RTIR: RT for Incident Response

RTIR 4.0.3 Release Notes

RTIR 4.0.3 - 2022-07-13

RTIR 4.0.3 is now available, primarily providing bug fixes. The list of
changes included with this release is below. In addition to the
bug fixes listed below, this release contains security fixes.
When upgrading RTIR, you should also upgrade RT to version 4.4.6 for
compatibility with this release and to get security updates in RT.


SHA-256 sums

2c6a57ff0da877f40b81d7d24c27609d350251ecfa97534e6657349a14bf10aa  RT-IR-4.0.3.tar.gz
a9ed2484fe64ab3e12380e055659b7bdb9c743619e5d2d77883b5709c8ccd944  RT-IR-4.0.3.tar.gz.asc


The following security issues are fixed in this release. Thanks to the
Polish Financial Supervision Authority IT Security Department (UKNF)
for reporting these issues.

* RTIR's Whois lookup tool is vulnerable to server-side request forgery (SSRF).
It accepts queries in a way that could allow sending requests from the RTIR
server to a resource other than the intended whois server. Because the request
comes from the RTIR server, this could allow access to otherwise protected
resources. This vulnerability is assigned CVE-2022-25800.

* RTIR's Scripted Action tools is vulnerable to server-side request forgery
(SSRF) similar to the one described above. This vulnerability is assigned

General Updates and Fixes

* Fix squelching functionality on update page
* Remove unavailable TrustedSource.org from $RTIRIframeResearchToolConfig

A complete changelog is available from git by running:
    git log 4.0.2..4.0.3
or visiting