Releases: bestpractical/rt
rt-3.8.16
I'm happy to announce that RT 3.8.16, the latest maintenance release, is
available for download.
http://download.bestpractical.com/pub/rt/release/rt-3.8.16.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.16.tar.gz.sig
SHA1 sums
9df5ed89d93d07d64ece8692cfb9e4a444ade01d rt-3.8.16.tar.gz
9d71bc7b65638af15179d8e9def60f55b5329d7c rt-3.8.16.tar.gz.sig
Recent support for partitioned GnuPG emails introduced a deadlock
situation for large QP/Base64 emails with GnuPG enabled. In addition,
this release resolves a number of issues running the test suite on newer
versions of perl.
git log rt-3.8.15..rt-3.8.16
or visit
rt-3.8.15...rt-3.8.16
rt-4.0.10
RT 4.0.10 is now available for download.
http://download.bestpractical.com/pub/rt/release/rt-4.0.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.10.tar.gz.sig
SHA1 sums
6ecb3f9ffd59df55d04fc7705e4017e8a420bac8 rt-4.0.10.tar.gz
7f84cad8c5aa0a3b8bd45e5b79ab6b247bfa3624 rt-4.0.10.tar.gz.sig
This release contains several bugfixes and a fix for a regression
introduced in 4.0.9. If you have a Queue configured so that users have
SeeQueue and CreateTicket but not ShowTicket (they can create tickets,
but won't be able to see them after creation) then any Custom Fields
assigned to that Queue and filled in during creation would be lost
during submission.
Bugfixes
- CF values are no longer possibly lost during ticket creation; see
above for a complete description - Updated localizations, including a new Slovak translation
- Error titleboxes now render properly when they have collapse icons
- Restore a missing tag on the mobile login
- Allow non-uris in Link transactions
- Bulk Update maintains the previous value of the "Told" box on page
reload - Simple Search no triggers queue-searching behavior when passed a
disabled Queue names - We now find localizations expressed as ( qw(a b c))
- Only attempt to update Told if the correspond succeeded
git log rt-4.0.9..rt-4.0.10
or visiting
rt-4.0.9...rt-4.0.10
rt-4.0.9
I'm happy to announce that RT 4.0.9 is now available.
http://download.bestpractical.com/pub/rt/release/rt-4.0.9.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.9.tar.gz.sig
SHA1 sums
1adf162b2d73eb521b00f45e30ccea6fe193e604 rt-4.0.9.tar.gz
ac76d9199cbeda986f9cea590177a4047840fc37 rt-4.0.9.tar.gz.sig
This release contains a number of bugfixes since the 4.0.8 release.
It also contains the first set of embargoed security tests fixed by
patches released on 2012-05-22. These are the tests for
vulnerabilities fixed in RT 4.0.6 and RT 3.8.12.
This release also requires a newer HTML::RewriteAttributes.
You will be prompted to upgrade when upgrading RT or when manually
running 'make test-dependencies'.
If you have set a custom @jsfiles in RT_SiteConfig.pm, you will need to
amend this to include the new jquery.cookie.js file added to
RT_Config.pm. See UPGRADING-4.0 for more details.
Bugfixes
- IE8/9 are encouraged never to use compatibility mode.
- User autocompletes on Oracle now work.
- Disabled personal groups hiding out from 3.8 are cleaned out.
- When upgrading from 3.8 to 4.0 the article upgrade points to the
correct upgrading documentation. - Restore the link to a Queue's History.
- Stop manually deleting Custom Field Values in the REST API, use
the standard RT API calls. - Avoid Devel::StackTrace 1.28 and 1.29 which are known to break RT.
- Don't show the full login page to mobile clients.
- Refresh your Localization preferences on each page load.
- TicketSQL containing Queue = 'Nonexistant Queue' will not generate
invalid SQL. - Fix an error deleting Custom Field Values on some installs.
- Ensure that leading newlines on Templates are preserved, despite
browsers stripping them. - Eliminate a potential deadlock on large emails when using GPG.
- Handle emails in unknown charsets better.
- Fix GPG Error templates that used reference passing.
- Make Configuration written by the installer consistent and skip some
keys. - Log better error messages and fewer warnings with parsing unparseable
sender email addresses. - Add a missing table element to the Outgoing Mail element.
- Allow 'requestors' on REST ticket creation because it was allowed in
3.8 (earlier versions of 4.0 only allowed requestor as a key). - Fix loading of _Vendor and _Local files in plugins.
- Remove menu/page overlapping that prevented clicking on some links.
- Handle invalid/unindexable Full Text Search records in Pg better.
- Allow users without the ExecuteCode right to create Simple templates.
