5.0.6

RTIR 5.0.6 - 2024-05-06

RTIR 5.0.6 is now available for general use. The list of changes
included with this release is below. When upgrading RTIR, you should
also upgrade RT to version 5.0.6 for compatibility with this release and
to get new features and fixes in RT.

Note that there was no RTIR 5.0.5 public release.

https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.6.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.6.tar.gz.asc

SHA-256 sums

95810631c7f9dde58744d3bd9e9a8c9602b48d64d3c763032e6c4f7ac16b4848 RT-IR-5.0.6.tar.gz
ad6380624307a853e9b5cc37df08ba32f5c5d15235d74dc8d18ac17a5c28bf3a RT-IR-5.0.6.tar.gz.asc

Strict Browser Cache Configuration Option

CVE-2024-3262 describes previously viewed pages being stored in the
browser cache, which is the typical default behavior of most browsers to
enable the "back" button. Someone who gains access to a host computer could
potentially view ticket data using the back button, even after logging out
of RT. The CVE specifically references RT version 4.4.1, but this behavior
is present in most browsers viewing all versions of RT before 5.0.6.

RT 5.0.6 adds a new configuration option, $WebStrictBrowserCache, which
instructs the browser not to cache page content from RT. If you run RT,
including RTIR, with highly sensitive ticket data, you can enable this new
option to prevent browser caching. The default is still disabled, to
allow for normal browser functionality, so you need to enable this option
to run with the new feature.

This new option is implemented in RT 5.0.6, so you need to upgrade RT to
use the feature. As noted above, it's always recommended to upgrade both
RT and RTIR to keep them on compatible versions.

General Updates and Fixes

• Support to show assets on create/display
• Migrate CVE API of NVD to version 2.0
• Selectize user email inputs on create pages
• Document WebStrictBrowserCache in RTIR config

Internals

• Implement incident with simultaneous investigation creation test
• Build from new RT 5.0.4 image
• Disable buildkit to continue using the local network feature
• Update tests to remove the extra space from generated SQL
• Update testing docker image to Debian bullseye

A complete changelog is available from git by running:
git log 5.0.4..5.0.6
or visiting
5.0.4...5.0.6

5.0.4

RTIR 5.0.4 - 2023-05-04

RTIR 5.0.4 is now available for general use. The list of changes
included with this release is below. When upgrading RTIR, you
should also upgrade RT to version 5.0.4 for compatibility with
this release and to get all updates in RT.

May the Fourth be with you!

https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.4.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.4.tar.gz.asc

SHA-256 sums

a00fd1a723d8a7b67d66227168dfac3958d8f805134ff540532276fbb25a496d RT-IR-5.0.4.tar.gz
dea6c11cedc49a97db8381338880506150408971dafc122a6bceb6aa40511c7d RT-IR-5.0.4.tar.gz.asc

General Updates and Fixes

• Set "How Reported" CF from CurrentInterface
• Create How Reported with valid values of CurrentInterface
• Adjust gnupg widget on reply incident page
• Add Process Articles for Classification
• Update upgrading instructions with Process Articles information
• Update RTIR Admin Tutorial with Process Articles information
• Add 'SeeCustomField' right to DutyTeam on Templates Articles class
• Note the right change for the Templates class
• Use consistent space among input rows for ticket forms
• Document the changes to RTIR_SetHowReported in UPGRADING
• Move "Templates" class creation from @Final to @classes
• End WHOIS commands with CRLF to avoid timeouts for whois searches
• Improve External Feeds message when no content found

Internals

• Use RTs perl from the base docker image
• Install dependencies with cpm
• Split build and test in github actions
• Test MariaDB current long term support version
• Test against a supported Postgresql version
• Run with 5 parallel processes like the core RT tests

A complete changelog is available from git by running:
git log 5.0.3..5.0.4
or visiting
5.0.3...5.0.4

5.0.3

RTIR 5.0.3 - 2022-07-13

RTIR 5.0.3 is now available for general use. The list of changes
included with this release is below. In addition to the new features
and bug fixes listed below, this release contains security fixes.
When upgrading RTIR, you should also upgrade RT to version 5.0.3 for
compatibility with this release and to get security updates in RT.

