuan to my own account, which was under risk control. How did I do this? The bank should be responsible for this**
Apizza
Apizza 2024-06-01 17:52
You can switch from lodash to radash in 2024!!!
haol666
haol666 2024-05-31 18:56
This story is powerful, I take it seriously, until I see the end.
Xiao Xu Middle aged
Xiao Xu Middle aged 2024-06-01 06:49
thank
One code Yma
One code Yma 2024-05-09 09:58
Recently, I often go to interviews. People who hate Ali background most regard me as a fool, even though I am a fool
Bright Stars 2
Bright Stars 2 2024-05-31 23:28
Remove Unsafe? You don't want netty anymore?
jalena
jalena 2024-05-31 23:57
I can imagine that I will also receive the CVE repair request next week..... I don't use the key!!!!!!!!!
g
gamedot 2024-05-17 11:14
Old Zhou is deeply concerned about Huawei's great cause of open source. He is not a Huawei person, but has Huawei's soul.
One code Yma
One code Yma 2024-05-06 09:14
My technical article was moved by CSDN. Why didn't anyone step on the sewing machine? This kind of report is a joke to me. The monsters with background are fine, and the monsters without background fight to death
Code craftsman
Code craftsman 2024-06-01 11:22
I also said "user controllable parameters"
Ma Nong Little Fatty Brother
Ma Nong Little Fatty Brother 2024-05-16 14:40
I give you six seconds. I give you six moves with the same effect in the martial arts contest, which shows the invincibility and confidence of the master
oldpig
oldpig 2024-04-28 09:59
”Huawei contributed all the source code "?, the title is completely inconsistent with the content.
Yoona520
Yoona520 2024-05-17 16:34
Zhou Hongyi is now living more and more like a clown. If he stays behind the scenes, he has to become an online celebrity. Can you learn from Lei Jun?
Yokesily
Yokesily 2024-06-02 15:11
So designed
osc_566335
osc_566335 2024-04-28 14:44
This is also called floor washing? Does it mean that Tesla will not wash the floor if it releases all the source code? Some people HWptds? That is to say, the language is ambiguous, which will also rise to the washing ground? Are some people too focused? Think the people he pays attention to must be staring at?
Starry Night Destiny
Starry Night Destiny 2024-06-01 21:49
It feels like Mybatis. It's OK to provide users with optional security solutions. It's useless for users to complain about this problem
Love to eat raw pears
Love to eat raw pears 2024-06-01 11:48
Why is this so-called "vulnerability" not a vulnerability? Spring, MyBatis and other frameworks can accept all kinds of CVE criticism, while MyBatisPlus has to dump the pot and accuse programmers of being too low-level# There is a difference. The premise is that you write XML, MyBatisPlus encapsulates Wrapper and claims to simplify code. Since it encapsulates and hides $#, it is not appropriate to do some necessary security checks? Instead of doubting the authority of CVE, you should know that SQL ->MyBatis ->MyBatisPlus ->various back-end scaffolds have multiple layers, each layer is simplifying, and each layer is throwing away the upper layer of the boiler. Who dares to use them. The programmers who use MyBatisPlus can't be expected to be at a high level. Every programmer wants to save effort. The front-end parameters can be directly obtained by HttpServletRequest from the back-end. Wrapper splicing can be found everywhere. If something goes wrong, is it the front-end or the framework? According to Qingmiao, can the injection vulnerability of the previous log4j and the deletion vulnerability of the Druid be used to eliminate low-level programmers?
Chief taxi captain
Chief taxi captain 2024-05-17 11:17
I suggest that 360 open source all its products, and then become the leading enterprise in the domestic open source industry through open source, leading everyone to compete with foreign enterprises
Monkeys think of apes
Monkeys think of apes 2024-05-31 18:31
You can cheat your brother. Just don't cheat yourself
Voice of God
Voice of God 2024-06-01 20:47
By default, injection ($) and splicing are turned off. If you want to use it, you need to sign the birth and death form and press the fingerprint.
infoworld
infoworld 2024-05-11 15:12
Universities should use open source free software instead of commercial ones. In this way, hands and feet will not be tied technically.
Hakuna
Hakuna 2024-05-31 18:28
It is compatible with Oracle, but does not know "just" or "just". Those who can be compatible with Oracle and do well are real men and real warriors. You should know that compatibility means that even bugs must be compatible, and you have no other code that can not be copied. It's all based on real skills and understanding of oracle.
looly
looly 2024-06-02 14:32
@Qingmiao Hutool has also been mentioned some loopholes that I think are relatively "low-level", or I think are not loopholes. At first, I was also very angry, but after thinking it through, I found that CVE's idea was that once you did not actively remind users that there was a pit, the user fell into the pit is your fault, that is, your vulnerability. For example, as a traffic policeman, you should remind everyone who crosses the road to pay attention to safety, and ask him to answer whether he knows. Once you don't remind someone and are hit by a car, you can't get away from it. Similarly, when using frameworks and tools, you should provide at least one parameter to remind users that there may be SQL injection vulnerabilities. Note that it is not in the comments, but in the method parameters, which is the user's responsibility. Therefore, it is not comprehensive to provide solutions in comments or documents.
sweet potato chips
sweet potato chips 2024-05-31 22:08
Glue code consumes few resources
Li Yinghui
Li Yinghui 2024-05-09 16:40
Buddhism has a good word, evil opinion. In dealing with the world, it is meaningless to draw conclusions from preset positions; It is also important to receive good logic training.
monkey_cici
