[Rt-announce] RT 3.8.8 Released

Ruslan Zakirov ruz at bestpractical.com
Wed May 5 17:16:06 EDT 2010

We are happy to announce that RT 3.8.8 is now available. You can
download it from:


SHA1 sums

be3ac598dcbf584f9bcd9a49248a9ccd3affb330  rt-3.8.8.tar.gz
fd2e1c570a7699f3a19c1101764fb5891ed42c17  rt-3.8.8.tar.gz.sig

This release contains several new features as well as a number of
code quality improvements, bug fixes and new configuration options.

In particular, we'd like to thank Aaron Sigel for security auditing work
which led directly to a number of security improvements in this release.

Noticeable features and improvements in this release include:

 * Improvements to default Chart fonts and colors
   New Hourly grouping options
   Optional support for handling chart timezones in your database
 * You can now interleave global and queue level custom fields
   for display
 * RSS feeds are available using an auth string rather than credentials
   RT's RSS feeds should now work in significantly more feed readers
 * RTAddressRegexp improvements to prevent users from adding an RT
   address as a watcher on a ticket
 * Admin UI improvements, including the new AdminSearchResultFormat
   config option
 * Your current password is now required to change a password via RT's web
 * New web handler: bin/fastcgi_server which allows you to run RT
   as a FastCGI external server
 * Refactored Elements/ShowUser so it's easer to add custom
 * Printed views of RT tickets should now be somewhat more visually pleasing
 * RT now uses less memory when building the First/Prev/Next/Last links
   for the result of a big ticket search
 * New config options: AttachmentUnits, AlwaysDownloadAttachments,
   DefaultMailPrecedence, DefaultErrorMailPrecedence,
   MessageBoxIncludeSignature*, UseOriginatorHeader and
   LogoutRefresh.  See RT_Config.pm for more information on these and
   other configuration options.

A more complete changelog is available below.



* Aaron Sigel performed a security audit of RT and pointed out
  a number of potential improvements which have been addressed

* Charts improvements

    * Time-based charts can now show "hourly" goupings.
    * ChartFont option is now hash with font per language.
    * Two default fonts are shipped with RT to cover most
      supported languages.
    * The table of chart results now contains links to tickets
      matching a given row.
    * Timezones support, but protected with config option.
    * Better scaling of Y axis.
    * X axis labels are now vertical if there is not enough
      space to display them horizontally.

* RTAddressRegexp option improvements

    * No default value anymore.
    * If no value is set then RT will attempt to calculate the right value
      from the user-defined queue addresses.
    * On create/update/people pages RT now checks addresses
      users enter and stop users from entering known
      addresses for RT queues.

* Admin UI improvements

    * Improved display of the "About this RT" page.
    * More pages in the Admin UI have been switched to generic
      code to list objects (like tickets in search results)
    * Display formats for these objects are now configurable
      in the config file (%AdminSearchResultFormat)
    * More columns in column maps for objects other than

* Custom fields ordering and application improvements

    * Queue specific custom fields now can be placed above
      global, below or even in the middle. Order of global
      custom fields stays the same in all queues, but a custom
      field that is applied to particular queues can be placed
      differently in each queue.
    * Make it possible to apply a CF globally from 'Applies To'
    * RT no longer allows you to apply a CF globally and to queues
      at the same time. When CF is applied globally it is
      un-applied from specific queues first.

* Refactored simple (googleish) search

    * new options in the config to control defaults
    * new keywords to search for particular things

* RSS feeds now contain embedded single-query authentication strings
* We've Introduced a config option to prevent adding the
  RT-Originator header in outgoing mails.
* New MessageBoxIncludeSignature* options
* LogoutRefresh config option to control how long to wait
  before going back to login
* New config option for AttachmentUnits
* New config option for AlwaysDownloadAttachments
* RT now requires your current password to change any password
* Improved LinkValueTo and returned back functionality

    * if LinkValueTo starts with __CustomField__ then don't
      escape it, but make sure it's not a JS link
    * escape links using HTML escaping
    * don't wrap into <a> with empty href if link is empty

* Added DefaultMailPrecedence and DefaultErrorMailPrecedence
  config options
* Squelch watchers on update. This makes doing silent
  Updates possible
* New web handler: bin/fastcgi_server
* Refactored Elements/ShowUser so it's easy to add custom
  formats. Several performance improvements in this code.
* MERGE_CACHE to cache information about merged tickets and
  lower logs and DB impact on re-checks
* Made NotifyActor into a User Preference
* If the MIME entity has header X-RT-Squelch, do not send
  the message
* Improved print layouts
* Serve images in js and css dirs as static files,
  so browsers cache them more agressively
* Added HasAttribute and HasNoAttribute to TicketSQL
* New faster and less memory hungry TicketsMaps - First, Prev,
  Next and Last links when you view tickets from the current
  search. Size is now limited by a new config option. Floating
  window is used to build the links.


