RT 3.8.8 Released

We are happy to announce that RT 3.8.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz.sig

SHA1 sums

be3ac598dcbf584f9bcd9a49248a9ccd3affb330 rt-3.8.8.tar.gz
fd2e1c570a7699f3a19c1101764fb5891ed42c17 rt-3.8.8.tar.gz.sig

This release contains several new features as well as a number of
code quality improvements, bug fixes and new configuration options.

In particular, we’d like to thank Aaron Sigel for security auditing work
which led directly to a number of security improvements in this release.

Noticeable features and improvements in this release include:

• Improvements to default Chart fonts and colors
  New Hourly grouping options
  Optional support for handling chart timezones in your database
• You can now interleave global and queue level custom fields
  for display
• RSS feeds are available using an auth string rather than credentials
  RT’s RSS feeds should now work in significantly more feed readers
• RTAddressRegexp improvements to prevent users from adding an RT
  address as a watcher on a ticket
• Admin UI improvements, including the new AdminSearchResultFormat
  config option
• Your current password is now required to change a password via RT’s web
  interface
• New web handler: bin/fastcgi_server which allows you to run RT
  as a FastCGI external server
• Refactored Elements/ShowUser so it’s easer to add custom
  formats.
• Printed views of RT tickets should now be somewhat more visually pleasing
• RT now uses less memory when building the First/Prev/Next/Last links
  for the result of a big ticket search
• New config options: AttachmentUnits, AlwaysDownloadAttachments,
  DefaultMailPrecedence, DefaultErrorMailPrecedence,
  MessageBoxIncludeSignature*, UseOriginatorHeader and
  LogoutRefresh. See RT_Config.pm for more information on these and
  other configuration options.

A more complete changelog is available below.

Ruslan.

NEW FEATURES AND MAJOR CHANGES

• Aaron Sigel performed a security audit of RT and pointed out
  a number of potential improvements which have been addressed

• Charts improvements

  • Time-based charts can now show “hourly” goupings.
  • ChartFont option is now hash with font per language.
  • Two default fonts are shipped with RT to cover most
    supported languages.
  • The table of chart results now contains links to tickets
    matching a given row.
  • Timezones support, but protected with config option.
  • Better scaling of Y axis.
  • X axis labels are now vertical if there is not enough
    space to display them horizontally.

• RTAddressRegexp option improvements

  • No default value anymore.
  • If no value is set then RT will attempt to calculate the right value
    from the user-defined queue addresses.
  • On create/update/people pages RT now checks addresses
    users enter and stop users from entering known
    addresses for RT queues.

• Admin UI improvements

  • Improved display of the “About this RT” page.
  • More pages in the Admin UI have been switched to generic
    code to list objects (like tickets in search results)
  • Display formats for these objects are now configurable
    in the config file (%AdminSearchResultFormat)
  • More columns in column maps for objects other than
    tickets.

• Custom fields ordering and application improvements

  • Queue specific custom fields now can be placed above
    global, below or even in the middle. Order of global
    custom fields stays the same in all queues, but a custom
    field that is applied to particular queues can be placed
    differently in each queue.
  • Make it possible to apply a CF globally from ‘Applies To’
    page.
  • RT no longer allows you to apply a CF globally and to queues
    at the same time. When CF is applied globally it is
    un-applied from specific queues first.

• Refactored simple (googleish) search

  • new options in the config to control defaults
  • new keywords to search for particular things

• RSS feeds now contain embedded single-query authentication strings

• We’ve Introduced a config option to prevent adding the
  RT-Originator header in outgoing mails.

• New MessageBoxIncludeSignature* options

• LogoutRefresh config option to control how long to wait
  before going back to login

• New config option for AttachmentUnits

• New config option for AlwaysDownloadAttachments

• RT now requires your current password to change any password

• Improved LinkValueTo and returned back functionality

  • if LinkValueTo starts with CustomField then don’t
    escape it, but make sure it’s not a JS link
  • escape links using HTML escaping
  • don’t wrap into with empty href if link is empty

• Added DefaultMailPrecedence and DefaultErrorMailPrecedence
  config options

• Squelch watchers on update. This makes doing silent
  Updates possible

• New web handler: bin/fastcgi_server

• Refactored Elements/ShowUser so it’s easy to add custom
  formats. Several performance improvements in this code.

