last weekend marked the completion of significant effort, primarily by dave lawrence (dkl), which changes how the status and tracking flags are implemented within bugzilla. previously they were implemented as additional columns on the bugs table, however this approach doesn’t scale with the rate of fields the rapid release train adds (6 new fields every 6 weeks), and resulted in a bugs table with about 170 columns. tracking flags are now stored as rows in a tracking_flags table, and we no longer require a schema change to add them. a large amount of energy was put into ensuring that this change would not be visible to the end users, so things should continue to work as before.

the following changes were related to this work:

• [880829] Migrate current custom field based tracking flags to the new Tracking Flags extension tables
• [926142] Can’t call method “is_active” on unblessed reference when loading certain bugs that have flags set but are no longer visible
• [926272] searching for an unset tracking flag fails since BMO upgrade on 2013-10-12
• [926118] tracking flags are being cleared when making a change to a bug using the webservice api after tracking flag migration
• [926557] searching for tracking flags is broken for negated terms where values are unset, breaking the leo+ b2g triage query
• [926764] Use of uninitialized value in string eq at extensions/TrackingFlags/Extension.pm line 412
• [926842] unable to change status and tracking flag values once they are set
• [927026] searching for an unset tracking flag is failing again
• [926641] Release tracking report broken since 12-Oct BMO maintenance
• [926109] Error when searching for many columns at once (MariaDB can only use 61 tables in a join)
• [927741] whines are throwing sql errors on stage (Unknown column ’map_product.classification_id’)

• [921082] Ember.create API sometimes doesn’t return field values
• [915685] Create Bug.update_attachment to update attachments via RPC/REST
• [921133] Bugzilla has started to show some CC changes by default
• [917669] invalid or expired authentication tokens and cookies should throw errors, not be silently ignored
• [864625] Setting a non-privileged user as a requestee on a secure bug while ccing the same user to give access at the same time fails
• [922246] Bugzilla times out when a user has several thousands of votes
• [922304] Speed up LogActivityEntry()
• [922310] Text in the “My Requests” page is misleading about how the AND/OR radio button works
• [922628] Bugzilla web bounty form sets the wrong flag
• [922705] firefox os beta program form shows an error message after the bug is created (The requested format fxos-betaprogram does not exist with a content type of html).
• [921860] Use 64px gravatar for retina display support
• [919475] [Oracle] Crash when non-mandatory free text custom fields are left empty on bug creation
• [914262] KHTML-based browsers such as Konqueror do not support the Server-Push technology
• [926241] Multiple lock wait timeout exceeded errors on the bugs_activity table
• [917370] large dependency trees are very slow to load
• [916906] attaching a file which just contains a github url should automatically redirect to it when viewing
• [927039] Typo in mozilla skin’s global.css
• [927570] mid-air conflict fails to check all changed fields
• [927741] whines are throwing sql errors on stage (Unknown column ’map_product.classification_id’)
• [927736] “invalid token” error if someone else changes the CC list while viewing a bug
• [907438] In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
• [906745] In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
• [913904] [SECURITY] CSRF when updating attachments
• [924802] [SECURITY] (XSS) “id” and “sortkey” are not sanitized when editing flag types if categoryAction-foo is set
• [924932] [SECURITY] Field values are (still) not escaped correctly in tabular reports
• [912661] [SECURITY] CSRF in process_bug.cgi