Note that there was no RTIR 5.0.2 public release.

https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.3.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.3.tar.gz.asc

SHA-256 sums

3f59e713cb439f33b3abbcc18226ee6ab9f782a3607317e0529e72dbe443f89f RT-IR-5.0.3.tar.gz
9b6b0610492443fb0f0abb7d945276e4fe6b1eceab43e240757a11ba162c3741 RT-IR-5.0.3.tar.gz.asc

Security

The following security issues are fixed in this release. Thanks to the
Polish Financial Supervision Authority IT Security Department (UKNF)
for reporting these issues.

• RTIR's Whois lookup tool is vulnerable to server-side request forgery (SSRF).
  It accepts queries in a way that could allow sending requests from the RTIR
  server to a resource other than the intended whois server. Because the request
  comes from the RTIR server, this could allow access to otherwise protected
  resources. This vulnerability is assigned CVE-2022-25800.

• RTIR's Scripted Action tools is vulnerable to server-side request forgery
  (SSRF) similar to the one described above. This vulnerability is assigned
  CVE-2022-25801.

General Updates and Fixes

• Migrate RTIR homepage to dashboard
• Update ticket search value quoting to align with new RT search options
• Support to hide unset fields on display pages
• Remove the yellow border in warning message box
• Add UPGRADING note about the change to dashboard RTIR homepage
• Support to configure RTIR homepage globally
• Add UPGRADING note about the global "RTIR at a glance" configuration page
• Add tooltip to select incident text input if it's below the label
• Skip default "Content" custom field when inserting articles from "Templates"
• Replace discontinued Security Focus feed with Full Disclosure
• Document deselecting the Content CF
• Extract IP from more attachments if main content doesn't have any.
• Allow users to comment on Incidents when resolving
• Add the missing "?" delimiter for "New ..." menu links on FromIncident page
• Add Custom Field "CVE ID" to keep track of CVE
• Add CVE widget to show info from nvd.nist.gov
• Extract CVE IDs from content
• Add upgrading notes for CVE ID
• Add ticket id info to "Back to ..." search page menus
• Migrate plain checkboxes to bootstrap's custom-checkbox for consistency
• Make ticket updates atomic on edit page
• Document atomic change in Upgrading doc
• Update TimeWorked for incident only on incident reply/resolve pages
• Document changes to message and time processing

Internals

• Add maps from default to/from RTIR lifecycles
• Update tests for the migration of Homepage => dashboard
• Add callbacks to the feed listing and display pages
• Add necessary callbacks for MandatoryOnTransition
• Load queue object in GetRTIRDefaultQueue to make sure it's valid and visible
• Add tests for default RTIR queue rights check
• Add EndOfBasics callback to ticket display pages
• Test IP extraction from more attachments
• Test CVE ID extraction
• Call ProcessUpdateMessage first to update TimeWorked on incident display page

A complete changelog is available from git by running:
git log 5.0.1..5.0.3
or visiting
5.0.1...5.0.3

4.0.3

RTIR 4.0.3 - 2022-07-13

RTIR 4.0.3 is now available, primarily providing bug fixes. The list of
changes included with this release is below. In addition to the
bug fixes listed below, this release contains security fixes.
When upgrading RTIR, you should also upgrade RT to version 4.4.6 for
compatibility with this release and to get security updates in RT.

https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.3.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.3.tar.gz.asc

SHA-256 sums

2c6a57ff0da877f40b81d7d24c27609d350251ecfa97534e6657349a14bf10aa RT-IR-4.0.3.tar.gz
a9ed2484fe64ab3e12380e055659b7bdb9c743619e5d2d77883b5709c8ccd944 RT-IR-4.0.3.tar.gz.asc

Security

The following security issues are fixed in this release. Thanks to the
Polish Financial Supervision Authority IT Security Department (UKNF)
for reporting these issues.

• RTIR's Whois lookup tool is vulnerable to server-side request forgery (SSRF).
  It accepts queries in a way that could allow sending requests from the RTIR
  server to a resource other than the intended whois server. Because the request
  comes from the RTIR server, this could allow access to otherwise protected
  resources. This vulnerability is assigned CVE-2022-25800.

• RTIR's Scripted Action tools is vulnerable to server-side request forgery
  (SSRF) similar to the one described above. This vulnerability is assigned
  CVE-2022-25801.