• MERGE_CACHE to cache information about merged tickets and
  lower logs and DB impact on re-checks

• Made NotifyActor into a User Preference

• If the MIME entity has header X-RT-Squelch, do not send
  the message

• Improved print layouts

• Serve images in js and css dirs as static files,
  so browsers cache them more agressively

• Added HasAttribute and HasNoAttribute to TicketSQL

• New faster and less memory hungry TicketsMaps - First, Prev,
  Next and Last links when you view tickets from the current
  search. Size is now limited by a new config option. Floating
  window is used to build the links.

We are happy to announce that RT 3.8.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz.sig

SHA1 sums

be3ac598dcbf584f9bcd9a49248a9ccd3affb330 rt-3.8.8.tar.gz
fd2e1c570a7699f3a19c1101764fb5891ed42c17 rt-3.8.8.tar.gz.sig

This release contains several new features as well as a number of
code quality improvements, bug fixes and new configuration options.

CLEANUPS AND SMALL IMPROVEMENTS

• Updated doc/Security with more modern security tips
• Made the plaintext mono feature work in IE.
• Better timezone handling in Tools/Reports/ResolvedByDates.html
• Make sure we don’t serve files outside RT’s paths
• Additional checks to make sure that credentials
  are sent to RT on Login
• Moved CustomField column map from tickets’ to generic
• Make height, width, href and alt of the logo configurable

We are still having problems getting a custom logo to display with the
web2 style sheet, as we reported a while back, see:

http://issues.bestpractical.com/Ticket/Display.html?id=13964

I updated our web2 style sheet patch to touch only the logo bits and
tested it with 3.8.8, see attached. Should I (re)open a ticket?

~Jason

/------------------------------------------------------------------
| Jason A. Smith Email: smithj4@bnl.gov |
| Atlas Computing Facility, Bldg. 510M Phone: +1-631-344-4226 |
| Brookhaven National Lab, P.O. Box 5000 Fax: +1-631-344-7616 |
| Upton, NY 11973-5000, U.S.A. |
------------------------------------------------------------------/

rt-3.8.8-web2-style-sheet-logo.patch (526 Bytes)

smime.p7s (3.88 KB)

We are happy to announce that RT 3.8.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz.sig

SHA1 sums

be3ac598dcbf584f9bcd9a49248a9ccd3affb330 rt-3.8.8.tar.gz
fd2e1c570a7699f3a19c1101764fb5891ed42c17 rt-3.8.8.tar.gz.sig

This release contains several new features as well as a number of
code quality improvements, bug fixes and new configuration options.

In particular, we’d like to thank Aaron Sigel for security auditing work
which led directly to a number of security improvements in this release.

Noticeable features and improvements in this release include:

• Improvements to default Chart fonts and colors
  New Hourly grouping options
  Optional support for handling chart timezones in your database
• You can now interleave global and queue level custom fields
  for display
• RSS feeds are available using an auth string rather than credentials
  RT’s RSS feeds should now work in significantly more feed readers
• RTAddressRegexp improvements to prevent users from adding an RT
  address as a watcher on a ticket
• Admin UI improvements, including the new AdminSearchResultFormat
  config option
• Your current password is now required to change a password via RT’s web
  interface
• New web handler: bin/fastcgi_server which allows you to run RT
  as a FastCGI external server
• Refactored Elements/ShowUser so it’s easer to add custom
  formats.
• Printed views of RT tickets should now be somewhat more visually pleasing
• RT now uses less memory when building the First/Prev/Next/Last links
  for the result of a big ticket search
• New config options: AttachmentUnits, AlwaysDownloadAttachments,
  DefaultMailPrecedence, DefaultErrorMailPrecedence,
  MessageBoxIncludeSignature*, UseOriginatorHeader and
  LogoutRefresh. See RT_Config.pm for more information on these and
  other configuration options.

A more complete changelog is available below.

Ruslan.

NEW FEATURES AND MAJOR CHANGES

• Aaron Sigel performed a security audit of RT and pointed out
  a number of potential improvements which have been addressed

• Charts improvements

  • Time-based charts can now show “hourly” goupings.
  • ChartFont option is now hash with font per language.
  • Two default fonts are shipped with RT to cover most
    supported languages.
  • The table of chart results now contains links to tickets
    matching a given row.
  • Timezones support, but protected with config option.
  • Better scaling of Y axis.
  • X axis labels are now vertical if there is not enough
    space to display them horizontally.

• RTAddressRegexp option improvements

  • No default value anymore.
  • If no value is set then RT will attempt to calculate the right value
    from the user-defined queue addresses.
  • On create/update/people pages RT now checks addresses
    users enter and stop users from entering known
    addresses for RT queues.