- Ensure that templates which use heredocs won't have mysterious
failures. - Fix null and NULL to work interchangeably in TicketSQL.
- No longer match on an english string on the Jumbo page. This would
result in the Comment/Correspond textarea remaining populated if using
RT in a non-english locale. - Remove even more old REST restrictions on Custom Field, Queue and
other object names. - Avoid warnings when building the menu on pages with invalid Queues or
other objects. - Saved Search descriptions can safely contain [] without running
afoul of the localization infrastructure. - Allow setting a Queue's Lifecycle back to 'default'.
- Stop using HTML::Mason's cache_self method. It caused some rendering
bugs with GnuPG keys and won't be fixed by upstream. - Fix "RefersTo is NULL" and "Requestor is NULL" to work properly in
TicketSQL (before we only checked for "IS NULL"). - Instead of localizing "Owner Name" in the charting UI, instead
localize the words separately. - When overriding $HomepageComponents or other reference config types in
RT_SiteConfig.pm, the name would not render properly on
Configuration.html. - Clean up session lockfiles because Apache::Session::File doesn't.
- Improve Custom Field Upload rendering when multiple files have been
uploaded. - Bust the cache used by the SelectQueue widget when a Queue's name
changes. - Dates on the Bulk Update page such as Due, Told, etc are now rendered
as DateTimes.
Features
- The Rights Editor now keeps track of the user/group and tab selected
when submitting and switching between states. - Allow bookmarking tickets from the mobile interface.
- Warn less when your RT is behind a proxy.
- New CheckMoreMSMailHeaders config option that tries harder to detect
outlook and repair weird linespacing issues in text parts. - New callbacks to add more information to the Outgoing Mail elements.
- When listing statuses for multiple Queues/Lifecycles, group statuses
by Lifecycle (collapsing Lifecycles with identical Status lists). This
provides a more navigable status list on pages such as the Bulk Update. - Improve performance of shrink_cgm_table.pl and
shrink_transactions_table.pl by processing more rows at a time. - When updating fields that contain lots of text (such as templates)
don't display the entire contents of the template. - Add Custom Field styling and a callback to easily add CFs in the mobile UI.
- Search Results that display many Custom Fields across many ticket rows
will now cache Custom Field objects and make fewer database queries. - Extensions that use ExtractTicketId can now cleanly alter the subject
of the ticket. - New callbacks at the beginning and end of search results.
- Record an X-RT-Interface header to track how a ticket was created.
- Improve dashboard rendering in Outlook and Lotus Notes by scrubbing
JavaScript and not including the print styles. - Update messages to include the user being affected rather than saying
"Added principal" or "That principal". - Provide add_after and add_before convenience methods for extensions
adding new menus to RT. - Display examples of the Date Format preferences in the user's timezone
to make it clearer which formats are defined as UTC and which aren't. - Users changing their password can now hit enter and not submit the
Auth Token Reset form. - When users move a ticket from Queue A to Queue B and no longer have
the ability to see the ticket in Queue B, RT will still display a
message confirming that the move happened.
Documentation
- Lifecycle documentation separate from the RT_Config.pm docs.
- Document how to use the Style Editor and how to add your own CSS.
- Document basic approvals configuration.
- Improve documentation and examples for CreateTickets action
- Improvements to the Article setup/usage documentation.
- Clean up extraneous quotes in our POD.
- New documentation on recommended backup procedures.
- Remove some erroneous documentation in the REST interface.
- New documentation for the initialdata file format.
Development
- Improve SQL logging on record creation and the autocompleter.
- Improve the debugging mason errors to include a stack trace.
- Ensure tests never run in the local locale (which can cause
interesting failures). - Catch and error if we throw warnings in tests.
- The rt-apache tool now accepts "." so you can easily run from a git
checkout. - Enforce internal policies on the repository with 99-policy.t.
- Inline test server now clears the callback cache between tests.
git log rt-4.0.8..rt-4.0.9
or visiting
rt-4.0.8...rt-4.0.9
rt-4.0.8
RT 4.0.8 contains important security fixes, in addition to bugfixes.
http://download.bestpractical.com/pub/rt/release/rt-4.0.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.8.tar.gz.sig
SHA1 sums
7be074e86929c69b4f17d10503646ff070f7fa3b rt-4.0.8.tar.gz
7ee1ecf25a99472d0d75665ed577941cb94c64e7 rt-4.0.8.tar.gz.sig
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2012-4730,
CVE-2012-4731, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735, and
CVE-2012-4884.
Bugfixes
- Custom Fields BasedOn can be set from intialdata again.
