[rt-announce] RT 4.0.6 Released - Security Release
Alex Vandiver
alexmv at bestpractical.com
Tue May 22 10:39:05 EDT 2012
RT 4.0.6 contains important security fixes, in addition to bugfixes.
http://download.bestpractical.com/pub/rt/release/rt-4.0.6.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.6.tar.gz.sig
SHA1 sums
f5c0dd16da21f0af8e9c093057aa58cbab08d06b rt-4.0.6.tar.gz
1f862bbb1b335cd036d1c32c10d80f26e4ce99a1 rt-4.0.6.tar.gz.sig
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.
* Remove CSS3PIE, which simply added rounded corners on IE7 and IE8, as
it was causing numerous crashes of IE.
* Show the current status in the status dropdown during ticket update,
to allow forced setting of the status. This functionality was
available in RT 3.8, and is now being reinstated.
* Use SearchBuilder queue limits to restrict what statuses and owners
are displayed in drop-downs.
* Make "New Ticket" a top-level SelfService menu item.
* Display Lifecycle column correctly in queue admin lists.
* Allow >64k attributes on MySQL; this is particularly useful for
logos uploaded via the theming editor.
* Remove two dependencies from the RT mailgate.
* Adding new arbitrary links to tickets now works as expected in the
REST interface.
* Subject: lines in Forward Ticket templates are now respected.
* Sort ticket link numbers numerically, not alphabetically.
* Ticket reminders are no longer copied when creating a linked ticket;
article and http:// links now are, however.
* Use relative links (with no hostname) more consistently.
* Correctly deal with non-ASCII attachment filenames which make use of
MIME parameter value continuations.
* Find queue-level CFs first in REST interface when there are
duplicates by name.
* Fix graphing of searches which reference Updated and other
transaction-based limits.
* Reminder statuses on open and resolve are now configurable
per-lifecycle.
* Fix quoting of CF names containing dashes and the like in the
SearchBuilder.
* Bump URI dependency to ensure utf8 URLs are correclty generated in
Dashboard emails.
* Permit <bdo> and language attributes when scrubbing HTML.
A complete changelog is available from git by running:
git log rt-4.0.5..rt-4.0.6
- Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.bestpractical.com/pipermail/rt-announce/attachments/20120522/4c08fb66/attachment.pgp>
More information about the rt-announce
mailing list