Releases: bestpractical/rt
rt-4.0.5
I'm happy to announce that RT 4.0.5 is now available for testing.
http://download.bestpractical.com/pub/rt/release/rt-4.0.5.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.5.tar.gz.sig
SHA1 sums
59697fbfa3876d1950499796a429622941272edf rt-4.0.5.tar.gz
a9040dfb1ae59f872727564709186fbdecaffe1c rt-4.0.5.tar.gz.sig
This release contains a number of bugfixes and small improvements since
the 4.0.4 release; a few of the more notable ones include:
- Greatly improved print CSS
- New Config option - HideResolveActionsWithDependencies removes
actions such as Resolve from the action menu on tickets with
outstanding dependencies - New Config option - AutocompleteOwnersForSearch allows admins to force
an Owner autocompleter in the Query Builder - New Config option - NoTicketInterfaceForApprovals redirects users to
the Approvals interface if they visit an Approval ticket in the
regular RT UI - Improved Simple Search documentation and new 'any' keyword for any
status - Improved case insensitivity in the User and Custom Field Autocompleters
- new --enable-ssl-mailgate configure option and rt-mailgate options
to assist with setting rt-mailgate up to talk to your ssl enabled
RT server - More improvements to email quote detection to handle Outlook quoting
- The CreateTickets action now supports adding Groups as Watchers
- httpurl_overwrite no longer inserts spaces into your URLs
- Added NBSP as a search column in the Query Builder
- Maintain Approved/Denied state in the radio button on past Approvals
- Fixes for Bookmarked ticket searches
- Bugfixes for OverrideOutgoingMailFrom and sending bounces
- More consistent ordering of Articles
- Improvements to menu internals, including fixes for Search collections
and localization of key names - Preserve Content-Disposition when redistributing mail
- Improved PGP handling for .asc attachments with misleading content-types
- By default, RT's session cookie will not be available to javascript
- Allow Charts to be grouped by Told.
- Test and localization cleanups.
A complete changelog is available from git by running git log rt-4.0.4..rt-4.0.5
rt-4.0.4
RT 4.0.3 contained a serious bug wherein upgrades from any version of
RT 3 to RT 4.0.3 broke template interpolation; please do not use it. If
you had previously upgraded from RT 3 to RT 4.0.0, 4.0.1, or 4.0.2,
before upgrading to RT 4.0.3, you are not affected by this bug.
If you are currently running RT 4.0.3 and are affected by this issue,
upgrading to RT 4.0.4 will resolve it.
http://download.bestpractical.com/pub/rt/release/rt-4.0.4.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.4.tar.gz.sig
SHA1 sums
4a998b518a181fb36d380cbd762610478027c655 rt-4.0.4.tar.gz
d80fcd7e722a7f36892b1ca53673b34972363c2c rt-4.0.4.tar.gz.sig
rt-4.0.3
I'm happy to announce that RT 4.0.3 is now available.
http://download.bestpractical.com/pub/rt/release/rt-4.0.3.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.3.tar.gz.sig
SHA1 sums
3719237973df81f7e1b0a31f034b03ed1cc8f98e rt-4.0.3.tar.gz
adae5494fa99bdc83073e0cb394c6a5630a37ca9 rt-4.0.3.tar.gz.sig
This release contains a number of bugfixes and small improvements since
the 4.0.2 release; a few of the more notable ones include:
- Due to a change in RT 3.8.9, which also affected RT 4.0.0 and higher,
TransactionBatch scrips were run twice; this has now been fixed. - A new toggle has been added to expand all quote folding in a ticket's
transaction history. - New "On Forward", "On Forward Transaction" and "On Forward Ticket"
conditions have been added. - Ticket searches no longer forget which saved search they were loaded
from when being updated. - A new "make jsmin" target has been added to aid in downloading,
compiling, and installing jsmin. - Improved threading for automatically generated emails concerning a
ticket. - Improved detection of Outlook-style message fowarding headers.
- No longer error when a user has supplied a non-existant RT style;
instead, fall back to the default. This is particularly relevant for
users coming RT 3.8 with the 3.6 stylesheet applied, which no longer
exists in 4.0. - Improved handling of files named "0", and Unicode filenames, in file
uploads. - Tickets can no longer be linked to deleted tickets.
- Restore missing menus on simple search result pages.
- Fix support for perl 5.12 and later by removing a deprecated use of
"defined %hash".
