[Rt-devel] RT 3.8.8 Released
Ruslan Zakirov
ruz at bestpractical.com
Fri May 7 12:49:04 EDT 2010
We are happy to announce that RT 3.8.8 is now available. You can
download it from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz.sig
SHA1 sums
be3ac598dcbf584f9bcd9a49248a9ccd3affb330 rt-3.8.8.tar.gz
fd2e1c570a7699f3a19c1101764fb5891ed42c17 rt-3.8.8.tar.gz.sig
This release contains several new features as well as a number of
code quality improvements, bug fixes and new configuration options.
In particular, we'd like to thank Aaron Sigel for security auditing work
which led directly to a number of security improvements in this release.
Noticeable features and improvements in this release include:
* Improvements to default Chart fonts and colors
New Hourly grouping options
Optional support for handling chart timezones in your database
* You can now interleave global and queue level custom fields
for display
* RSS feeds are available using an auth string rather than credentials
RT's RSS feeds should now work in significantly more feed readers
* RTAddressRegexp improvements to prevent users from adding an RT
address as a watcher on a ticket
* Admin UI improvements, including the new AdminSearchResultFormat
config option
* Your current password is now required to change a password via RT's web
interface
* New web handler: bin/fastcgi_server which allows you to run RT
as a FastCGI external server
* Refactored Elements/ShowUser so it's easer to add custom
formats.
* Printed views of RT tickets should now be somewhat more visually pleasing
* RT now uses less memory when building the First/Prev/Next/Last links
for the result of a big ticket search
* New config options: AttachmentUnits, AlwaysDownloadAttachments,
DefaultMailPrecedence, DefaultErrorMailPrecedence,
MessageBoxIncludeSignature*, UseOriginatorHeader and
LogoutRefresh. See RT_Config.pm for more information on these and
other configuration options.
A more complete changelog is available below.
Ruslan.
NEW FEATURES AND MAJOR CHANGES
* Aaron Sigel performed a security audit of RT and pointed out
a number of potential improvements which have been addressed
* Charts improvements
* Time-based charts can now show "hourly" goupings.
* ChartFont option is now hash with font per language.
* Two default fonts are shipped with RT to cover most
supported languages.
* The table of chart results now contains links to tickets
matching a given row.
* Timezones support, but protected with config option.
* Better scaling of Y axis.
* X axis labels are now vertical if there is not enough
space to display them horizontally.
* RTAddressRegexp option improvements
* No default value anymore.
* If no value is set then RT will attempt to calculate the right value
from the user-defined queue addresses.
* On create/update/people pages RT now checks addresses
users enter and stop users from entering known
addresses for RT queues.
* Admin UI improvements
* Improved display of the "About this RT" page.
* More pages in the Admin UI have been switched to generic
code to list objects (like tickets in search results)
* Display formats for these objects are now configurable
in the config file (%AdminSearchResultFormat)
* More columns in column maps for objects other than
tickets.
* Custom fields ordering and application improvements
* Queue specific custom fields now can be placed above
global, below or even in the middle. Order of global
custom fields stays the same in all queues, but a custom
field that is applied to particular queues can be placed
differently in each queue.
* Make it possible to apply a CF globally from 'Applies To'
page.
* RT no longer allows you to apply a CF globally and to queues
at the same time. When CF is applied globally it is
un-applied from specific queues first.
* Refactored simple (googleish) search
* new options in the config to control defaults
* new keywords to search for particular things
* RSS feeds now contain embedded single-query authentication strings
* We've Introduced a config option to prevent adding the
RT-Originator header in outgoing mails.
* New MessageBoxIncludeSignature* options
* LogoutRefresh config option to control how long to wait
before going back to login
* New config option for AttachmentUnits
* New config option for AlwaysDownloadAttachments
* RT now requires your current password to change any password
* Improved LinkValueTo and returned back functionality
* if LinkValueTo starts with __CustomField__ then don't
escape it, but make sure it's not a JS link
* escape links using HTML escaping
* don't wrap into <a> with empty href if link is empty
* Added DefaultMailPrecedence and DefaultErrorMailPrecedence
config options
* Squelch watchers on update. This makes doing silent
Updates possible
* New web handler: bin/fastcgi_server
* Refactored Elements/ShowUser so it's easy to add custom
formats. Several performance improvements in this code.