General Updates and Fixes

• Fix squelching functionality on update page
• Remove unavailable TrustedSource.org from $RTIRIframeResearchToolConfig

A complete changelog is available from git by running:
git log 4.0.2..4.0.3
or visiting
4.0.2...4.0.3

4.0.2

RTIR 4.0.2 - 2021-09-14

RTIR 4.0.2 is now available, primarily providing updates for compatibility
with RT 4.4.5. The list of changes included with this release is below.
If you upgrade RT to 4.4.5 on your RTIR instance, you also need to update
to RTIR 4.0.2.

https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.2.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.2.tar.gz.asc

SHA-256 sums

f5c5575e4f54dba5c6ffff89f2d0a4f198f150652763f25168ecd93e026ec608 RT-IR-4.0.2.tar.gz
2a4ad7222fa73ac93a32bcd83f2b7a39d0892ae9c89ae954a0fd974cdc13278c RT-IR-4.0.2.tar.gz.asc

Changes

• Update ticket search value quoting for compatibility with RT 4.4.5
• Allow more whitespace when matching has_watchers anchor tags to
• Remove the bfk_dnslogger tool because it has been discontinued due to GDPR.

A complete changelog is available from git by running:
git log 4.0.1..4.0.2
or visiting
4.0.1...4.0.2

5.0.1

RTIR 5.0.1 - 2021-01-29

RTIR 5.0.1 is now available for general use. The list of changes
included with this release is below.

https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.1.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.1.tar.gz.asc

SHA-256 sums

704e3c8c3f06492dd9f5b7003c6f8e9062b4556da58cb752ae3d1f37183715ed RT-IR-5.0.1.tar.gz
35e8342650b7ee842a32ec67234fac8dddead8e34c2f66c58f1a2bbd67372109 RT-IR-5.0.1.tar.gz.asc

General Updates and Fixes

• Add inline edit functionality to custom RTIR ticket pages
• Pass Requestors through queue selection modal if provided
• Handle emails with +tags in 'Investigate to' MakeClicky links
• Disable IncludeWebPath flag on ExteneralFeeds link generation
• Include full web path for RTIR page edit cog
• Move file attachment box below message box for consistency with RT
• For clarity, convert Incident report Take/Steal button from icon to text
• Don't override default empty messages if it's not RTIR queue
• Remove countermeasure queues from %LinkedQueuePortlets when disabled
• Customize search "Show Results" menu text for action pages to avoid confusion
• Fix Query used for "Edit Search" menu on merge pages
• Add ARG for /RTIR/Elements/ShowIncidents to add classes when in a form

A complete changelog is available from git by running:
git log 5.0.0..5.0.1
or visiting
5.0.0...5.0.1

5.0.0

RTIR 5.0.0 - 2020-07-17

We're pleased to announce the general availability of RTIR 5.0.0. This
release introduces a major update of the web UI, following the RT
update to the popular open source Bootstrap front-end toolkit. This
brings to RTIR (and RT) a modern, responsive layout, keeping all of
the familiar features of RTIR. Details on this and other changes and
new features are below.

You can get the new version here:

https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.0.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.0.tar.gz.asc

SHA-256 sums

1230c6b689435bff5798431f740830aadedb98626a72bf51210dc648a0a675d4 RT-IR-5.0.0.tar.gz
72fbb7fc2534243890cc95a2f41dfc85e9d755649ac23735b369feab109b9be1 RT-IR-5.0.0.tar.gz.asc

As with previous versions of RTIR, it's import to install with a matching
version of RT. The RTIR 5.0 series is compatible with the RT 5.0 series.
If you have used past versions of RTIR, you'll know that in the past the
version numbers were independent, which could lead to some confusion. With
this new release, the major series version numbers between RTIR and RT are
the same and we hope this makes it easier to find compatible versions.

If you are upgrading from a previous RTIR version, be sure to review the
RTIR UPGRADING-5.0 upgrade documentation:
https://docs.bestpractical.com/rtir/5.0.0/UPGRADING-5.0.html

If you are also upgrading to RT 5.0.0, be sure to also read its
documentation, available at
https://docs.bestpractical.com/rt/5.0.0/UPGRADING-5.0.html

There were many, many changes throughout RTIR to support these major new
features. In addition to the theme updates, RTIR has a new feed reader,
the search and charting interface now uses RT's core search system,
and default custom field values now use RT's core default values feature.

