RT: Request Tracker
This version has reached its end of life and is out of support. Please contact us for upgrade assistance.
RT 4.0.23 Release Notes
RT 4.0.23 -- 2015-02-26 ----------------------- RT 4.0.23 contains important security fixes, as well as minor bugfixes. https://download.bestpractical.com/pub/rt/release/rt-4.0.23.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.0.23.tar.gz.sig SHA1 sums 1067e0469184a6955e2822967eb7a2e287f7c17b rt-4.0.23.tar.gz 17a153215b95d12e5aa0500d676089aed081d6df rt-4.0.23.tar.gz.sig This release is primarily a security release; it addresses CVE-014-9472, a denial-of-service via RT's email gateway, as well as CVE-2015-1165 and CVE-2015-1464, which allow for information disclosure and session hijacking via RT's RSS feeds. As part of these security updates, RT's dependency on the Encode module has been changed, to Encode 2.64. If upgrading, be sure to run rt-test-dependencies to verify that your installed version of Encode meets this requirement; if not, you will need to install a newer version from CPAN. Other changes include: General user UI * Flush TSV download every 10 rows, for responsiveness * Pressing enter in user preference form fields no longer instead resets the auth token * Pressing enter in ticket create and modify form fields now creates or updates the ticket, instead being equivalent to "add more attachments", or the "search" on People pages. * Retain values in Quick Create on homepage if it fails Command-line * Fix server name displayed at password prompt when RT is deployed at a non-root path like /rt Admin * Empty email addresses are no longer caught as being "an RT address" if there exist queues without Correspond addresses set * Allow Parents/Children/Members/MemberOf in CreateTickets action * Allow RT-Originator to be overridden in templates * Add missing semicolon on Shredder suggested indexes * Ensure that HTML-encoded entities are indexed in FTS Developer * Make Obfuscate callback in configuration options be passed the current user, as was documented * Remove obsolete _CacheConfig parameters * ACL checks are now applied in the ->AddRecord stage, not in ->Next; this means that collections accessed via ->ItemsArrayRef are now correctly ACL'd. Documentation * New documentation on writing portlets * Add an =pod directive so the first paragraph of UPGRADING is not skipped * Clarify when UPGRADING-x.y steps should be run A complete changelog is available from git by running: git log rt-4.0.22..rt-4.0.23 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.22...rt-4.0.23