[Rt-announce] RT 3.8.4 Released

Kevin Falcone falcone at bestpractical.com
Wed Jun 10 18:35:31 EDT 2009 

We are happy to announce that RT 3.8.4 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.4.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.4.tar.gz.sig

SHA1 sums

c786eb78dd6c8374da3bc0dd10414e040d69864f  rt-3.8.4.tar.gz
7af1be26513b2b26390a456a3360e5cda7d63008  rt-3.8.4.tar.gz.sig

This is primarily a bugfix and security release of RT.

The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance.  In all previous 3.8
releases, the "ShowConfigTab" right unintentionally enabled this.
If you have not granted this right to any non-administrative user,
then this issue should not affect you.

A patch that resolves this issue without requiring an upgrade
to 3.8.4 is attached to this announcement.

A more complete list of bugs and features can be found below.
Please note that there is a change to database content in this
release, see UPGRADING for more.

-kevin

FEATURES
========

* Clean up NotifyGroup action
 * obsolete old storable format in NotifyGroup action
 * add support for group name, user name, user's email address
   and just an email address in NotifyGroup action.
   This will make easier to use it in crontool
 * add upgrade script for RT 3.8.4
 * use new format and obsolete old format, we have upgrade script
   for conversion
* add support to rt-crontool for --template argument that allows 
  you to specify the name of a template. Template overridings will
  work for names. Hide --template-id from help, but don't disable it.
* use RT::Plugin in RT->PluginDirs, so we can override only one place in our tests

FIXES AND CLEANUPS
==================
* Force some widgets to fit at max parent box.
* Use true arrow (html entities) in button for SelectionBox Widget
  (closes: #13481).
* Add ability to change graph groupby and type once the graph is displayed.
  (closes: #13479)
* Add a link in search tickets tab to jump easily to Chart when a query exist.
* Be more consistent in Create/Save Changes buttons across objects.
* Be more consistent in Select/New links (most don't list the object name so
  do this everywhere).
* Fix overlapping of password file by login button on login page (closes: #13496).
* Show difference in Dashboard queries between saved searches and graphs (like in
  RT at a glance pref) (closes: #13497).
* Don't show empty value in ticket edit basics queue dropdown, as a ticket must
  be in a queue.
* in RT::Plugin->Path don't add trailing slash when requested
  subdir is not defined or empty
* Typo in IsCc|IsAdminCc documentations.
* Don't show "deleted" status in cerate ticket page as it doesn't make sense to
  create deleted tickets... (closes: #13500).
* use GET for firefox2 in ahah (fixes Bookmarks on FF2)
* allow the creation of tickets in disabled Queues
  This is how Approvals work
* Factor out the quickbar-personal div into its own template
* fix failing tests caused by wording changes
* Avoid undef warning if this is the first time a dashboard has been sent
* Pull out the value of Counter only once
* perl.org is a better canonical URL for Perl than .com (in README)
* pass more context into callbacks when editing custom fields
* localize custom field name on edit
* Don't update watcher in queue watcher edit page when we search for people and
  one or more current watchers are selected (closes: #13425).
* Require SuperUser for editing global RT at a Glance
* Add a ReadOnly mode for SelectionBox widgets
* Show the RT at a Glance selection boxes as ReadOnly if there's no
  permission to edit them
-------------- next part --------------
--- share/html/Admin/Global/MyRT.html
+++ share/html/Admin/Global/MyRT.html
@@ -91,8 +91,13 @@
     current_portlets => $default_portlets->Content,
     OnSave => sub {
         my ( $conf, $pane ) = @_;
-	$default_portlets->SetContent( $conf );
-        push @actions, loc( 'Global portlet [_1] saved.', $pane );
+        if (!$session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) {
+            push @actions, loc( 'Permission denied' );
+        }
+        else {
+            $default_portlets->SetContent( $conf );
+            push @actions, loc( 'Global portlet [_1] saved.', $pane );
+        }
     }
 );
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.bestpractical.com/pipermail/rt-announce/attachments/20090610/5dcbd1ef/attachment.pgp

More information about the RT-Announce mailing list