• Admin UI improvements

  • Improved display of the “About this RT” page.
  • More pages in the Admin UI have been switched to generic
    code to list objects (like tickets in search results)
  • Display formats for these objects are now configurable
    in the config file (%AdminSearchResultFormat)
  • More columns in column maps for objects other than
    tickets.

• Custom fields ordering and application improvements

  • Queue specific custom fields now can be placed above
    global, below or even in the middle. Order of global
    custom fields stays the same in all queues, but a custom
    field that is applied to particular queues can be placed
    differently in each queue.
  • Make it possible to apply a CF globally from ‘Applies To’
    page.
  • RT no longer allows you to apply a CF globally and to queues
    at the same time. When CF is applied globally it is
    un-applied from specific queues first.

• Refactored simple (googleish) search

  • new options in the config to control defaults
  • new keywords to search for particular things

• RSS feeds now contain embedded single-query authentication strings

• We’ve Introduced a config option to prevent adding the
  RT-Originator header in outgoing mails.

• New MessageBoxIncludeSignature* options

• LogoutRefresh config option to control how long to wait
  before going back to login

• New config option for AttachmentUnits

• New config option for AlwaysDownloadAttachments

• RT now requires your current password to change any password

• Improved LinkValueTo and returned back functionality

  • if LinkValueTo starts with CustomField then don’t
    escape it, but make sure it’s not a JS link
  • escape links using HTML escaping
  • don’t wrap into with empty href if link is empty

• Added DefaultMailPrecedence and DefaultErrorMailPrecedence
  config options

• Squelch watchers on update. This makes doing silent
  Updates possible

• New web handler: bin/fastcgi_server

• Refactored Elements/ShowUser so it’s easy to add custom
  formats. Several performance improvements in this code.

• MERGE_CACHE to cache information about merged tickets and
  lower logs and DB impact on re-checks

• Made NotifyActor into a User Preference

• If the MIME entity has header X-RT-Squelch, do not send
  the message

• Improved print layouts

• Serve images in js and css dirs as static files,
  so browsers cache them more agressively

• Added HasAttribute and HasNoAttribute to TicketSQL

• New faster and less memory hungry TicketsMaps - First, Prev,
  Next and Last links when you view tickets from the current
  search. Size is now limited by a new config option. Floating
  window is used to build the links.

Ruslan,

In this announcement, I saw a reference to “* Process custom fields in
ModifyDates.html” and I was wondering if this means that we can now create a
CF in DATE format?

Also one other question: When we were in 3.6.4, the “category” for a
Custom Field would show in the “Modify Ticket” screen. This allowed a user
to select the category from a drop-down tab and thereby shorten the
listof available values to choose from for that CF. This hasn’t been
working in
3.8.7. Is that now fixed as well?

Thanks a bunch for your time.

Kenn
LBNLOn Fri, May 7, 2010 at 9:48 AM, Ruslan Zakirov ruz@bestpractical.comwrote:

We are happy to announce that RT 3.8.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz.sig

SHA1 sums

be3ac598dcbf584f9bcd9a49248a9ccd3affb330 rt-3.8.8.tar.gz
fd2e1c570a7699f3a19c1101764fb5891ed42c17 rt-3.8.8.tar.gz.sig

This release contains several new features as well as a number of
code quality improvements, bug fixes and new configuration options.

In particular, we’d like to thank Aaron Sigel for security auditing work
which led directly to a number of security improvements in this release.

Noticeable features and improvements in this release include:

• Improvements to default Chart fonts and colors
  New Hourly grouping options
  Optional support for handling chart timezones in your database
• You can now interleave global and queue level custom fields
  for display
• RSS feeds are available using an auth string rather than credentials
  RT’s RSS feeds should now work in significantly more feed readers
• RTAddressRegexp improvements to prevent users from adding an RT
  address as a watcher on a ticket
• Admin UI improvements, including the new AdminSearchResultFormat
  config option
• Your current password is now required to change a password via RT’s web
  interface
• New web handler: bin/fastcgi_server which allows you to run RT
  as a FastCGI external server
• Refactored Elements/ShowUser so it’s easer to add custom
  formats.
• Printed views of RT tickets should now be somewhat more visually
  pleasing
• RT now uses less memory when building the First/Prev/Next/Last links
  for the result of a big ticket search
• New config options: AttachmentUnits, AlwaysDownloadAttachments,
  DefaultMailPrecedence, DefaultErrorMailPrecedence,
  MessageBoxIncludeSignature*, UseOriginatorHeader and
  LogoutRefresh. See RT_Config.pm for more information on these and
  other configuration options.

