All Versions
15
Latest Version
Avg Release Cycle
115 days
Latest Release
1351 days ago

Changelog History
Page 2

  • v4.4.3.beta1

    May 02, 2018
  • v4.2.16 Changes

    March 05, 2019

    RT 4.2.16 -- 2019-03-05

    We're pleased to announce the general availability of RT 4.2.16. It
    โšก๏ธ mainly contains several security updates. The list of changes included
    ๐Ÿš€ with this release is below.

    ๐Ÿš€ https://download.bestpractical.com/pub/rt/release/rt-4.2.16.tar.gz
    ๐Ÿš€ https://download.bestpractical.com/pub/rt/release/rt-4.2.16.tar.gz.asc

    SHA-256 sums

    1bbe619072b05efb55725c9df851363892b77ad6788dfd28eadce6a8f84a8209 rt-4.2.16.tar.gz
    c7dedccdb6a5c96d20b418d10326dea0175fde0d09cfb47408ab472f696594ba rt-4.2.16.tar.gz.asc

    โšก๏ธ Security Updates

    โšก๏ธ One of RT's dependencies, the Perl module Email::Address, has a denial of service vulnerability which could induce a denial of service of RT itself. We recommend updating to Email::Address version 1.912 or later. The Email::Address vulnerabilities are assigned CVE-2015-7686 and CVE-2015-12558. CVE-2015-7686 was addressed in RT with a previous update. Email::Address version 1.912 addresses both of these CVEs with updates directly in the source module. Thanks to Ricardo Signes for helping us with these updates.

    ๐Ÿ›  One of RT's dependencies, the Perl module Email::Address::List, relies on and operates similarly to Email::Address and therefore also has potential denial of service vulnerabilities. These vulnerabilities are assigned CVE-2018-18898. We recommend administrators install Email::Address::List version 0.06 or later. Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for contributing fixes.

    โšก๏ธ An optional RT dependency, HTML::Gumbo, incorrectly escaped HTML in some cases. Since RT relies on this module to escape HTML content, it's possible this issue could allow malicious HTML to be displayed in RT. For RT's using this optional module, we recommend administrators install HTML::Gumbo version 0.18 or later. Thanks to Ruslan Zakirov for updating this module.

    โšก๏ธ The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version.

    A complete changelog is available from git by running:
    ๐ŸŒฒ git log rt-4.2.15..rt-4.2.16
    or visiting
    rt-4.2.15...rt-4.2.16

  • v4.2.16.beta1

    January 31, 2019
  • v4.2.15 Changes

    June 21, 2018

    RT 4.2.15 -- 2018-06-19

    We're pleased to announce the general availability of RT 4.2.15. It
    ๐Ÿ›  contains several improvements and also a few bug fixes. The list of
    ๐Ÿš€ changes included with this release is below.

    ๐Ÿš€ https://download.bestpractical.com/pub/rt/release/rt-4.2.15.tar.gz
    ๐Ÿš€ https://download.bestpractical.com/pub/rt/release/rt-4.2.15.tar.gz.asc

    SHA-256 sums

    3752a12eff67c640e577d2b5feda01c9f07e3b2e227eabf50089086e98038bba rt-4.2.15.tar.gz
    e278f4335e86528356301bbf49b239f44caaedacab7caf1c34625d141ed3aa9c rt-4.2.15.tar.gz.asc

    ๐Ÿ’ป General user UI

    • ๐Ÿ‘‰ Show the Ticket's Subject when modifying the ticket.
    • ๐Ÿ“œ Re-format RT/Config.pm so the # loc comment parses correctly.

    ๐ŸŒ Web Administration

    • Stop wrapping ShowUser in tags to avoid unnecessary nested links.
    • When listing group members, sort by text-only representation of the
      ๐Ÿ‘‰ user, not HTML (I#30771)
    • In the group admin page, stop pre-computing ShowUser.
    • In shredder, check for both id and name mismatches when loading objects
    • Retain scrip sort order in pagination links

    Internals

    • ๐ŸŽ Cache OCFVs to improve performance searching for duplicates when adding
      values.
    • โœ‚ Remove unused dependencies on File::Copy and Carp.
    • On Oracle, return the empty string instead of undef for Subject when it
      has no value on a ticket.
    • ๐Ÿ”Œ Handle alphabetic words in RT::Plugin::Version

    Developer

    • Avoid using $id in /Ticket/Display.html so callbacks can modify id in ARGS.

    ๐Ÿ“š Documentation

    • ๐Ÿ“„ Mention the RT-Attach-Message: yes header in template docs.
    • ๐Ÿ›  Fix incorrect path in portlet documentation.

    Internationalization

    • ๐Ÿ”จ Many changes to refactor sections of RT's internationalization code.

    A complete changelog is available from git by running:
    ๐ŸŒฒ git log rt-4.2.14..rt-4.2.15
    or visiting
    rt-4.2.14...rt-4.2.15

  • v4.2.15.beta1

    April 04, 2018