rt-5.0.4
RT 5.0.4 -- 2023-05-04
RT 5.0.4 is now available for general use. The list of changes
included with this release is below.
May the Fourth be with you!
https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz
https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz.asc
SHA-256 sums
916d870d22d92027f843798be6f880aaf1517aebc3f6ab25f456f4e772f4834d rt-5.0.4.tar.gz
191436164473423796c7b34cfe4cc8891d2fd1db8bef5584d34f50083bd3396e rt-5.0.4.tar.gz.asc
Security
- jQuery UI is updated to version 1.13.2, which addresses a security issue in
earlier jQuery UI (CVE-2022-31160). This issue does not impact RT directly
as RT does not currently use the impacted code.
General user features
- Split the select of watcher criteria in query builder; with a single
select, this list would grow too long - Display entry hint in people section of ticket display page
- Add missing css rules to buttons to improve UI consistency
- Increase search field column width, mainly for role fields
- Include custom roles in the core watcher search criteria
- Hide asset menu search if simple search is disabled
- Fix multiple mt-* classes that are applied at the same time to fix
display bugs - Retain Class and ObjectType when query parsing contains errors;
prevents query parsing actions in transaction search from reverting
to ticket search - Clear floating elements from correspondence
- Show custom field diffs in transaction history
- Fix bug that caused HTML custom fields to show 'text/html' as value
- Move user custom fields on "Settings > About me"" page to make better
use of space - Fix the menu drift when clicking on repositioned submenus caused by
screen width overflow - Fix issue where a submenu could flash out when clicking a submenu
option (specifically, in Chrome-based browsers) - Fix runtime error in SelfService Asset Display (I#37377)
- Improve Reports/Update This Menu CSS styling
- Improve 'Error: public key' template to avoid confusion for new
installs (I#37360) - Show RT support email address in the RemoteAuth error page
- Show RT support email address on PSGI/database error page
- Block ticket creation/update when there's invalid recipients
- Disable browser spell check for custom code box (thanks Christian
Mehlmauer!) - Make Actions page menu scrollable in case it's too long to fit on
screen - Allow CKEditor (rich text) boxes to vary in height based on
context/usage - Fix bug preventing the toggling/display of initially rolled-up widgets
- Allow unchecking of "Suppress if empty" checkbox for dashboard
subscriptions - Load more history for unread messages with on scroll setting so new
messages can be accessed via the "Jump to Unread" button - Exclude favion.png from generated dashboard email
- Add extra css to dashboard emails to improve display for some
email web clients (such as Gmail and Outlook) - Fix Ticket/Create.html's display of Links block
- Refactor Edit Links to fix bug in page display
- Exclude asset custom roles from ticket search
- Fix custom role's name in the result message when adding members
- Add support for custom roles in asset searches
- Improve performance of one-time email lookup
- Improve page layout by dropping an extra form-row wrapper
(LabeledValue already has one) - Fix layout of ticket graph page
- Add back missing current-value span to fix alignment of rows in asset
widget of ticket page - Re-add the missing Creator row for article display
- Revert LabeledValue changes to role inputs
- Make article autocomplete case insensitive
- Force EmailAddress to be the default return value for EmailInput
- Prettify "Show ticket history" by making it look like a button
- Add multiple order by and order indicators in search results header
- Make autocomplete work in dynamically created modal popup
- Support to pass user name as default value for owner input
autocomplete - Allow to show empty option even when default value is present;
allows current Priority filter to show while allowing user to unset it - Allow users to filter ticket search results via headers
- Allow text but not icons to wrap in search header (in Firefox)
- Provide default 'select all' for some search terms; prevents erroneous
"error parsing your search query" messages (I#36902) - Reset queue-level default values on queue change on ticket create
page; previously, defaults didn't change even if another queue was
selected (I#37242) - Show end users a message if a SQL error occurs
- Update search results to use Bootstrap/modern pagination styles
- Add box to jump to search results page
- Add UI for custom field validation hints
- Improve color and spacing for custom field FriendlyPattern UI
- Target keyboard shortcuts accurately for search result modal popups
- Fix combobox controls to not clear user inputs on dropdown click
- Format auth token list with a title box
- Removed extra space between Cc and Bcc in the ticket update cc Element
- Handle implicit form submissions in search filter modals (i.e., act
as if the "Apply" button was clicked) - Fix broken search input formatting on "Manage GnuPG Keys" page
- Always show a Logout link in the menu
- Make number of search results per-page configurable
- Add information about search preferences
- Remove extra space from titleboxes in query builder's Sort and Display
Columns boxes - Prevent main navigation from overlapping with custom logo
- Make pie/bar in js charts clickable again for saved searches
- Automatically enable live search for selects that have 10 or more
options - Force to use light theme for dashboard emails; prevents broken
display of dashboard emails in email clients that try to automatically
apply your system's dark/light theme to emails - In query builder, show a solid funnel next to header column if that
column is a filter in the search - Add "unknown" default priority option to priority select list; shows
if a ticket's priority is unknown or no longer valid - Make search filter modal popups scrollable (in case of long content)
- In query builder, increase queue limit to 100 in search filter (as
the modal is now scrollable) - Add URL shortening of search URLs
- Add shortener support to saved searches
- Shorten subqueries on chart page
- Fix bug that adds duplicated criteria to queries generated on chart
page - Reduce whitespace between the continuous descriptive paragraphs
