Changelog for request-tracker-db-postgres-5.0.2-lp155.2.57.noarch.rpm :

* Fri Mar 08 2024 Tina Müller - Use %autosetup instead of deprecated %patchN
* Mon Oct 11 2021 larsAATTlinux-schulserver.de - 5.0.2- update to 5.0.2 Security
* In previous versions, RT\'s native login system is vulnerable to user enumeration through a timing side-channel attack. This means an external entity could try to find valid usernames by attempting logins and comparing the time to evaluate each login attempt for valid and invalid usernames. This vulnerability does not allow any access to the RT system. This vulnerability is assigned CVE-2021-38562 and is fixed in this release.
* RT uses the chart.js package and the previous version has vulnerabilities described here: https://snyk.io/test/npm/chart.js/2.8.0 This RT release updates chart.js to version 2.9.4 as recommended in that advisory. General features and fixes
* Update Starts on SLA changes even if Starts was already set
* Accept usernames for email input fields on ticket create/update
* Support group:NAME and group:ID in non-single role input fields
* Create an autocompleter for Principals (works with both users and groups)
* Support more characters for user/group names in non-single role input fields
* Normalize and validate time inputs
* Support to generate different dashboard content for each recipient
* Use user timezone for date \"=\" queries in ticket search
* Add \"Create Via Email\" and \"Create Via Web\" conditions
* Fix table wrapping error in Ticket/Update.html
* Don\'t escape queue name in title generation stage as it\'ll be escaped later
* Allow to squelch recipients that also exist in one time inputs
* Show all valid statuses on Asset bulk update page
* In the datepicker, reset the time part after date input is cleared
* Support columns as values in ticket search (ticket values on right-hand side in searches)
* Support a friendly syntax for custom field columns as values in ticket search
* Allow to specify CF Content/LargeContent columns in the keyword part of SQL
* Support role searches like Owner = CF.cid or Owner = Creator
* Improve UI of unread messages notification
* Sync one time inputs back to checkboxes on ticket update page
* Automatically load more txns to fill browser window on scroll history mode
* Fix duplicated closing tag for attachment delete links
* Remove search string including numbers in ticket autocomplete search on select
* Fix RecentlyViewedTickets to deal with shredded/merged tickets
* Fix bug that kept 11 tickets in the \"recently visited\" list instead of 10
* Show dependencies (like dashboards) and confirm before deleting saved searches
* Fill up cells of record\'s last row in search results
* Add support of \"Lifecycle =\" and \"Queue LIKE\" to GetReferencedQueues for more search options
* Support copying saved charts like searches
* Fix wrongly duplicated one-time addresses on ticket update page
* Add various missing ColumnMap entries
* Fix error when removing multiple holders of an asset
* Add basic stacked bar chart support
* Remove extra closing div on Login/Logout pages
* Add option to disable ticket linking in articles by class
* Add entry hint as custom field tooltip
* Disable submit on enter when input\'s autocomplete list shows up
* Support quoted custom fields as values
* Exclude end time when limiting txn date to a day
* Trigger UpdateCc/UpdateBcc input change only once when clicking \"All recipients\"
* Sync one-time checkboxes to text inputs in a consistent way
* Translate selfservice articles search button (thanks, elacour!)
* Support shallow searches for ticket roles
* Support to search user defined group names in watcher limit
* Support order by watcher\'s custom fields for ticket search
* Support more watcher fields including user cfs in search result format
* Add more watcher fields including user cfs to OrderBy/Columns in search builder
* Upgrade OrderBy \"Owner\" to new version \"Owner.Name\" in saved searchs
* Create a standard RT Time Worked report
* Add grouping by custom roles for ticket search charts
* Reduce space used by Current search on Query Builder to avoid saved search overlap
* Group by direct members of role groups for ticket search charts
* Use Name as the default watcher field in search results
* Allow clearing roles on bulk updates page
* Remove unexpected leading spaces in user signature input
* Add label text to old-attach form for accessibility
* Add the missing \"form-control\" class to autocomplete cf inputs in query builder
* Fix EditSearches title after submission on Query Builder page
* Let article summary take the whole width in article list
* Pass all request arguments to /SelfService/Open.html
* Disable inline edit for related tickets in \"Assets\" widget of ticket display
* Transactions on History.html page should link to transaction display page
* Clear \"Add Columns\" select after change on Query Builder
* Translate selfservice articles search button
* Render a label for both cases when displaying shredder objects, making checkbox available to select objects to shred
* Align label/value columns for Assets widget in ticket display
* Use checkbox class for multi select list input
* Remove blue background on dropdown-item active
* Explicitly exclude \"deleted\" status from queue list portlet
* Require Name field when creating or editing Article
* Add QueueListAllStatuses portlet to show tickets info of all statuses
* In Self Service, don\'t explicitly call PageLayout as it\'s included already
* Remove extra closing div on Login/Logout pages
* Use 2/10 col layout for custom fields only in transaction display
* Use an independent col for each asset custom field grouping
* Add the missing from-control css class for queue autocomplete input
* Move asset field-specific css classes up to the row instead of just label
* Add autocomplete for assets input
* Don\'t change background color on click of dropdown items
* Load user-level search preferences for ticket searches only, fixing errors with custom search formats and transaction search results
* Add more ticket info to transaction display page
* Register the missing autocomplete handler for refreshed inline-edited row
* Add webpath to RelatedData href (thanks, jtlarson!)
* Update principal input labels to reference groups
* Always default to no value for select type CFs on bulk update
* Fix context quoting on ticket update with top-quoted signatures in rich text editor
* On the query builder, restore OR accidentally changed in bootstrap updates Administration
* Generalize Owner logic in Shredder to any Single role group
* In shredder, remove SetWatcher rows in transaction history as well
* Add setting $AssetMultipleOwner to allow many owners on assets
* Default --libs-group value from \"bin\" to \"root\"
* Add --dry-run option to rt-crontool
* In validator, ensure tickets and queues have all of their default role groups, individually
* In validator, prompt to create missing default role groups
* Skip merged tickets in role groups validation
* Allow to create missing queue-level custom role groups when needed
* For external auth, support cf mappings like CF.foo and UserCF.foo
* Support array and code in attr_map of external auth
* Don\'t quote table names in shredder SQL output
* Avoid \"Wide character in print\" warnings when generating shredder SQL output
* Add QuoteWrapWidth option for text quoted during reply/comment
* Set the $AttachmentListCount config\'s default value to 5
* Clarify external auth logging when users are not found
* Fix removal of scrips when shredding queues
* Avoid errors in shredder when Organization has a hyphen
* Avoid errors in shredder when username has a hyphen
* Avoid errors in shredder when queue name have a hyphen
* Log number of records returned from LDAP search
* Support searching NULL(unset) values on user/group admin pages
* Only show hints for user CFs configured in external settings on create
* Fix removal of custom fields when shredding queues
* Add transaction records for dashboard/savedsearch changes
* For articles, do not encode HTML if skip Escape HTML option selected
* In rt-crontool, add reload-ticket option to refresh metadata before processing
* Avoid a known problem version of Mojo::DOM::CSS
* Update DBIx::SearchBuilder to 1.68 to avoid segfaults on MariaDB 10.2+
* Add parallel support for crontool
* Add Parallel::ForkManager to dependency for parallel crontool
* Log the object that exceeds DependenciesLimit in shredder
* Remove SetOwner rows in transaction history on user shred
* Add ExternalAuth to the exceptions for requiring a password
* Reset ObjectCustomField sort order when re-enabling a Custom Field
* Update ObjectCustomField sort order only if necessary on re-enable
* Pass SavedChartSearchId from chart portlet
* Skip rights check when setting default object custom field values
* Add support to clear mason cache via web interface
* Add LDAP email authentication to External Auth
* Don\'t shred subgroups\' member relationships when shredding ticket role groups
* Provide a way to select privileged and unprivileged users in admin
* Remember IncludeSystemGroups value on page navigation
* Add statement-log option to render statement logs in CLI
* Support to set sort order of applied custom roles
* Show custom roles in correct order on queue watcher and ticket pages
* Add no-sqldump option to rt-shredder to avoid generating backups
* Add paging support for group Members page
* Tweak css for page links to not overflow in Firefox
* Add $ShowSearchNavigation option to skip building search navigation links
* Add ability to search for disabled users
* Restore Ticket object to arguments passed to Preformatted, making ArticleTemplates work again
* Reload scrubber rules when web config changes are made
* Make statuses having upper cased chars work on lifecycle mappings page
* Multiple updates to set proper inputs on RT web configuration page
* Restyle admin user select page with a bare titlebox
* Upgrade Chart.js to 2.9.4
* In rt-dump-initialdata, add config for \"no\" variant of the disabled option
* In rt-dump-initialdata, skip attributes of attributes in serializeration as it\'s unsupported yet
* Log database config overrides via PreInitLoggerMessages
* Add support for deleting configs in database from web UI
* On user admin page, remember IncludeSystemGroups value on page navigation
* Create new config option for home page support email
* Support deleting custom field values on form submit in CF config
* In CreateTickets action, allow skipping of create ticket blocks through passing arg
* Add support for custom fields on article classes
* Disable inline editing for dashboard emails as clients don\'t support it (thanks J.P.Knight!)