monkey_cici 2024-05-09 00:25
My I9 CPU, 64GB memory module and 3080Ti computer are inferior to the top configuration of 19999 on a tablet
osc_92224065
osc_92224065 2024-04-29 10:57
Long term oppressed outsourcing of state-owned enterprises
People are addicted to food
People are addicted to food 2024-06-01 13:53
History history combination
Qin Liming
Qin Liming 2024-05-11 09:12
be devoid of any sense of shame
Xiao Xu Middle aged
Xiao Xu Middle aged 2024-05-31 19:13
Very good
Dogo_Little People
Dogo_Little People 2024-06-02 12:24
Not everyone will go to see the document in full detail. As a general basic framework, the method naming should consider not only readability but also understandability. At least, it should also establish a cognition for developers. LambdaQueryWrapper is recommended. The official only briefly said that QueryWrapper may lead to SQL injection risks, There are no detailed examples (many people don't understand what SQL injection is). Now I met a jerk and submitted it to CVE to see who is the most powerful
The seven in one little King Kong
The seven in one little King Kong 2024-06-02 15:54
Those people only use resources, others are not developed by NPM...
sunday12345
sunday12345 2024-05-15 18:31
What does the bank do? It's blamed on the remote desktop. Persimmons really pick up soft pinches~?
Small and beautiful software development
Small and beautiful software development 2024-06-01 05:06
Cheat one's job
Single structure
Single structure 2024-05-11 10:09
Selected as Open Source China's disgrace pillar
Monkeys think of apes
Monkeys think of apes 2024-05-31 18:31
You can cheat your brother. Just don't cheat yourself
osc_25732934
osc_25732934 2024-06-01 19:30
It seems that the current version of the Foreign Function&Memory API is not as fast as that of jni, or even worse. In addition, before vallhala comes out, all interactions between java and c have to get an additional memory. Even if it comes out, it may not be possible to directly throw a copy of binary data into memory as a structure. When the two apis are completely stable, the day lily is cold
Shen Lang Panda
Shen Lang Panda 2024-06-01 08:16
You can directly ask questions in the project work order. The comment area is not suitable for answering such questions
z
zhy 2024-05-16 13:16
At the end of Shannon is Nong
Love to eat raw pears
Love to eat raw pears 2024-06-01 19:18
Don't expect programmers to have a deep understanding of the document. I still think that since the tool hides the details of $#, some necessary security checks are necessary. Many people do not use MybatisPlus directly, but use various so-called rapid development platforms. The MyBatisPlus rapid development platform Snowy, Guns, etc., has an impression that many versions have the problem of using Wrapper directly to splice the Request parameter. I remember that JeecgBoot was opened a lot of CVEs last year or the year before last because of the Wrapper splicing problem. Do you know the author of ibeetl? Many CVE blaming holes have been opened before. The problem is similar. The lack of basic knowledge "script editing permission" is actively handed over to the front end. What a low-level error or even low-energy behavior. However, I accepted it with an open mind and added a white list check.
zzeric
zzeric 2024-04-28 20:01
Although France is the parent community, the core developers of OCCT on github are all Russians. Without Russians, the French parent community cannot continue to operate. So Huawei took over, moved to China, changed its name and resumed open source and community operations. What's the problem?
CodeDoger
CodeDoger 2024-05-02 20:48
35 It's too old to go to work and too early to retire at 60
young crops
young crops 2024-06-01 16:21
There is no tipping point. There are also many official documents stating that SQL fragments involving direct string splicing need to be controlled by the user, and specific solutions are also provided. If you say that the value part is injected, then we are also 100% free of any dispute. This obvious SQL fragment is unrealistic for ORM to explain without your control, Since SQL allows splicing fragments, there must be some scenarios that cannot be forced into non SQL strings. It is also very simple. Have you ever thought about why not force them???
Xiao Xu Middle aged
Xiao Xu Middle aged 2024-06-01 07:03
good
-SORA-
-SORA- 2024-06-01 09:30
American characters
-SORA-
-SORA- 2024-04-30 17:07
When this happened in a foreign country, the comment area suddenly became very objective and rational**
Happy LeapFrog
Happy LeapFrog 2024-05-18 09:18
But the question is: "What's the use of this for ordinary Android users?" Now the answer seems to be: "Almost nothing.".
Ning Jinnong
Ning Jinnong 2024-06-01 21:04
Correct it. The example of loading the library is wrong. It should be # library=@ loading the dynamic library, "./yards to the treasurer. dll"
Yeah, for
Yeah, for 2024-05-17 13:42
That's too right. Old Zhou can't control Google, but he can control 360. Do not do to others what you do not want. All 360 products should be opened first.
xiaoqibabby
xiaoqibabby 2024-05-15 17:36
The bank is strongly required to be responsible for
Simple code
Simple code 2024-06-02 20:15
Does JBoot solve the problem that the join template in JFinal only supports Java 8? Is the dependency on Javax to be changed to Jakarta?
Shuimu Yi'an
Shuimu Yi'an 2024-05-20 09:58
The news should be read continuously. I'm waiting for the third news besides rustdesk and teamviewer. Localized remote desktop software is far ahead.
kakai
kakai 2024-05-10 10:21
The world only knows that Android was created by Google. Several people know that Android is only a product acquired by Google. Similarly, what is the problem with Huawei's contribution to the collection of OGG open source work and integration into its own proprietary product line?
Bright
Bright 2024-05-19 23:25
What a fool! I killed myself. How can people deal with me later.

