[rt-users] Oddity after security patches
Kevin Falcone
falcone at bestpractical.com
Thu Apr 21 11:55:27 EDT 2011
On Thu, Apr 21, 2011 at 11:49:24AM -0400, Jeff Blaine wrote:
> Our RT-Extension-SpawnLinkedTicketInQueue 0.04 broke
> after the security patching our 3.8.7 instance with the
> 3.8.6 patch as directed by the README.
>
> We were getting 403 (Permission denied) when clicking
> "Create new child ticket in OtherQueue"
RT blocks direct access to /Elements/ as part of this update
> It *appears* the fix is setting the extensions
> various files to 755 instead of the discovered 444.
> Perhaps this is how they should have been all along,
> but RT was lenient before the security patches, where
> it's not now?
This was not the fix
> We also (today, as part of the fix attempt) upgraded
> to RT-Extension-SpawnLinkedTicketInQueue 0.05, though
> I really don't think that helped solve this particular
> issue. It really seemed to be the perms.
This was the fix, Ruslan fixed the extension and uploaded a fixed
version.
http://lists.bestpractical.com/pipermail/rt-users/2011-April/070033.html
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110421/7aa1215c/attachment.sig>
More information about the rt-users
mailing list