RT 4.0.8 contains important security fixes, in addition to bugfixes.
http://download.bestpractical.com/pub/rt/release/rt-4.0.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.8.tar.gz.sig
SHA1 sums
7be074e86929c69b4f17d10503646ff070f7fa3b rt-4.0.8.tar.gz
7ee1ecf25a99472d0d75665ed577941cb94c64e7 rt-4.0.8.tar.gz.sig
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2012-4730,
CVE-2012-4731, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735, and
CVE-2012-4884.
Bugfixes
- Custom Fields BasedOn can be set from intialdata again.
- Fix the 3.8.4 NotifyGroup upgrade script to properly join notification
groups with a comma. - Correct the use of the ‘approved’ state from Lifecycles. It is now
used only when all approvals are completed. - Use database-level row locking to ensure that scrips do not suffer
from race conditions with scrips from other processes. - Remove multiple slashes so that page menus display and the active item
is correctly highlighted. - Improve MaxAttachmentSize documentation.
- Ensure that ticket links in the iCal feed are CSRF whitelisted.
Features
- New alias validator sbin/rt-validate-aliases which helps keep RT and
/etc/aliases in sync. - Add support for GPG mails in inline format (PGP partitioned encoding)
that are also encoded for transfer with Base64 or quoted printable. - Add a BeforeLocalization callback to message headers.
- If you have DBIx::SearchBuilder 1.62 or higher and are using full
text indexing on Pg or Oracle, rt-fulltext-indexer uses a faster query
to find unindexed attachments.
Developer
- Add rt-apache for running a test instance of apache.
- Add the rt-static-docs tool for generating HTML versions of our docs.
A complete changelog is available from git by running
git log rt-4.0.7…rt-4.0.8
or visiting
- Alex
rt-announce mailing list
rt-announce@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce