Skip to content

Releases: bestpractical/rt

rt-3.8.16

27 Jun 01:49
Compare
Choose a tag to compare

I'm happy to announce that RT 3.8.16, the latest maintenance release, is
available for download.

http://download.bestpractical.com/pub/rt/release/rt-3.8.16.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.16.tar.gz.sig

SHA1 sums

9df5ed89d93d07d64ece8692cfb9e4a444ade01d  rt-3.8.16.tar.gz
9d71bc7b65638af15179d8e9def60f55b5329d7c  rt-3.8.16.tar.gz.sig

Recent support for partitioned GnuPG emails introduced a deadlock
situation for large QP/Base64 emails with GnuPG enabled. In addition,
this release resolves a number of issues running the test suite on newer
versions of perl.

git log rt-3.8.15..rt-3.8.16
or visit
rt-3.8.15...rt-3.8.16

rt-4.0.10

27 Jun 01:51
Compare
Choose a tag to compare

RT 4.0.10 is now available for download.

http://download.bestpractical.com/pub/rt/release/rt-4.0.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.10.tar.gz.sig

SHA1 sums

6ecb3f9ffd59df55d04fc7705e4017e8a420bac8  rt-4.0.10.tar.gz
7f84cad8c5aa0a3b8bd45e5b79ab6b247bfa3624  rt-4.0.10.tar.gz.sig

This release contains several bugfixes and a fix for a regression
introduced in 4.0.9. If you have a Queue configured so that users have
SeeQueue and CreateTicket but not ShowTicket (they can create tickets,
but won't be able to see them after creation) then any Custom Fields
assigned to that Queue and filled in during creation would be lost
during submission.

Bugfixes

  • CF values are no longer possibly lost during ticket creation; see
    above for a complete description
  • Updated localizations, including a new Slovak translation
  • Error titleboxes now render properly when they have collapse icons
  • Restore a missing tag on the mobile login
  • Allow non-uris in Link transactions
  • Bulk Update maintains the previous value of the "Told" box on page
    reload
  • Simple Search no triggers queue-searching behavior when passed a
    disabled Queue names
  • We now find localizations expressed as ( qw(a b c))
  • Only attempt to update Told if the correspond succeeded

git log rt-4.0.9..rt-4.0.10
or visiting
rt-4.0.9...rt-4.0.10

rt-4.0.9

27 Jun 01:55
Compare
Choose a tag to compare

I'm happy to announce that RT 4.0.9 is now available.

http://download.bestpractical.com/pub/rt/release/rt-4.0.9.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.9.tar.gz.sig

SHA1 sums

1adf162b2d73eb521b00f45e30ccea6fe193e604  rt-4.0.9.tar.gz
ac76d9199cbeda986f9cea590177a4047840fc37  rt-4.0.9.tar.gz.sig

This release contains a number of bugfixes since the 4.0.8 release.
It also contains the first set of embargoed security tests fixed by
patches released on 2012-05-22. These are the tests for
vulnerabilities fixed in RT 4.0.6 and RT 3.8.12.

This release also requires a newer HTML::RewriteAttributes.
You will be prompted to upgrade when upgrading RT or when manually
running 'make test-dependencies'.

If you have set a custom @jsfiles in RT_SiteConfig.pm, you will need to
amend this to include the new jquery.cookie.js file added to
RT_Config.pm. See UPGRADING-4.0 for more details.