* No need to fix up attribute contents in clone mode Email Encryption/Signing
* Support separate certificates for SMIME encryption and signing
* Add encryption and signing options for digest email
* Provide an option to skip GnuPG tests
* Handle encrypted outgoing emails in digest email
* Add OtherCertificatesToSend option for SMIME
* Set path to GnuPG binary in GnuPG::Interface constructor (thanks, aruthven!)
* Fix uninitialized warnings of $latest_user_main_key for gpg 2.2
* Handle FAILURE keyword for gpg 2.2
* Add gpg.conf for gpg 2.2 so we can specify passphrase in command line
* Update warning message tests for gpg 2.2
* Don\'t override fingerprint if it exists already
* Make t/mail/crypt-gnupg.t pass with gpg 2.2
* Quit gpg-agent after tests for gpg 2.2
* Move signed_old_style_with_attachment.eml to emails directory
* Always use temp gpg homedir to get a cleaner env
* Add extra ignored keywords for gnupg 2.2.x
* Fix unit test to cope with variations in how different versions of OpenSSL print certificates
* Default cert-digest-algo from SHA1 to SHA256
* Bump GnuPG::Interface to 1.00 to support gpg 2.2
* Report the cert authority in an \"assured by ...\" clause
* Report the S/MIME signer correctly when there is no EmailAddress
* Fix a bug in the logic that suppresses the \"email is unsigned\" warning
* Add AgorithmName to info returned by ParseKeysInfo
* For GnuPG, add a tooltip with additional info about the signature
* Add ability to download GnuPG public keys
* Store and display additional info about S/MIME signatures
* Extract email addresses from S/MIME certificates as specified in RFC 5750
* Support SMIME certificate revocation using OCSP/CRL
* Add deprecation warnings to RT::Test::GnuPG and RT::Test::SMIME.
* Allow specification of outbound signing/encryption protocol on a per-queue basis
* In Admin/Users/Keys.html, do not call \"UseForOutgoing\" when we have no $Queue object
* Explain conversion of legacy list args to a hash in CheckRecipients
* Add RT::Attachment->CryptStatus method
* Fix error if a CA certificate does not define CRLDistributionPoints
* Keep entire GnuPG fingerprint; don\'t truncate to 8 characters
* Include S/MIME certificate serial number in tooltip
* Add ability to download S/MIME certificates
* Switch from key to fingerprint for user PrivateKey
* Add admin page to manage GnuPG keys
* Show \"Preferred GnuPG key\" input only if GnuPG is enabled
* Migrate remaining RT::Test::SMIME in tests to RT::Test::Crypt
* Bump GnuPG::Interface to 1.02 to fix secret key deletion issue for gnupg 2.2
* Disable using WKD on GnuPG tests that might attempt to use the network (thanks, puck!) ... An even more complete changelog is available by visiting: https://github.com/bestpractical/rt/compare/rt-5.0.1...rt-5.0.2- add full url for source download- add source signing signature- new CORE dependency: Parallel::ForkManager
* Tue Apr 20 2021 larsAATTlinux-schulserver.de - 5.0.1- add missing runtime dependencies: + perl(Apache::DBI) + perl(Module::Pluggable) + perl(Pod::Select) + perl(Business::Hours) + perl(CSS::Minifier::XS) + perl(Data::Page::Pageset) + perl(JavaScript::Minifier::XS) + perl(Net::IP) + perl(Scope::Upper)- sort the layout file to match the current RT5 path layout- install GnuPG, RT-Shredder and SMIME work directories- recommend w3m, because of: \"Running with the internal HTML converter can result in performance issues with some HTML. Install one of the following utilities with your package manager to improve performance with an external tool: w3m, elinks, links, html2text, lynx\"- enhance README.SUSE
* Tue Apr 13 2021 larsAATTlinux-schulserver.de - 5.0.1- update to 5.0.1: Database Changes + For MySQL and MariaDB, the default character set has been updated to utf8mb4 to accommodate more unicode characters including emojis. See README.MySQL and README.MariaDB for details. + The Id field in some tables is changed from INT to BIGINT to accommodate large RT systems that may hit the maximum number of ids. Because this change touches large RT tables like Transactions and Attachments, this upgrade step may take a while to run. + You also will need free disk space equal to the size of these tables while running because MySQL, MariaDB, and Postgres will create a temporary copy of the table while running. If you don\'t have sufficient space, it can cause this step to fail. Notable Changes + System configuration options can now be changed by SuperUsers via the web UI. File-based configuration options are still loaded. Changes made via the web UI take precedence over file-based options if both are set. + If you prefer to keep all configuration in files and disable editing in the web UI, set this option to 0: Set($ShowEditSystemConfig, 0); + The variables which alter the set of HTML elements allowed in HTML scrubbing have moved; they have been renamed, and are now found under RT::Interface::Web::Scrubber. + The articles interface on tickets has been simplified, now showing only a dropdown for selecting articles. This dropdown converts to an autocomplete box when the dropdown contains more than $DropdownMenuLimit items. + With this simplified interface, the \"hotlist\" feature is no longer needed as all articles in classes applied to a given queue are available in the dropdown/autocomplete field. To prevent articles in a class from appearing for a queue, you can unapply the class from that queue. + The upgrade steps remove the hotlist configuration from your RT database by removing that column from the Articles table. Since the article class must be applied to a queue for the hotlist items to appear, all articles should continue to appear in the new interface. + The updated rich text editor now shows the browser context menu (right-click menu) by default, so the MessageBoxUseSystemContextMenu configuration option is no longer needed and has been removed. + Dashboards previously in the Home menu have been moved to the Reports menu. The reports previously in the Reports menu are still there, but you can now edit the Reports menu like the previous Home menu, so you can remove the default reports if you like. + All other dashboard menu functionality should be the same including editing your own menu, the global settings, and setting a user\'s menu from the user admin page for that user. + Accessing RT from a mobile device no longer defaults to the mobile-optimized interface. RT 5.0 is fully responsive so the full UI can be used on mobile devices. Set the configuration option $ShowMobileSite to true to restore the previous behavior. + RT can now run with GnuPG 2.2. On install or upgrade, it requires the updated version of GnuPG::Interface. make testdeps will test for the correct version. RT should also still run with GnuPG 1.4.x. It is not supported for GnuPG versions 2.0 or 2.1. + RT search results now allow inline editing of ticket metadata, greatly improving usability and convenience. Editable fields are now the default for most ticket fields in search results. + The ticket Owner field sometimes requires extra work to build and can result in slower page load times, so the default Owner format is read-only. To enable inline edit for Owner, update your search to use the format