Skip to content

rt-5.0.4

Compare
Choose a tag to compare
@sunnavy sunnavy released this 04 May 15:37
· 645 commits to stable since this release
rt-5.0.4

RT 5.0.4 -- 2023-05-04

RT 5.0.4 is now available for general use. The list of changes
included with this release is below.

May the Fourth be with you!

https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz
https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz.asc

SHA-256 sums

916d870d22d92027f843798be6f880aaf1517aebc3f6ab25f456f4e772f4834d rt-5.0.4.tar.gz
191436164473423796c7b34cfe4cc8891d2fd1db8bef5584d34f50083bd3396e rt-5.0.4.tar.gz.asc

Security

  • jQuery UI is updated to version 1.13.2, which addresses a security issue in
    earlier jQuery UI (CVE-2022-31160). This issue does not impact RT directly
    as RT does not currently use the impacted code.

General user features

  • Split the select of watcher criteria in query builder; with a single
    select, this list would grow too long
  • Display entry hint in people section of ticket display page
  • Add missing css rules to buttons to improve UI consistency
  • Increase search field column width, mainly for role fields
  • Include custom roles in the core watcher search criteria
  • Hide asset menu search if simple search is disabled
  • Fix multiple mt-* classes that are applied at the same time to fix
    display bugs
  • Retain Class and ObjectType when query parsing contains errors;
    prevents query parsing actions in transaction search from reverting
    to ticket search
  • Clear floating elements from correspondence
  • Show custom field diffs in transaction history
  • Fix bug that caused HTML custom fields to show 'text/html' as value
  • Move user custom fields on "Settings > About me"" page to make better
    use of space
  • Fix the menu drift when clicking on repositioned submenus caused by
    screen width overflow
  • Fix issue where a submenu could flash out when clicking a submenu
    option (specifically, in Chrome-based browsers)
  • Fix runtime error in SelfService Asset Display (I#37377)
  • Improve Reports/Update This Menu CSS styling
  • Improve 'Error: public key' template to avoid confusion for new
    installs (I#37360)
  • Show RT support email address in the RemoteAuth error page
  • Show RT support email address on PSGI/database error page
  • Block ticket creation/update when there's invalid recipients
  • Disable browser spell check for custom code box (thanks Christian
    Mehlmauer!)
  • Make Actions page menu scrollable in case it's too long to fit on
    screen
  • Allow CKEditor (rich text) boxes to vary in height based on
    context/usage
  • Fix bug preventing the toggling/display of initially rolled-up widgets
  • Allow unchecking of "Suppress if empty" checkbox for dashboard
    subscriptions
  • Load more history for unread messages with on scroll setting so new
    messages can be accessed via the "Jump to Unread" button
  • Exclude favion.png from generated dashboard email
  • Add extra css to dashboard emails to improve display for some
    email web clients (such as Gmail and Outlook)
  • Fix Ticket/Create.html's display of Links block
  • Refactor Edit Links to fix bug in page display
  • Exclude asset custom roles from ticket search
  • Fix custom role's name in the result message when adding members
  • Add support for custom roles in asset searches
  • Improve performance of one-time email lookup
  • Improve page layout by dropping an extra form-row wrapper
    (LabeledValue already has one)
  • Fix layout of ticket graph page
  • Add back missing current-value span to fix alignment of rows in asset
    widget of ticket page
  • Re-add the missing Creator row for article display
  • Revert LabeledValue changes to role inputs
  • Make article autocomplete case insensitive
  • Force EmailAddress to be the default return value for EmailInput
  • Prettify "Show ticket history" by making it look like a button
  • Add multiple order by and order indicators in search results header
  • Make autocomplete work in dynamically created modal popup
  • Support to pass user name as default value for owner input
    autocomplete
  • Allow to show empty option even when default value is present;
    allows current Priority filter to show while allowing user to unset it
  • Allow users to filter ticket search results via headers
  • Allow text but not icons to wrap in search header (in Firefox)
  • Provide default 'select all' for some search terms; prevents erroneous
    "error parsing your search query" messages (I#36902)
  • Reset queue-level default values on queue change on ticket create
    page; previously, defaults didn't change even if another queue was
    selected (I#37242)
  • Show end users a message if a SQL error occurs
  • Update search results to use Bootstrap/modern pagination styles
  • Add box to jump to search results page
  • Add UI for custom field validation hints
  • Improve color and spacing for custom field FriendlyPattern UI
  • Target keyboard shortcuts accurately for search result modal popups