* MERGE_CACHE to cache information about merged tickets and
lower logs and DB impact on re-checks
* Made NotifyActor into a User Preference
* If the MIME entity has header X-RT-Squelch, do not send
the message
* Improved print layouts
* Serve images in js and css dirs as static files,
so browsers cache them more agressively
* Added HasAttribute and HasNoAttribute to TicketSQL
* New faster and less memory hungry TicketsMaps - First, Prev,
Next and Last links when you view tickets from the current
search. Size is now limited by a new config option. Floating
window is used to build the links.
CLEANUPS AND SMALL IMPROVEMENTS
* Updated doc/Security with more modern security tips
* Made the plaintext mono feature work in IE.
* Better timezone handling in Tools/Reports/ResolvedByDates.html
* Make sure we don't serve files outside RT's paths
* Additional checks to make sure that credentials
are sent to RT on Login
* Moved CustomField column map from tickets' to generic
* Make height, width, href and alt of the logo configurable
* Load as much as possible when a web-handler with forks
is used, this increase memory sharing across processes
* A link provided for approvals templates to whoever worked
the approval
* Global __WebRequestPath__ and __WebRequestPathDir__
column map entries
* Process custom fields in ModifyDates.html
* Handle Ccs and AdminCcs of the queue in SkipNotification
feature
* Sort callbacks within a root only, respect plugins
order
* Add some wording to the check boxes on the reply pages
* Reduce whitespace on bottom of boxes as was earlier
* Use smaller margin for reminders display to save space
* Use a reasonable length for scrip descriptions
* Removed a lie about RT CLI still being "unsupported"
* User friendlier errors handling thrown by Calendar::Simple
* Split some CSS from themes into base/xxx.css
* Googleish search was making incorrect assumptions
about RT::User and RT::Group's Load function
returning a boolean not a list. This was throwing
(harmless, but ugly) errors.
* Don't apply order on collections if sorting is not
allowed
* Removed the "URL" parameter to 'Logout' as it had no
legitimate use.
* make instal and testdeps tests to avoid some versions
of modules that are known to be buggy or incompatible,
for example DBD::Oracle 1.23
BUG FIXES
* properly use AND/OR when content is searched and
DontSearchFileAttachments option is enabled
* Make sure Merge only possible when user has Modify
right on both tickets
* Fixes for UseSQLForACLChecks option, it was possible
to construct a query and see tickets an user has no
right to see. Lots of tests have been added to make
sure it wouldn't happen again.
* SQL used for ACL checks has been refactored to get
more effective queries. Especially when list of
potential owners is built for the query builder.
* Unified API for tables with disabled column and
fixes when ->Count could return bigger value
when some CFs are disabled.
* I18N was transcoding attachments to UTF-8 one line
at a time. This doesn't work at all for UTF-16 and
probably other encodings.
* Fixed encoding problem when loading a dump file
produced by rt-dump-database.
* A closing </li> was missing in PreviewScrips comp
* Fixed config loading when Fcntl module or other exporting
symbols is loaded. Load was failing with "Not a SCALAR
reference" error.
* Returned back effective SQL when searching by CFs with
= or != operator
* Fixed error on login when user make mistake in password
and he entered character out of ASCII range.
* Honor a user's MessageBoxRichTextHeight setting
* Fixed query builder behaviour with NULLs and '' (empty values)
* Fixed potential information loose on incorrect GnuPG mails
* Fixed display-all-rows in Dashboards
* Fixed JS escaping issues
* Set context object in OCFV::CustomFieldObj
* Sessions ended up in /tmp/ in some cases
* Fixed safe_run_child when code dies between fork and exec,
deals with "mysql server has gone away" error
* fix Jumbo reloading and losing message content
* Stop infinite looping when you have global custom
fields and no Queue restriction
* Fixed sorting of custom fields in Results.tsv
* Set of fixes for Unicode characters in emails
and tests covering these changes
* Don't create handles we don't need, we can hit limit
* Prevent servers using GnuPG from running out of file handles
TRANSLATION
Updates merged from launchpad and two new languages: nn.po
and pt_PT.po. Thanks to all contributors.
CALLBACKS
* AboutThisUser in ShowPeople box
* Between the GnuPG and message rows
* AfterSubject
* Before and After CustomFields
* Before and After TransactionCustomFields
* AfterAddress in PreviewScrips
* At the top of ticket summary columns
* For adding links for attachment downloads
* At the bottom of the logout box
* Pass more information to the FormStart callback
in Ticket/Update.html
* AfterMessageBox on ticket create page
* ShowTransaction/AfterAnchor
* In EditDates and ShowDates
* Pass a reference to the signature in MessageBox's callback
* For inserting text after the transaction's description
* AfterUpdateType in Jumbo.html and Update.html
More information about the rt-devel
mailing list