A more complete changelog is available below.

Ruslan.

NEW FEATURES AND MAJOR CHANGES

• Aaron Sigel performed a security audit of RT and pointed out
  a number of potential improvements which have been addressed

• Charts improvements

  • Time-based charts can now show “hourly” goupings.
  • ChartFont option is now hash with font per language.
  • Two default fonts are shipped with RT to cover most
    supported languages.
  • The table of chart results now contains links to tickets
    matching a given row.
  • Timezones support, but protected with config option.
  • Better scaling of Y axis.
  • X axis labels are now vertical if there is not enough
    space to display them horizontally.

• RTAddressRegexp option improvements

  • No default value anymore.
  • If no value is set then RT will attempt to calculate the right value
    from the user-defined queue addresses.
  • On create/update/people pages RT now checks addresses
    users enter and stop users from entering known
    addresses for RT queues.

• Admin UI improvements

  • Improved display of the “About this RT” page.
  • More pages in the Admin UI have been switched to generic
    code to list objects (like tickets in search results)
  • Display formats for these objects are now configurable
    in the config file (%AdminSearchResultFormat)
  • More columns in column maps for objects other than
    tickets.

• Custom fields ordering and application improvements

  • Queue specific custom fields now can be placed above
    global, below or even in the middle. Order of global
    custom fields stays the same in all queues, but a custom
    field that is applied to particular queues can be placed
    differently in each queue.
  • Make it possible to apply a CF globally from ‘Applies To’
    page.
  • RT no longer allows you to apply a CF globally and to queues
    at the same time. When CF is applied globally it is
    un-applied from specific queues first.

• Refactored simple (googleish) search

  • new options in the config to control defaults
  • new keywords to search for particular things

• RSS feeds now contain embedded single-query authentication strings

• We’ve Introduced a config option to prevent adding the
  RT-Originator header in outgoing mails.

• New MessageBoxIncludeSignature* options

• LogoutRefresh config option to control how long to wait
  before going back to login

• New config option for AttachmentUnits

• New config option for AlwaysDownloadAttachments

• RT now requires your current password to change any password

• Improved LinkValueTo and returned back functionality

  • if LinkValueTo starts with CustomField then don’t
    escape it, but make sure it’s not a JS link
  • escape links using HTML escaping
  • don’t wrap into with empty href if link is empty

• Added DefaultMailPrecedence and DefaultErrorMailPrecedence
  config options

• Squelch watchers on update. This makes doing silent
  Updates possible

• New web handler: bin/fastcgi_server

• Refactored Elements/ShowUser so it’s easy to add custom
  formats. Several performance improvements in this code.

• MERGE_CACHE to cache information about merged tickets and
  lower logs and DB impact on re-checks

• Made NotifyActor into a User Preference

• If the MIME entity has header X-RT-Squelch, do not send
  the message

• Improved print layouts

• Serve images in js and css dirs as static files,
  so browsers cache them more agressively

• Added HasAttribute and HasNoAttribute to TicketSQL

• New faster and less memory hungry TicketsMaps - First, Prev,
  Next and Last links when you view tickets from the current
  search. Size is now limited by a new config option. Floating
  window is used to build the links.

CLEANUPS AND SMALL IMPROVEMENTS

• Updated doc/Security with more modern security tips
• Made the plaintext mono feature work in IE.
• Better timezone handling in Tools/Reports/ResolvedByDates.html
• Make sure we don’t serve files outside RT’s paths
• Additional checks to make sure that credentials
  are sent to RT on Login
• Moved CustomField column map from tickets’ to generic
• Make height, width, href and alt of the logo configurable
• Load as much as possible when a web-handler with forks
  is used, this increase memory sharing across processes
• A link provided for approvals templates to whoever worked
  the approval
• Global WebRequestPath and WebRequestPathDir
  column map entries
• Process custom fields in ModifyDates.html
• Handle Ccs and AdminCcs of the queue in SkipNotification
  feature
• Sort callbacks within a root only, respect plugins
  order
• Add some wording to the check boxes on the reply pages
• Reduce whitespace on bottom of boxes as was earlier
• Use smaller margin for reminders display to save space
• Use a reasonable length for scrip descriptions
• Removed a lie about RT CLI still being “unsupported”
• User friendlier errors handling thrown by Calendar::Simple
• Split some CSS from themes into base/xxx.css
• Googleish search was making incorrect assumptions
  about RT::User and RT::Group’s Load function
  returning a boolean not a list. This was throwing
  (harmless, but ugly) errors.
• Don’t apply order on collections if sorting is not
  allowed
• Removed the “URL” parameter to ‘Logout’ as it had no
  legitimate use.
• make instal and testdeps tests to avoid some versions
  of modules that are known to be buggy or incompatible,
  for example DBD::Oracle 1.23