Bugfixes

  • IE8/9 are encouraged never to use compatibility mode.
  • User autocompletes on Oracle now work.
  • Disabled personal groups hiding out from 3.8 are cleaned out.
  • When upgrading from 3.8 to 4.0 the article upgrade points to the
    correct upgrading documentation.
  • Restore the link to a Queue's History.
  • Stop manually deleting Custom Field Values in the REST API, use
    the standard RT API calls.
  • Avoid Devel::StackTrace 1.28 and 1.29 which are known to break RT.
  • Don't show the full login page to mobile clients.
  • Refresh your Localization preferences on each page load.
  • TicketSQL containing Queue = 'Nonexistant Queue' will not generate
    invalid SQL.
  • Fix an error deleting Custom Field Values on some installs.
  • Ensure that leading newlines on Templates are preserved, despite
    browsers stripping them.
  • Eliminate a potential deadlock on large emails when using GPG.
  • Handle emails in unknown charsets better.
  • Fix GPG Error templates that used reference passing.
  • Make Configuration written by the installer consistent and skip some
    keys.
  • Log better error messages and fewer warnings with parsing unparseable
    sender email addresses.
  • Add a missing table element to the Outgoing Mail element.
  • Allow 'requestors' on REST ticket creation because it was allowed in
    3.8 (earlier versions of 4.0 only allowed requestor as a key).
  • Fix loading of _Vendor and _Local files in plugins.
  • Remove menu/page overlapping that prevented clicking on some links.
  • Handle invalid/unindexable Full Text Search records in Pg better.
  • Allow users without the ExecuteCode right to create Simple templates.
  • Ensure that templates which use heredocs won't have mysterious
    failures.
  • Fix null and NULL to work interchangeably in TicketSQL.
  • No longer match on an english string on the Jumbo page. This would
    result in the Comment/Correspond textarea remaining populated if using
    RT in a non-english locale.
  • Remove even more old REST restrictions on Custom Field, Queue and
    other object names.
  • Avoid warnings when building the menu on pages with invalid Queues or
    other objects.
  • Saved Search descriptions can safely contain [] without running
    afoul of the localization infrastructure.
  • Allow setting a Queue's Lifecycle back to 'default'.
  • Stop using HTML::Mason's cache_self method. It caused some rendering
    bugs with GnuPG keys and won't be fixed by upstream.
  • Fix "RefersTo is NULL" and "Requestor is NULL" to work properly in
    TicketSQL (before we only checked for "IS NULL").
  • Instead of localizing "Owner Name" in the charting UI, instead
    localize the words separately.
  • When overriding $HomepageComponents or other reference config types in
    RT_SiteConfig.pm, the name would not render properly on
    Configuration.html.
  • Clean up session lockfiles because Apache::Session::File doesn't.
  • Improve Custom Field Upload rendering when multiple files have been
    uploaded.
  • Bust the cache used by the SelectQueue widget when a Queue's name
    changes.
  • Dates on the Bulk Update page such as Due, Told, etc are now rendered
    as DateTimes.

Features

  • The Rights Editor now keeps track of the user/group and tab selected
    when submitting and switching between states.
  • Allow bookmarking tickets from the mobile interface.
  • Warn less when your RT is behind a proxy.
  • New CheckMoreMSMailHeaders config option that tries harder to detect
    outlook and repair weird linespacing issues in text parts.
  • New callbacks to add more information to the Outgoing Mail elements.
  • When listing statuses for multiple Queues/Lifecycles, group statuses
    by Lifecycle (collapsing Lifecycles with identical Status lists). This
    provides a more navigable status list on pages such as the Bulk Update.
  • Improve performance of shrink_cgm_table.pl and
    shrink_transactions_table.pl by processing more rows at a time.
  • When updating fields that contain lots of text (such as templates)
    don't display the entire contents of the template.
  • Add Custom Field styling and a callback to easily add CFs in the mobile UI.
  • Search Results that display many Custom Fields across many ticket rows
    will now cache Custom Field objects and make fewer database queries.
  • Extensions that use ExtractTicketId can now cleanly alter the subject
    of the ticket.
  • New callbacks at the beginning and end of search results.
  • Record an X-RT-Interface header to track how a ticket was created.
  • Improve dashboard rendering in Outlook and Lotus Notes by scrubbing
    JavaScript and not including the print styles.
  • Update messages to include the user being affected rather than saying
    "Added principal" or "That principal".
  • Provide add_after and add_before convenience methods for extensions
    adding new menus to RT.
  • Display examples of the Date Format preferences in the user's timezone
    to make it clearer which formats are defined as UTC and which aren't.
  • Users changing their password can now hit enter and not submit the
    Auth Token Reset form.
  • When users move a ticket from Queue A to Queue B and no longer have
    the ability to see the ticket in Queue B, RT will still display a
    message confirming that the move happened.

