RT: Request Tracker

RT 5.0.4 Release Notes

RT 5.0.4 -- 2023-05-04

RT 5.0.4 is now available for general use. The list of changes
included with this release is below.

May the Fourth be with you!


SHA-256 sums

916d870d22d92027f843798be6f880aaf1517aebc3f6ab25f456f4e772f4834d  rt-5.0.4.tar.gz
191436164473423796c7b34cfe4cc8891d2fd1db8bef5584d34f50083bd3396e  rt-5.0.4.tar.gz.asc


* jQuery UI is updated to version 1.13.2, which addresses a security issue in
  earlier jQuery UI (CVE-2022-31160). This issue does not impact RT directly
  as RT does not currently use the impacted code.

General user features

* Split the select of watcher criteria in query builder; with a single
  select, this list would grow too long
* Display entry hint in people section of ticket display page
* Add missing css rules to buttons to improve UI consistency
* Increase search field column width, mainly for role fields
* Include custom roles in the core watcher search criteria
* Hide asset menu search if simple search is disabled
* Fix multiple mt-* classes that are applied at the same time to fix
  display bugs
* Retain Class and ObjectType when query parsing contains errors;
  prevents query parsing actions in transaction search from reverting
  to ticket search
* Clear floating elements from correspondence
* Show custom field diffs in transaction history
* Fix bug that caused HTML custom fields to show 'text/html' as value
* Move user custom fields on "Settings > About me"" page to make better
  use of space
* Fix the menu drift when clicking on repositioned submenus caused by
  screen width overflow
* Fix issue where a submenu could flash out when clicking a submenu
  option (specifically, in Chrome-based browsers)
* Fix runtime error in SelfService Asset Display (I#37377)
* Improve Reports/Update This Menu CSS styling
* Improve 'Error: public key' template to avoid confusion for new
  installs (I#37360)
* Show RT support email address in the RemoteAuth error page
* Show RT support email address on PSGI/database error page
* Block ticket creation/update when there's invalid recipients
* Disable browser spell check for custom code box (thanks Christian
* Make Actions page menu scrollable in case it's too long to fit on
* Allow CKEditor (rich text) boxes to vary in height based on
* Fix bug preventing the toggling/display of initially rolled-up widgets
* Allow unchecking of "Suppress if empty" checkbox for dashboard
* Load more history for unread messages with on scroll setting so new
  messages can be accessed via the "Jump to Unread" button
* Exclude favion.png from generated dashboard email
* Add extra css to dashboard emails to improve display for some
  email web clients (such as Gmail and Outlook)
* Fix Ticket/Create.html's display of Links block
* Refactor Edit Links to fix bug in page display
* Exclude asset custom roles from ticket search
* Fix custom role's name in the result message when adding members
* Add support for custom roles in asset searches
* Improve performance of one-time email lookup
* Improve page layout by dropping an extra form-row wrapper
  (LabeledValue already has one)
* Fix layout of ticket graph page
* Add back missing current-value span to fix alignment of rows in asset
  widget of ticket page
* Re-add the missing Creator row for article display
* Revert LabeledValue changes to role inputs
* Make article autocomplete case insensitive
* Force EmailAddress to be the default return value for EmailInput
* Prettify "Show ticket history" by making it look like a button
* Add multiple order by and order indicators in search results header
* Make autocomplete work in dynamically created modal popup
* Support to pass user name as default value for owner input
* Allow to show empty option even when default value is present;
  allows current Priority filter to show while allowing user to unset it
* Allow users to filter ticket search results via headers
* Allow text but not icons to wrap in search header (in Firefox)
* Provide default 'select all' for some search terms; prevents erroneous
 "error parsing your search query" messages (I#36902)
* Reset queue-level default values on queue change on ticket create
  page; previously, defaults didn't change even if another queue was
  selected (I#37242)
* Show end users a message if a SQL error occurs
* Update search results to use Bootstrap/modern pagination styles
* Add box to jump to search results page
* Add UI for custom field validation hints
* Improve color and spacing for custom field FriendlyPattern UI
* Target keyboard shortcuts accurately for search result modal popups
* Fix combobox controls to not clear user inputs on dropdown click
* Format auth token list with a title box
* Removed extra space between Cc and Bcc in the ticket update cc Element
* Handle implicit form submissions in search filter modals (i.e., act
  as if the "Apply" button was clicked)
* Fix broken search input formatting on "Manage GnuPG Keys" page
* Always show a Logout link in the menu
* Make number of search results per-page configurable
* Add information about search preferences
* Remove extra space from titleboxes in query builder's Sort and Display
  Columns boxes
* Prevent main navigation from overlapping with custom logo
* Make pie/bar in js charts clickable again for saved searches
* Automatically enable live search for selects that have 10 or more
* Force to use light theme for dashboard emails; prevents broken
  display of dashboard emails in email clients that try to automatically
  apply your system's dark/light theme to emails
* In query builder, show a solid funnel next to header column if that
  column is a filter in the search
* Add "unknown" default priority option to priority select list; shows
  if a ticket's priority is unknown or no longer valid
* Make search filter modal popups scrollable (in case of long content)
* In query builder, increase queue limit to 100 in search filter (as
  the modal is now scrollable)
* Add URL shortening of search URLs
* Add shortener support to saved searches
* Shorten subqueries on chart page
* Fix bug that adds duplicated criteria to queries generated on chart
* Reduce whitespace between the continuous descriptive paragraphs
* When commenting or corresponding, only quote text from transaction
  areas in the ticket history
* Remove unnecessary spacing in layout of user custom fields in
  SelfService Prefs
* Fix label typo for asset description
* Fix bug that could prevent live-search in select widgets (Safari and
* Improve UI consistency by wrapping textarea/attachment inputs in a
* Remove extra vertical space of select inputs to be consistent with
  other inputs
* Use consistent space among input rows for ticket forms
* Replace fontawesome funnel icon with bootstrap version
* Drop the obsolete fontawesome filter icon
* Removed extra space between Cc and Bcc in the ticket update cc Element
* Update data-live-search attr for bootstrap select before initialization
* Show customized operator/value inputs for cfs on admin user search page
* Support to wrap textarea/attachment inputs into a form-row for space settings
* Remove extra vertical space of selectized inputs to be consistent with other inputs
* Use consistent space among input rows for ticket forms
* Use HTML content for articles by default
* Format article HTML content correctly when EscapeHTML is disabled
* Add extra newlines to make boundaries of different article fields clear
* Clarify usage of the $EmailSubjectTagRegex setting
* Adapt formatting for mixed HTML and plain text quoting in Outlook message
* Display key details for text/calendar messages (meeting invitations)
* Various improvements for search filter controls
* Limit dropdown size in owner search filter modal
* Convert some search icons to inline svg for easier styling
* Drop the duplicated div.value in EditTopics
* Hide tooltips everywhere on click

