[rt-announce] RT 4.2.12 released
shawn at bestpractical.com
Wed Aug 12 15:42:14 EDT 2015
RT 4.2.12 -- 2015-08-12
RT 4.2.12 contains important security fixes.
This release is a security release which addresses the following
RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages. This vulnerability is assigned
CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance
Shared Service Center.
RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface. This vulnerability could allow an attacker
Installations which use neither GnuPG nor S/MIME are unaffected.
A complete changelog is available from git by running:
git log rt-4.2.11..rt-4.2.12
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the rt-announce