[Rt-commit] rt annotated tag, rt-4.0.8, created. rt-4.0.8

Kevin Falcone falcone at bestpractical.com
Thu Oct 25 18:48:10 EDT 2012 

The annotated tag, rt-4.0.8 has been created
        at  af6cbb1e195c9736fa2a7a0ab0b3bada48c5cfbe (tag)
   tagging  048ac133c6aa7af528a84dc1aece81042ed79c4f (commit)
  replaces  rt-4.0.8rc2
 tagged by  Kevin Falcone
        on  Thu Oct 25 14:41:10 2012 -0400

- Log -----------------------------------------------------------------
release 4.0.8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iEYEABECAAYFAlCJh8YACgkQ0+gKWp5CJQpEZwCgpCzNGGQgGIhmzJRi+dltMeAc
hTwAn0QjL1xy0CoCd6UldijV+5YUuGPy
=iaSA
-----END PGP SIGNATURE-----

Alex Vandiver (14):
      Fix a typo, preventing emails from setting internal encryption header
      Remove internal signing and encryption hints from incoming mail
      Restrict users to only signing with queue or their own personal keys
      Don't propose any secret keys to users with no email address
      Explicitly restrict private keys to ones offered
      Avoid spurious update and warning messages on key update
      Require AdminUser to set PGP private key IDs, not merely ModifySelf
      Ensure that no --arguments can be snuck to GPG commands as arguments
      Refactor shared code controlling if a message will be encrypted or signed
      Refactor RT::Action::SendEmail->Commit to consolidate RecordOutgoingEmail path
      When creating tickets via the UI, always set signing/encryption headers
      Differentiate "always sign" from "default to signing when composing"
      Remove a stray unbalanced single quote from the default Queue format
      Merge branch '4.0/absolute-menu-urls' into 4.0.8-releng

Kevin Falcone (5):
      Merge branch 'security/4.0/create-article' into 4.0.8-releng
      Merge branch 'security/4.0/csrf-blacklist' into 4.0.8-releng
      Merge branch 'security/4.0/email-header-injection' into 4.0.8-releng
      Merge branch 'security/4.0/signing' into 4.0.8-releng
      Merge branch 'security/4.0/warn-about-redirect-after-login' into 4.0.8-releng

Thomas Sibley (19):
      Blacklist components from automatic, argument-based CSRF whitelisting
      Intuit the next page when logging in at the RT web root
      Abstract away reading $session{NextPage} into two functions
      Anticipate storing more information about the next page in the session
      Check the original request for side-effects before prompting for login
      Inform the user logging in about potential side-effects
      Include the potential request's action in the CSRF interstitial
      Load the Class as the current user when creating Articles
      Headers in the parsed MIME entities of Templates are modifiable
      Comment on our invalid pattern for splitting headers
      Perltidy only before updating the SetHeader method
      No need to match on the rest of the header line(s), just the tag
      Don't require a \r before the \n when forcing header continuations
      Refactor header value canonicalization for use by other methods
      Fix three bugs in SetHeader
      Let MIME::Head modify the X-RT-GnuPg-Status header to handle continuations
      Don't 500 if we come across a session with NextPage of the old variety
      Failing tests for menu path canonicalization
      Canonicalize menu paths in a less haphazard way

-----------------------------------------------------------------------

More information about the Rt-commit mailing list