A complete changelog is available from git by running git log rt-4.0.2..rt-4.0.3
rt-3.8.11
I'm happy to announce that RT 3.8.11 is now available.
http://download.bestpractical.com/pub/rt/release/rt-3.8.11.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.11.tar.gz.sig
SHA1 sums
96fe9babdca88224d6c8f2352f08bd62d613770d rt-3.8.11.tar.gz
ac1c9c712842c3a9aeb17357007e73aae4a21d1c rt-3.8.11.tar.gz.sig
This release contains a number of bugfixes and minor security updates
since the 3.8.10 release, most notably:
- Adjust FCGI dependency to one which resolves FCGI's CVE-2011-2766
- New WebHttpOnlyCookies option, enabled by default, which hides RT's
cookie from direct Javascript access. - Compatibility with perl 5.12 and 5.14, by removing deprecated "for
qw(...)" and "defined %hash" syntax. - MySQL 5.5 compatibility, by specifying ENGINE=InnoDB rather than
TYPE=InnoDB - Ensure that RT::Interface::Web's _Overlay, _Local, and _Vendor files
are loaded correctly. - Fix session cleaner for on-disk sessions, broken since 3.8.0.
- Ensure that only one "Based on" attribute is stored for each custom
field. - Fix the loading of Shredder plugins, broken in 3.8.10.
A complete changelog is available from git by running git log rt-3.8.10..rt-3.8.11
rt-4.0.2
I'm happy to announce that RT 4.0.2 is now available.
http://download.bestpractical.com/pub/rt/release/rt-4.0.2.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.2.tar.gz.sig
SHA1 sums
224892197ea64598ab9d5ee7dab90fa5723ddc05 rt-4.0.2.tar.gz
e64614c2092c9ec0968b307417c937ee0d01624c rt-4.0.2.tar.gz.sig
Continuing with our goal of faster release cycles and smaller changes
between releases in a stable series, this release primarily contains
fixes for a number of minor bugs. It also includes documentation
updates and removal of an inefficient javascript minification option.
Notable changes include:
- Ability to reference global CFs by Name in RT::Action::CreateTickets
- Installation of the docs/ directory into /opt/rt4/docs
- Removal of the incomplete --binary flag option for the full-text
search indexer - Fixes for a regression that caused group dashboards to vanish after
creation and not appear in the list of dashboards - Rewritten forward functionality to generate mail that better
represents the original messages received by RT - Removal of the pure Perl Javascript::Minifier module which slowed down
the first request to new webserver children. jsmin or another
external minifier is now required to minify RT's javascript. Refer to
the section about $JSMinPath inperldoc /opt/rt4/etc/RT_Config.pm
for how to configure jsmin.
A complete changelog is available from git by running git log rt-4.0.1..rt-4.0.2 on the stable (4.0-trunk) branch.
rt-4.0.1
I'm happy to announce that RT 4.0.1 is now available.
http://download.bestpractical.com/pub/rt/release/rt-4.0.1.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.1.tar.gz.sig
SHA1 sums
d53bef5fbf9d4ed4536e626eed0b79a502d643a9 rt-4.0.1.tar.gz
130bc0eeb49a951bd34ab4451980875fbfb21808 rt-4.0.1.tar.gz.sig
This release is a bugfix release. It contains a number of notable fixes
identified since the 4.0.0 release:
- Fixes for MySQL+Sphinx and native PostgreSQL full text search, and
improved documentation. - Javascript to forbid running RT in a frame, to prevent clickjacking
attacks. - Better detection and hinting of common web path misconfigurations.
- Minified javascript with an external jsmin now works in fastcgi and
mod_perl deployments. This requires that mod_perl deployments switch
to 'SetHandler modperl'; see docs/web_deployment.pod . - Javascript fixes for IE8 in the admin UI.
- Multiple warning fixes during the upgrade process.
- Removed previously missed rights related to right delegation.
You will also find a new tarball, rt-4.0.1-third-party-source.tar.gz
This contains the uncompiled source of any code that we ship (such as
the minified source of jQuery).
rt-4.0.0
Today we're releasing RT 4.0.0. This release represents over a year
of hard work and more than 2000 commits. With a new major version
number, we took this opportunity to tidy up some of the older bits of RT
and allow us to grow features through the RT 4 series. We hope you'll
find it a worthy successor to RT 3.
Many, but not all, of our new features are the result of work done for
clients. Enhanced full-text search, the integration of RTFM as
Articles, refreshed ticket create and update pages, better control of
ticket notifications, Lifecycles, and quote-folding of emails in ticket
display all began life as extensions we built for clients.
We've also heard your requests in the form of feature requests, bug
reports and patches and they've driven our new theme for RT 4, a new
logo and theme editor, new custom field types and display options, the
mobile UI and reorganized and revised documentation. As a result of
your feedback, we also fixed hundreds of bugs and improved performance.