Documentation

  • Lifecycle documentation separate from the RT_Config.pm docs.
  • Document how to use the Style Editor and how to add your own CSS.
  • Document basic approvals configuration.
  • Improve documentation and examples for CreateTickets action
  • Improvements to the Article setup/usage documentation.
  • Clean up extraneous quotes in our POD.
  • New documentation on recommended backup procedures.
  • Remove some erroneous documentation in the REST interface.
  • New documentation for the initialdata file format.

Development

  • Improve SQL logging on record creation and the autocompleter.
  • Improve the debugging mason errors to include a stack trace.
  • Ensure tests never run in the local locale (which can cause
    interesting failures).
  • Catch and error if we throw warnings in tests.
  • The rt-apache tool now accepts "." so you can easily run from a git
    checkout.
  • Enforce internal policies on the repository with 99-policy.t.
  • Inline test server now clears the callback cache between tests.

git log rt-4.0.8..rt-4.0.9
or visiting
rt-4.0.8...rt-4.0.9

rt-4.0.8

27 Jun 01:55
Compare
Choose a tag to compare

RT 4.0.8 contains important security fixes, in addition to bugfixes.

http://download.bestpractical.com/pub/rt/release/rt-4.0.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.8.tar.gz.sig

SHA1 sums

7be074e86929c69b4f17d10503646ff070f7fa3b  rt-4.0.8.tar.gz
7ee1ecf25a99472d0d75665ed577941cb94c64e7  rt-4.0.8.tar.gz.sig

This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2012-4730,
CVE-2012-4731, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735, and
CVE-2012-4884.

Bugfixes

  • Custom Fields BasedOn can be set from intialdata again.
  • Fix the 3.8.4 NotifyGroup upgrade script to properly join notification
    groups with a comma.
  • Correct the use of the 'approved' state from Lifecycles. It is now
    used only when all approvals are completed.
  • Use database-level row locking to ensure that scrips do not suffer
    from race conditions with scrips from other processes.
  • Remove multiple slashes so that page menus display and the active item
    is correctly highlighted.
  • Improve MaxAttachmentSize documentation.
  • Ensure that ticket links in the iCal feed are CSRF whitelisted.

Features

  • New alias validator sbin/rt-validate-aliases which helps keep RT and
    /etc/aliases in sync.
  • Add support for GPG mails in inline format (PGP partitioned encoding)
    that are also encoded for transfer with Base64 or quoted printable.
  • Add a BeforeLocalization callback to message headers.
  • If you have DBIx::SearchBuilder 1.62 or higher and are using full
    text indexing on Pg or Oracle, rt-fulltext-indexer uses a faster query
    to find unindexed attachments.

Developer

  • Add rt-apache for running a test instance of apache.
  • Add the rt-static-docs tool for generating HTML versions of our docs.

A complete changelog is available from git by running

git log rt-4.0.7..rt-4.0.8
or visiting
rt-4.0.7...rt-4.0.8

rt-3.8.15

27 Jun 01:49
Compare
Choose a tag to compare

This release of RT contains important security updates.
You can download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.15.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.15.tar.gz.sig

SHA1 sums

abb7b0d52cb9843e3154aeff2490211ddcdc59b8  rt-3.8.15.tar.gz
9401cdd429565b99dd45c99e20d5d36ac8d0fe4c  rt-3.8.15.tar.gz.sig

This release resolves a number of security vulnerabilities.
It resolves CVE-2012-4730, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735,
and CVE-2012-4884.

In addition to these security fixes, RT 3.8.15 contains support for
partitioned PGP messages.

rt-4.0.7

27 Jun 01:54
Compare
Choose a tag to compare

I'm happy to announce that RT 4.0.7 is now available.

http://download.bestpractical.com/pub/rt/release/rt-4.0.7.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.7.tar.gz.sig

SHA1 sums
4c6ba7c3311e0fc42bb99434e91d03318c24186f rt-4.0.7.tar.gz
e162aa17cacecc714ec744545c52c4ac7238c816 rt-4.0.7.tar.gz.sig

This release contains a number of bugfixes since the 4.0.6 release.
In particular, we have adjusted the CSRF warning for a few pages based
on user feedback.

