BMO/Recent Changes/2026-01

release-20260120.1

• bug 2009746 Whine events allow newlines in subject line which can be used to inject email headers
• bug 1996136 Create a new cron script (weekly) that accesses the Recorded Future API and looks for compromised BMO accounts
• bug 2007378 [HackerOne] Path traversal on bugzilla.mozilla.org via improper path canonicalization leads to arbitrary content loading
• bug 2009837 After recent update sitemap extensions is including improperly formatted urls in the sitemap gz files