Re: Land your tests for now-public security bugs

On Tue, Mar 10, 2020, at 10:33 AM, Daniel Veditz wrote: > We need to do better at the remembering-to-land part. If you've fixed a > security > bug in the past please check if you have any hanging *in-testsuite?* bugs > for bugs that are now public. Thank you for the reminder. (I've got tests

Land your tests for now-public security bugs

tl;dr: If you've ever landed a security fix please check-in your public testcases . We've long worried that if we landed tests along with our security fixes

Phabricator Update - Tuesday March 10th, 10:30AM EDT

Normally we update Phabricator (phabricator.services.mozilla.com) on Monday mornings but this week we will be updating outside of our normal window. We will be doing a maintenance release on Tuesday, March 10th, between 10:30AM and 11:30AM EDT. You should not notice any interruption in service

Re: Intent to implement: Cookie SameSite=lax by default and SameSite=none only if secure

בתאריך יום חמישי, 23 במאי 2019 בשעה 11:34:14 UTC+3, מאת Andrea Marchesini: > Link to the proposal: > https://tools.ietf.org/html/draft-west-cookie-incrementalism-00 > > Summary: > "1. Treat the lack of an explicit "SameSite" attribute as >"SameSite=Lax". That is, the "Set-Cookie"

Intent to ship: Intermediate CA Preloading

*Summary*: As of Firefox 75, Intermediate CA Preloading will be enabled for all Desktop users. This means that all intermediate CAs disclosed to Mozilla will be pre-loaded into profiles, combatting the common secure website misconfiguration of forgetting to include these certificates. Previously,

Intent to ship: JavaScript Intl.Locale

For Firefox 75, we intend to ship the Intl.Locale ECMA-402 proposal. Summary: Intl.Locale allows to parse and manipulate language tags in a user-friendly way. For example: let loc = new Intl.Locale("pl-u-hc-h12", {   calendar: 'gregory' }); console.log(loc.language); // "pl"

Intent to ship: JavaScript public static fields

For Firefox 75, we intend to ship JavaScript public static fields. Summary: Public static fields in JavaScript classes. For example: class C {   static a= 0; } Public instance fields have been shipping since Firefox 69. The intent to ship can be found at

Re: Lando's "Appropriate token is expired" error

Greetings everyone, I have determined the cause of this bug. It is due to a change in the way *flask-pyoidc* handles session refresh. A new key, *last_session_refresh*, was added to the session cookie and is now used to determine when an auth token needs to be refreshed. Users who have logged in

Lando's "Appropriate token is expired" error

Greetings everyone, A new version of Lando was deployed yesterday around 5:15 PM UTC. This release included a major version update to the authentication packages, as well as some API changes in order to support those updates. Those updates seem to have caused the issue below, and I am looking

Re: Soft code freeze for Firefox 75 starts March 5

Hi, The last merge from autoland to central for 75 has happened, you can now consider the soft code freeze lifted, new changes will land for 76. Cheers, Julien On Mon, Mar 2, 2020 at 10:48 AM Julien Cristau wrote: > Hi all, > > With Firefox 74 RC shipping today, we are nearing the end of the

[desktop] Bugs logged by Desktop Release QA in the last 7 days

Hello, Here's the list of new issues found and filed by the Desktop Release QA team in the last 7 days. Additional details on the team's priorities last week, as well as the plans for the current week are available at: https://tinyurl.com/v45ctlo. Bugs logged by Desktop Release QA in the last