Here is an abbreviated list of additional changes:

• Convert to Bootstrap as base web design framework, aligning with RT
• Remove table-based page layout and make design responsive
• Support RT's new elevator-light and elevator-dark themes
• Convert many on-screen hints/help to tooltips
• Add Fontawesome and update all icons to svg
• The main navigation menu for RTIR has been restored to the previous main
  RTIR menu item, and this menu now appears next to the Home menu
• Queue can now be selected on the ticket create page
• Use RT's LinkedQueuePortlets feature for linked queues on Incident display
• Add RTIR_DefaultQueue option to set a default queue in RTIR create pages
• Fix message box colors for reply/comment on reply pages
• Migrate to RT core search for RTIR search pages
• Use RT ListActions to show warnings for Incident reply page
• Remove hard coded width values for RTIR simple search
• Add Priority to RTIR portlets and orderby Priority 2nd
• Remove the session cache of the "RTIR at a glance" portlet lists
• Use new search selection interface for editing RTIR home page
• Update style on RTIR default reporting page
• Add new feature to display information from security feeds
• Convert Updates to new column map to show message count
• Link to RT ticket create on RTIR create pages
• Update testing infrastructure to Docker and TravisCI
• Restore Incident and Investigation create on one page
• Add new domain parsing to a custom field similar to IP parsing
• Use core default values instead of RTIR_CustomFieldsDefaults config
• Display RTIR::Ticket CF groupings on queue admin Default Values tab
• Add autocomplete for select Incident input
• Rename SelectIncident input from 'More' to 'Add'
• Remove the confusing incident Reply sub-menu link on Incident Reply pages

A complete changelog is available from git by running:
git log 4.0.1..5.0.0
or visiting
4.0.1...5.0.0

4.0.1

RTIR 4.0.1 - 2018-06-28

We're pleased to announce the general availability of RTIR 4.0.1. It contains
several improvements and also bugfixes. The list of changes included with this
release is below.

https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.1.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.1.tar.gz.asc

SHA-256 sums

da942cd2e9facb65809518757b8b8ec010b83a140677f1a296c209b06f210b5e RT-IR-4.0.1.tar.gz
bd924a10710c03c17cc567d55d59c6e1c597d9b9190a01c1ebf04797b02e03c0 RT-IR-4.0.1.tar.gz.asc

General user UI

• Fix charting to be inline with RT 4.4.1
• Fix compatibility with RT's new status selector in search
• Improve due and start date field widths on incident create (I#31870)
• On RT 4.4.2, support new recently-viewed ticket feature (I#32484)
• Improve alignment of Link and New buttons on Incident (I#31748)
• Make Link, New, Take, Lookup buttons on IRs smaller
• Respect rich-text input preference on incident pages (I#32166)
• Fix Show Email link when show history pref is set to "immediate"
• Include the new RTIR logo
• Add button to save whois and traceroute results to ticket (I#31257)
• Remove extra ?id= in transaction history links (I#30744)
• Remove Type arg from call to UpdateData to load correct editor on Incidents
• Add button to save Whois and Traceroute results to a ticket (I#31257)
• Remove extra table row at bottom of RTIR ticket display
• Restore styling for single column create/update layout
• Provide a new option to use RT's search page directly rather than always
  redirecting to the RTIR search page
• Add Lifecycle as an extra arg on Link
• Update IPv6 matching to use stronger boundary conditions and avoid
  matches with non-IPv6 strings
• Handle emails with +tags in 'Investigate to' MakeClicky links

Server Administration

• Avoid dependency on Sort::Versions
• Avoid regex deprecation warnings on perl 5.21.1+
• Remove stale callback on upgrade from RTIR 3.2 that broke admin UI
  for ticket custom fields (I#32100)
• Include RT 4.4.2 schema changes in the RTIR upgrade test
• Remove unnecessary query debug log for Charts
• Use Lifecycle to load queue-specific Formats
• Wrap RT upgrade to catch warnings
• During upgrades, correctly derive status from state CF for all cases
• Only enable Net::Whois debug logs if RT's log level is debug

