RTIR: RT for Incident Response

RTIR 5.0.3 Release Notes

RTIR 5.0.3 - 2022-07-13

RTIR 5.0.3 is now available for general use. The list of changes
included with this release is below. In addition to the new features
and bug fixes listed below, this release contains security fixes.
When upgrading RTIR, you should also upgrade RT to version 5.0.3 for
compatibility with this release and to get security updates in RT.

Note that there was no RTIR 5.0.2 public release.


SHA-256 sums

3f59e713cb439f33b3abbcc18226ee6ab9f782a3607317e0529e72dbe443f89f  RT-IR-5.0.3.tar.gz
9b6b0610492443fb0f0abb7d945276e4fe6b1eceab43e240757a11ba162c3741  RT-IR-5.0.3.tar.gz.asc


The following security issues are fixed in this release. Thanks to the
Polish Financial Supervision Authority IT Security Department (UKNF)
for reporting these issues.

* RTIR's Whois lookup tool is vulnerable to server-side request forgery (SSRF).
It accepts queries in a way that could allow sending requests from the RTIR
server to a resource other than the intended whois server. Because the request
comes from the RTIR server, this could allow access to otherwise protected
resources. This vulnerability is assigned CVE-2022-25800.

* RTIR's Scripted Action tools is vulnerable to server-side request forgery
(SSRF) similar to the one described above. This vulnerability is assigned

General Updates and Fixes

* Migrate RTIR homepage to dashboard
* Update ticket search value quoting to align with new RT search options
* Support to hide unset fields on display pages
* Remove the yellow border in warning message box
* Add UPGRADING note about the change to dashboard RTIR homepage
* Support to configure RTIR homepage globally
* Add UPGRADING note about the global "RTIR at a glance" configuration page
* Add tooltip to select incident text input if it's below the label
* Skip default "Content" custom field when inserting articles from "Templates"
* Replace discontinued Security Focus feed with Full Disclosure
* Document deselecting the Content CF
* Extract IP from more attachments if main content doesn't have any.
* Allow users to comment on Incidents when resolving
* Add the missing "?" delimiter for "New ..." menu links on FromIncident page
* Add Custom Field "CVE ID" to keep track of CVE
* Add CVE widget to show info from nvd.nist.gov
* Extract CVE IDs from content
* Add upgrading notes for CVE ID
* Add ticket id info to "Back to ..." search page menus
* Migrate plain checkboxes to bootstrap's custom-checkbox for consistency
* Make ticket updates atomic on edit page
* Document atomic change in Upgrading doc
* Update TimeWorked for incident only on incident reply/resolve pages
* Document changes to message and time processing


* Add maps from default to/from RTIR lifecycles
* Update tests for the migration of Homepage => dashboard
* Add callbacks to the feed listing and display pages
* Add necessary callbacks for MandatoryOnTransition
* Load queue object in GetRTIRDefaultQueue to make sure it's valid and visible
* Add tests for default RTIR queue rights check
* Add EndOfBasics callback to ticket display pages
* Test IP extraction from more attachments
* Test CVE ID extraction
* Call ProcessUpdateMessage first to update TimeWorked on incident display page

A complete changelog is available from git by running:
    git log 5.0.1..5.0.3
or visiting