  • Fix combobox controls to not clear user inputs on dropdown click
  • Format auth token list with a title box
  • Removed extra space between Cc and Bcc in the ticket update cc Element
  • Handle implicit form submissions in search filter modals (i.e., act
    as if the "Apply" button was clicked)
  • Fix broken search input formatting on "Manage GnuPG Keys" page
  • Always show a Logout link in the menu
  • Make number of search results per-page configurable
  • Add information about search preferences
  • Remove extra space from titleboxes in query builder's Sort and Display
    Columns boxes
  • Prevent main navigation from overlapping with custom logo
  • Make pie/bar in js charts clickable again for saved searches
  • Automatically enable live search for selects that have 10 or more
    options
  • Force to use light theme for dashboard emails; prevents broken
    display of dashboard emails in email clients that try to automatically
    apply your system's dark/light theme to emails
  • In query builder, show a solid funnel next to header column if that
    column is a filter in the search
  • Add "unknown" default priority option to priority select list; shows
    if a ticket's priority is unknown or no longer valid
  • Make search filter modal popups scrollable (in case of long content)
  • In query builder, increase queue limit to 100 in search filter (as
    the modal is now scrollable)
  • Add URL shortening of search URLs
  • Add shortener support to saved searches
  • Shorten subqueries on chart page
  • Fix bug that adds duplicated criteria to queries generated on chart
    page
  • Reduce whitespace between the continuous descriptive paragraphs
  • When commenting or corresponding, only quote text from transaction
    areas in the ticket history
  • Remove unnecessary spacing in layout of user custom fields in
    SelfService Prefs
  • Fix label typo for asset description
  • Fix bug that could prevent live-search in select widgets (Safari and
    Firefox)
  • Improve UI consistency by wrapping textarea/attachment inputs in a
    form-row
  • Remove extra vertical space of select inputs to be consistent with
    other inputs
  • Use consistent space among input rows for ticket forms
  • Replace fontawesome funnel icon with bootstrap version
  • Drop the obsolete fontawesome filter icon
  • Removed extra space between Cc and Bcc in the ticket update cc Element
  • Update data-live-search attr for bootstrap select before initialization
  • Show customized operator/value inputs for cfs on admin user search page
  • Support to wrap textarea/attachment inputs into a form-row for space settings
  • Remove extra vertical space of selectized inputs to be consistent with other inputs
  • Use consistent space among input rows for ticket forms
  • Use HTML content for articles by default
  • Format article HTML content correctly when EscapeHTML is disabled
  • Add extra newlines to make boundaries of different article fields clear
  • Clarify usage of the $EmailSubjectTagRegex setting
  • Adapt formatting for mixed HTML and plain text quoting in Outlook message
  • Display key details for text/calendar messages (meeting invitations)
  • Various improvements for search filter controls
  • Limit dropdown size in owner search filter modal
  • Convert some search icons to inline svg for easier styling
  • Drop the duplicated div.value in EditTopics
  • Hide tooltips everywhere on click

Web Administration

  • Allow default custom field values for group, user, and article objects
  • Add custom roles to assets
  • Add lookup type to custom role admin page listing
  • Make comment and signature boxes half-page width, not full page width
  • Add SameSite to cookies from WebSameSiteCookies, helping to protect
    from CSRF attacks ($WebSameSiteCookies in RT config)
  • Update default value for WebSecureCookie so cookies are secure by
    default
  • Support sending test dashboard emails on dashboard subscription page
  • Record ACL changes in transactions
  • Show a default entry hint based on the type of validation for custom
    field admin pages
  • Fix display of plugin arguments on Shredder page
  • Update Scrips modify page to line up "Applies to" with the other
    values
  • Remove unnecessary current-value span for rows not in forms
  • Use LabledValue to generate current-value spans
  • Add search functionality for config edit page
  • Add configuration option to disable quoting of selected text on
    ticket update
  • Fix lifecycle editor warning messages: "actions" is the key name,
    not "action"
  • In lifecycle editor, show objects where the lifecycle is applied
  • Add Shortener page (Admin > Tools > Shortener Viewer) to show content
    of specified shortener code
  • Create optional article portlet for ticket display page
  • Hide article portlet if current user does not right to see the article
  • Add a Checkbox RenderType for select type custom fields
  • Scrub permissively for non-ticket related custom field values
  • Add %ScrubCustomFieldOnSave config to scrub custom field values on save

