RT: Request Tracker
This version has reached its end of life and is out of support. Please contact us for upgrade assistance.
RT 4.0.24 Release Notes
RT 4.0.24 -- 2015-08-12 ----------------------- RT 4.0.24 contains an important security fix. https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz.sig SHA1 sums 0588b678cc1f13ae1504e9fffede1b8485d172f7 rt-4.0.24.tar.gz 8f8b69532112aa01d6fe540478de6a7046ad6fb0 rt-4.0.24.tar.gz.sig This release is a security release which addresses the following vulnerability: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. A complete changelog is available from git by running: git log rt-4.0.23..rt-4.0.24 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.23...rt-4.0.24