OwnerNameEdit. + If you experience slower page loads with OwnerNameEdit, you can display Owner as an autocomplete box rather than a dropdown using the AutocompleteOwners configuration option. This may also help other areas of RT in addition to searches. + We are investigating options to improve the underlying queries. Some users have reported improved performance with the following indexes, at least on Postgres: CREATE INDEX ACL2 ON acl (objecttype, objectid); CREATE INDEX ACL3 ON acl (principalid, rightname, principaltype); We are performing testing and looking for additional feedback before adding these to default RT. Extensions Integrated into RT 5 The following extensions are now part of RT 5. If you previously used any as an extension, you no longer need the extension after upgrading and can remove the Plugin line from your RT configuration. Changes you may need to apply if you previously used the extension are described below. RT::Extension::QuoteSelection RT::Extension::RightsInspector RT::Extension::ConfigInDatabase If you previously used RT::Extension::ConfigInDatabase as an extension, run the upgrade-configurations utility after completing all the other upgrade steps from the README. This will migrate your existing configuration to the new core RT tables. RT::Extension::CustomRole::Visibility RT::Extension::PriorityAsString If you previously used numbers for priority and would like to continue to do so, you can set the new $EnablePriorityAsString option to false. That will disable the new string-based display. If you would like to now use strings for priority like Low, Medium, High, check the new %PriorityAsString configuration option. RT provides a simple default setting that may be sufficient. Set new values if you would like to customize your priority options. If you were previously using the PriorityAsString extension, you no longer need the extension installed. The %PriorityAsString> configuration is simplified and consolidated, so check the documentation for details on updating your previous configuration. RT::Extension::AssetSQL The configuration option $AssetSQL_HideSimpleSearch is now $AssetHideSimpleSearch. The configuration option $AssetSearchFormat is now $AssetSimpleSearchFormat. See the configuration documentation in RT_Config.pm for new configuration options added for AssetSQL and the new asset query builder. RT::Extension::LifecycleUI RT::Extension::REST2 RT::Authen::Token If you previously used RT::Authen::Token as an extension, run the etc/upgrade/upgrade-authtokens utility after completing all the other upgrade steps from the README. This will migrate your existing tokens to the new core RT tables.- refreshed patches: + enable-build-as-non-root.patch + request-tracker-use_local_lib.patch- New CORE CORE dependencies: + perl(Encode::Detect::Detector) + perl(Encode::HanExtra) + perl(GnuPG::Interface) + perl(HTML::FormatExternal) + perl(HTML::Gumbo) + perl(Module::Path) + perl(Moose) + perl(MooseX::NonMoose) + perl(MooseX::Role::Parameterized) + perl(Path::Dispatcher) >= 1.07 + perl(Text::WordDiff) + perl(Web::Machine) >= 0.12- New EXTERNALAUTH dependencies + perl(Net::LDAP)- removed deprecated configure option \"with-apachectl\"- added new configure options: enable-smime, enable-externalauth and defined bin/libs-owner (root) libs-group (root) and rt-group (rt)- new sub-packages (including README\'S for the initial setup): + request-tracker-attachment-storage-S3 + request-tracker-attachment-storage-Dropbox
* Wed Oct 28 2020 Dirk Stoecker - 4.4.4- fix build with perl 5.32
* Mon May 04 2020 larsAATTlinux-schulserver.de - 4.4.4- replace cron scripts with systemd timer scripts on systems using systemd (boo#1115430)- enhanced README.SUSE with a section about the new timers
* Thu Mar 14 2019 larsAATTlinux-schulserver.de - 4.4.4- update to 4.4.4: Security Updates + One of RT\'s dependencies, the Perl module Email::Address, has a denial of service vulnerability which could induce a denial of service of RT itself. We recommend updating to Email::Address version 1.912 or later. The Email::Address vulnerabilities are assigned CVE-2015-7686 and CVE-2015-12558. CVE-2015-7686 was addressed in RT with a previous update. Email::Address version 1.912 addresses both of these CVEs with updates directly in the source module. + One of RT\'s dependencies, the Perl module Email::Address::List, relies on and operates similarly to Email::Address and therefore also has potential denial of service vulnerabilities. These vulnerabilities are assigned CVE-2018-18898. We recommend administrators install Email::Address::List version 0.06 or later. + An optional RT dependency, HTML::Gumbo, incorrectly escaped HTML in some cases. Since RT relies on this module to escape HTML content, it\'s possible this issue could allow malicious HTML to be displayed in RT. For RT\'s using this optional module, we recommend administrators install HTML::Gumbo version 0.18 or later.
* The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version. EU General Data Protection Regulation (GDPR) Several new features were added to support GDPR compliance and are summarized here. See the new GDPR documentation for details on the new features.
* Provide ways to download user data to format-neutral tsv files.
* Provide ways to anonymize or remove users.
* Provide a tool to remove PII from transaction history.
* Allow self service users to optionally view and edit their personal data. General user UI
* Don\'t skip sending mail if there are attached tickets.
* Handle legacy PGP Partitioned format for Outlook-style messages.
* Improve visuals of self service \"Go to Ticket\" box (I#31794).
* Add SLA to query builder options.
* Improve message when applying/removing custom roles from queues (I#32695).
* Wipe out related transactions on custom field shred.
* Add option to disable escaping HTML in articles (I#32374).
* Add keyboard shortcuts for reply and comment on ticket display page.
* Improve message for adding/deleting a new custom field value (I#32695).
* Make each transaction in history display below previous transactions (CSS bug fix).
* Avoid overflowing ticket subject in \"Recently Viewed\" menu on ballard theme.
* Better align input boxes and login button.
* Omit disabled users and groups from dashboard subscription page.
* Don\'t return search results for disabled custom fields (I#33972).
* Add some style to web UI shredder pages.
* Render charts properly when searching with queue custom fields (#I32564).
* On user prefs page, show system default values for Timezone and Lang when unset. Administration
* Templatize and install rt-search-attributes utility.
* Allow rt-setup-fulltext-index to prompt for dba password.
* Allow rt-validator to delete txns of reminder changes if reminders don\'t exist.
* Allow rt-validator to delete txns of custom field changes if CFs don\'t exist.
* Let rt-validator check more owner change txns.
* Add default CSS in theme editor for heading font colors.
* Pass UTF-8 decoded data to Create method for rt-importer on Pg.
* Check SeeGroup on individual group admin pages.
* Standardize error message for failed dashboard load.
* Clarify email recipients in dryrun debug message for dashboard email.
