RT 4.0.7rc1 Released

I’m happy to announce that RT 4.0.7rc1 is now available for testing.


SHA1 sums

02eb27678f005543a1c4aa6a5d0a94e1d6ecfbe4 rt-4.0.7rc1.tar.gz
3dcbbbdea0653ed91d2e6862fbfc202d16772daa rt-4.0.7rc1.tar.gz.sig

This release contains a number of bugfixes since the 4.0.6 release.
In particular, we have adjusted the CSRF warning for a few pages based
on user feedback.

This release bumps dependencies on Email::Address, FCGI and IPC::Run so
please make sure to run ‘make testdeps’ and if required
‘make fixdeps’ before upgrading. Running ‘make upgrade’ will also
check your installed versions for errors.


  • Bump the FCGI dependency to one which closes CVE-2011-2766
    The 4.0 series did not specify a minimum FCGI version and it’s
    possible that a vulnerable release of the perl FCGI module was
    installed when you set up an earlier release of 4.0.x


  • Allow specification of your CSRF Whitelist Referrer using *.example.com
  • Allow searching for tickets associated with articles using a:42
  • Upgrade our Date/Time picker JS, allow unsetting of CFs
  • Improve display of circularly linked tickets
  • Optimize the large table changes between 3.2 and 3.4 for MySQL
  • Provide a better error if your CreateTickets template is malformed
  • Add the ExtractTicketId function to make customizing ticket id
    matching easier


  • Don’t trust emails that claim to be UTF-8, convert it to UTF-8 before storing
  • Fix a shredder bug when deleting a user and replacing it with another user
  • Remove CSRF restrictions on search results page
  • Ensure that TransactionBatch scrips always run in the RT::System
    context rather than having some sub-objects in the original user’s
  • Better display of multipart/related mail
  • Remove some warnings when running under Perl 5.16
  • Better errors when viewing approvals without rights
  • Bring back rounded corners on FireFox >= 13 by using the standard
    border-radius property
  • $Users->LimitCustomField now ignores disabled ObjectCustomFieldValues
    properly (same for other non-ticket objects).
  • Versions of IPC::Run < 0.90 could truncate labels on charts that
    contain UTF-8 characters
  • Fix a rendering issue where certain emails would cause the history to
    render progressively more staggered to the right
  • Make owner:falcone and owner:falcone@example.com work
  • CF.{Foo} TicketSQL searches are now case insensitive on Pg and Oracle
  • Tickets with Unicode subjects created through the Web UI could end up
    being corrupted on reply because of other headers passed to MIME::Head
  • Ignore DECRYPTION_INFO from GnuPG 1.4.12
  • Record LastUpdated(By) on Scrips
  • Simple Search now handles Custom Fields with dashes
  • Remove another hardcoded use of ‘resolved’ in the mailgate unsafe actions
  • When deleting dashboards, also delete subscriptions
  • Fix rendering of links from bin/rt
  • Don’t allow ticket creation if your REST form contains an unknown field
  • Skip users with empty email addresses in autocompletion
  • Loosen our detection of mobile browser to search for the word ‘mobile’
  • Don’t provide a charset on download of binary attachments
  • Fix UseSideBySideLayout to not be cached across users
  • Ensure that article searches are case insensitive
  • QueueSummaryByStatus now uses the improved code from QueueSummaryByLifecylcle

A complete changelog is available from git by running
git log rt-4.0.6..rt-4.0.7rc1
or visiting

although they will not load all of the commits.