* Updated doc/Security with more modern security tips
* Made the plaintext mono feature work in IE.
* Better timezone handling in Tools/Reports/ResolvedByDates.html
* Make sure we don't serve files outside RT's paths
* Additional checks to make sure that credentials
  are sent to RT on Login
* Moved CustomField column map from tickets' to generic
* Make height, width, href and alt of the logo configurable
* Load as much as possible when a web-handler with forks
  is used, this increase memory sharing across processes
* A link provided for approvals templates to whoever worked
  the approval
* Global __WebRequestPath__ and __WebRequestPathDir__
  column map entries
* Process custom fields in ModifyDates.html
* Handle Ccs and AdminCcs of the queue in SkipNotification
* Sort callbacks within a root only, respect plugins
* Add some wording to the check boxes on the reply pages
* Reduce whitespace on bottom of boxes as was earlier
* Use smaller margin for reminders display to save space
* Use a reasonable length for scrip descriptions
* Removed a lie about RT CLI still being "unsupported"
* User friendlier errors handling thrown by Calendar::Simple
* Split some CSS from themes into base/xxx.css
* Googleish search was making incorrect assumptions
  about RT::User and RT::Group's Load function
  returning a boolean not a list. This was throwing
  (harmless, but ugly) errors.
* Don't apply order on collections if sorting is not
* Removed the "URL" parameter to 'Logout' as it had no
  legitimate use.
* make instal and testdeps tests to avoid some versions
  of modules that are known to be buggy or incompatible,
  for example DBD::Oracle 1.23


* properly use AND/OR when content is searched and
  DontSearchFileAttachments option is enabled
* Make sure Merge only possible when user has Modify
  right on both tickets
* Fixes for UseSQLForACLChecks option, it was possible
  to construct a query and see tickets an user has no
  right to see. Lots of tests have been added to make
  sure it wouldn't happen again.
* SQL used for ACL checks has been refactored to get
  more effective queries. Especially when list of
  potential owners is built for the query builder.
* Unified API for tables with disabled column and
  fixes when ->Count could return bigger value
  when some CFs are disabled.
* I18N was transcoding attachments to UTF-8 one line
  at a time. This doesn't work at all for UTF-16 and
  probably other encodings.
* Fixed encoding problem when loading a dump file
  produced by rt-dump-database.
* A closing </li> was missing in PreviewScrips comp
* Fixed config loading when Fcntl module or other exporting
  symbols is loaded. Load was failing with "Not a SCALAR
  reference" error.
* Returned back effective SQL when searching by CFs with
  = or != operator
* Fixed error on login when user make mistake in password
  and he entered character out of ASCII range.
* Honor a user's MessageBoxRichTextHeight setting
* Fixed query builder behaviour with NULLs and '' (empty values)
* Fixed potential information loose on incorrect GnuPG mails
* Fixed display-all-rows in Dashboards
* Fixed JS escaping issues
* Set context object in OCFV::CustomFieldObj
* Sessions ended up in /tmp/ in some cases
* Fixed safe_run_child when code dies between fork and exec,
  deals with "mysql server has gone away" error
* fix Jumbo reloading and losing message content
* Stop infinite looping when you have global custom
  fields and no Queue restriction
* Fixed sorting of custom fields in Results.tsv
* Set of fixes for Unicode characters in emails
  and tests covering these changes
* Don't create handles we don't need, we can hit limit
* Prevent servers using GnuPG from running out of file handles


Updates merged from launchpad and two new languages: nn.po
and pt_PT.po. Thanks to all contributors.


* AboutThisUser in ShowPeople box
* Between the GnuPG and message rows
* AfterSubject
* Before and After CustomFields
* Before and After TransactionCustomFields
* AfterAddress in PreviewScrips
* At the top of ticket summary columns
* For adding links for attachment downloads
* At the bottom of the logout box
* Pass more information to the FormStart callback
  in Ticket/Update.html
* AfterMessageBox on ticket create page
* ShowTransaction/AfterAnchor
* In EditDates and ShowDates
* Pass a reference to the signature in MessageBox's callback
* For inserting text after the transaction's description
* AfterUpdateType in Jumbo.html and Update.html

More information about the RT-Announce mailing list