* Skip disabled users when sending dashboard subscriptions. Internals
* Include only ticket lifecycles for Status = \'__Active__\'.
* Update article postfix loops from using $_ to a named variable.
* Avoid duplicated items in index.html when generating online docs.
* Don\'t endlessly try to terminate apache processes in tests.
* Provide a results array to pass messages to ListActions for asset create.
* Copy lifecycle array before iterating and possibly modifying.
* Load RT::ObjectCustomFieldValues to prevent web installer errors.
* Add a class based on custom field name to allow for easier custom styling.
* Test lifecycle rights with optional context object to allow for role rights.
* Remove signature feature from SelfService prefs since self service users can\'t have a sig.
* Don\'t search empty attribute values in CanonicalizeUserInfoFromExternalAuth.
* Add column to transaction column map for content.
* Update AddTicket to force multipart/mixed email when attaching tickets to email.
* Require Encode::HanExtra in RT::Attachment::EncodedHeaders when necessary.
* Add caching to the queue list portlet to improve performance on RT at a glance.
* Update session testing method when testing on Oracle to avoid hanging tests Developer
* Add callbacks for modifying custom role lists.
* Add ARGSRef parameter to the IncludeArticle callback.
* Add callback \'BeforeTitle\' to change history titlebox.
* Add BeforeCreate callback for user admin page.
* Apply dynamic tr classes on NEWLINE in Row callback (thanks to Michael Friedrich).
* Add BeforeDeleteLink callback for AddAttachments. Documentation
* Add GDPR documentation.
* Add custom roles documentation.
* Update query builder docs to explain NOT NULL in CF searches.
* Update database version notes in README.
* Add and display a Synopsis for the user shredder plugin.
* Clarify failed resolver error message for user shredder plugin.- refreshed the following patches: + enable-build-as-non-root.patch + request-tracker-use_local_lib.patch- enhanced request-tracker-rpmlintrc to be a bit more generic- enhanced /etc/sysconfig/request-tracker to contain all the default directories and users/groups used by RT per default- separated the preparation done in the old init script into /usr/sbin/request-tracker-prepare.sh which uses the variables from /etc/sysconfig/request-tracker. This allows to call the script either via systemd or sysvinit file- modified /etc/init.d/request-tracker to also use the /usr/sbin/request-tracker-prepare.sh script during startup- added request-tracker.service file to fully support systemd- recommend perl(HTML::Gumbo), as this is an optional dependency for showing a broader set of rich text (HTML) message features- recommend perl(HTML::FormatExternal) to allow RT to use external programms to render HTML to plain text (optional feature)
* Wed Sep 12 2018 larsAATTlinux-schulserver.de - 4.4.3- update to 4.4.3 General user UI
* Show the Ticket\'s Subject when modifying the ticket.
* Re-format RT/Config.pm so the `# loc` comment parses correctly.
* Sort saved searches alphabetically by name rather than by id.
* In Self Service, provide a path to remove attachments from the session when they are deleted from dropzone by the user (I#32663).
* Fix evaluation of set vs. unset custom fields on display for correct hiding.
* Set dropzone attachment size based on RT\'s MaxAttachmentSize configuration.
* Add a configuration option TreatAttachedEmailAsFiles to treat attached email as a file attachment instead of parsing as regular email.
* Restore email header parsing for items like email addresses when TreatAttachedEmailAsFiles is not set. This was disabled in a previous version.
* Respect default queue settings in Create linked ticket dropdown (I#32884).
* More fixes for recipient checkboxes on update. This version removes previous problematic fixes and gives a visual indication (shading) when RT is updating recipients in the background and checkboxes should not be changed (I#33027).
* Provide a way to reset personal search preferences back to the RT system default (I#32854).
* Add an Untake action to the Actions tab.
* Add active and inactive status to query builder.
* Re-add Queue to \'Order by\' dropdown in Search Builder.
* Make admin searches for queue and group case insensitive making it easier to find groups.
* When editing ticket basics, always add valid default value to queue selection, taking into account SeeQueue rights.
* Set dropzone parallelUploads to 1 to avoid losing attachments. Also set parallelUploads when the dropzone object is created.
* Correct error messages on user rights for CF admin UI.
* In ticket history, respect ShowHeaders option from request for ScrollShowHistory (I#32699).
* Fix ExtraArgs of callback ExtraShowHistoryArguments in ScrollShowHistory.
* In the ticket history with scroll set, continue to get transactions until all have been shown, even if a block has been hidden for some reason (rights, etc.).
* Add PreferDropzone config/pref option for users. Dropzone is not accessible to screen readers and this enables the previous attachments interface which is accessible.
* In the query builder, set operator to \"IS\" or \"IS NOT\" for NULL values. This fixes a regression from pre-4.4 RT behavior.
* Don\'t create ticket if user clicks \"Go\" buttons of \"Include Article\".
* Fix CF name escape for asset search\'s spreadsheet download.
* Show the user in single member custom roles even if the user is disabled (I#32949). Administration
* Stop wrapping ShowUser in tags to avoid unnecessary nested links.
* When listing group members, sort by text-only representation of the user, not HTML (I#30771)
* In the group admin page, stop pre-computing ShowUser.
* In shredder, check for both id and name mismatches when loading objects.
* Add a new rt-passwd command to make it easy to reset passwords on the command-line.
* Support custom roles in RT serializer/importer tools.
* Support catalogs and assets in RT serializer/importer tools.
* Update RT\'s module dependencies for SSL (https) to align with updates to the CPAN module ecosystem.
* Add age, batchsize, and dry-run options to rt-externalize-attachments.
* Set proper HTTP Status codes on Abort.
* The value for converting the owner dropdown to an autocomplete textbox can now be updated in configuration with DropdownMenuLimit.
* Switch to Clone::clone to copy config structures in Obfuscate callbacks. This restores support for REGEXP and CODE configuration on the System Configuration page.
* Provide a way to pass more options to Net::LDAP from LDAPImport configuration.
* Provide more debug output on connection failures in LDAPImport.
* Store log messages until RT::Logger is initialized. This means messages logged before the logger is available, like \"Change of config option...\" can now respect the configured log level.
* In shredder, check for both id and name mismatches when loading objects
* Retain scrip sort order in pagination links more on https://docs.bestpractical.com/release-notes/rt/4.4.3- use/define _fillupdir- use systemd macros, where possible
* Mon Sep 25 2017 larsAATTlinux-schulserver.de- update to 4.4.2 Security
* RT 4.0.0 and above are vulnerable to an information leak of cross-site request forgery (CSRF) verification tokens if a user visits a specific URL crafted by an attacker. This vulnerability is assigned CVE-2017-5943. It was discovered by a third-party security researcher.
* RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack if an attacker uploads a malicious file with a certain content type. Installations which use the AlwaysDownloadAttachments config setting are unaffected. This fix addresses all existant and future uploaded attachments. This vulnerability is assigned CVE-2016-6127. This was responsibly disclosed to us first by Scott Russo and the GE Application Security Assessment Team.
* One of RT\'s dependencies, a Perl module named Email::Address, has a denial of service vulnerability which could induce a denial of service of RT itself. We recommend administrators install Email::Address version 1.908 or above, though we additionally provide a new workaround within RT. The Email::Address vulnerability was assigned CVE-2015-7686. This vulnerability\'s application to RT was brought to our attention by Pali Rohár.