Server Administration

  • RT now supports MySQL 8
  • Upgrade jquery-ui to 1.13.2
  • Upgrade CKEditor to 4.20.1
  • Add clibboard.js to RT
  • Update fontawesome to 5.15.4
  • Updated dependencies:
    DBIx::SearchBuilder 1.76+ for MySQL 8, combined count/results
    Require DBD::SQLite 1.72
    Require GD::Graph 1.56
    Require Date::Extract 0.07
    Module::Runtime::require_module (replaces UNIVERSAL::require
  • Removed dependencies:
    Data::Page::Pageset
    Pod::Select (deprecated)
    Pod::PlainText (deprecated)
    UNIVERSAL::require (deprecated)
  • Drop obsolete babel-minify-webpack-plugin
  • Add --recipient to send dashboard emails to a single recipient only
  • Add --dashboards argument to specify dashboard IDs to send via
    rt-email-dashboards
  • Add option to inline CSS for dashboard email; allows dashboard emails
    to resemble the RT display while decreasing email size by removing
    unused CSS classes
  • Refactor implementation of --no-auto-commit to support --originalid
  • Add $DatabaseQueryTimeout setting to set the maximum seconds a single
    SQL query should be allowed to run.
  • Add Info/Debug/Error messages to the RT logs when a user logs in or
    out via web remote user auth.
  • Add support to shred class/topic/article objects
  • Add support to shred catalog/asset objects
  • Shred only ticket roles when shredding queues
  • When loading an initialdata file, don't add the same custom fields
    multiple times.
  • Extract pre-defined custom field validation rules to the
    @CustomFieldValuesValidations config setting
  • Add source IP address to the external auth login log message
  • Clarify logout messages for local and SAML logouts
  • Add rt-clean-shorteners CLI utility to clean up temporary shorteners
  • Add Shorteners to serializer when running in clone mode
  • Show customized operator/value inputs for searching custom fields in
    user admin (similar to how Query Builder works)
  • Handle SetConfig changes in same way as text custom fields
  • Dump GroupBy custom field items in saved charts using Name for
    improved portability when using rt-dump-initialdata
  • Fix LDAP filter string debug output
  • Add rt-clean-attributes to delete obsolete DeferredRecipients
    attributes
  • Allow additional ticket relationship graph directions
  • Support loading users via user custom fields
  • Add new tables to reset-sequences utility
  • Fix inconsistent normalized owner group member for merged tickets
    in rt-validator
  • In vulnerable-passwords upgrade script, Page users to save memory
    in case there are too many records
  • Dump GroupBy custom field items in saved charts using Name for portability
  • Fix the partially quoted index name for MariaDB/MySQL