This release bumps dependencies on Email::Address, FCGI and IPC::Run so
please make sure to run 'make testdeps' and if required
'make fixdeps' before upgrading. Running 'make upgrade' will also
check your installed versions for errors.

Security

  • Bump the FCGI dependency to one which closes CVE-2011-2766
    The 4.0 series did not specify a minimum FCGI version and it's
    possible that a vulnerable release of the perl FCGI module was
    installed when you set up an earlier release of 4.0.x

Features

  • Allow specification of your CSRF Whitelist Referrer using *.example.com
  • Allow searching for tickets associated with articles using a:42
  • Upgrade our Date/Time picker JS, allow unsetting of CFs
  • Improve display of circularly linked tickets
  • Optimize the large table changes between 3.2 and 3.4 for MySQL
  • Provide a better error if your CreateTickets template is malformed
  • Add the ExtractTicketId function to make customizing ticket id
    matching easier

Bugfixes

  • Don't trust emails that claim to be UTF-8, convert it to UTF-8 before storing
  • Fix a shredder bug when deleting a user and replacing it with another user
  • Remove CSRF restrictions on search results page
  • Ensure that TransactionBatch scrips always run in the RT::System
    context rather than having some sub-objects in the original user's
    context.
  • Better display of multipart/related mail
  • Remove some warnings when running under Perl 5.16
  • Better errors when viewing approvals without rights
  • Bring back rounded corners on FireFox >= 13 by using the standard
    border-radius property
  • $Users->LimitCustomField now ignores disabled ObjectCustomFieldValues
    properly (same for other non-ticket objects).
  • Versions of IPC::Run < 0.90 could truncate labels on charts that
    contain UTF-8 characters
  • Fix a rendering issue where certain emails would cause the history to
    render progressively more staggered to the right
  • Make owner:falcone and owner:[email protected] work
  • CF.{Foo} TicketSQL searches are now case insensitive on Pg and Oracle
  • Tickets with Unicode subjects created through the Web UI could end up
    being corrupted on reply because of other headers passed to MIME::Head
  • Ignore DECRYPTION_INFO from GnuPG 1.4.12
  • Record LastUpdated(By) on Scrips
  • Simple Search now handles Custom Fields with dashes
  • Remove another hardcoded use of 'resolved' in the mailgate unsafe actions
  • When deleting dashboards, also delete subscriptions
  • Fix rendering of links from bin/rt
  • Don't allow ticket creation if your REST form contains an unknown field
  • Skip users with empty email addresses in autocompletion
  • Loosen our detection of mobile browser to search for the word 'mobile'
  • Don't provide a charset on download of binary attachments
  • Fix UseSideBySideLayout to not be cached across users
  • Ensure that article searches are case insensitive
  • QueueSummaryByStatus now uses the improved code from QueueSummaryByLifecylcle

A complete changelog is available from git by running
git log rt-4.0.6..rt-4.0.7
or visiting
rt-4.0.6...rt-4.0.7
although they will not load all of the commits.

rt-3.8.14

27 Jun 01:49
Compare
Choose a tag to compare

I'm happy to announce that RT 3.8.14 is now available.

http://download.bestpractical.com/pub/rt/release/rt-3.8.14.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.14.tar.gz.sig

SHA1 sums

0ea5e7598e9bf75156629f6358192b6f62035f8a  rt-3.8.14.tar.gz
49d1cf9e280edd23e9c467c80adc48922eb959fb  rt-3.8.14.tar.gz.sig

This release contains two fixes related to the 3.8.12 security release.

Access to search results URLs is now CSRF whitelisted, based on user feedback.
An error in rt-email-dashboards has been corrected.

