RT: Request Tracker
RT 5.0.4 Release Notes
RT 5.0.4 -- 2023-05-04 ====================== RT 5.0.4 is now available for general use. The list of changes included with this release is below. May the Fourth be with you! https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz.asc SHA-256 sums 916d870d22d92027f843798be6f880aaf1517aebc3f6ab25f456f4e772f4834d rt-5.0.4.tar.gz 191436164473423796c7b34cfe4cc8891d2fd1db8bef5584d34f50083bd3396e rt-5.0.4.tar.gz.asc Security * jQuery UI is updated to version 1.13.2, which addresses a security issue in earlier jQuery UI (CVE-2022-31160). This issue does not impact RT directly as RT does not currently use the impacted code. General user features * Split the select of watcher criteria in query builder; with a single select, this list would grow too long * Display entry hint in people section of ticket display page * Add missing css rules to buttons to improve UI consistency * Increase search field column width, mainly for role fields * Include custom roles in the core watcher search criteria * Hide asset menu search if simple search is disabled * Fix multiple mt-* classes that are applied at the same time to fix display bugs * Retain Class and ObjectType when query parsing contains errors; prevents query parsing actions in transaction search from reverting to ticket search * Clear floating elements from correspondence * Show custom field diffs in transaction history * Fix bug that caused HTML custom fields to show 'text/html' as value * Move user custom fields on "Settings > About me"" page to make better use of space * Fix the menu drift when clicking on repositioned submenus caused by screen width overflow * Fix issue where a submenu could flash out when clicking a submenu option (specifically, in Chrome-based browsers) * Fix runtime error in SelfService Asset Display (I#37377) * Improve Reports/Update This Menu CSS styling * Improve 'Error: public key' template to avoid confusion for new installs (I#37360) * Show RT support email address in the RemoteAuth error page * Show RT support email address on PSGI/database error page * Block ticket creation/update when there's invalid recipients * Disable browser spell check for custom code box (thanks Christian Mehlmauer!) * Make Actions page menu scrollable in case it's too long to fit on screen * Allow CKEditor (rich text) boxes to vary in height based on context/usage * Fix bug preventing the toggling/display of initially rolled-up widgets * Allow unchecking of "Suppress if empty" checkbox for dashboard subscriptions * Load more history for unread messages with on scroll setting so new messages can be accessed via the "Jump to Unread" button * Exclude favion.png from generated dashboard email * Add extra css to dashboard emails to improve display for some email web clients (such as Gmail and Outlook) * Fix Ticket/Create.html's display of Links block * Refactor Edit Links to fix bug in page display * Exclude asset custom roles from ticket search * Fix custom role's name in the result message when adding members * Add support for custom roles in asset searches * Improve performance of one-time email lookup * Improve page layout by dropping an extra form-row wrapper (LabeledValue already has one) * Fix layout of ticket graph page * Add back missing current-value span to fix alignment of rows in asset widget of ticket page * Re-add the missing Creator row for article display * Revert LabeledValue changes to role inputs * Make article autocomplete case insensitive * Force EmailAddress to be the default return value for EmailInput * Prettify "Show ticket history" by making it look like a button * Add multiple order by and order indicators in search results header * Make autocomplete work in dynamically created modal popup * Support to pass user name as default value for owner input autocomplete * Allow to show empty option even when default value is present; allows current Priority filter to show while allowing user to unset it * Allow users to filter ticket search results via headers * Allow text but not icons to wrap in search header (in Firefox) * Provide default 'select all' for some search terms; prevents erroneous "error parsing your search query" messages (I#36902) * Reset queue-level default values on queue change on ticket create page; previously, defaults didn't change even if another queue was selected (I#37242) * Show end users a message if a SQL error occurs * Update search results to use Bootstrap/modern pagination styles * Add box to jump to search results page * Add UI for custom field validation hints * Improve color and spacing for custom field FriendlyPattern UI * Target keyboard shortcuts accurately for search result modal popups * Fix combobox controls to not clear user inputs on dropdown click * Format auth token list with a title box * Removed extra space between Cc and Bcc in the ticket update cc Element * Handle implicit form submissions in search filter modals (i.e., act as if the "Apply" button was clicked) * Fix broken search input formatting on "Manage GnuPG Keys" page * Always show a Logout link in the menu * Make number of search results per-page configurable * Add information about search preferences * Remove extra space from titleboxes in query builder's Sort and Display Columns boxes * Prevent main navigation from overlapping with custom logo * Make pie/bar in js charts clickable again