alexmv at bestpractical
May 22, 2012, 7:39 AM
Post #1 of 1
RT 4.0.6 contains important security fixes, in addition to bugfixes.
[rt-announce] RT 4.0.6 Released - Security Release
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.
* Remove CSS3PIE, which simply added rounded corners on IE7 and IE8, as
it was causing numerous crashes of IE.
* Show the current status in the status dropdown during ticket update,
to allow forced setting of the status. This functionality was
available in RT 3.8, and is now being reinstated.
* Use SearchBuilder queue limits to restrict what statuses and owners
are displayed in drop-downs.
* Make "New Ticket" a top-level SelfService menu item.
* Display Lifecycle column correctly in queue admin lists.
* Allow >64k attributes on MySQL; this is particularly useful for
logos uploaded via the theming editor.
* Remove two dependencies from the RT mailgate.
* Adding new arbitrary links to tickets now works as expected in the
* Subject: lines in Forward Ticket templates are now respected.
* Sort ticket link numbers numerically, not alphabetically.
* Ticket reminders are no longer copied when creating a linked ticket;
article and http:// links now are, however.
* Use relative links (with no hostname) more consistently.
* Correctly deal with non-ASCII attachment filenames which make use of
MIME parameter value continuations.
* Find queue-level CFs first in REST interface when there are
duplicates by name.
* Fix graphing of searches which reference Updated and other
* Reminder statuses on open and resolve are now configurable
* Fix quoting of CF names containing dashes and the like in the
* Bump URI dependency to ensure utf8 URLs are correclty generated in
* Permit <bdo> and language attributes when scrubbing HTML.
A complete changelog is available from git by running:
git log rt-4.0.5..rt-4.0.6