Others are still watching

More highlights
DB Engines was acquired by Redgate, a British database software developer
Kugua Cloud Classroom (Enterprise Edition) v1.2.8 release, knowledge payment solution
: fire:: fire: Super SDK version manager VMR v0.6.1 preview version surprise release! Support more than 60 languages and tools!
Top 10 distinctive highlights of the new ORM mybatis mp
The first anniversary of open source, the new version of Qinghua was released
MooTool 1.6.1 is released, and developers always have small tools
Jboot v4.1.6 release, based on JFinal microservice framework
Blazork8s released a new version, updated AI execution command logic, and added multiple AI functions
Kangaroo database tool v5.0 has been released
Open Source Daily | Out of the box ChatTTS installation package; Scaling Law is an empirical formula; Two baby dads AI revive old toys; Academicians of the Chinese Academy of Engineering talk about AI; The story of autonomous kernel MCU is hard to tell? TikTok "American Special Edition" recommended algorithm
SQLE 3.2405.0 Release
Maximizing the Effective Throughput of LLM Serving
State fine-tuning, PointRWKV, Chinese documents online... The latest news of RWKV community in May is coming!
Java AI has a bright future
Databases that do not need data
This PHP application server looks a bit trendy! FrankenPHP
The Code R&D management platform - the innovative realization of the integration of daily reports and working hours
The easy-to-use ORM framework mybatis-mp 1.5.3 was released
GRPC 1.64.1 release, cross language RPC framework
Malware is rampant in pirated Microsoft Office
nutz, Send it tonight (2): How can I get all the paths of 00/00/00/00 when uploading files? Can I change them
The beetl session is not created
A design method using message framework segmentation and extension
New technology goals in 2017
nutz, Let's post tonight (14): What parameter can the entry method declare to obtain all form parameters?
The idea of rewriting syntax parsing
A browser plug-in for website reminders of Putian hospitals
Which one is better in Daotool page turning technology?
LomoX Browser - Chromium&IE dual core browser
A demo collection of the old version of lomox, which contains the source code of the interface demo
beetl The number of downloads in China seems to be almost the same as that of Freemaker
Write an IM (04) like WeChat from zero with t-io: IM protocol design
Complete Solution to Struts2 Vulnerability
nutz, Come here tonight (7): What is the relationship between dao. js and IocBean?
Beetl's Minimalism
Deep complaining hibernate
nutz, Come here tonight (8): How to write+1 update sql with Chain
What happened in the open source process of Beetl
It's not scientific
Is a 30% salary increase on the Internet worthwhile?
Some misunderstandings about betl
BEETL Performance Secrets 2: How languages access variables
The performance test effect of beetl2 is good
How to use beetl in maven
Beetl Performance Secrets 1: How to Output an Integer Variable
The ppt version introduced by beetl
LomoX json for QT source code release
Good and professional beetl code
Expand beetl to enable HTML tags to support parent-child nesting
A beautiful extension function provided by the developer to print out the betl template variables
Beetl donation account
nutz, Tonight, let's send (4): Nutz's project uses MySQL, and the next morning reported a connection error. What's the reason?
Write an IM (05) like WeChat from scratch with t-io: architecture design
Jodd-madvoc Integration with beetl
Location:Action, New ideas for JSON serialization
nutz, Coming tonight (11): first in 2015, how to limit the entry method to POST
nutz, Come tonight (18): Does Nutz have a tool or method for generating beans from database tables?
Write an IM like WeChat from zero with t-io (03): network framework selection
Beetl2.0.2 byte output performance improvement
6 innovation points of template engine Beet
The number of newly added users of Beetl in China is less than a fraction of Freemaker
Why JSP is slower than Beetl
Beta plug-in version 1.0
nutz, Come here tonight (5): How to download files?
Analysis of "Best Template Engine" Beetl Analysis and Comparison with Tiny Template Engine "
nutz, Come here tonight (16): the class has marked @ IocBean and @ Inject, and the new object has no injection?
My story
nutz, Tonight, let's send (17): How do nutz and quartz play?
nutz, Come tonight (1): Consequences of repeatedly creating ioc containers
Seven weapons for thick black architects to survive
A couplet for all small start-ups
Plan to write bytecode by yourself instead of using asm (full version)
Still using AJAX+Json, switch to AJAX+Beetl
Interesting place of beetl template engine
Beitl Open Source 2
History repeats and repeats
The first draft of the grammar file of beetl 2
How to help Beitl develop
LomoX json for QT source code release
Beetl2.0 will be released soon
nutz, Come here tonight (7): What is the relationship between dao. js and IocBean?
Comprehensive comparison of hibernate, mybatis, beetlsql
The development of Beetl is completed, and the performance test is good, as shown in the figure
First draft of beetl 2 grammar
Lomox new version 2014-04-26
Large e-commerce website Occidental Taobao was launched, based on betl technology
nutz, Come here tonight (6): What is the relationship between @ IocBy and @ Modules?
nutz, Come tonight (15): Does nutz support simultaneous rollback of multiple data sources? What are the limitations?
Write an IM like WeChat from scratch with t-io (02): team building
Beetl downloads are over 100 per week
Context performance improvement of beetl 2
Closed for 3 days on National Day
Use json in beetl
nutz, Send it tonight (3): where (A or B) and C How to write it with Cnd?
Lomox0.2.0.1_Plugin_beta
BeetlSQL, Simple and powerful database access tools (updated)
nutz, Let's play (19) tonight: How to play with nutz and cache?
Read optimization of beetl 2 method
From enterprise application technology team to Internet technology team
Beanstalkd windows support