for saved searches * Automatically enable live search for selects that have 10 or more options * Force to use light theme for dashboard emails; prevents broken display of dashboard emails in email clients that try to automatically apply your system's dark/light theme to emails * In query builder, show a solid funnel next to header column if that column is a filter in the search * Add "unknown" default priority option to priority select list; shows if a ticket's priority is unknown or no longer valid * Make search filter modal popups scrollable (in case of long content) * In query builder, increase queue limit to 100 in search filter (as the modal is now scrollable) * Add URL shortening of search URLs * Add shortener support to saved searches * Shorten subqueries on chart page * Fix bug that adds duplicated criteria to queries generated on chart page * Reduce whitespace between the continuous descriptive paragraphs * When commenting or corresponding, only quote text from transaction areas in the ticket history * Remove unnecessary spacing in layout of user custom fields in SelfService Prefs * Fix label typo for asset description * Fix bug that could prevent live-search in select widgets (Safari and Firefox) * Improve UI consistency by wrapping textarea/attachment inputs in a form-row * Remove extra vertical space of select inputs to be consistent with other inputs * Use consistent space among input rows for ticket forms * Replace fontawesome funnel icon with bootstrap version * Drop the obsolete fontawesome filter icon * Removed extra space between Cc and Bcc in the ticket update cc Element * Update data-live-search attr for bootstrap select before initialization * Show customized operator/value inputs for cfs on admin user search page * Support to wrap textarea/attachment inputs into a form-row for space settings * Remove extra vertical space of selectized inputs to be consistent with other inputs * Use consistent space among input rows for ticket forms * Use HTML content for articles by default * Format article HTML content correctly when EscapeHTML is disabled * Add extra newlines to make boundaries of different article fields clear * Clarify usage of the $EmailSubjectTagRegex setting * Adapt formatting for mixed HTML and plain text quoting in Outlook message * Display key details for text/calendar messages (meeting invitations) * Various improvements for search filter controls * Limit dropdown size in owner search filter modal * Convert some search icons to inline svg for easier styling * Drop the duplicated div.value in EditTopics * Hide tooltips everywhere on click Web Administration * Allow default custom field values for group, user, and article objects * Add custom roles to assets * Add lookup type to custom role admin page listing * Make comment and signature boxes half-page width, not full page width * Add SameSite to cookies from WebSameSiteCookies, helping to protect from CSRF attacks ($WebSameSiteCookies in RT config) * Update default value for WebSecureCookie so cookies are secure by default * Support sending test dashboard emails on dashboard subscription page * Record ACL changes in transactions * Show a default entry hint based on the type of validation for custom field admin pages * Fix display of plugin arguments on Shredder page * Update Scrips modify page to line up "Applies to" with the other values * Remove unnecessary current-value span for rows not in forms * Use LabledValue to generate current-value spans * Add search functionality for config edit page * Add configuration option to disable quoting of selected text on ticket update * Fix lifecycle editor warning messages: "actions" is the key name, not "action" * In lifecycle editor, show objects where the lifecycle is applied * Add Shortener page (Admin > Tools > Shortener Viewer) to show content of specified shortener code * Create optional article portlet for ticket display page * Hide article portlet if current user does not right to see the article * Add a Checkbox RenderType for select type custom fields * Scrub permissively for non-ticket related custom field values * Add %ScrubCustomFieldOnSave config to scrub custom field values on save Server Administration * RT now supports MySQL 8 * Upgrade jquery-ui to 1.13.2 * Upgrade CKEditor to 4.20.1 * Add clibboard.js to RT * Update fontawesome to 5.15.4 * Updated dependencies: DBIx::SearchBuilder 1.76+ for MySQL 8, combined count/results Require DBD::SQLite 1.72 Require GD::Graph 1.56 Require Date::Extract 0.07 Module::Runtime::require_module (replaces UNIVERSAL::require * Removed dependencies: Data::Page::Pageset Pod::Select (deprecated) Pod::PlainText (deprecated) UNIVERSAL::require (deprecated) * Drop obsolete babel-minify-webpack-plugin * Add --recipient to send dashboard emails to a single recipient only * Add --dashboards argument to specify dashboard IDs to send via rt-email-dashboards * Add option to inline CSS for dashboard email; allows dashboard emails to resemble the RT display while decreasing email size by removing unused CSS classes * Refactor implementation of --no-auto-commit to support --originalid * Add $DatabaseQueryTimeout setting to set the maximum seconds a single SQL query should be allowed to run. * Add Info/Debug/Error messages to the RT logs when a user logs in or out via web remote user auth. * Add support to shred class/topic/article objects * Add support to shred catalog/asset objects * Shred only ticket roles when shredding queues * When loading an initialdata file, don't add the same custom fields multiple times. * Extract pre-defined custom field validation rules to the @CustomFieldValuesValidations config setting * Add source IP address to the external auth login log message * Clarify logout messages for local and SAML logouts * Add rt-clean-shorteners CLI utility to clean up temporary shorteners * Add Shorteners to serializer when running in clone mode * Show customized operator/value inputs for searching custom fields in user admin (similar to how Query Builder works) * Handle SetConfig changes in same way as text custom fields * Dump GroupBy custom field items in saved charts using Name for improved portability when using rt-dump-initialdata * Fix LDAP filter string debug output * Add rt-clean-attributes to delete obsolete DeferredRecipients attributes * Allow additional ticket relationship graph directions * Support loading users via user custom fields * Add new tables to reset-sequences utility * Fix inconsistent normalized owner group member for merged tickets in rt-validator * In vulnerable-passwords upgrade script, Page users to save memory in case there are too many records * Dump GroupBy custom field items in saved charts using Name for portability * Fix the partially quoted index name for MariaDB/MySQL Developer * Update .gitignore to ignore all of var/ to help protect developers from accidentally checking in session data or RT databases in var/ * Add a warning as a hint to RT developers about WebSecureCookies * Add a new "LabeledValue" component to provide a standard way to show a value with a label attached to it * Add CustomRoleObj method for loading RT records by GroupType * Abstract RT::Ticket::RoleAddresses so it can be used for assets too. * Factor out a LookupType role from CustomFields so it supports custom roles on assets and other record types * Add API for interacting with custom roles on assets * Move ShowHistoryHeader title into parameter, allowing calling components to set the title (thanks mzagrabe!) * Add RT::Action::ClearCustomFieldValues ScripAction to clear a custom field * Disable jump to page form by default in CollectionList * Use custom role names as keys for ticket endpoints in REST2, making custom roles consistent with core roles * Recurse into t/ directory to run all tests * Test empty keys in saved chart content * Test custom role groups in ACL initialdata * Test HTML custom field changes * Test invalid queries on transaction search edit page * Add tests for LoadOrCreateByEmail * Make tests require $WebSecureCookies=0 since they don't use HTTPS * Tests for loading users via UserCFs * Test order indicator in search results header * Test shredder for class/topic/article objects * Test shredder for catalog/asset objects * Test shredder for ObjectCustomRoles of queues * Switch to Test::MockTime::HiRes in date api test * Add case-sensitivity tests for Articles autocomplete * Update tests for new added ValidationHint feature * Update basic_auth.t test since logout will be always available * Update tests for the keys change of CustomRoles in REST2 * Add tests for new article methods * Test optimized ticket/transactions/asset searches * Update tests for the default priority change when PriorityAsString is enabled * Add tests for %PriorityAsString that does not have "0" mapped * Update tests to account for URL shortener being enabled by default * Add basic tests for search url shortener * Add basic tests for shortener viewer * Add tests for saved search shortener * Update tests for EN datetime locale change to space * Update txn ids in tests because of new added acl transactions * Adjust tests to account for new brief descriptions of SetConfig transactions * Use a bigger FcgidMaxRequestLen value for apache+fcgid tests * Test textual and UTF-8 encoded "message/..." attachments * New callbacks: /Widgets/TitleBox Added ModifyContent to modify content presented by a TitleBox widget /Elements/ShowTransaction Added ModifyShowCFDiff to modify when CustomField diff details show in ticket history /Search/Elements/PickObjectCFS Added ModifyCFs, primarily to hide custom field (such as transaction or queue custom fields) that some users may be unfamiliar with * Modified callbacks: ModifyLoginRedirect - moved to the end of Logout processing BeforeActionList Added Actions parameter /Search/Results.html - added calculated result count as parameter to BeforeResults and AfterResults callbacks EditCustomFields - Restored ModifyFieldClasses callback Documentation * Fix formatting in docs for $DateTimeFormat config examples * Add docs about receiving email warnings from RT * Document default Name setting in RT::User * Update docs for showing article search in self-service * Reference the assets menu right in the asset docs * Document how OwnerEmail is used * Correct documentation error for RT::Queue::IsWatcher * Fix incorrect links in shredder's ticket docs * Add build instructions for CKEditor 4 * Add docs for scheduling rt-clean-shorteners * Document URL shortener in UPGRADING * Document new process articles feature * Fix broken link to RT_Config's External-storage section * Provide examples for CanonicalizeEmailAddress match and replace * Use HelpDesk as the plugin example in site config * Corrected doc error - Custom Roles cannot apply globally * Document the configuration needed to load JSON initialdata * Render no-target header links more like normal text in shredder docs * Fix broken Pod in rt-validator * Fix typo in transaction-type argument in rt-crontool docs (thanks Rob Lister!) * Fix 'pririty' typo in RT_Config.pm.in (thanks NReilingh!) * Update rt-crontool documentation with multiple action example * Fix "Reffered" typo in metadata doc (thanks NReilingh!) * Fix 'followoing' typo in docs (thanks NReilingh!) * Add upgrade note for $EmailDashboardInlineCSS option for dashboard emails * Update Query Builder documentation with Dynamic Filtering and Sorting * Update docs to remove references to UNIVERSAL::require * Add docs for user-visible permalink features * Document steps to generate initialdata changes file Internals * Treat RT::System-Role the same as other roles in ACL initialdata * Use name for custom role groups in ACL * Don't default Name to EmailAddress in LoadOrCreateByEmail * Add SLA to args CreateTickets accepts * Log recorded SQL statements, even without CurrentUser; allows StatementLog to function when invoked in places where there may not be a current user (such as the CLI) * Remove state criteria for invalid utf8 error warnings (MySQL and MariaDB) * Rewind uploaded file after reading (thanks elacour!) * Support arbitrary user names in .rt_sessions * Port RT UI to use new LabeledValue component * Bring Asset Search rendering back to the status-quo-ante * Encode content for textual "message/..." attachments * Set MasonLocalComponentRoot via RT->Config->Set so apache can see it * Exempt some format strings from HTML::Gumbo structure check * Do not check acl when auto-setting core date fields (thanks elacour!) * Ignore disabled lifecycles when validating mappings * Require LDAPImport after init, allowing overlays for RT::LDAPImport * Wrap direct SQL in rights checks to SearchBuilder's SimpleQuery to log SQL when StatementLog is enabled * Don't duplicate system object in EquivObjects on system rights check * Allow RegisterLookupType to provide options besides just FriendlyName * Clear old data when registering custom roles * Relax requirements about role names to be unique for each lookup type * Convert OR'd role group names in ticket ACL check to IN for better performance * Skip existing catalog role groups on import * Serialize OldValue/NewValue to user references in SetWatcher/SetOwner transactions * Clear unneeded anchors and HTML comments * Don't error if users4 index has been removed * Pass multiple Order/OrderBy values as array references * Pass datetime in UTC as LastUpdated is stored that way * Convert to preferred constructor for Data::Page * Clean up duplicated widget arguments * Add ValidationHint column for CustomFields table * Convert $cf->FriendlyPattern to use ValidationHint * Respect env variable "RT_DATABASE_QUERY_TIMEOUT" on database connect * Add JOIN criteria for transaction searches to improve performance * Simplify setting the redirect URL on logout * Add helper methods on Class for article display settings * Add pass-through methods for class-level display flags * Convert Preformatted template to use new article API * Update /SelfService/Article/Display.html to new API * Page users to save memory in case there are too many records * Include referenced queues/catalogs only for active/inactive status searches * Convert "OR" clauses in transactions/assets searches to "IN" for better performance * Replace CSS::Inliner->require with RT::StaticUtil::RequireModule * Combine search and count for search result pages (if possible) to improve performance * Combine search and count for saved searches on dashboards (if possible) for better performance * Abstract GetStylesheet for web * Refactor code to build search filter metadata in Header instead * Calculate search filter modal content's max-height accurately * Fix limit parameter for shredder URL on search pages * Switch to POST method for search chart and refresh forms * Add missing Class/ObjectType params to refresh form on search results page * Default query to "id > 0" like other chart elements for ChartTable * Provide a way to update config immediately in tests * Disable legacy Table settings for asset date custom fields * Suppress uninitialized value warnings seen in config history * Exclude empty keys from search fields for saved charts * Convert ticket link graph generator to GraphViz2 * No need to sync attribute links in PostInflateFixup * No need to create transactions in PostInflateFixup * Fix typo in DefaultDashboard handling of PostInflateFixup * Import dashboards/savedsearches/subscriptions/prefs/bookmarks for merged users * Add method to load an object based on a custom field value * Directly use passed in $Default as label if it is already string * Do not set SavedSearchId to chart search id * Add system CurrentUserCanSee to make transaction's CurrentUserCanSee work * Provide a simple framework for showing user messages * Fall back priority to the first value in %PriorityAsStringMapping config * Use name for custom role groups in ACL * Treat RT::System-Role the same as other roles in ACL initialdata * Ignore disabled lifecycles when validating mappings A complete changelog is available from git by running: git log rt-5.0.3..rt-5.0.4 or visiting https://github.com/bestpractical/rt/compare/rt-5.0.3...rt-5.0.4