[rt-users] RT 3.8.8 Released

Ruslan Zakirov ruz at bestpractical.com
Fri May 7 12:48:25 EDT 2010


We are happy to announce that RT 3.8.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.8.tar.gz.sig

SHA1 sums

be3ac598dcbf584f9bcd9a49248a9ccd3affb330  rt-3.8.8.tar.gz
fd2e1c570a7699f3a19c1101764fb5891ed42c17  rt-3.8.8.tar.gz.sig

This release contains several new features as well as a number of
code quality improvements, bug fixes and new configuration options.

In particular, we'd like to thank Aaron Sigel for security auditing work
which led directly to a number of security improvements in this release.

Noticeable features and improvements in this release include:

 * Improvements to default Chart fonts and colors
  New Hourly grouping options
  Optional support for handling chart timezones in your database
 * You can now interleave global and queue level custom fields
  for display
 * RSS feeds are available using an auth string rather than credentials
  RT's RSS feeds should now work in significantly more feed readers
 * RTAddressRegexp improvements to prevent users from adding an RT
  address as a watcher on a ticket
 * Admin UI improvements, including the new AdminSearchResultFormat
  config option
 * Your current password is now required to change a password via RT's web
  interface
 * New web handler: bin/fastcgi_server which allows you to run RT
  as a FastCGI external server
 * Refactored Elements/ShowUser so it's easer to add custom
  formats.
 * Printed views of RT tickets should now be somewhat more visually pleasing
 * RT now uses less memory when building the First/Prev/Next/Last links
  for the result of a big ticket search
 * New config options: AttachmentUnits, AlwaysDownloadAttachments,
  DefaultMailPrecedence, DefaultErrorMailPrecedence,
  MessageBoxIncludeSignature*, UseOriginatorHeader and
  LogoutRefresh.  See RT_Config.pm for more information on these and
  other configuration options.

A more complete changelog is available below.

Ruslan.

NEW FEATURES AND MAJOR CHANGES

* Aaron Sigel performed a security audit of RT and pointed out
 a number of potential improvements which have been addressed

* Charts improvements

   * Time-based charts can now show "hourly" goupings.
   * ChartFont option is now hash with font per language.
   * Two default fonts are shipped with RT to cover most
     supported languages.
   * The table of chart results now contains links to tickets
     matching a given row.
   * Timezones support, but protected with config option.
   * Better scaling of Y axis.
   * X axis labels are now vertical if there is not enough
     space to display them horizontally.

* RTAddressRegexp option improvements

   * No default value anymore.
   * If no value is set then RT will attempt to calculate the right value
     from the user-defined queue addresses.
   * On create/update/people pages RT now checks addresses
     users enter and stop users from entering known
     addresses for RT queues.

* Admin UI improvements

   * Improved display of the "About this RT" page.
   * More pages in the Admin UI have been switched to generic
     code to list objects (like tickets in search results)
   * Display formats for these objects are now configurable
     in the config file (%AdminSearchResultFormat)
   * More columns in column maps for objects other than
     tickets.

* Custom fields ordering and application improvements

   * Queue specific custom fields now can be placed above
     global, below or even in the middle. Order of global
     custom fields stays the same in all queues, but a custom
     field that is applied to particular queues can be placed
     differently in each queue.
   * Make it possible to apply a CF globally from 'Applies To'
     page.
   * RT no longer allows you to apply a CF globally and to queues
     at the same time. When CF is applied globally it is
     un-applied from specific queues first.

* Refactored simple (googleish) search

   * new options in the config to control defaults
   * new keywords to search for particular things

* RSS feeds now contain embedded single-query authentication strings
* We've Introduced a config option to prevent adding the
 RT-Originator header in outgoing mails.
* New MessageBoxIncludeSignature* options
* LogoutRefresh config option to control how long to wait
 before going back to login
* New config option for AttachmentUnits
* New config option for AlwaysDownloadAttachments
* RT now requires your current password to change any password
* Improved LinkValueTo and returned back functionality

   * if LinkValueTo starts with __CustomField__ then don't
     escape it, but make sure it's not a JS link
   * escape links using HTML escaping
   * don't wrap into <a> with empty href if link is empty

* Added DefaultMailPrecedence and DefaultErrorMailPrecedence
 config options
* Squelch watchers on update. This makes doing silent
 Updates possible
* New web handler: bin/fastcgi_server
* Refactored Elements/ShowUser so it's easy to add custom
 formats. Several performance improvements in this code.
* MERGE_CACHE to cache information about merged tickets and
 lower logs and DB impact on re-checks
* Made NotifyActor into a User Preference
* If the MIME entity has header X-RT-Squelch, do not send
 the message
* Improved print layouts
* Serve images in js and css dirs as static files,
 so browsers cache them more agressively
* Added HasAttribute and HasNoAttribute to TicketSQL
* New faster and less memory hungry TicketsMaps - First, Prev,
 Next and Last links when you view tickets from the current
 search. Size is now limited by a new config option. Floating
 window is used to build the links.

