RT 4.0.9rc1 available for testing

I’m happy to announce that RT 4.0.9rc1 is now available for testing.


SHA1 sums

66a3f67e06f19f3632735ea3239052edbcd2a86d rt-4.0.9rc1.tar.gz
b70789e16ccd44519baef777db998bd9824267e4 rt-4.0.9rc1.tar.gz.sig

This release contains a number of bugfixes since the 4.0.8 release.
It also contains the first set of embargoed security tests fixed by
patches released on 2012-05-22. These are the tests for
vulnerabilities fixed in RT 4.0.6 and RT 3.8.12.

This release also requires a newer HTML::RewriteAttributes.
You will be prompted to upgrade when upgrading RT or when manually
running ‘make test-dependencies’.


  • IE8/9 are encouraged never to use compatibility mode.
  • User autocompletes on Oracle now work.
  • Disabled personal groups hiding out from 3.8 are cleaned out.
  • When upgrading from 3.8 to 4.0 the article upgrade points to the
    correct upgrading documentation.
  • Restore the link to a Queue’s History.
  • Stop manually deleting Custom Field Values in the REST API, use
    the standard RT API calls.
  • Avoid Devel::StackTrace 1.28 and 1.29 which are known to break RT.
  • Don’t show the full login page to mobile clients.
  • Refresh your Localization preferences on each page load.
  • TicketSQL containing Queue = ‘Nonexistant Queue’ will not generate
    invalid SQL.
  • Fix an error deleting Custom Field Values on some installs.
  • Ensure that leading newlines on Templates are preserved, despite
    browsers stripping them.
  • Eliminate a potential deadlock on large emails when using GPG.
  • Handle emails in unknown charsets better.
  • Fix GPG Error templates that used reference passing.
  • Make Configuration written by the installer consistent and skip some
  • Log better error messages and fewer warnings with parsing unparseable
    sender email addresses.
  • Add a missing table element to the Outgoing Mail element.
  • Allow ‘requestors’ on REST ticket creation because it was allowed in
    3.8 (earlier versions of 4.0 only allowed requestor as a key).
  • Fix loading of _Vendor and _Local files in plugins.
  • Remove menu/page overlapping that prevented clicking on some links.
  • Handle invalid/unindexable Full Text Search records in Pg better.
  • Allow users without the ExecuteCode right to create Simple templates.
  • Ensure that templates which use heredocs won’t have mysterious
  • Fix null and NULL to work interchangeably in TicketSQL.
  • No longer match on an english string on the Jumbo page. This would
    result in the Comment/Correspond textarea remaining populated if using
    RT in a non-english locale.
  • Remove even more old REST restrictions on Custom Field, Queue and
    other object names.
  • Avoid warnings when building the menu on pages with invalid Queues or
    other objects.
  • Saved Search descriptions can safely contain [] without running
    afoul of the localization infrastructure.
  • Allow setting a Queue’s Lifecycle back to ‘default’.
  • Stop using HTML::Mason’s cache_self method. It caused some rendering
    bugs with GnuPG keys and won’t be fixed by upstream.
  • Fix “RefersTo is NULL” and “Requestor is NULL” to work properly in
    TicketSQL (before we only checked for “IS NULL”).
  • Instead of localizing “Owner Name” in the charting UI, instead
    localize the words separately.
  • When overriding $HomepageComponents or other reference config types in
    RT_SiteConfig.pm, the name would not render properly on
  • Clean up session lockfiles because Apache::Session::File doesn’t.
  • Improve Custom Field Upload rendering when multiple files have been
  • Bust the cache used by the SelectQueue widget when a Queue’s name
  • Dates on the Bulk Update page such as Due, Told, etc are now rendered
    as DateTimes.


  • The Rights Editor now keeps track of the user/group and tab selected
    when submitting and switching between states.
  • Allow bookmarking tickets from the mobile interface.
  • Warn less when your RT is behind a proxy.
  • New CheckMoreMSMailHeaders config option that tries harder to detect
    outlook and repair weird linespacing issues in text parts.
  • New callbacks to add more information to the Outgoing Mail elements.
  • When listing statuses for multiple Queues/Lifecycles, group statuses
    by Lifecycle (collapsing Lifecycles with identical Status lists). This
    provides a more navigable status list on pages such as the Bulk Update.
  • Improve performance of shrink_cgm_table.pl and
    shrink_transactions_table.pl by processing more rows at a time.
  • When updating fields that contain lots of text (such as templates)
    don’t display the entire contents of the template.
  • Add Custom Field styling and a callback to easily add CFs in the mobile UI.
  • Search Results that display many Custom Fields across many ticket rows
    will now cache Custom Field objects and make fewer database queries.
  • Extensions that use ExtractTicketId can now cleanly alter the subject
    of the ticket.
  • New callbacks at the beginning and end of search results.
  • Record an X-RT-Interface header to track how a ticket was created.
  • Improve dashboard rendering in Outlook and Lotus Notes by scrubbing
    JavaScript and not including the print styles.
  • Update messages to include the user being affected rather than saying
    “Added principal” or “That principal”.
  • Provide add_after and add_before convenience methods for extensions
    adding new menus to RT.
  • Display examples of the Date Format preferences in the user’s timezone
    to make it clearer which formats are defined as UTC and which aren’t.
  • Users changing their password can now hit enter and not submit the
    Auth Token Reset form.
  • When users move a ticket from Queue A to Queue B and no longer have
    the ability to see the ticket in Queue B, RT will still display a
    message confirming that the move happened.


  • Lifecycle documentation separate from the RT_Config.pm docs.
  • Document how to use the Style Editor and how to add your own CSS.
  • Document basic approvals configuration.
  • Improve documentation and examples for CreateTickets action
  • Improvements to the Article setup/usage documentation.
  • Clean up extraneous quotes in our POD.
  • New documentation on recommended backup procedures.
  • Remove some erroneous documentation in the REST interface.
  • New documentation for the initialdata file format.


  • Improve SQL logging on record creation and the autocompleter.
  • Improve the debugging mason errors to include a stack trace.
  • Ensure tests never run in the local locale (which can cause
    interesting failures).
  • Catch and error if we throw warnings in tests.
  • The rt-apache tool now accepts “.” so you can easily run from a git
  • Enforce internal policies on the repository with 99-policy.t.
  • Inline test server now clears the callback cache between tests.

git log rt-4.0.8…rt-4.0.9rc1
or visiting