* RT 4.0.0 and above are vulnerable to timing side-channel attacks for user passwords. By carefully measuring millions or billions of login attempts, an attacker could crack a user\'s password even over the internet. RT now uses a constant-time comparison algorithm for secrets to thwart such attacks. This vulnerability is assigned CVE-2017-5361. This was responsibly disclosed to us by Aaron Kondziela.
* RT\'s ExternalAuth feature is vulnerable to a similar timing side-channel attack. Both RT 4.0/4.2 with the widely-deployed RT::Authen::ExternalAuth extension, as well as the core ExternalAuth feature in RT 4.4 are vulnerable. Installations which don\'t use ExternalAuth, or which use ExternalAuth for LDAP/ActiveDirectory authentication, or which use ExternalAuth for cookie-based authentication, are unaffected. Only ExternalAuth in DBI (database) mode is vulnerable.
* RT 4.0.0 and above are potentially vulnerable to a remote code execution attack in the dashboard subscription interface. A privileged attacker can cause unexpected code to be executed through carefully-crafted saved search names. Though we have not been able to demonstrate an actual attack owing to other defenses in place, it could be possible. This fix addresses all existant and future saved searches. This vulnerability is assigned CVE-2017-5944. It was discovered by an internal security audit.
* RT 4.0.0 and above have misleading documentation which could reduce system security. The RestrictLoginReferrer config setting (which has security implications) was inconsistent with its implementation, which checked for a slightly different variable name. RT will now check for the incorrect name and produce an error message. This was responsibly disclosed to us by Alex Vandiver. New features
* Custom fields now have a \"New values must be unique\" option.
* Custom fields now support value canonicalization (for example, automatically changing input values to be all uppercase). See the AATTCustomFieldValuesCanonicalizers config option.
* Ticket timers provide a comment box for quickly adding ticket comments to describe your time worked.
* You can now set up default values for assets on a catalog level.
* You can choose to display result counts on ticket search portlets using the new $ShowSearchResultCount config setting.
* There is now a \"Load all history\" link for the \"as you scroll\" history loading mode, to allow you to use browser-based text search.
* We now display a list of recently-viewed tickets in the Search -> Tickets -> Recently Viewed menu.
* We have made RT::Extension::AdminConditionsAndActions part of core RT, so you can now easily configure the conditions and actions of your scrips right within the admin UI. General user UI
* Avoid breaking sorting of non-ticket searches in dashboards
* Avoid duplicate one-time recipients (I#31938, I#31939)
* Suppress ticket Ccs and AdminCcs from one-time recipients
* Allow ordering assets with \"CustomField.Foo\" syntax
* Avoid divide-by-zero in charts with no data (I#32143)
* Add ability to link multiple assets to a new ticket from asset bulk update
* Add quick asset create portlet for user summary
* Add encrypt/sign controls to ticket forward page
* Fix browser-based search navigation link generation (I#32197)
* Remove self-service password change form under ExternalAuth
* Respect SetInitialCustomField right in self-service (I#32233)
* Declare page as being in user\'s language for browser spellcheck (I#32082)
* Fix error with merge tickets being used on bulk update (I#32237)
* Avoid overaggressively generating external attachment links
* Add $HideOneTimeSuggestions config to hide one-time recipient addresses behind a click
* Add \"All recipients\" checkboxes to modify people page and one-time recipients on update
* Dashboards are now displayed in alphabetically-sorted order
* Remove dashboard from menu if it can\'t be loaded (I#29719)
* Avoid wrapping one-time recipient checkbox separately from its label (I#32117)
* Use only top-level attachments for generating one-time recipient lists to avoid e.g. phishing addresses
* Fix accidental usage of server timezone for end users (I#32315)
* Add user preference for browser context menu instead of CKEditor\'s, for native spellcheck (#32274)
* QuickCreate on a dashboard no longer sends you to the homepage (I#25573)
* Respect HideTimeFieldsFromUnprivilegedUsers in correspond transactions with time worked
* Fix occasionally-missing background-color for comments
* Add a Timer column to search results for launching ticket timer
* Fix error preventing merging tickets with lazily-created watcher groups (I#32490)
* Add a __CurrentUserName__ TicketSQL placeholder
* You can now search tickets using Queue LIKE \'…\' and Queue NOT LIKE \'…\'
* Make \"Show all\" link for attachment lists more prominent (I#32459)
* Respect SetInitialCustomField for multi-valued CFs (I#32491)
* Fix bulk update for asset custom fields (I#32509)
* Add support for CF grouping in asset bulk update (#32198)
* Add \"reattach\" as an attachment warning keyword
* Sort one-time recipient addresses (I#31879)
* Fix article quicksearch degrading the article menu (#31591)
* Avoid noisy \"CF changed from 0 to 0\" messages (I#32440)
* Avoid showing a truncated list of articles due to permissions (I#31989)
* Avoid double-encoded text attachments loaded from ExternalStorage
* You can now chart tickets by SLA (I#31824)
* Add \"Show all\" button for attachments on ticket forward page
* Relabel \"Password\" portlet on user page to \"Access control\" (I#31379)
* Fix UI for bulk update of \"List\"-type select-multiple CFs (I#32562)
* Avoid discarding checkbox changes in Recipients panel (I#32290)
* Clean up article custom fields display (I#32641)
* Add SLA field to bulk update if any queues have SLA enabled
* Include the new Request Tracker logo
* Fix overly-large bookmark star on mobile UI (I#32727)
* Stop double-escaping HTML which is made into links (I#31169)
* Fix keyboard shortcut UI for selecting tickets on old themes (I#32748)
* Add Reports menu with several predefined reports Command-line
* Fix rt-ldapimporter --debug logging output (I#32196)
* Improve rt-ldapimporter documentation
* Produce output from etc/upgrade/upgrade-assets Email
* Avoid overaggressively trimming whitespace from MIME encoded-words
* Add config option $OverrideMailPrecedence to help avoid out-of-office autoreplies
* Fix issues with encrypted attachments being unreadable/absent Database
* Skip DBA password prompt on SQLite
* Avoid warnings when upgrading old saved searches (I#32235)
* … and fix up those old saved searches (I#16856)
* Restart asset and catalog ID sequences for Pg and Oracle in etc/upgrade/upgrade-assets
* Add index on Attachments table column Filename (I#32033)
* Replace deprecated NOCREATEUSER with NOSUPERUSER for Postgres 9.6 (I#32511)
* Avoid deadlock in SetOwner race condition which we believe affected only MySQL (I#32381)
* The previous may have caused inconsistent ticket ownership, and so the 4.4.2 upgrade step will find and fix such issues
* Add rt-validator rules for possible issues around ticket owner rt-serializer/rt-importer
* Fix several incorrect references in output (I#31803, I#31804, I#31805, I#31808)
* Add --exclude-organization option (I#31812, I#31813)
* Add --limit-queues and --limit-cfs options
* Suppress semi-unmigrated link relationships by default
* Add --hyperlink-unmigrated option
* Fix queue change transactions to mention unmigrated queues by name
* Support for dashboards in menu preference (I#31810)
* Support for RT at a Glance preference (I#31809)
* Don\'t skip RT->System searches
* Avoid breaking rights granted to users (I#31806) Web Administration
* Add checkbox for selecting all custom field values in admin UI
* Log a history entry when adjusting whether a user is Privileged
* Log history entries when adding/removing a group member both to the group and to the member
* Hide disabled scrips by default, adding a \"include disabled scrips\" checkbox (I#30131)
* Add missing timezone field on user create/modify (I#29977)
* Add RT extension names and versions to System Configuration page (I#31482)
* Add a \"SetCustomFieldToNow\" scrip action whose Argument is CF name
* Fix default values config when CustomFieldGroupings introduces duplicate CFs (I#32441)
* Fix ExternalAuth failure after viewing System Configuration page (I#32469)
* Support custom field groupings for groups
* User searches can now be sorted by user CF For more, please have a look at: https://github.com/bestpractical/rt/compare/rt-4.4.1...rt-4.4.2- refreshed patches
* Wed May 17 2017 mcajAATTsuse.com- Added two more packages to Requires: perl(CSS::Minifier::XS) and perl(JavaScript::Minifier::XS)
* Fri May 05 2017 mcajAATTsuse.com- update to 4.4.1: New features:
* Administrators and users can now choose to place signatures above the quoted message in replies (RT_Config setting \"SignatureAboveQuote\" and the similarly named user preference). This also improves the specific spacing between quotes and signatures in all configurations. (I#31877)
* Users may now choose to suppress dashboard email when all of its searches have no results. This is controlled by the new \"Suppress if empty\" checkbox on the subscription page. (I#30078)
* The Dashboard subscription recipient options have been greatly expanded from a single text field (which happened to support multiple email address separated with a comma) to a robust user/group search.
