[Rt-announce] SECURITY - RT 3.6.10 Released

Kevin Falcone falcone at bestpractical.com
Mon Nov 30 15:52:48 EST 2009


This is a security release of RT.
It includes a fix for the session fixation vulnerability detailed in the following announcements:
http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html
http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html

You can download it here:

http://download.bestpractical.com/pub/rt/release/rt-3.6.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.10.tar.gz.sig

SHA1 sums

145124d3ce7dcae76a935f9ce373825ca5fb6e7d  rt-3.6.10.tar.gz
4322f23057c14296ece60dc9f8e242ba5ea2a155  rt-3.6.10.tar.gz.sig


A complete list of changes since 3.6.9 is included below.

-kevin

commit 81f0759f2852c5b3950f48849300eed5a7166f7f
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed Sep 30 17:07:24 2009 -0400

    Remove references to .svn

commit e28bfabe51ad2b53ca33a7328d3bd6a202d504d8
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed Sep 30 17:08:29 2009 -0400

    Remove old and incorrect releng.cnf

commit e82d5f9b82ebbe3f6556d5ad3bda44f9476d6864
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Tue Oct 6 14:18:44 2009 -0400

    Use spaces instead of tabs in commands, otherwise copy-and-paste in the terminal can fail

commit b157bae9d06e22c8cdbc6d1c74e93ae586bd37db
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Tue Oct 6 14:27:26 2009 -0400

    Add .gitignore from 3.8-trunk

commit a8f7dccfb53118c950cc8bebff3e64c069c978a7
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Mon Nov 30 13:45:26 2009 -0500

    Apply patch for session fixation vulnerability (CVE-2009-3585)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.bestpractical.com/pipermail/rt-announce/attachments/20091130/d4db141f/attachment.pgp 


More information about the RT-Announce mailing list