Web Administration

* Allow default custom field values for group, user, and article objects
* Add custom roles to assets
* Add lookup type to custom role admin page listing
* Make comment and signature boxes half-page width, not full page width
* Add SameSite to cookies from WebSameSiteCookies, helping to protect
  from CSRF attacks ($WebSameSiteCookies in RT config)
* Update default value for WebSecureCookie so cookies are secure by
* Support sending test dashboard emails on dashboard subscription page
* Record ACL changes in transactions
* Show a default entry hint based on the type of validation for custom
  field admin pages
* Fix display of plugin arguments on Shredder page
* Update Scrips modify page to line up "Applies to" with the other
* Remove unnecessary current-value span for rows not in forms
* Use LabledValue to generate current-value spans
* Add search functionality for config edit page
* Add configuration option to disable quoting of selected text on
  ticket update
* Fix lifecycle editor warning messages: "actions" is the key name,
  not "action"
* In lifecycle editor, show objects where the lifecycle is applied
* Add Shortener page (Admin > Tools > Shortener Viewer) to show content
  of specified shortener code
* Create optional article portlet for ticket display page
* Hide article portlet if current user does not right to see the article
* Add a Checkbox RenderType for select type custom fields
* Scrub permissively for non-ticket related custom field values
* Add %ScrubCustomFieldOnSave config to scrub custom field values on save

Server Administration

* RT now supports MySQL 8
* Upgrade jquery-ui to 1.13.2
* Upgrade CKEditor to 4.20.1
* Add clibboard.js to RT
* Update fontawesome to 5.15.4
* Updated dependencies:
    DBIx::SearchBuilder 1.76+ for MySQL 8, combined count/results
    Require DBD::SQLite 1.72
    Require GD::Graph 1.56
    Require Date::Extract 0.07
    Module::Runtime::require_module (replaces UNIVERSAL::require
* Removed dependencies:
    Pod::Select (deprecated)
    Pod::PlainText (deprecated)
    UNIVERSAL::require (deprecated)
* Drop obsolete babel-minify-webpack-plugin
* Add --recipient to send dashboard emails to a single recipient only
* Add --dashboards argument to specify dashboard IDs to send via
* Add option to inline CSS for dashboard email; allows dashboard emails
  to resemble the RT display while decreasing email size by removing
  unused CSS classes
* Refactor implementation of --no-auto-commit to support --originalid
* Add $DatabaseQueryTimeout setting to set the maximum seconds a single
  SQL query should be allowed to run.
* Add Info/Debug/Error messages to the RT logs when a user logs in or
  out via web remote user auth.
* Add support to shred class/topic/article objects
* Add support to shred catalog/asset objects
* Shred only ticket roles when shredding queues
* When loading an initialdata file, don't add the same custom fields
  multiple times.
* Extract pre-defined custom field validation rules to the
  @CustomFieldValuesValidations config setting
* Add source IP address to the external auth login log message
* Clarify logout messages for local and SAML logouts
* Add rt-clean-shorteners CLI utility to clean up temporary shorteners
* Add Shorteners to serializer when running in clone mode
* Show customized operator/value inputs for searching custom fields in
  user admin (similar to how Query Builder works)
* Handle SetConfig changes in same way as text custom fields
* Dump GroupBy custom field items in saved charts using Name for
  improved portability when using rt-dump-initialdata
* Fix LDAP filter string debug output
* Add rt-clean-attributes to delete obsolete DeferredRecipients
* Allow additional ticket relationship graph directions
* Support loading users via user custom fields
* Add new tables to reset-sequences utility
* Fix inconsistent normalized owner group member for merged tickets
  in rt-validator
* In vulnerable-passwords upgrade script, Page users to save memory
  in case there are too many records
* Dump GroupBy custom field items in saved charts using Name for portability
* Fix the partially quoted index name for MariaDB/MySQL