* Users may now select a specific language for each dashboard email subscription. Administrators can customize the method by which dashboard email language is chosen (including specifying an ultimate fallback other than English) with the AATTEmailDashboardLanguageOrder RT_Config option.
* The \"hide unset fields\" preference now also hides unset custom fields, obsoleting RT::Extension::CustomField::HideEmptyValues. Additionally there is now a toggle button at the top right of the ticket display page for quickly toggling whether unset fields are hidden or shown. (I#31523)
* There is a new SetInitialCustomField right that permits setting custom field values on records (tickets, assets, articles) while you are creating them. It does not permit modifying custom field values of existing records. Users with SetInitialCustomField but without ShowCustomField will still be able to specify a custom field value at create time but not see it afterwards. (I#14974)
* Administrators and users can now choose to display queue dropdowns as an autocomplete field (RT_Config setting \"AutocompleteQueues\"), much like is available for Owners. If your RT instance has many queues this option improves performance and usability. (I#31291)
* New config for hiding time worked, time estimated, and time left from unprivileged users in the self-service interface (RT_Config setting \"HideTimeWorkedForUnprivilegedUsers\"). This also adds a hook point RT::Ticket::CurrentUserCanSeeTime for further customization. (I#31302)
* Long attachment lists can now be truncated to show only the X newest attachments, with an AJAX \"Show all\" link, (RT_Config setting \"AttachmentListCount\"). This should improve the performance and usability of both ticket display and ticket reply pages. General user UI:
* Eliminate console errors from Preview Scrip Recipients panel when there are no recipients
* Avoid URL length errors from Preview Scrip Recipients panel when the messagebox has lots of content (I#31874)
* Include MessageBoxRichText in JavaScript config to fix compatibility for RT::Extension::QuoteSelection
* Support autocomplete custom fields in bulk update (I#15259)
* Hint to the user that not all CF types are supported by bulk update, instead of silently excluding them (I#15259)
* Exclude One-Time Cc and One-Time Bcc addresses from squelching (I#31386)
* Restore behavior of $EditCustomFieldsSingleColumn config (I#18555)
* Improve \"reuse existing attachments\" UI to match existing attachments UI (I#31709)
* Improve ticket timer text-overflow styling (I#31713)
* Switch from generating an explicit list of statuses to Status = \'__Active__\' and Status = \'__Inactive__\' throughout the UI, both improving performance and simplifying TicketSQL queries (I#31695 etc)
* Switch queue search from queue ID to queue name for better usability
* Fix keyboard shortcut ? command in self-service UI (I#31535)
* Support / keyboard shortcut in self-service UI
* Add ticket SLA to display columns for search results (I#31831)
* Modernize UI of Articles display and modify
* Display creator, created, and updated metadata on Articles pages
* Fix searching for people associated with Assets (I#31546)
* Support 4.4 attachment uploader in self-service UI (I#31845)
* Fix bulk update check/clear all checkboxes (I#31667)
* Fix poor rendering of \"create [relationship] ticket in [queue]\" when there are no existant links (I#31871)
* Fix a regression with time zones in datetime custom fields (I#31674)
* Ticket timers no longer pause when JavaScript stops running (I#31707)
* Show the \"include attachments\" label on ticket reply only if there are attachments to include
* Avoid showing an empty custom fields panel on ticket edit pages when user can see custom fields but cannot edit them
* Fix new and existing charts that fail to render on dashboards (I#31557)
* Fix certain attachment links containing HTML metacharacters from double escaping (I#31751)
* Avoid failure to create tickets due to custom role rights (I#32069)
* Avoid SQL errors when using article quicksearch (I#31987) Command-line:
* Add new sbin/rt-search-attributes script for searching for attributes matching criteria specified as Perl code (I#31294)
* Fix issues around incorrect recipients in rt-crontool invocations with multiple actions Database:
* Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning no limit) for tuning how very large attachments are included in the full-text index
* Avoid indexing EmailRecord transactions as they duplicate content already available in the original Create, Correspond, and Comment transactions. This improves both indexing time and index size considerably.
* Avoid creating transactions for, and bumping Last Updated of, tickets when migrating RT::Extension::SLA custom field values to the core SLA field (I#31924)
* Add the new RT 4.4 Queue SortOrder column sooner in the 4.4 upgrade process to improve extension compatibility
* Avoid errors during `make initdb` when ExternalAuth is enabled (I#32009) Web Administration:
* Add EscapeURI and EscapeHTML functions for use in email templates (I#31442)
* Add RT::Action::AddPriority action for use with rt-crontool which simply increments the priority by $Argument every invocation Server Administration:
* Avoid DateTime::Locale version 1.01 https://rt.cpan.org/Public/Bug/Display.html?id=110244
* Have ./configure test whether to use GNU-style syntax or BSD-style syntax for `find -perm`
* Several fixes around 4.0 and 4.2 upgrade scripts running under 4.4
* Fix migration of \"SLA Disabled\" for queues in the upgrade-sla script (I#31703)
* Avoid overloading error caused by certain versions of Email::Address on Preview Scrips Recipients (I#31712)
* Add explicit Pod::Select dependency since it was removed from Perl 5.18 (I#31873)
* Add documentation for the now-core ExternalAuth and LDAPImport options in RT_Config (I#31464)
* Automatically enable ExternalAuth when the ExternalSettings config option is declared, obviating the need for an explicit `Set($ExternalAuth, 1);` (I#31689)
* Remove unnecessary dependencies on FCGI::ProcManager and Net::LDAP::Server::Test (I#31872)
* Many cleanups in and improvements to our CPAN dependency install toolchain Developer:
* Remove unused RT::Shredder::Record
* Add RT::Date->Strftime method (I#31435)
* If content_like (or similar) tests fail, output the page content to a tmp file for debugging (I#31408)
* Make autocomplete infrastructure more generic and extensible
* Add missing %ARGS to ShowHistoryPage call in ShowHistory, improving RTIR compatibility
* Fix missing CurrentUser parameter in RT::Interface::Email::Gateway to improve RT::Extension::CommandByMail compatibility
* Fix Queue SLADisabled _CoreAccessible metadata to match schema\'s default value of 1 (I#31822)
* Switch \"hide unset fields\" to be implemented with CSS for additional flexibility
* Add CSS classes (for example `.admincc`) for many basic fields on ticket display
* Allow setting SLA in RT::Queue->Create, which can be used in initialdata files (I#31823)
* Improve ShowHistory compatibility with RTIR
* Add stubs for the fields that had been removed from queues in 4.4 to improve compatibility with extensions and customizations (I#32019)
* Fix tests to enable ExternalAuth
* Added infrastructure for deprecating specific callbacks, as we consider them to be part of our stable API (RT::Interface::Web::Request %deprecated)
* Deprecated callbacks: /Admin/CustomFields/Modify.html AfterUpdateCustomFieldValue
* New callbacks: /Ticket/Update.html RightColumnBottom /Admin/CustomFields/Modify.html EndOfPage /Elements/CollectionAsTable/Row EachField /Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields, and MassageSubscriptionFields /Elements/SelectOwnerDropdown ModifyOwnerListRaw and ModifyOwnerListSorted /Helpers/Autocomplete/Owners ModifyOwnerAutocompleteSearch /Elements/ShowTransactionAttachments BeforeAttachment
* Improved callbacks: /Admin/CustomFields/Modify.html Initial adds $Results /Elements/MessageBox Default adds $DefaultRef and $MessageRef