Developer

  • Update .gitignore to ignore all of var/ to help protect developers
    from accidentally checking in session data or RT databases in var/
  • Add a warning as a hint to RT developers about WebSecureCookies
  • Add a new "LabeledValue" component to provide a standard way to show a
    value with a label attached to it
  • Add CustomRoleObj method for loading RT records by GroupType
  • Abstract RT::Ticket::RoleAddresses so it can be used for assets too.
  • Factor out a LookupType role from CustomFields so it supports custom
    roles on assets and other record types
  • Add API for interacting with custom roles on assets
  • Move ShowHistoryHeader title into parameter, allowing calling
    components to set the title (thanks mzagrabe!)
  • Add RT::Action::ClearCustomFieldValues ScripAction to clear a custom
    field
  • Disable jump to page form by default in CollectionList
  • Use custom role names as keys for ticket endpoints in REST2, making
    custom roles consistent with core roles
  • Recurse into t/ directory to run all tests
  • Test empty keys in saved chart content
  • Test custom role groups in ACL initialdata
  • Test HTML custom field changes
  • Test invalid queries on transaction search edit page
  • Add tests for LoadOrCreateByEmail
  • Make tests require $WebSecureCookies=0 since they don't use HTTPS
  • Tests for loading users via UserCFs
  • Test order indicator in search results header
  • Test shredder for class/topic/article objects
  • Test shredder for catalog/asset objects
  • Test shredder for ObjectCustomRoles of queues
  • Switch to Test::MockTime::HiRes in date api test
  • Add case-sensitivity tests for Articles autocomplete
  • Update tests for new added ValidationHint feature
  • Update basic_auth.t test since logout will be always available
  • Update tests for the keys change of CustomRoles in REST2
  • Add tests for new article methods
  • Test optimized ticket/transactions/asset searches
  • Update tests for the default priority change when PriorityAsString is
    enabled
  • Add tests for %PriorityAsString that does not have "0" mapped
  • Update tests to account for URL shortener being enabled by default
  • Add basic tests for search url shortener
  • Add basic tests for shortener viewer
  • Add tests for saved search shortener
  • Update tests for EN datetime locale change to space
  • Update txn ids in tests because of new added acl transactions
  • Adjust tests to account for new brief descriptions of SetConfig
    transactions
  • Use a bigger FcgidMaxRequestLen value for apache+fcgid tests
  • Test textual and UTF-8 encoded "message/..." attachments
  • New callbacks:
    /Widgets/TitleBox Added ModifyContent to modify content presented by
    a TitleBox widget
    /Elements/ShowTransaction Added ModifyShowCFDiff to modify when
    CustomField diff details show in ticket history
    /Search/Elements/PickObjectCFS Added ModifyCFs, primarily to hide
    custom field (such as transaction or queue custom fields) that
    some users may be unfamiliar with
  • Modified callbacks:
    ModifyLoginRedirect - moved to the end of Logout processing
    BeforeActionList Added Actions parameter
    /Search/Results.html - added calculated result count as parameter to
    BeforeResults and AfterResults callbacks
    EditCustomFields - Restored ModifyFieldClasses callback

Documentation

  • Fix formatting in docs for $DateTimeFormat config examples
  • Add docs about receiving email warnings from RT
  • Document default Name setting in RT::User
  • Update docs for showing article search in self-service
  • Reference the assets menu right in the asset docs
  • Document how OwnerEmail is used
  • Correct documentation error for RT::Queue::IsWatcher
  • Fix incorrect links in shredder's ticket docs
  • Add build instructions for CKEditor 4
  • Add docs for scheduling rt-clean-shorteners
  • Document URL shortener in UPGRADING
  • Document new process articles feature
  • Fix broken link to RT_Config's External-storage section
  • Provide examples for CanonicalizeEmailAddress match and replace
  • Use HelpDesk as the plugin example in site config
  • Corrected doc error - Custom Roles cannot apply globally
  • Document the configuration needed to load JSON initialdata
  • Render no-target header links more like normal text in shredder docs
  • Fix broken Pod in rt-validator
  • Fix typo in transaction-type argument in rt-crontool docs (thanks
    Rob Lister!)
  • Fix 'pririty' typo in RT_Config.pm.in (thanks NReilingh!)
  • Update rt-crontool documentation with multiple action example
  • Fix "Reffered" typo in metadata doc (thanks NReilingh!)
  • Fix 'followoing' typo in docs (thanks NReilingh!)
  • Add upgrade note for $EmailDashboardInlineCSS option for dashboard
    emails
  • Update Query Builder documentation with Dynamic Filtering and Sorting
  • Update docs to remove references to UNIVERSAL::require
  • Add docs for user-visible permalink features
  • Document steps to generate initialdata changes file