* Update .gitignore to ignore all of var/ to help protect developers
  from accidentally checking in session data or RT databases in var/
* Add a warning as a hint to RT developers about WebSecureCookies
* Add a new "LabeledValue" component to provide a standard way to show a
  value with a label attached to it
* Add CustomRoleObj method for loading RT records by GroupType
* Abstract RT::Ticket::RoleAddresses so it can be used for assets too.
* Factor out a LookupType role from CustomFields so it supports custom
  roles on assets and other record types
* Add API for interacting with custom roles on assets
* Move ShowHistoryHeader title into parameter, allowing calling
  components to set the title (thanks mzagrabe!)
* Add RT::Action::ClearCustomFieldValues ScripAction to clear a custom
* Disable jump to page form by default in CollectionList
* Use custom role names as keys for ticket endpoints in REST2, making
  custom roles consistent with core roles
* Recurse into t/ directory to run all tests
* Test empty keys in saved chart content
* Test custom role groups in ACL initialdata
* Test HTML custom field changes
* Test invalid queries on transaction search edit page
* Add tests for LoadOrCreateByEmail
* Make tests require $WebSecureCookies=0 since they don't use HTTPS
* Tests for loading users via UserCFs
* Test order indicator in search results header
* Test shredder for class/topic/article objects
* Test shredder for catalog/asset objects
* Test shredder for ObjectCustomRoles of queues
* Switch to Test::MockTime::HiRes in date api test
* Add case-sensitivity tests for Articles autocomplete
* Update tests for new added ValidationHint feature
* Update basic_auth.t test since logout will be always available
* Update tests for the keys change of CustomRoles in REST2
* Add tests for new article methods
* Test optimized ticket/transactions/asset searches
* Update tests for the default priority change when PriorityAsString is
* Add tests for %PriorityAsString that does not have "0" mapped
* Update tests to account for URL shortener being enabled by default
* Add basic tests for search url shortener
* Add basic tests for shortener viewer
* Add tests for saved search shortener
* Update tests for EN datetime locale change to space
* Update txn ids in tests because of new added acl transactions
* Adjust tests to account for new brief descriptions of SetConfig
* Use a bigger FcgidMaxRequestLen value for apache+fcgid tests
* Test textual and UTF-8 encoded "message/..." attachments
* New callbacks:
    /Widgets/TitleBox Added ModifyContent to modify content presented by
      a TitleBox widget
    /Elements/ShowTransaction Added ModifyShowCFDiff to modify when
      CustomField diff details show in ticket history
    /Search/Elements/PickObjectCFS Added ModifyCFs, primarily to hide
      custom field (such as transaction or queue custom fields) that
      some users may be unfamiliar with
* Modified callbacks:
    ModifyLoginRedirect - moved to the end of Logout processing
    BeforeActionList Added Actions parameter
    /Search/Results.html - added calculated result count as parameter to
      BeforeResults and AfterResults callbacks
    EditCustomFields - Restored ModifyFieldClasses callback


* Fix formatting in docs for $DateTimeFormat config examples
* Add docs about receiving email warnings from RT
* Document default Name setting in RT::User
* Update docs for showing article search in self-service
* Reference the assets menu right in the asset docs
* Document how OwnerEmail is used
* Correct documentation error for RT::Queue::IsWatcher
* Fix incorrect links in shredder's ticket docs
* Add build instructions for CKEditor 4
* Add docs for scheduling rt-clean-shorteners
* Document URL shortener in UPGRADING
* Document new process articles feature
* Fix broken link to RT_Config's External-storage section
* Provide examples for CanonicalizeEmailAddress match and replace
* Use HelpDesk as the plugin example in site config
* Corrected doc error - Custom Roles cannot apply globally
* Document the configuration needed to load JSON initialdata
* Render no-target header links more like normal text in shredder docs
* Fix broken Pod in rt-validator
* Fix typo in transaction-type argument in rt-crontool docs (thanks
  Rob Lister!)
* Fix 'pririty' typo in RT_Config.pm.in (thanks NReilingh!)
* Update rt-crontool documentation with multiple action example
* Fix "Reffered" typo in metadata doc (thanks NReilingh!)
* Fix 'followoing' typo in docs (thanks NReilingh!)
* Add upgrade note for $EmailDashboardInlineCSS option for dashboard
* Update Query Builder documentation with Dynamic Filtering and Sorting
* Update docs to remove references to UNIVERSAL::require
* Add docs for user-visible permalink features
* Document steps to generate initialdata changes file


