[Rt-commit] rt annotated tag, rt-3.8.15, created. rt-3.8.15

Kevin Falcone falcone at bestpractical.com
Thu Oct 25 18:48:10 EDT 2012 

The annotated tag, rt-3.8.15 has been created
        at  28d35d4333578cffc603b4d791ee35ec3add55b0 (tag)
   tagging  9207c2bb13f88e07d4863fa3a37b4243d06a5dc1 (commit)
  replaces  rt-3.8.14
 tagged by  Kevin Falcone
        on  Thu Oct 25 16:19:18 2012 -0400

- Log -----------------------------------------------------------------
release 3.8.15
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iEYEABECAAYFAlCJnsYACgkQ0+gKWp5CJQpmLACglOodXjwcVmv8fTZROduDftvg
looAn1EkNyaBF1lMZvSDo23cIVrsDzme
=LFLu
-----END PGP SIGNATURE-----

Alex Vandiver (15):
      Support "partitioned" GPG mail whose bodies are transfer-encoded
      Make ExternalAuth also respect the ?next=hash argument after logins
      Provide some rationale in comments for the convoluted logic
      Fix a typo, preventing emails from setting internal encryption header
      Remove internal signing and encryption hints from incoming mail
      Restrict users to only signing with queue or their own personal keys
      Don't propose any secret keys to users with no email address
      Explicitly restrict private keys to ones offered
      Avoid spurious update and warning messages on key update
      Require AdminUser to set PGP private key IDs, not merely ModifySelf
      Ensure that no --arguments can be snuck to GPG commands as arguments
      Refactor shared code controlling if a message will be encrypted or signed
      Refactor RT::Action::SendEmail->Commit to consolidate RecordOutgoingEmail path
      When creating tickets via the UI, always set signing/encryption headers
      Differentiate "always sign" from "default to signing when composing"

Jim Brandt (1):
      Add DECRYPTION_INFO to ignore_keywords.

Kevin Falcone (8):
      Merge branch '3.8/partitioned-gpg' into 3.8-trunk
      Merge branch '3.8.14-releng' into 3.8-trunk
      GPG 1.4.12 tweaked the header on the trustdb
      Merge branch 'security/3.8/csrf-blacklist' into 3.8.15-releng
      Merge branch 'security/3.8/email-header-injection' into 3.8.15-releng
      Merge branch 'security/3.8/signing' into 3.8.15-releng
      Merge branch 'security/3.8/warn-about-redirect-after-login' into 3.8.15-releng
      bump version for 3.8.15

Ruslan Zakirov (1):
      Don't encode folded headers, such as Subject

Thomas Sibley (17):
      WebExternalOnly was renamed to WebFallbackToInternalAuth
      Intuit the next page when logging in at the RT web root
      Abstract away reading $session{NextPage} into two functions
      Anticipate storing more information about the next page in the session
      Check the original request for side-effects before prompting for login
      Blacklist components from automatic, argument-based CSRF whitelisting
      Headers in the parsed MIME entities of Templates are modifiable
      Comment on our invalid pattern for splitting headers
      Perltidy only before updating the SetHeader method
      No need to match on the rest of the header line(s), just the tag
      Don't require a \r before the \n when forcing header continuations
      Refactor header value canonicalization for use by other methods
      Fix three bugs in SetHeader
      Let MIME::Head modify the X-RT-GnuPg-Status header to handle continuations
      Inform the user logging in about potential side-effects
      Include the potential request's action in the CSRF interstitial
      Don't 500 if we come across a session with NextPage of the old variety

-----------------------------------------------------------------------

More information about the Rt-commit mailing list