- When commenting or corresponding, only quote text from transaction
areas in the ticket history - Remove unnecessary spacing in layout of user custom fields in
SelfService Prefs - Fix label typo for asset description
- Fix bug that could prevent live-search in select widgets (Safari and
Firefox) - Improve UI consistency by wrapping textarea/attachment inputs in a
form-row - Remove extra vertical space of select inputs to be consistent with
other inputs - Use consistent space among input rows for ticket forms
- Replace fontawesome funnel icon with bootstrap version
- Drop the obsolete fontawesome filter icon
- Removed extra space between Cc and Bcc in the ticket update cc Element
- Update data-live-search attr for bootstrap select before initialization
- Show customized operator/value inputs for cfs on admin user search page
- Support to wrap textarea/attachment inputs into a form-row for space settings
- Remove extra vertical space of selectized inputs to be consistent with other inputs
- Use consistent space among input rows for ticket forms
- Use HTML content for articles by default
- Format article HTML content correctly when EscapeHTML is disabled
- Add extra newlines to make boundaries of different article fields clear
- Clarify usage of the $EmailSubjectTagRegex setting
- Adapt formatting for mixed HTML and plain text quoting in Outlook message
- Display key details for text/calendar messages (meeting invitations)
- Various improvements for search filter controls
- Limit dropdown size in owner search filter modal
- Convert some search icons to inline svg for easier styling
- Drop the duplicated div.value in EditTopics
- Hide tooltips everywhere on click
Web Administration
- Allow default custom field values for group, user, and article objects
- Add custom roles to assets
- Add lookup type to custom role admin page listing
- Make comment and signature boxes half-page width, not full page width
- Add SameSite to cookies from WebSameSiteCookies, helping to protect
from CSRF attacks ($WebSameSiteCookies in RT config) - Update default value for WebSecureCookie so cookies are secure by
default - Support sending test dashboard emails on dashboard subscription page
- Record ACL changes in transactions
- Show a default entry hint based on the type of validation for custom
field admin pages - Fix display of plugin arguments on Shredder page
- Update Scrips modify page to line up "Applies to" with the other
values - Remove unnecessary current-value span for rows not in forms
- Use LabledValue to generate current-value spans
- Add search functionality for config edit page
- Add configuration option to disable quoting of selected text on
ticket update - Fix lifecycle editor warning messages: "actions" is the key name,
not "action" - In lifecycle editor, show objects where the lifecycle is applied
- Add Shortener page (Admin > Tools > Shortener Viewer) to show content
of specified shortener code - Create optional article portlet for ticket display page
- Hide article portlet if current user does not right to see the article
- Add a Checkbox RenderType for select type custom fields
- Scrub permissively for non-ticket related custom field values
- Add %ScrubCustomFieldOnSave config to scrub custom field values on save
Server Administration
- RT now supports MySQL 8
- Upgrade jquery-ui to 1.13.2
- Upgrade CKEditor to 4.20.1
- Add clibboard.js to RT
- Update fontawesome to 5.15.4
- Updated dependencies:
DBIx::SearchBuilder 1.76+ for MySQL 8, combined count/results
Require DBD::SQLite 1.72
Require GD::Graph 1.56
Require Date::Extract 0.07
Module::Runtime::require_module (replaces UNIVERSAL::require - Removed dependencies:
Data::Page::Pageset
Pod::Select (deprecated)
Pod::PlainText (deprecated)
UNIVERSAL::require (deprecated) - Drop obsolete babel-minify-webpack-plugin
- Add --recipient to send dashboard emails to a single recipient only
- Add --dashboards argument to specify dashboard IDs to send via
rt-email-dashboards - Add option to inline CSS for dashboard email; allows dashboard emails
to resemble the RT display while decreasing email size by removing
unused CSS classes - Refactor implementation of --no-auto-commit to support --originalid
- Add $DatabaseQueryTimeout setting to set the maximum seconds a single
SQL query should be allowed to run. - Add Info/Debug/Error messages to the RT logs when a user logs in or
out via web remote user auth. - Add support to shred class/topic/article objects
- Add support to shred catalog/asset objects
- Shred only ticket roles when shredding queues
- When loading an initialdata file, don't add the same custom fields
multiple times. - Extract pre-defined custom field validation rules to the
@CustomFieldValuesValidations config setting - Add source IP address to the external auth login log message
- Clarify logout messages for local and SAML logouts
- Add rt-clean-shorteners CLI utility to clean up temporary shorteners
- Add Shorteners to serializer when running in clone mode
- Show customized operator/value inputs for searching custom fields in
user admin (similar to how Query Builder works) - Handle SetConfig changes in same way as text custom fields
- Dump GroupBy custom field items in saved charts using Name for
improved portability when using rt-dump-initialdata - Fix LDAP filter string debug output
- Add rt-clean-attributes to delete obsolete DeferredRecipients
attributes - Allow additional ticket relationship graph directions
- Support loading users via user custom fields
- Add new tables to reset-sequences utility
- Fix inconsistent normalized owner group member for merged tickets
in rt-validator - In vulnerable-passwords upgrade script, Page users to save memory
in case there are too many records - Dump GroupBy custom field items in saved charts using Name for portability
- Fix the partially quoted index name for MariaDB/MySQL
Developer
- Update .gitignore to ignore all of var/ to help protect developers
from accidentally checking in session data or RT databases in var/ - Add a warning as a hint to RT developers about WebSecureCookies
- Add a new "LabeledValue" component to provide a standard way to show a
value with a label attached to it - Add CustomRoleObj method for loading RT records by GroupType
- Abstract RT::Ticket::RoleAddresses so it can be used for assets too.