* Treat RT::System-Role the same as other roles in ACL initialdata
* Use name for custom role groups in ACL
* Don't default Name to EmailAddress in LoadOrCreateByEmail
* Add SLA to args CreateTickets accepts
* Log recorded SQL statements, even without CurrentUser; allows
  StatementLog to function when invoked in places where there may not
  be a current user (such as the CLI)
* Remove state criteria for invalid utf8 error warnings (MySQL and
* Rewind uploaded file after reading (thanks elacour!)
* Support arbitrary user names in .rt_sessions
* Port RT UI to use new LabeledValue component
* Bring Asset Search rendering back to the status-quo-ante
* Encode content for textual "message/..." attachments
* Set MasonLocalComponentRoot via RT->Config->Set so apache can see it
* Exempt some format strings from HTML::Gumbo structure check
* Do not check acl when auto-setting core date fields (thanks elacour!)
* Ignore disabled lifecycles when validating mappings
* Require LDAPImport after init, allowing overlays for RT::LDAPImport
* Wrap direct SQL in rights checks to SearchBuilder's SimpleQuery to
  log SQL when StatementLog is enabled
* Don't duplicate system object in EquivObjects on system rights check
* Allow RegisterLookupType to provide options besides just FriendlyName
* Clear old data when registering custom roles
* Relax requirements about role names to be unique for each lookup type
* Convert OR'd role group names in ticket ACL check to IN for better
* Skip existing catalog role groups on import
* Serialize OldValue/NewValue to user references in SetWatcher/SetOwner
* Clear unneeded anchors and HTML comments
* Don't error if users4 index has been removed
* Pass multiple Order/OrderBy values as array references
* Pass datetime in UTC as LastUpdated is stored that way
* Convert to preferred constructor for Data::Page
* Clean up duplicated widget arguments
* Add ValidationHint column for CustomFields table
* Convert $cf->FriendlyPattern to use ValidationHint
* Respect env variable "RT_DATABASE_QUERY_TIMEOUT" on database connect
* Add JOIN criteria for transaction searches to improve performance
* Simplify setting the redirect URL on logout
* Add helper methods on Class for article display settings
* Add pass-through methods for class-level display flags
* Convert Preformatted template to use new article API
* Update /SelfService/Article/Display.html to new API
* Page users to save memory in case there are too many records
* Include referenced queues/catalogs only for active/inactive status
* Convert "OR" clauses in transactions/assets searches to "IN" for
  better performance
* Replace CSS::Inliner->require with RT::StaticUtil::RequireModule
* Combine search and count for search result pages (if possible) to
  improve performance
* Combine search and count for saved searches on dashboards (if
  possible) for better performance
* Abstract GetStylesheet for web
* Refactor code to build search filter metadata in Header instead
* Calculate search filter modal content's max-height accurately
* Fix limit parameter for shredder URL on search pages
* Switch to POST method for search chart and refresh forms
* Add missing Class/ObjectType params to refresh form on search results
* Default query to "id > 0" like other chart elements for ChartTable
* Provide a way to update config immediately in tests
* Disable legacy Table settings for asset date custom fields
* Suppress uninitialized value warnings seen in config history
* Exclude empty keys from search fields for saved charts
* Convert ticket link graph generator to GraphViz2
* No need to sync attribute links in PostInflateFixup
* No need to create transactions in PostInflateFixup
* Fix typo in DefaultDashboard handling of PostInflateFixup
* Import dashboards/savedsearches/subscriptions/prefs/bookmarks for
  merged users
* Add method to load an object based on a custom field value
* Directly use passed in $Default as label if it is already string
* Do not set SavedSearchId to chart search id
* Add system CurrentUserCanSee to make transaction's CurrentUserCanSee
* Provide a simple framework for showing user messages
* Fall back priority to the first value in %PriorityAsStringMapping
* Use name for custom role groups in ACL
* Treat RT::System-Role the same as other roles in ACL initialdata
* Ignore disabled lifecycles when validating mappings

A complete changelog is available from git by running:
    git log rt-5.0.3..rt-5.0.4
or visiting