Internals

  • Treat RT::System-Role the same as other roles in ACL initialdata
  • Use name for custom role groups in ACL
  • Don't default Name to EmailAddress in LoadOrCreateByEmail
  • Add SLA to args CreateTickets accepts
  • Log recorded SQL statements, even without CurrentUser; allows
    StatementLog to function when invoked in places where there may not
    be a current user (such as the CLI)
  • Remove state criteria for invalid utf8 error warnings (MySQL and
    MariaDB)
  • Rewind uploaded file after reading (thanks elacour!)
  • Support arbitrary user names in .rt_sessions
  • Port RT UI to use new LabeledValue component
  • Bring Asset Search rendering back to the status-quo-ante
  • Encode content for textual "message/..." attachments
  • Set MasonLocalComponentRoot via RT->Config->Set so apache can see it
  • Exempt some format strings from HTML::Gumbo structure check
  • Do not check acl when auto-setting core date fields (thanks elacour!)
  • Ignore disabled lifecycles when validating mappings
  • Require LDAPImport after init, allowing overlays for RT::LDAPImport
  • Wrap direct SQL in rights checks to SearchBuilder's SimpleQuery to
    log SQL when StatementLog is enabled
  • Don't duplicate system object in EquivObjects on system rights check
  • Allow RegisterLookupType to provide options besides just FriendlyName
  • Clear old data when registering custom roles
  • Relax requirements about role names to be unique for each lookup type
  • Convert OR'd role group names in ticket ACL check to IN for better
    performance
  • Skip existing catalog role groups on import
  • Serialize OldValue/NewValue to user references in SetWatcher/SetOwner
    transactions
  • Clear unneeded anchors and HTML comments
  • Don't error if users4 index has been removed
  • Pass multiple Order/OrderBy values as array references
  • Pass datetime in UTC as LastUpdated is stored that way
  • Convert to preferred constructor for Data::Page
  • Clean up duplicated widget arguments
  • Add ValidationHint column for CustomFields table
  • Convert $cf->FriendlyPattern to use ValidationHint
  • Respect env variable "RT_DATABASE_QUERY_TIMEOUT" on database connect
  • Add JOIN criteria for transaction searches to improve performance
  • Simplify setting the redirect URL on logout
  • Add helper methods on Class for article display settings
  • Add pass-through methods for class-level display flags
  • Convert Preformatted template to use new article API
  • Update /SelfService/Article/Display.html to new API
  • Page users to save memory in case there are too many records
  • Include referenced queues/catalogs only for active/inactive status
    searches
  • Convert "OR" clauses in transactions/assets searches to "IN" for
    better performance
  • Replace CSS::Inliner->require with RT::StaticUtil::RequireModule
  • Combine search and count for search result pages (if possible) to
    improve performance
  • Combine search and count for saved searches on dashboards (if
    possible) for better performance
  • Abstract GetStylesheet for web
  • Refactor code to build search filter metadata in Header instead
  • Calculate search filter modal content's max-height accurately
  • Fix limit parameter for shredder URL on search pages
  • Switch to POST method for search chart and refresh forms
  • Add missing Class/ObjectType params to refresh form on search results
    page
  • Default query to "id > 0" like other chart elements for ChartTable
  • Provide a way to update config immediately in tests
  • Disable legacy Table settings for asset date custom fields
  • Suppress uninitialized value warnings seen in config history
  • Exclude empty keys from search fields for saved charts
  • Convert ticket link graph generator to GraphViz2
  • No need to sync attribute links in PostInflateFixup
  • No need to create transactions in PostInflateFixup
  • Fix typo in DefaultDashboard handling of PostInflateFixup
  • Import dashboards/savedsearches/subscriptions/prefs/bookmarks for
    merged users
  • Add method to load an object based on a custom field value
  • Directly use passed in $Default as label if it is already string
  • Do not set SavedSearchId to chart search id
  • Add system CurrentUserCanSee to make transaction's CurrentUserCanSee
    work
  • Provide a simple framework for showing user messages
  • Fall back priority to the first value in %PriorityAsStringMapping
    config
  • Use name for custom role groups in ACL
  • Treat RT::System-Role the same as other roles in ACL initialdata
  • Ignore disabled lifecycles when validating mappings

A complete changelog is available from git by running:
git log rt-5.0.3..rt-5.0.4
or visiting
rt-5.0.3...rt-5.0.4