- Fix the 3.8.4 NotifyGroup upgrade script to properly join notification
groups with a comma. - Correct the use of the 'approved' state from Lifecycles. It is now
used only when all approvals are completed. - Use database-level row locking to ensure that scrips do not suffer
from race conditions with scrips from other processes. - Remove multiple slashes so that page menus display and the active item
is correctly highlighted. - Improve MaxAttachmentSize documentation.
- Ensure that ticket links in the iCal feed are CSRF whitelisted.
Features
- New alias validator sbin/rt-validate-aliases which helps keep RT and
/etc/aliases in sync. - Add support for GPG mails in inline format (PGP partitioned encoding)
that are also encoded for transfer with Base64 or quoted printable. - Add a BeforeLocalization callback to message headers.
- If you have DBIx::SearchBuilder 1.62 or higher and are using full
text indexing on Pg or Oracle, rt-fulltext-indexer uses a faster query
to find unindexed attachments.
Developer
- Add rt-apache for running a test instance of apache.
- Add the rt-static-docs tool for generating HTML versions of our docs.
A complete changelog is available from git by running
git log rt-4.0.7..rt-4.0.8
or visiting
rt-4.0.7...rt-4.0.8
rt-3.8.15
This release of RT contains important security updates.
You can download it from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.15.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.15.tar.gz.sig
SHA1 sums
abb7b0d52cb9843e3154aeff2490211ddcdc59b8 rt-3.8.15.tar.gz
9401cdd429565b99dd45c99e20d5d36ac8d0fe4c rt-3.8.15.tar.gz.sig
This release resolves a number of security vulnerabilities.
It resolves CVE-2012-4730, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735,
and CVE-2012-4884.
In addition to these security fixes, RT 3.8.15 contains support for
partitioned PGP messages.
rt-4.0.7
I'm happy to announce that RT 4.0.7 is now available.
http://download.bestpractical.com/pub/rt/release/rt-4.0.7.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.7.tar.gz.sig
SHA1 sums
4c6ba7c3311e0fc42bb99434e91d03318c24186f rt-4.0.7.tar.gz
e162aa17cacecc714ec744545c52c4ac7238c816 rt-4.0.7.tar.gz.sig
This release contains a number of bugfixes since the 4.0.6 release.
In particular, we have adjusted the CSRF warning for a few pages based
on user feedback.
This release bumps dependencies on Email::Address, FCGI and IPC::Run so
please make sure to run 'make testdeps' and if required
'make fixdeps' before upgrading. Running 'make upgrade' will also
check your installed versions for errors.
Security
- Bump the FCGI dependency to one which closes CVE-2011-2766
The 4.0 series did not specify a minimum FCGI version and it's
possible that a vulnerable release of the perl FCGI module was
installed when you set up an earlier release of 4.0.x
Features
- Allow specification of your CSRF Whitelist Referrer using *.example.com
- Allow searching for tickets associated with articles using a:42
- Upgrade our Date/Time picker JS, allow unsetting of CFs
- Improve display of circularly linked tickets
- Optimize the large table changes between 3.2 and 3.4 for MySQL
- Provide a better error if your CreateTickets template is malformed
- Add the ExtractTicketId function to make customizing ticket id
matching easier
Bugfixes
- Don't trust emails that claim to be UTF-8, convert it to UTF-8 before storing
- Fix a shredder bug when deleting a user and replacing it with another user
- Remove CSRF restrictions on search results page
- Ensure that TransactionBatch scrips always run in the RT::System
context rather than having some sub-objects in the original user's
context. - Better display of multipart/related mail
- Remove some warnings when running under Perl 5.16
- Better errors when viewing approvals without rights
- Bring back rounded corners on FireFox >= 13 by using the standard
border-radius property - $Users->LimitCustomField now ignores disabled ObjectCustomFieldValues
properly (same for other non-ticket objects). - Versions of IPC::Run < 0.90 could truncate labels on charts that
contain UTF-8 characters - Fix a rendering issue where certain emails would cause the history to
render progressively more staggered to the right - Make owner:falcone and owner:[email protected] work
- CF.{Foo} TicketSQL searches are now case insensitive on Pg and Oracle
- Tickets with Unicode subjects created through the Web UI could end up
being corrupted on reply because of other headers passed to MIME::Head - Ignore DECRYPTION_INFO from GnuPG 1.4.12
- Record LastUpdated(By) on Scrips
- Simple Search now handles Custom Fields with dashes
- Remove another hardcoded use of 'resolved' in the mailgate unsafe actions
- When deleting dashboards, also delete subscriptions
- Fix rendering of links from bin/rt
- Don't allow ticket creation if your REST form contains an unknown field
- Skip users with empty email addresses in autocompletion
- Loosen our detection of mobile browser to search for the word 'mobile'
- Don't provide a charset on download of binary attachments
- Fix UseSideBySideLayout to not be cached across users
- Ensure that article searches are case insensitive
- QueueSummaryByStatus now uses the improved code from QueueSummaryByLifecylcle
A complete changelog is available from git by running
git log rt-4.0.6..rt-4.0.7
or visiting
rt-4.0.6...rt-4.0.7
although they will not load all of the commits.