Software Author

Authors who have not been certified for this software
Certified as Author
Invite Author Certification

Recommendation of similar software

more

Traceo Error tracking and performance monitoring system

Traceo is an open source self hosting tool used to monitor the health of applications by collecting and summarizing software data. Catch and collect all exceptions to one place, immediately gain insight into the problem, troubleshoot the code, monitor application resource consumption, and make it visible on the dashboard

JEPM Software engineering project management system

JEPM is a software engineering project management system. In the new economic era, with the rising operating costs and the gradual improvement of management maturity, refined management has become one of the required courses for enterprises. For enterprises, formulating clear and standardized project man hour management is more important. Manage projects on time

git-bug Distributed bug tracker embedded in Git

Git bug is a distributed bug tracker, which directly utilizes the characteristics of Git, and can directly and remotely push bug items to collaborate with others, just like the usual operations of Git commit and branch. Developers do not need to rely on a Web service

ClusterFuzz Fuzzy test infrastructure

ClusterFuzzy is a fuzzy testing infrastructure that has been developed for 8 years. It aims to seamlessly integrate into the developer workflow and make it easy to find bugs and fix them. ClusterFuzzy provides end-to-end

goSDL Open source security development cycle tool based on PHP

GoSDL is a secure development cycle (SDL) tool used internally by Slack, a team collaboration solution provider, and is currently open source. GoSDL is a PHP based network application designed to provide developers and project managers with new

Hot News

one
Microsoft makes major updates to open source font Cascadia Code
two
Why JavaScript, Python and Java are always the first choice of developers
three
The new shares of Damon Data were listed, and online subscription was launched on Friday
four
Instant messaging software ICQ will be closed on June 26, 2024
five
Huawei announces that Olympus will become a hot issue in 2024 - 2 million yuan to solve AI and data storage problems
six
Tencent App Store has reached cooperation with Microsoft Store, and Windows can directly run mobile applications
seven
🏆 Tencent APIJSON 7 released, Huawei Cloud official number recommended • registered enterprise+1
eight
Google's search API document was accidentally released to GitHub: more than 2500 pages, revealing the inside story of search ranking
nine
Hackers use the mine sweeping game Python clone to hide malicious scripts and attack European and American financial institutions
ten
SQLite 3.46.0 release
two comment
one hundred and thirty-nine Collection
share
OSCHINA
Log in to view more high-quality content
Use WeChat to log in quickly
Back to top
Top