With so many changes by 16 authors over the course of a year, it would
be hard to summarize everything we added, fixed or improved. Over the
next few weeks, we'll be posting a series of articles on what's new in
RT 4.0 to http://blog.bestpractical.com. A list of new features in RT
4.0 is also available at http://bestpractical.com/rt/whats-new-in-4.html.
If you'd like to explore all of the changes we've made in the run up to
4.0.0, visit https://github.com/bestpractical/rt/
Download
http://download.bestpractical.com/pub/rt/release/rt-4.0.0.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.0.tar.gz.sig
SHA1 Sums
b2cf8d2ceb8bf97e5eeb08cb7d05760ca148df9f rt-4.0.0.tar.gz
5a6b04bf9bb6437b74138bc6ad7eabae39d36e6d rt-4.0.0.tar.gz.sig
We've done our best to ensure that upgrading from RT 3 to RT 4.0 will
be as smooth as possible for you. If you have questions as you upgrade,
please don't hesitate to write to [email protected] for
community support. If you'd rather have professional support from the
folks who built RT, drop us a line at [email protected].
We've talked our sales team into including free basic upgrades from RT 3
to RT 4 if you sign up for a new RT 4 support contract within the next
two months. The new RT 4 support contracts are less expensive and come
with lots of great new features. http://bestpractical.com/services/support.html
rt-3.8.10
This release of RT contains important bugfixes. You can download it
from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz.sig
SHA1 sums
98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7 rt-3.8.10.tar.gz
8e228df450d0cdc255e3db725b5bdf302771c75d rt-3.8.10.tar.gz.sig
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-1685,
CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and
CVE-2011-1690.
- Cleanups identified by perlcritic.
- Clear the system attribute cache to avoid 'sticky' attributes like
the queue subject tag. - Fix our signature escaping so we better match FCKEditor and don't
misidentify signatures during processing. - Add the ability to create BasedOn Custom Fields from intiialdata
- Provide a callback to affect the display format in admin pages
- Fix id prefixing on Custom Fields to be RTIR compatible
- Fix #16656 - Requestors with OwnTicket could show up in the owner list
in other Queues. - Don't attach the original multipart mail to notifications that already
contain one part of it. - Work around CGI.pm 3.51 and 3.52 which add ; charse=ISO-8859-1 to our
utf-8 encoded javascript.
rt-3.6.11
This is a security release of RT. It resolves CVE-2011-1686,
CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and CVE-2011-1690.
You can download it here:
http://download.bestpractical.com/pub/rt/release/rt-3.6.11.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.11.tar.gz.sig
SHA1 sums
5cd0143cae8f1400e8c82370f2626f9989b02673 rt-3.6.11.tar.gz
126daf79864c1a48ee743b43ff70c5cb4dda5141 rt-3.6.11.tar.gz.sig
rt-3.8.9
We are happy to announce that RT 3.8.9 is now available. You can
download it from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.9.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.9.tar.gz.sig
This release of RT contains 9 months of small improvements and bug fixes. It
includes a fix for the security issue announced here:
http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html
If you have previously installed RT-Extension-SaltedPasswords, it will
automatically disable itself after the upgrade. You may then safely
remove it from @Plugins.
Important upgrade notes:
In addition to the normal /opt/rt3/sbin/rt-setup-database upgrade step,
there are a few standalone upgrade scripts you should run. You can find
full details in the "UPGRADING" file in the distribution. Please review
'UPGRADING FROM 3.8.8 and earlier' and ensure you follow each of the
steps.
A list of changes is below.
-kevin
SHA1 sums
4dc78880220ccc8bf7b49b2c4efca0eeb3372133 rt-3.8.9.tar.gz
95dc126acaba7b5069f83bf042c31e6857e7397f rt-3.8.9.tar.gz.sig
SECURITY
- Move to a SHA-256 based password hashing scheme
- Redirect users to their desired pages after login.
