RT 3.8.11rc1 released

RT Developers
1

I’m happy to announce that RT 3.8.11rc1 is now available for testing.

http://download.bestpractical.com/pub/rt/devel/rt-3.8.11rc1.tar.gz
http://download.bestpractical.com/pub/rt/devel/rt-3.8.11rc1.tar.gz.sig

SHA1 sums

26670db2d7e4acedfb6c6b859572483e204c9865 rt-3.8.11rc1.tar.gz
0bfa1af85f766804a5b81bf68adef36e2ebe69fe rt-3.8.11rc1.tar.gz.sig

This release contains a number of bugfixes and minor security updates
since the 3.8.10 release, most notably:

  • Adjust FCGI dependency to one which resolves FCGI’s CVE-2011-2766

  • New WebHttpOnlyCookies option, enabled by default, which hides RT’s
    cookie from direct Javascript access.

  • Compatibility with perl 5.14, by removing deprecated “for qw(…)”
    syntax.

  • MySQL 5.5 compatibility, by specifying ENGINE=InnoDB rather than
    TYPE=InnoDB

  • Ensure that RT::Interface::Web’s _Overlay, _Local, and _Vendor files
    are loaded correctly.

  • Fix session cleaner for on-disk sessions, broken since 3.8.0.

  • Ensure that only one “Based on” attribute is stored for each custom
    field.

  • Fix the loading of Shredder plugins, broken in 3.8.10.

A complete changelog is available from git by running git log rt-3.8.10..rt-3.8.11rc1 on the 3.8.11-releng branch.

  • Alex