CLEANUPS AND SMALL IMPROVEMENTS

* Updated doc/Security with more modern security tips
* Made the plaintext mono feature work in IE.
* Better timezone handling in Tools/Reports/ResolvedByDates.html
* Make sure we don't serve files outside RT's paths
* Additional checks to make sure that credentials
 are sent to RT on Login
* Moved CustomField column map from tickets' to generic
* Make height, width, href and alt of the logo configurable
* Load as much as possible when a web-handler with forks
 is used, this increase memory sharing across processes
* A link provided for approvals templates to whoever worked
 the approval
* Global __WebRequestPath__ and __WebRequestPathDir__
 column map entries
* Process custom fields in ModifyDates.html
* Handle Ccs and AdminCcs of the queue in SkipNotification
 feature
* Sort callbacks within a root only, respect plugins
 order
* Add some wording to the check boxes on the reply pages
* Reduce whitespace on bottom of boxes as was earlier
* Use smaller margin for reminders display to save space
* Use a reasonable length for scrip descriptions
* Removed a lie about RT CLI still being "unsupported"
* User friendlier errors handling thrown by Calendar::Simple
* Split some CSS from themes into base/xxx.css
* Googleish search was making incorrect assumptions
 about RT::User and RT::Group's Load function
 returning a boolean not a list. This was throwing
 (harmless, but ugly) errors.
* Don't apply order on collections if sorting is not
 allowed
* Removed the "URL" parameter to 'Logout' as it had no
 legitimate use.
* make instal and testdeps tests to avoid some versions
 of modules that are known to be buggy or incompatible,
 for example DBD::Oracle 1.23

BUG FIXES

* properly use AND/OR when content is searched and
 DontSearchFileAttachments option is enabled
* Make sure Merge only possible when user has Modify
 right on both tickets
* Fixes for UseSQLForACLChecks option, it was possible
 to construct a query and see tickets an user has no
 right to see. Lots of tests have been added to make
 sure it wouldn't happen again.
* SQL used for ACL checks has been refactored to get
 more effective queries. Especially when list of
 potential owners is built for the query builder.
* Unified API for tables with disabled column and
 fixes when ->Count could return bigger value
 when some CFs are disabled.
* I18N was transcoding attachments to UTF-8 one line
 at a time. This doesn't work at all for UTF-16 and
 probably other encodings.
* Fixed encoding problem when loading a dump file
 produced by rt-dump-database.
* A closing </li> was missing in PreviewScrips comp
* Fixed config loading when Fcntl module or other exporting
 symbols is loaded. Load was failing with "Not a SCALAR
 reference" error.
* Returned back effective SQL when searching by CFs with
 = or != operator
* Fixed error on login when user make mistake in password
 and he entered character out of ASCII range.
* Honor a user's MessageBoxRichTextHeight setting
* Fixed query builder behaviour with NULLs and '' (empty values)
* Fixed potential information loose on incorrect GnuPG mails
* Fixed display-all-rows in Dashboards
* Fixed JS escaping issues
* Set context object in OCFV::CustomFieldObj
* Sessions ended up in /tmp/ in some cases
* Fixed safe_run_child when code dies between fork and exec,
 deals with "mysql server has gone away" error
* fix Jumbo reloading and losing message content
* Stop infinite looping when you have global custom
 fields and no Queue restriction
* Fixed sorting of custom fields in Results.tsv
* Set of fixes for Unicode characters in emails
 and tests covering these changes
* Don't create handles we don't need, we can hit limit
* Prevent servers using GnuPG from running out of file handles

TRANSLATION

Updates merged from launchpad and two new languages: nn.po
and pt_PT.po. Thanks to all contributors.

CALLBACKS

* AboutThisUser in ShowPeople box
* Between the GnuPG and message rows
* AfterSubject
* Before and After CustomFields
* Before and After TransactionCustomFields
* AfterAddress in PreviewScrips
* At the top of ticket summary columns
* For adding links for attachment downloads
* At the bottom of the logout box
* Pass more information to the FormStart callback
 in Ticket/Update.html
* AfterMessageBox on ticket create page
* ShowTransaction/AfterAnchor
* In EditDates and ShowDates
* Pass a reference to the signature in MessageBox's callback
* For inserting text after the transaction's description
* AfterUpdateType in Jumbo.html and Update.html



More information about the rt-users mailing list