BUG FIXES

• properly use AND/OR when content is searched and
  DontSearchFileAttachments option is enabled
• Make sure Merge only possible when user has Modify
  right on both tickets
• Fixes for UseSQLForACLChecks option, it was possible
  to construct a query and see tickets an user has no
  right to see. Lots of tests have been added to make
  sure it wouldn’t happen again.
• SQL used for ACL checks has been refactored to get
  more effective queries. Especially when list of
  potential owners is built for the query builder.
• Unified API for tables with disabled column and
  fixes when ->Count could return bigger value
  when some CFs are disabled.
• I18N was transcoding attachments to UTF-8 one line
  at a time. This doesn’t work at all for UTF-16 and
  probably other encodings.
• Fixed encoding problem when loading a dump file
  produced by rt-dump-database.
• A closing
was missing in PreviewScrips comp
• Fixed config loading when Fcntl module or other exporting
  symbols is loaded. Load was failing with “Not a SCALAR
  reference” error.
• Returned back effective SQL when searching by CFs with
  = or != operator
• Fixed error on login when user make mistake in password
  and he entered character out of ASCII range.
• Honor a user’s MessageBoxRichTextHeight setting
• Fixed query builder behaviour with NULLs and ‘’ (empty values)
• Fixed potential information loose on incorrect GnuPG mails
• Fixed display-all-rows in Dashboards
• Fixed JS escaping issues
• Set context object in OCFV::CustomFieldObj
• Sessions ended up in /tmp/ in some cases
• Fixed safe_run_child when code dies between fork and exec,
  deals with “mysql server has gone away” error
• fix Jumbo reloading and losing message content
• Stop infinite looping when you have global custom
  fields and no Queue restriction
• Fixed sorting of custom fields in Results.tsv
• Set of fixes for Unicode characters in emails
  and tests covering these changes
• Don’t create handles we don’t need, we can hit limit
• Prevent servers using GnuPG from running out of file handles

TRANSLATION

Updates merged from launchpad and two new languages: nn.po
and pt_PT.po. Thanks to all contributors.

CALLBACKS

• AboutThisUser in ShowPeople box
• Between the GnuPG and message rows
• AfterSubject
• Before and After CustomFields
• Before and After TransactionCustomFields
• AfterAddress in PreviewScrips
• At the top of ticket summary columns
• For adding links for attachment downloads
• At the bottom of the logout box
• Pass more information to the FormStart callback
  in Ticket/Update.html
• AfterMessageBox on ticket create page
• ShowTransaction/AfterAnchor
• In EditDates and ShowDates
• Pass a reference to the signature in MessageBox’s callback
• For inserting text after the transaction’s description
• AfterUpdateType in Jumbo.html and Update.html

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

In this announcement, I saw a reference to “* Process custom fields in ModifyDates.html” and I
was wondering if this means that we can now create a CF in DATE format?

No

Also one other question: When we were in 3.6.4, the “category” for a Custom Field would show
in the “Modify Ticket” screen. This allowed a user to select the category from a drop-down tab
and thereby shorten the list of available values to choose from for that CF. This hasn’t been
working in 3.8.7. Is that now fixed as well?

Have you run the upgrade scripts to use the new linked CFs?
This works fine for plenty of people in 3.8

-kevin

Kevin,

Actually, not that I know of. I don’t remember a reference in the README.
I’ll take a look again to see if I can find them. Thanks.

Kenn
LBNLOn Thu, May 20, 2010 at 6:42 PM, Kevin Falcone falcone@bestpractical.comwrote:

On Fri, May 07, 2010 at 03:02:27PM -0700, Kenneth Crocker wrote:

In this announcement, I saw a reference to “* Process custom fields in
ModifyDates.html” and I
was wondering if this means that we can now create a CF in DATE
format?

No

Also one other question: When we were in 3.6.4, the “category” for a
Custom Field would show
in the “Modify Ticket” screen. This allowed a user to select the
category from a drop-down tab
and thereby shorten the list of available values to choose from for
that CF. This hasn’t been
working in 3.8.7. Is that now fixed as well?

Have you run the upgrade scripts to use the new linked CFs?
This works fine for plenty of people in 3.8

-kevin

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com