* Adjust TicketHistoryPage to reuse existing callbacks for TicketHistory Documentation:
* Add documentation for 4.4\'s $ShowHistory scroll option in RT_Config (I#31705)
* Fix UPGRADING-4.2\'s description of PostgreSQL full-text search using GiST; it uses GIN indexes (I#31844)
* Link to RT::Authen::ExternalAuth as a local document like the rest of RT\'s core modules, rather than as an external link to metacpan like we do for extensions (I#31957)
* Update docs/authentication.pod to reflect RT::Authen::ExternalAuth and RT::LDAPImport (previously RT::Extension::LDAPImport) becoming part of core RT (I#31861)
* Fix broken link in SLA documentation
* Improve the upgrading documentation around migrating from RT::Extension::SLA to core SLA
* Third-party source code packaging improvements (I#31900)
* Link to our new RT wiki at https://rt-wiki.bestpractical.com Internationalization:
* Fix broken attachment upload UI for Catalan language (I#31864)
* Fix JS compile errors for translations with apostrophes (specifically French) under infinite scroll (I#32090)
* Update translations for: Finnish, Hungarian, Latvian, Lithuanian, Russian, Turkish, and UK English.
* Fri May 05 2017 mcajAATTsuse.com- make a man page rt-mysql2pg-contrib a bit nice
* Fri May 05 2017 mcajAATTsuse.com- Added missing man page for rt-mysql2pg-contrib
* Fri May 05 2017 mcajAATTsuse.com- Added missing man page- clean up duplicate files
* Fri May 05 2017 mcajAATTsuse.com- the first a bit working version in my branche. Its not good for MR yet.
* Mon Jan 09 2017 larsAATTlinux-schulserver.de- update to 4.2.13: General User UI
* Avoid race condition where a ticket\'s Started timestamp could be before its Created timestamp
* Users without ability to update a saved search are no longer shown an Update button
* IP custom field textboxes now wide enough for full IPv6 addresses (I#24565)
* Self-service Cc field now allows for autocompleting multiple users
* When possible sort charts numerically rather than ascii-betically
* QuickCreate now respects DefaultQueue and RememberDefaultQueue (I#30913)
* Make user preferences use label tags for better clickiness (I#30953)
* Hide \"Transaction has no content\" from Extract Article (I#31027)
* Improve CSRF detection by whitelisting more specific parameters (I#31090)
* Empty selection boxes no longer render 1px wide (I#31316)
* Show queue ID if the user can\'t see the queue name
* Search builder display format now properly supports \"large\" sizing
* Fix SMIME encoding issue (I#31155)
* Improve messaging and logging around reminders that users can\'t see
* Queue name on ticket display is now a link to a search for all active tickets in that queue
* Support autocomplete custom fields in bulk update (I#15259)
* Hint to the user that not all CF types are supported by bulk update, instead of silently excluding them (I#15259)
* Improve compliance with RFC4480 for GPG armor lines (I#30372)
* Restore behavior of $EditCustomFieldsSingleColumn config (I#18555)
* Fix a regression with time zones in datetime custom fields (I#31674)
* Fix certain attachment links containing HTML metacharacters from double escaping (I#31751)
* Fix custom attachment URLs for self-service users (I#30960) Database
* \"schema\" upgrade files no longer issue CREATE INDEX statements, instead there are now \"indexes\" upgrade files that describe the end state of the indexes RT requires. This better handles indexes that may have been deployed by hand or otherwise already exist.
* We now correctly shred ObjectCustomFields records when shredding a CustomField
* Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning no limit) for tuning how very large attachments are included in the full-text index
* Improve 4.0 upgrade scripts running under 4.2 Web Administration
* We now record transactions for changes to queues
* Improve visual design of Shredder forms Server Administration
* Add missing dependency on Encode 2.64
* New RT_SiteConfig.pm files now get a \"use utf8;\" by default to allow config options to use Unicode
* bcrypt cost has been doubled on schedule to improve password hashing security
* Allow multiple --action and --action-arg options in rt-crontool
* Fix \"use of localtime without parentheses\" warning
* rt-email-dashboards now has a --log parameter for setting log level
* Add config %ReferrerComponents to provide fine-grained control over referrer checking behavior
* Clarify web config validation log messages (I#31117)
* Add a no_ticket_transactions option to user shredder
* Remove now-unnecessary dependency on Apache::DBI (I#31210)
* Avoid DateTime::Locale versions 1.00 and 1.01 https://rt.cpan.org/Public/Bug/Display.html?id=110244
* Have ./configure test whether to use GNU-style syntax or BSD-style syntax for `find -perm` (I#31308) Developer
* Improve test compatibility with File::Which 1.17
* Improve test compatibility with HTML::FormatText::WithLinks::AndTables
* Remove unused RT::Shredder::Record
* Transactions now have a ColumnMap
* New callbacks: /Ticket/Create.html MassageCloneArgs /Admin/Queues/Modify.html FormStart /Ticket/Elements/ShowBasics AfterTimeLeft, AfterPriority, AfterQueue, and AfterTable /Ticket/Elements/ShowSummary AfterBasics, AfterPeople, AfterReminders, and AfterDates /Ticket/Graphs/index.html BeforeActionList, FormStart, AfterForm, and Default /Ticket/Update.html RightColumnBottom /Admin/CustomFields/Modify.html EndOfPage /Elements/CollectionAsTable/Row EachField /Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields, and MassageSubscriptionFields /Elements/ShowTransactionAttachments BeforeAttachment
* Improved callbacks: /Admin/CustomFields/Modify.html Initial adds $Results Documentation
* New documentation on format strings (docs/format-strings.pod) for controlling how search results are displayed
* Update documentation to expect that most installations will deploy fulltext search
* Also remind users that they should set up backups in the README
* Fix UPGRADING-4.2\'s description of PostgreSQL full-text search using GiST; it uses GIN indexes (I#31844) Internationalization
* Adjust the string \"CustomFields\" to instead use the existing \"Custom Fields\" to ease translation
* We now display translated ticket properties and statuses on graphs
* Update translations for: Brazilian Portuguese, Czech, Finnish, French, German, Greek, Hungarian, Japanese, Latvian, Lithuanian, Occitan, Polish, Russian, Spanish, Swedish, and Turkish- fix logrotate file: add closing braket and \'su\' option- fix capitalization of README.SUSE
* Sat Jan 23 2016 larsAATTlinux-schulserver.de- adapt apache configuration to be able to run with mod_authz_core (apache 2.4) and the old apache < 2.4 auth module- also allow IPv6 addresses
* Mon Aug 17 2015 larsAATTlinux-schulserver.de- update to 4.2.12: + This release is a security release which addresses the following vulnerabilities: ++ RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475 (bnc #941912) It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. ++ RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT\'s user interface. Installations which use neither GnuPG nor S/MIME are unaffected. From 4.2.11: + improves indexing time for full-text search + improving support for Apache 2.4 and MySQL 5.5 + Interactive command-line tools (including upgrade tools) will now also default to displaying warnings to STDERR, to aid in awareness of potential errors.- refreshed request-tracker-use_local_lib.patch
* Mon Mar 30 2015 darinAATTdarins.net- Add requires for Data::UUID, required by rt-server
* Thu Feb 26 2015 darinAATTdarins.net- update to 4.2.10 This release is primarily a security release; it addresses CVE-014-9472, a denial-of-service via RT\'s email gateway, as well as CVE-2015-1165 and CVE-2015-1464, which allow for information disclosure and session hijacking via RT\'s RSS feeds. + General user UI
* Speed up the default simple search on all FTS-enabled installs by not OR\'ing it with a Subject match. This returns equivalent results for almost all tickets, and allows the database to make full use of the FTS index.
