[rt-devel] [rt-announce] RT 4.0.24 released
Shawn Moore
shawn at bestpractical.com
Wed Aug 12 15:42:16 EDT 2015
RT 4.0.24 -- 2015-08-12
-----------------------
RT 4.0.24 contains an important security fix.
https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz
https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz.sig
SHA1 sums
0588b678cc1f13ae1504e9fffede1b8485d172f7 rt-4.0.24.tar.gz
8f8b69532112aa01d6fe540478de6a7046ad6fb0 rt-4.0.24.tar.gz.sig
This release is a security release which addresses the following
vulnerability:
RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages. This vulnerability is assigned
CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance
Shared Service Center.
A complete changelog is available from git by running:
git log rt-4.0.23..rt-4.0.24
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.23...rt-4.0.24
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.bestpractical.com/pipermail/rt-devel/attachments/20150812/8966687b/attachment.pgp>
-------------- next part --------------
_______________________________________________
rt-announce mailing list
rt-announce at lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce
More information about the rt-devel
mailing list