RTIR: RT for Incident Response

RTIR 5.0.6 Release Notes

RTIR 5.0.6 - 2024-05-06
=======================

RTIR 5.0.6 is now available for general use. The list of changes
included with this release is below. When upgrading RTIR, you should
also upgrade RT to version 5.0.6 for compatibility with this release and
to get new features and fixes in RT.

Note that there was no RTIR 5.0.5 public release.

https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.6.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.6.tar.gz.asc

SHA-256 sums

95810631c7f9dde58744d3bd9e9a8c9602b48d64d3c763032e6c4f7ac16b4848  RT-IR-5.0.6.tar.gz
ad6380624307a853e9b5cc37df08ba32f5c5d15235d74dc8d18ac17a5c28bf3a  RT-IR-5.0.6.tar.gz.asc

Strict Browser Cache Configuration Option

CVE-2024-3262 describes previously viewed pages being stored in the
browser cache, which is the typical default behavior of most browsers to
enable the "back" button. Someone who gains access to a host computer could
potentially view ticket data using the back button, even after logging out
of RT. The CVE specifically references RT version 4.4.1, but this behavior
is present in most browsers viewing all versions of RT before 5.0.6.

RT 5.0.6 adds a new configuration option, $WebStrictBrowserCache, which
instructs the browser not to cache page content from RT. If you run RT,
including RTIR, with highly sensitive ticket data, you can enable this new
option to prevent browser caching. The default is still disabled, to
allow for normal browser functionality, so you need to enable this option
to run with the new feature.

This new option is implemented in RT 5.0.6, so you need to upgrade RT to
use the feature. As noted above, it's always recommended to upgrade both
RT and RTIR to keep them on compatible versions.

General Updates and Fixes

* Support to show assets on create/display
* Migrate CVE API of NVD to version 2.0
* Selectize user email inputs on create pages
* Document WebStrictBrowserCache in RTIR config

Internals

* Implement incident with simultaneous investigation creation test
* Build from new RT 5.0.4 image
* Disable buildkit to continue using the local network feature
* Update tests to remove the extra space from generated SQL
* Update testing docker image to Debian bullseye


A complete changelog is available from git by running:
    git log 5.0.4..5.0.6
or visiting
    https://github.com/bestpractical/rtir/compare/5.0.4...5.0.6