[Rt-announce] SECURITY - RT 3.6.10 Released
Kevin Falcone
falcone at bestpractical.com
Mon Nov 30 15:52:48 EST 2009
This is a security release of RT.
It includes a fix for the session fixation vulnerability detailed in the following announcements:
http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html
http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html
You can download it here:
http://download.bestpractical.com/pub/rt/release/rt-3.6.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.10.tar.gz.sig
SHA1 sums
145124d3ce7dcae76a935f9ce373825ca5fb6e7d rt-3.6.10.tar.gz
4322f23057c14296ece60dc9f8e242ba5ea2a155 rt-3.6.10.tar.gz.sig
A complete list of changes since 3.6.9 is included below.
-kevin
commit 81f0759f2852c5b3950f48849300eed5a7166f7f
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Wed Sep 30 17:07:24 2009 -0400
Remove references to .svn
commit e28bfabe51ad2b53ca33a7328d3bd6a202d504d8
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Wed Sep 30 17:08:29 2009 -0400
Remove old and incorrect releng.cnf
commit e82d5f9b82ebbe3f6556d5ad3bda44f9476d6864
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Tue Oct 6 14:18:44 2009 -0400
Use spaces instead of tabs in commands, otherwise copy-and-paste in the terminal can fail
commit b157bae9d06e22c8cdbc6d1c74e93ae586bd37db
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Tue Oct 6 14:27:26 2009 -0400
Add .gitignore from 3.8-trunk
commit a8f7dccfb53118c950cc8bebff3e64c069c978a7
Author: Kevin Falcone <falcone at bestpractical.com>
Date: Mon Nov 30 13:45:26 2009 -0500
Apply patch for session fixation vulnerability (CVE-2009-3585)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.bestpractical.com/pipermail/rt-announce/attachments/20091130/d4db141f/attachment.pgp
More information about the RT-Announce
mailing list