[rt-announce] RT 4.2.8 released

Alex Vandiver alexmv at bestpractical.com
Thu Oct 2 12:03:32 EDT 2014


RT 4.2.8 -- 2014-10-02
----------------------

RT 4.2.8 contains important security fixes, as well as minor bugfixes.

http://download.bestpractical.com/pub/rt/release/rt-4.2.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.2.8.tar.gz.asc

SHA1 sums

6842a1e442e6055ecbae0d443a99361072e45591  rt-4.2.8.tar.gz
375ef344407b54f73730524bef85b4be5b1948e2  rt-4.2.8.tar.gz.asc

This release is primarily a security release; it addresses
CVE-2014-7227, a vulnerability in RT's SMIME integration enabled by
CVE-2015-6271 and related vulnerabilities, known as "Shellshock."
Systems which have patched bash are not vulnerable to CVE-2014-7227.

It also addresses a minor error in the 4.2.7 upgrade step on Oracle; for
Oracle users who had already upgraded to 4.2.7, the 4.2.8 upgrade step
properly runs the same alteration.  There is no database change for
non-Oracle installs.


General user UI
 * Properly hide ticket list when MoreAboutRequestorTicketList is set to
   "None"

Localizations
 * Allow text in Squelch box on ModifyPeople page to be translatable.
 * Updated German, Basque, French, Hungarian, and Russian translations.

Admin
 * Allow $OverrideOutgoingMailFrom to key by queue id, as an alternative
   to name
 * Stop calling the deprecated _SQLLimit method when limiting by
   transaction date
 * Stop hiding the value of the AllowLoginPasswordAutoComplete setting
   in System Configuration (#30417)
 * Resolve CVE-2014-7227, arbitrary execution of code by privileged
   users via SMIME by way of CVE-2015-6271.

Developer
 * Add a ModifyMaxResults callback for Autocomplete endpoints
 * Properly pass collection class to ColumnMap in /Elements/TSVExport

Documentation
 * Update POD for AddRoleMember/DeleteRoleMember being in
   RT::Record::Role::Roles now, not RT::Record.


A complete changelog is available from git by running:
    git log rt-4.2.7..rt-4.2.8
or visiting
    https://github.com/bestpractical/rt/compare/rt-4.2.7...rt-4.2.8


More information about the rt-announce mailing list