- Factor out a LookupType role from CustomFields so it supports custom
roles on assets and other record types - Add API for interacting with custom roles on assets
- Move ShowHistoryHeader title into parameter, allowing calling
components to set the title (thanks mzagrabe!) - Add RT::Action::ClearCustomFieldValues ScripAction to clear a custom
field - Disable jump to page form by default in CollectionList
- Use custom role names as keys for ticket endpoints in REST2, making
custom roles consistent with core roles - Recurse into t/ directory to run all tests
- Test empty keys in saved chart content
- Test custom role groups in ACL initialdata
- Test HTML custom field changes
- Test invalid queries on transaction search edit page
- Add tests for LoadOrCreateByEmail
- Make tests require $WebSecureCookies=0 since they don't use HTTPS
- Tests for loading users via UserCFs
- Test order indicator in search results header
- Test shredder for class/topic/article objects
- Test shredder for catalog/asset objects
- Test shredder for ObjectCustomRoles of queues
- Switch to Test::MockTime::HiRes in date api test
- Add case-sensitivity tests for Articles autocomplete
- Update tests for new added ValidationHint feature
- Update basic_auth.t test since logout will be always available
- Update tests for the keys change of CustomRoles in REST2
- Add tests for new article methods
- Test optimized ticket/transactions/asset searches
- Update tests for the default priority change when PriorityAsString is
enabled - Add tests for %PriorityAsString that does not have "0" mapped
- Update tests to account for URL shortener being enabled by default
- Add basic tests for search url shortener
- Add basic tests for shortener viewer
- Add tests for saved search shortener
- Update tests for EN datetime locale change to space
- Update txn ids in tests because of new added acl transactions
- Adjust tests to account for new brief descriptions of SetConfig
transactions - Use a bigger FcgidMaxRequestLen value for apache+fcgid tests
- Test textual and UTF-8 encoded "message/..." attachments
- New callbacks:
/Widgets/TitleBox Added ModifyContent to modify content presented by
a TitleBox widget
/Elements/ShowTransaction Added ModifyShowCFDiff to modify when
CustomField diff details show in ticket history
/Search/Elements/PickObjectCFS Added ModifyCFs, primarily to hide
custom field (such as transaction or queue custom fields) that
some users may be unfamiliar with - Modified callbacks:
ModifyLoginRedirect - moved to the end of Logout processing
BeforeActionList Added Actions parameter
/Search/Results.html - added calculated result count as parameter to
BeforeResults and AfterResults callbacks
EditCustomFields - Restored ModifyFieldClasses callback
Documentation
- Fix formatting in docs for $DateTimeFormat config examples
- Add docs about receiving email warnings from RT
- Document default Name setting in RT::User
- Update docs for showing article search in self-service
- Reference the assets menu right in the asset docs
- Document how OwnerEmail is used
- Correct documentation error for RT::Queue::IsWatcher
- Fix incorrect links in shredder's ticket docs
- Add build instructions for CKEditor 4
- Add docs for scheduling rt-clean-shorteners
- Document URL shortener in UPGRADING
- Document new process articles feature
- Fix broken link to RT_Config's External-storage section
- Provide examples for CanonicalizeEmailAddress match and replace
- Use HelpDesk as the plugin example in site config
- Corrected doc error - Custom Roles cannot apply globally
- Document the configuration needed to load JSON initialdata
- Render no-target header links more like normal text in shredder docs
- Fix broken Pod in rt-validator
- Fix typo in transaction-type argument in rt-crontool docs (thanks
Rob Lister!) - Fix 'pririty' typo in RT_Config.pm.in (thanks NReilingh!)