This prevents possible back button attacks after a user logs out. - Clone Scrip's TicketObj since we change the CurrentUser and it can leak
information (Custom field values, etc)
INSTALLATION
- Fixes to the RH Layout in config.layout
ACCESS CONTROL
- New AdminCustomFieldValues right that allows user to add/remove CF values, but not edit the CF
CONFIGURATION
- Add ResolveDefaultUpdateType to choose between Comment or Correspond on Resolve
- When using Set($MailCommand, 'testfile') log all mail to the same tmpfile
- Add a callback to allow extensions to redirect a user to an external auth logout URL using RT's logout button. This ensures that the user's RT session is cleared
- Add SuppressAutoOpenOnUpdate preference
DOCUMENTATION
- Clean up README
- Update UPGRADING.mysql documentation for users of older mysql
- Flag that "Let this user be granted rights" means "Privileged"
- Fix rt-crontool examples to use a real Condition
- Undocument SenderMustExistInExternalDatabase since the code was never merged
- Better document SetOutgoingMailFrom
- Better document shrink_cgm_table.pl
DATABASE
- Add support for Postgres 9
- No longer record transactions for ACL Equivalence Groups
- Don't delete all RT MySQL ACLs before invoke GRANT
- Quote database name for GRANT on MySQL
- Insert extensions' schema and acl files as the DBA
- Fix searches for empty Attachments on Oracle
- Better handling of mail generated by Outlook
- When RT's SendmailCommand fails, record it in ticket history
- New GPG tests and bugfixes for corner cases
- use EmailOutputEncoding for Content-Type.charset
- Handle failures in MIME Encoding better
- Small bugfixes for text/html templates
- Fix MIME decoding on ticket subjects
- Remove stray colons and whitespace in the default Admin Comment template
USER INTERFACE
- Fix an infinite loop when using the 3.4-compat theme
- Fixes to CollectionList sorting
- css positioning tweaks for page menus
- Fixes for Bulk Update when users click 'Add More Files'
- Skip all watchers when offering to add CCs as Watchers
- Fix ahah.js to handle more than one CF 'Include page' link
- Ensure that Nobody is always at the front of the Select Owner list
- Link Basics in SelfService to the Update page
- Fix toggling js to only run once
- Ensure signatures are included in Jumbo edits
- Better identify (in the UI) a misconfigured GPG setup
- GPG key management UI updates
- Add classes/ids to the Custom Field Editing pages
- CSS Fixes for preferences widgets
- Fix truncated top values on Charts
- Wording and layout changes for the 'update password' widget
- Ensure that we keep Anchor tags on redirects
- Fix loading a new search on the Chart/Graph pages
- Change Attachment size label from Bytes to Megabytes
- Respect timezones in timestamps in /Approvals/
- Charset fixes for Ticket Attachment downloads
- Bar graph fixes for large numbers of bars
- Allow a callback on QuickCreate to pass a default Status
- Fix Approvals to make one search for approval tickets that distincts and orders them
- Link from Group Membership lists to User admin pages
- New callbacks (autohandler, default queue, aborting ticket updates, after requestor on create)
- Fix non-local local links and add t: syntax
- Editing Transaction custom fields now shows errors inline
- Use the ShowUser element more consistently across the UI
TOOLS
- Improvements to extract-message-catalog (translation tool)
- Let shrink_cgm_table and shrink_transactions display "percent complete"
- Added a simple script to naively generate a RTAddressRegexp
- Install rt-attributes-viewer originally shipped with 3.8.8
- bin/rt now searches for global configs in LOCAL_ETC_PATH also
OTHER BUG FIXES
- No longer refuse to start if you upgraded from a version of RT that allowed you to have invalid Scrips
- Handle broken Reminders links when users change their Organization
- Trim whitespace from CustomFieldValues consistently
- RFC2616 dates are always in UTC
- Scrips can no longer have an empty Condition, Action or Template
- make multi-value REST fields separated with commas ignore spaces
- Localize ENV changes under mod_perl
- Don't page group memberships for a User
- Skip disabled Queues when a Simple Search term matches a Queue Name
- Add TransactionObj to CreateTickets templates to match the docs
- Fix the use of Tickets_Local.pm in rt-email-dashboards and rt-crontool
- Escape more characters in graphviz output
- Fix message when you fail to delete a saved search to tell you Permission Denied
- Include Rules with Scrips when previewing recipients
- Ensure that distribution upgrades that break Scalar::Util show up in apache logs
- Fix warnings on empty Collection List headers
- Log errors from safe_run_child
- Refuse to run if webmux.pl and RT.pm are mismatched
- Actually log the error that caused "Can't load a principal for id #"
- Switch to using $Approver->Name in templates since an AdminCc can approve
- Allow fastcgi_server to specify a port
- Guard against SavedSearches with no content
- Ensure our output is always flagged as utf-8
- Allow queries like "Priority > -2"
- Fixes to Private/Public key methods
- Return 'set private key' from SetPrivateKey, not 'unset private key'
- Protect STDOUT under mod_perl - among other things, this fixes Scrips that use system()
- Fix forwarding of messages without a top level textual part