[Rt-devel] [Rt-announce] RT 3.8.10 Released - Security Release

Kevin Falcone falcone at bestpractical.com
Thu Apr 14 10:00:54 EDT 2011

This release of RT contains important bugfixes.  You can download it from:


SHA1 sums

98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7  rt-3.8.10.tar.gz
8e228df450d0cdc255e3db725b5bdf302771c75d  rt-3.8.10.tar.gz.sig

This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities.  It resolves CVE-2011-1685,
CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and

* Cleanups identified by perlcritic.
* Clear the system attribute cache to avoid 'sticky' attributes like
  the queue subject tag.
* Fix our signature escaping so we better match FCKEditor and don't
  misidentify signatures during processing.
* Add the ability to create BasedOn Custom Fields from intiialdata
* Provide a callback to affect the display format in admin pages
* Fix id prefixing on Custom Fields to be RTIR compatible
* Fix #16656 - Requestors with OwnTicket could show up in the owner list
  in other Queues.
* Don't attach the original multipart mail to notifications that already
  contain one part of it.
* Work around CGI.pm 3.51 and 3.52 which add ; charse=ISO-8859-1 to our
  utf-8 encoded javascript.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-devel/attachments/20110414/9f2e850f/attachment.pgp>
-------------- next part --------------
RT-Announce mailing list
RT-Announce at lists.bestpractical.com

More information about the rt-devel mailing list