- Update rt-crontool documentation with multiple action example
- Fix "Reffered" typo in metadata doc (thanks NReilingh!)
- Fix 'followoing' typo in docs (thanks NReilingh!)
- Add upgrade note for $EmailDashboardInlineCSS option for dashboard
emails - Update Query Builder documentation with Dynamic Filtering and Sorting
- Update docs to remove references to UNIVERSAL::require
- Add docs for user-visible permalink features
- Document steps to generate initialdata changes file
Internals
- Treat RT::System-Role the same as other roles in ACL initialdata
- Use name for custom role groups in ACL
- Don't default Name to EmailAddress in LoadOrCreateByEmail
- Add SLA to args CreateTickets accepts
- Log recorded SQL statements, even without CurrentUser; allows
StatementLog to function when invoked in places where there may not
be a current user (such as the CLI) - Remove state criteria for invalid utf8 error warnings (MySQL and
MariaDB) - Rewind uploaded file after reading (thanks elacour!)
- Support arbitrary user names in .rt_sessions
- Port RT UI to use new LabeledValue component
- Bring Asset Search rendering back to the status-quo-ante
- Encode content for textual "message/..." attachments
- Set MasonLocalComponentRoot via RT->Config->Set so apache can see it
- Exempt some format strings from HTML::Gumbo structure check
- Do not check acl when auto-setting core date fields (thanks elacour!)
- Ignore disabled lifecycles when validating mappings
- Require LDAPImport after init, allowing overlays for RT::LDAPImport
- Wrap direct SQL in rights checks to SearchBuilder's SimpleQuery to
log SQL when StatementLog is enabled - Don't duplicate system object in EquivObjects on system rights check
- Allow RegisterLookupType to provide options besides just FriendlyName
- Clear old data when registering custom roles
- Relax requirements about role names to be unique for each lookup type
- Convert OR'd role group names in ticket ACL check to IN for better
performance - Skip existing catalog role groups on import
- Serialize OldValue/NewValue to user references in SetWatcher/SetOwner
transactions - Clear unneeded anchors and HTML comments
- Don't error if users4 index has been removed
- Pass multiple Order/OrderBy values as array references
- Pass datetime in UTC as LastUpdated is stored that way
- Convert to preferred constructor for Data::Page
- Clean up duplicated widget arguments
- Add ValidationHint column for CustomFields table
- Convert $cf->FriendlyPattern to use ValidationHint
- Respect env variable "RT_DATABASE_QUERY_TIMEOUT" on database connect
- Add JOIN criteria for transaction searches to improve performance
- Simplify setting the redirect URL on logout
- Add helper methods on Class for article display settings
- Add pass-through methods for class-level display flags
- Convert Preformatted template to use new article API
- Update /SelfService/Article/Display.html to new API
- Page users to save memory in case there are too many records
- Include referenced queues/catalogs only for active/inactive status
searches - Convert "OR" clauses in transactions/assets searches to "IN" for
better performance - Replace CSS::Inliner->require with RT::StaticUtil::RequireModule
- Combine search and count for search result pages (if possible) to
improve performance - Combine search and count for saved searches on dashboards (if
possible) for better performance - Abstract GetStylesheet for web
- Refactor code to build search filter metadata in Header instead
- Calculate search filter modal content's max-height accurately
- Fix limit parameter for shredder URL on search pages
- Switch to POST method for search chart and refresh forms
- Add missing Class/ObjectType params to refresh form on search results
page - Default query to "id > 0" like other chart elements for ChartTable
- Provide a way to update config immediately in tests
- Disable legacy Table settings for asset date custom fields
- Suppress uninitialized value warnings seen in config history
- Exclude empty keys from search fields for saved charts
- Convert ticket link graph generator to GraphViz2
- No need to sync attribute links in PostInflateFixup
- No need to create transactions in PostInflateFixup
- Fix typo in DefaultDashboard handling of PostInflateFixup
- Import dashboards/savedsearches/subscriptions/prefs/bookmarks for
merged users - Add method to load an object based on a custom field value
- Directly use passed in $Default as label if it is already string
- Do not set SavedSearchId to chart search id
- Add system CurrentUserCanSee to make transaction's CurrentUserCanSee
work - Provide a simple framework for showing user messages
- Fall back priority to the first value in %PriorityAsStringMapping
config - Use name for custom role groups in ACL
- Treat RT::System-Role the same as other roles in ACL initialdata
- Ignore disabled lifecycles when validating mappings
A complete changelog is available from git by running:
git log rt-5.0.3..rt-5.0.4
or visiting
rt-5.0.3...rt-5.0.4