A complete changelog is available from git by running:
git log rt-3.8.13..rt-3.8.14
or on github with
rt-3.8.13...rt-3.8.14

rt-3.8.13

27 Jun 01:48
Compare
Choose a tag to compare

I'm happy to announce that RT 3.8.13 is now available.

http://download.bestpractical.com/pub/rt/release/rt-3.8.13.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.13.tar.gz.sig

SHA1 sums

adc7dab25a6454e47a9386f7d7aa8091b4ef46ca  rt-3.8.13.tar.gz
199c36836d777115f7bd49cb27fec4e4410fd5dd  rt-3.8.13.tar.gz.sig

This release contains an important bugfix over the 3.8.12 security
release:

  • Fix sending email with the 'perl-script' mod_perl handler, by
    ensuring that STDIN was always on FD 0 before calling IPC::Open2.
    This failure showed as either SIGPIPE or abnormal exit codes when
    running sendmail.
  • Fix for "Undefined value assigned to typeglob" and "Bad file
    descriptor: core_output_filter" errors caused by the above change, by
    ensuring that both FD 0 and FD 1 are prevented from being claimed by
    Apache. This error only arose with the perfork MPM and mod_perl <=
    2.0.4.

A complete changelog is available from git by running:
git log rt-3.8.12..rt-3.8.13

rt-4.0.6

27 Jun 01:54
Compare
Choose a tag to compare

RT 4.0.6 contains important security fixes, in addition to bugfixes.

http://download.bestpractical.com/pub/rt/release/rt-4.0.6.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.6.tar.gz.sig

SHA1 sums

f5c0dd16da21f0af8e9c093057aa58cbab08d06b  rt-4.0.6.tar.gz
1f862bbb1b335cd036d1c32c10d80f26e4ce99a1  rt-4.0.6.tar.gz.sig

This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.

  • Remove CSS3PIE, which simply added rounded corners on IE7 and IE8, as
    it was causing numerous crashes of IE.
  • Show the current status in the status dropdown during ticket update,
    to allow forced setting of the status. This functionality was
    available in RT 3.8, and is now being reinstated.
  • Use SearchBuilder queue limits to restrict what statuses and owners
    are displayed in drop-downs.
  • Make "New Ticket" a top-level SelfService menu item.
  • Display Lifecycle column correctly in queue admin lists.
  • Allow >64k attributes on MySQL; this is particularly useful for
    logos uploaded via the theming editor.
  • Remove two dependencies from the RT mailgate.
  • Adding new arbitrary links to tickets now works as expected in the
    REST interface.
  • Subject: lines in Forward Ticket templates are now respected.
  • Sort ticket link numbers numerically, not alphabetically.
  • Ticket reminders are no longer copied when creating a linked ticket;
    article and http:// links now are, however.
  • Use relative links (with no hostname) more consistently.
  • Correctly deal with non-ASCII attachment filenames which make use of
    MIME parameter value continuations.
  • Find queue-level CFs first in REST interface when there are
    duplicates by name.
  • Fix graphing of searches which reference Updated and other
    transaction-based limits.
  • Reminder statuses on open and resolve are now configurable
    per-lifecycle.
  • Fix quoting of CF names containing dashes and the like in the
    SearchBuilder.
  • Bump URI dependency to ensure utf8 URLs are correclty generated in
    Dashboard emails.
  • Permit and language attributes when scrubbing HTML.

A complete changelog is available from git by running:
git log rt-4.0.5..rt-4.0.6

rt-3.8.12

27 Jun 01:25
Compare
Choose a tag to compare

This release of RT contains important bugfixes and security updates.
You can download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.12.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.12.tar.gz.sig

SHA1 sums

aa657de2fd687c51f31216df6dc1f639a0bc1f7c  rt-3.8.12.tar.gz
1da5db780c40455ceeb9a6099364f2bb977271a6  rt-3.8.12.tar.gz.sig

This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.

  • Upgrade prototype.js to version 1.7, for compatibility with google
    charts.
  • Remove ie7.js, which is no longer used.
  • Ensure that TransactionBatch scripts are only run once.

A complete changelog is available from git by running:
git log rt-3.8.11..rt-3.8.12