Developer

• Add AfterWorked callback to /RTIR/Update.html
• Add AfterHidden callback to /RTIR/Incident/Reply/index.html
• Add AfterHidden callback to /RTIR/Incident/Create.html
• Add ARGSRef and SaveChanges parameters to Initial callback on
  /RTIR/Edit.html
• Add BeforeDisplay callback to /RTIR/Display.html
• Add TicketObj parameter to BeforeDisplay callback on
  /RTIR/Incident/Create.html
• Improve test compatibility with RT 4.4.2
• Fix test failure with HTML::Mason versions prior to 1.52
• Use RT's new version of SelectStatus
• Remove unused EditComponentName callback file on upgraded systems
• In RTIR/Update.html Initial callback, pass ARGS as a reference

Internals

• Use RT::Handle's cmp_version function in upgrade version checks
• Various fixes for perl 5.26 compatibility
• Redirect to the correct display page from Update.html
• Normalize SkipNotification checkbox value to an arrayref
• Differentiate RTIR Reports menu from RT Reports in tests
• Confirm TicketObj is defined before checking for queue whois server
• Remove explicit require of Auth::Crypt that could cause errors when
  not installed
• Stop parsing empty URIs to avoid warnings
• Convert a queue name reference in tests to use lifecycle
• When merging, default to empty string values for unset constituencies
• In tests, use lexical iterator so inline test server can render articles
• Filter CFs when creating Incident and Investigation at the same time

A complete changelog is available from git by running:
git log 4.0.0..4.0.1
or visiting
4.0.0...4.0.1

3.2.1

RTIR 3.2.1 - 2018-06-19

We're pleased to announce the general availability of RTIR 3.2.1. It
contains several improvements and also a few bug fixes. The list of
changes included with this release is below.

RTIR should always be run with the correct corresponding version of RT.
The 3.2.1 release runs best with RT 4.2.15. As noted in the upgrading
documentation, when upgrading, both RTIR and RT should be upgraded at
the same time.

https://download.bestpractical.com/pub/rt/release/RT-IR-3.2.1.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-3.2.1.tar.gz.asc

SHA-256 sums

331f11d915002ba8e8e0ebdd4e0f13feb70a0522b137cff31a8d7fefebb1f67e RT-IR-3.2.1.tar.gz
ee79b22b4efe6605b91e97644dbd21ea887308bf4dde1b1ac35e59abe3e9cf2c RT-IR-3.2.1.tar.gz.asc

General

• The default MaxInlineBody is increased. It is still not unlimited by
  default because very large message bodies can cause performance issues
  with content that is automatically converted to links.
• Update with a new RTIR logo.
• Compatibility with Perl 5.26.1.

Bugs

• Show only statuses applicable to the current queue when creating a new
  ticket.
• Remove incorrect duplicate id parameters in links in ticket history.
• Many fixes to various incorrect or failing tests and updates to align
  tests with changes in core RT.
• Update two uses of the Mason redirect with RT's redirect which makes
  sure redirects work for all conditions including running on non-standard
  ports.
• Correctly handle custom fields, including those in custom field groupings,
  to avoid warnings when creating an incident and investigation at the
  same time.

A complete changelog is available from git by running:
git log 3.2.0..3.2.1
or visiting
3.2.0...3.2.1

4.0.0

RTIR 4.0.0 - 2016-07-20

We're very excited to announce the availability of RTIR 4.0.0: the first
release for the next major version of RTIR. We have completely rearchitected
RTIR queues in order to significantly improve RTIR's flexibility and
performance. As this is a new major version number, with many changes
throughout the entire system, we urge you to carefully test your
configuration and customizations. Additionally, RTIR 4.0.0 is the first
release of RTIR compatible with RT 4.4.

A quick note on the version number: while this next version of RTIR was
under development, we had naturally labelled it RTIR 3.4. However, to
reflect the significant architectural changes we made for constituencies and
multiple queues, we decided to give this release a new major version number.
If you're looking for the version of RTIR compatible with RT 4.4, RTIR 4.0
is it!

