RT: Request Tracker
RT 4.2.8 Release Notes
RT 4.2.8 -- 2014-10-02
RT 4.2.8 contains important security fixes, as well as minor bugfixes.
This release is primarily a security release; it addresses
CVE-2014-7227, a vulnerability in RT's SMIME integration enabled by
CVE-2015-6271 and related vulnerabilities, known as "Shellshock."
Systems which have patched bash are not vulnerable to CVE-2014-7227.
It also addresses a minor error in the 4.2.7 upgrade step on Oracle; for
Oracle users who had already upgraded to 4.2.7, the 4.2.8 upgrade step
properly runs the same alteration. There is no database change for
General user UI
* Properly hide ticket list when MoreAboutRequestorTicketList is set to
* Allow text in Squelch box on ModifyPeople page to be translatable.
* Updated German, Basque, French, Hungarian, and Russian translations.
* Allow $OverrideOutgoingMailFrom to key by queue id, as an alternative
* Stop calling the deprecated _SQLLimit method when limiting by
* Stop hiding the value of the AllowLoginPasswordAutoComplete setting
in System Configuration (#30417)
* Resolve CVE-2014-7227, arbitrary execution of code by privileged
users via SMIME by way of CVE-2015-6271.
* Add a ModifyMaxResults callback for Autocomplete endpoints
* Properly pass collection class to ColumnMap in /Elements/TSVExport
* Update POD for AddRoleMember/DeleteRoleMember being in
RT::Record::Role::Roles now, not RT::Record.
A complete changelog is available from git by running:
git log rt-4.2.7..rt-4.2.8