* Pressing enter in user preference form fields no longer instead resets the auth token (#19431)
* Pressing enter in ticket create and modify form fields now creates or updates the ticket, instead being equivalent to \"add more attachments\", or the \"search\" on People pages (#19431)
* Properly encode headers in forwarded emails that contain non-ASCII text (#29753)
* Allow users to customize visibility of chart/table/TicketSQL in saved charts
* Allow groups to be added as requestors on tickets
* Perform group searches case-insensitively on People page (#27835)
* Ticket create transactions for tickets created via the web UI now contain mocked-up From, To, and Date headers; this causes them to render more correctly when forwarded
* Update wording of error message for saved searches without a description (#30435)
* Flush TSV download every 10 rows, for responsiveness
* Retain values in Quick Create on homepage if it fails (#19431)
* Limit the custom field value autocomplete to 10 values, like other autocompletes (#30190)
* Fix a regression in 4.0.20/4.2.4 which caused some users to have blank homepages (#30106)
* Fix styling on \"unread messages\" box on Ballard and Web2 themes
* Fix format of Date headers in RSS feeds (#29712)
* Adjust width of transaction date to accommodate all date formats (#30176)
* Allow searching for tickets by queue lifecycle + Command-line
* Fix server name displayed at password prompt when RT is deployed at a non-root path like /rt (#22708) + Admin
* If the optional HTML::FormatExternal module is installed, use w3m, elinks, links, html2text, or lynx to format HTML to text. This addresses problems with the pure-Perl HTML-to-text converted which resulted in blank outgoing emails. (#30176)
* Add support for native (non-Sphinx) indexed full-text search on MySQL. This uses the InnoDB fulltext engine on MySQL 5.6, and an additional MyISAM table on prior versions of MySQL.
* Support MySQL database names with dashes in them (#7568)
* Properly escape quotes and backslashes in config options in web installer (#29990)
* Increase length of template title form input
* Clarify wording on updating old Organization values by rt-validator
* Resolve a runtime error for SMIME without secret keys (#30436)
* Empty email addresses are no longer caught as being \"an RT address\" if there exist queues without Correspond addresses set (#18380)
* Allow Parents/Children/Members/MemberOf in CreateTickets action
* Allow RT-Originator to be overridden in templates
* Ensure that HTML-encoded entities are indexed in FTS
* Fix uninitialized value warnings from charts grouped by date
* Remove no-op $CanonicalizeOnCreate configuration variable; RT::User->CanonicalizeUserInfo is always called
* Make NotifyGroup action respect AlwaysNotifyActor argument
* Fix X-RT-Interface header on incoming email on existent tickets
* Warn on startup if queues have invalid lifecycles set (#28352) + Developer
* Add AfterHeaders callback to ShowMessageHeaders
* Update all upgrade steps to use .in files (#18856)
* Add policy tests to enforce the new upgrade step standards
* Remove +x bit from multiple non-executable files
* Make Obfuscate callback in configuration options be passed the current user, as was documented
* Remove obsolete _CacheConfig parameters
* Preferentially use IN rather than multiple OR clauses
* Respect RowsPerPage for external custom field values
* Localize default statuses from RT_Config.pm, instead of hardcoding
* Add callbacks within Dates box after each type of Date
* Pass the CustomFieldObj down to CustomFieldValue objects intact, so its ContextObj can be inspected; this is particularly useful for external custom fields.
* Allow more than one right per AATTACL in initialdata
* Don\'t hardcode share/html in tests, for non-default layouts
* Base detection of new themes on presence of main.css file, not base.css file (#30554)
* Allow for relative \"lib\" in AATTINC when running tests
* Allow EditComponentName customfield callback to alter Rows/Cols values + Serializer/importer
* Memory usage improvements in both serialization and import
* Templates, Scrips, and ObjectScrips now serialize correctly when not cloning + Documentation
* Document how to enable un-indexed full-text-search, and its drawbacks
* Note that after restoring from backups, PostgreSQL may need to have statistics updated
* New documentation on writing portlets
* Add an =pod directive so the first paragraph of UPGRADING is not skipped
* Clarify when UPGRADING-x.y steps should be run
* Better document known bugs with Sphinx FTS
* Add missing semicolon on Shredder suggested indexes A complete changelog is available from git by running: git log rt-4.2.9..rt-4.2.10 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.9...rt-4.2.10
* Sat Nov 29 2014 darinAATTdarins.net- Use mod_perl instead of mod_fcgid as default apache2 module, which isn\'t available on SLE_12
* Thu Oct 30 2014 darinAATTdarins.net- update to 4.2.9 + General user UI
* Fix Subject header during ticket printing (#30362)
* Comparisons of long text Custom Fields were erroneously reporting updates (#30378)
* Broken logo link for the mobile UI when used with $WebPath
* No longer leak base64 data to non-english users who change a Dashboard subscription and futureproof for other Attribute updates (#24665)
* Previous column selection is remembered when updating search formats (#16972)
* Charts could return quadrupled data for aggregate data (such as Time Worked) depending on your rights configuration.
* Charts can now be grouped by Priority
* Ticket Creation form now leaves Requestor blank on page reload if you cleared it out. + Localizations
* \"check to delete all values\" is now localized + Command-line
* BeforeDue action now accepts 2D as well as 2d (#30449)
* bin/rt no longer shows a default Due date unless one is configured on the Queue. Additionally, Starts and Due are served in your time zone (#20334) + Admin
* Improvements to the layout of the Group Members page + Developer
* Fix tests that used send_via_mailgate to properly check returns (#19156)
* Improvements to rt-static-docs for generating online documentation
* Proper warnings testing for cf_date tests
* Remove unused code to render Rules during replies/comments
* Undo a regression that meant Custom Fields passed to Ticket->Create needed to be readable by the user creating the ticket. + Documentation
* Add a mention of SelfService to the documentation of $AllowUserAutocompleteForUnprivileged
* Update our backups documentation to cover restoring from the suggested backups. A complete changelog is available from git by running: git log rt-4.2.8..rt-4.2.9 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.8...rt-4.2.9