If you are also upgrading to RT 4.4, be sure to also read its
documentation, available at
https://docs.bestpractical.com/rt/4.4/UPGRADING-4.4.html

https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.0.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.0.tar.gz.asc

SHA1 sums

b660855cd7467cad1fec60b4050437dacb77cb91 RT-IR-4.0.0.tar.gz
f0d9051b250e1d29570e64cd8c6d78310aeb7f64 RT-IR-4.0.0.tar.gz.asc

A list of the major new features in RTIR 4.0.0 is included below. We'll be
describing and demoing these new features in a series of blog posts on
https://bestpractical.com/blog/ in the coming weeks.

• Shawn M Moore, for Best Practical
  • The constituency system has been completely redesigned from the ground
    up. Don't worry, your existing constituencies will be migrated as part
    of the upgrade. Now constituencies get a full-fledged queue for each
    stage of the incident response workflow (one for each of reports,
    incidents, investigations, and countermeasures). This lets constituency
    queues tap into much more of RT's flexibility around custom fields,
    watchers, scrips, etc. This addresses many longstanding limitations
    around the previous constituency queue design, and significantly
    improves performance as well.
  • You may now have multiple queues for each type of RTIR queue:
    multiple Incident Report queues, multiple Incident queues, etc. Each of
    these queues may have its own custom fields, watchers, permissions,
    scrips, templates, and so on. We're excited to hear about how you make
    use of this new flexibility.
  • If a user has permissions to work with multiple constituencies, it is
    now possible to limit RTIR's web interface to a single constituency
    by clicking a link from the new "Work with constituency" box on the RTIR
    homepage.
  • Blocks have been renamed to Countermeasures to reflect their more
    generic use case.

There were many, many changes throughout RTIR to support these major new
features. Here is an abbreviated list of additional changes:

General user UI

• The main navigation menu for RTIR has been rearranged; RT's menus have
  been moved to underneath the RT heading.
• Maintain message format when launching an Investigation (I#30786)
• IPs, email addresses, etc which are annotated with buttons in messages
  now look like buttons (I#31259)
• Clean up the visual design of the Lookup tool page
• Make the blue header bar darker to hint you're within RTIR (I#31297)
• It is currently no longer possible to simultaneously launch an
  Investigation on the Incident creation page due to the new architecture
• Fix lowercase lifecycle display names on Lookup tool
• Fix grammar error in Lookup tool
• Improve support for infinite scroll (I#32137)
• Fix broken attachment download links under infinite scroll (I#32084)
• Suppress lookup and other RTIR auto linking in SelfService (I#31868)
• Avoid error when all queues of a type are disabled
• Avoid double concatenation of ?id=X on txn anchors
• Allow users to set SLA on create, view the value, and update (I#32167)
• Fix Search Builder submit for non-root WebPath

Command-line

• add_constituency now produces less output in the ordinary case, but if
  you want to see every change it makes, you can pass the new --verbose flag

Mail

• X-RT-Mail-Extension no longer sets constituency; instead you can now use
  ordinary RT features to filter incoming mail into the correct queue

Web Administration

• DutyTeams now have the ForwardMessage right by default
• Different queues may now have a different default whois server,
  controlled by the "RTIR default WHOIS server" custom field

Server Administration

• $MaxInlineBody's default has changed from unlimited, which can cause
  performance issues, to 25kb
• Bail out from make initdb early if RT::IR isn't in Plugins (I#31961)
• Update required RT version from 4.4.0 to 4.4.1 (I#32093)

Developer

• Many of the methods in RTIR's codebase now produce explicit return
  values
• RT::IR::FlushCustomFieldsCache is now a supported API
• RT::IR::Test::Web's unused merge_ticket method has been removed
• The guts of bin/add_constituency have been factored out into an
  RT::IR::ConstituencyManager which makes it much easier to create
  constituencies programmatically
• Added a RT::IR->HREFTo helper function which maintains the user's
  currently-selected constituency
• Innumerable API changes were made to support RTIR's constituency queues
• The Lookup tool page now has four callbacks (BeforeCurrent,
  AfterCurrent, BeforeTools, AfterTools)
• The body HTML tag now has an "rtir" class to aid in styling

Documentation

• Fix several POD errors
• Improve clarity around RTIR install instructions

A complete changelog is available from git by running:
git log 3.2.0..4.0.0
or visiting
3.2.0...4.0.0