RT: Request Tracker
RT 4.2.8 Release Notes
RT 4.2.8 -- 2014-10-02 ---------------------- RT 4.2.8 contains important security fixes, as well as minor bugfixes. https://download.bestpractical.com/pub/rt/release/rt-4.2.8.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.2.8.tar.gz.asc SHA1 sums 6842a1e442e6055ecbae0d443a99361072e45591 rt-4.2.8.tar.gz 375ef344407b54f73730524bef85b4be5b1948e2 rt-4.2.8.tar.gz.asc This release is primarily a security release; it addresses CVE-2014-7227, a vulnerability in RT's SMIME integration enabled by CVE-2015-6271 and related vulnerabilities, known as "Shellshock." Systems which have patched bash are not vulnerable to CVE-2014-7227. It also addresses a minor error in the 4.2.7 upgrade step on Oracle; for Oracle users who had already upgraded to 4.2.7, the 4.2.8 upgrade step properly runs the same alteration. There is no database change for non-Oracle installs. General user UI * Properly hide ticket list when MoreAboutRequestorTicketList is set to "None" Localizations * Allow text in Squelch box on ModifyPeople page to be translatable. * Updated German, Basque, French, Hungarian, and Russian translations. Admin * Allow $OverrideOutgoingMailFrom to key by queue id, as an alternative to name * Stop calling the deprecated _SQLLimit method when limiting by transaction date * Stop hiding the value of the AllowLoginPasswordAutoComplete setting in System Configuration (#30417) * Resolve CVE-2014-7227, arbitrary execution of code by privileged users via SMIME by way of CVE-2015-6271. Developer * Add a ModifyMaxResults callback for Autocomplete endpoints * Properly pass collection class to ColumnMap in /Elements/TSVExport Documentation * Update POD for AddRoleMember/DeleteRoleMember being in RT::Record::Role::Roles now, not RT::Record. A complete changelog is available from git by running: git log rt-4.2.7..rt-4.2.8 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.7...rt-4.2.8