rt-3.8.14
I'm happy to announce that RT 3.8.14 is now available.
http://download.bestpractical.com/pub/rt/release/rt-3.8.14.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.14.tar.gz.sig
SHA1 sums
0ea5e7598e9bf75156629f6358192b6f62035f8a rt-3.8.14.tar.gz
49d1cf9e280edd23e9c467c80adc48922eb959fb rt-3.8.14.tar.gz.sig
This release contains two fixes related to the 3.8.12 security release.
Access to search results URLs is now CSRF whitelisted, based on user feedback.
An error in rt-email-dashboards has been corrected.
A complete changelog is available from git by running:
git log rt-3.8.13..rt-3.8.14
or on github with
rt-3.8.13...rt-3.8.14
rt-3.8.13
I'm happy to announce that RT 3.8.13 is now available.
http://download.bestpractical.com/pub/rt/release/rt-3.8.13.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.13.tar.gz.sig
SHA1 sums
adc7dab25a6454e47a9386f7d7aa8091b4ef46ca rt-3.8.13.tar.gz
199c36836d777115f7bd49cb27fec4e4410fd5dd rt-3.8.13.tar.gz.sig
This release contains an important bugfix over the 3.8.12 security
release:
- Fix sending email with the 'perl-script' mod_perl handler, by
ensuring that STDIN was always on FD 0 before calling IPC::Open2.
This failure showed as either SIGPIPE or abnormal exit codes when
running sendmail. - Fix for "Undefined value assigned to typeglob" and "Bad file
descriptor: core_output_filter" errors caused by the above change, by
ensuring that both FD 0 and FD 1 are prevented from being claimed by
Apache. This error only arose with the perfork MPM and mod_perl <=
2.0.4.
A complete changelog is available from git by running:
git log rt-3.8.12..rt-3.8.13
rt-4.0.6
RT 4.0.6 contains important security fixes, in addition to bugfixes.
http://download.bestpractical.com/pub/rt/release/rt-4.0.6.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.6.tar.gz.sig
SHA1 sums
f5c0dd16da21f0af8e9c093057aa58cbab08d06b rt-4.0.6.tar.gz
1f862bbb1b335cd036d1c32c10d80f26e4ce99a1 rt-4.0.6.tar.gz.sig
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.
- Remove CSS3PIE, which simply added rounded corners on IE7 and IE8, as
it was causing numerous crashes of IE. - Show the current status in the status dropdown during ticket update,
to allow forced setting of the status. This functionality was
available in RT 3.8, and is now being reinstated. - Use SearchBuilder queue limits to restrict what statuses and owners
are displayed in drop-downs. - Make "New Ticket" a top-level SelfService menu item.
- Display Lifecycle column correctly in queue admin lists.
- Allow >64k attributes on MySQL; this is particularly useful for
logos uploaded via the theming editor. - Remove two dependencies from the RT mailgate.
- Adding new arbitrary links to tickets now works as expected in the
REST interface. - Subject: lines in Forward Ticket templates are now respected.
- Sort ticket link numbers numerically, not alphabetically.
- Ticket reminders are no longer copied when creating a linked ticket;
article and http:// links now are, however. - Use relative links (with no hostname) more consistently.
- Correctly deal with non-ASCII attachment filenames which make use of
MIME parameter value continuations. - Find queue-level CFs first in REST interface when there are
duplicates by name. - Fix graphing of searches which reference Updated and other
transaction-based limits. - Reminder statuses on open and resolve are now configurable
per-lifecycle. - Fix quoting of CF names containing dashes and the like in the
SearchBuilder. - Bump URI dependency to ensure utf8 URLs are correclty generated in
Dashboard emails. - Permit and language attributes when scrubbing HTML.
A complete changelog is available from git by running:
git log rt-4.0.5..rt-4.0.6
rt-3.8.12
This release of RT contains important bugfixes and security updates.
You can download it from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.12.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.12.tar.gz.sig
SHA1 sums
aa657de2fd687c51f31216df6dc1f639a0bc1f7c rt-3.8.12.tar.gz
1da5db780c40455ceeb9a6099364f2bb977271a6 rt-3.8.12.tar.gz.sig
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.
- Upgrade prototype.js to version 1.7, for compatibility with google
charts. - Remove ie7.js, which is no longer used.
- Ensure that TransactionBatch scripts are only run once.
A complete changelog is available from git by running:
git log rt-3.8.11..rt-3.8.12