SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for request-tracker-db-postgres-5.0.7-4.2.noarch.rpm :

* Fri Sep 20 2024 Lars Vogdt - update to 5.0.7 Lifecycle Updates RT 5.0.6 included some updates to RT internals to make lifecycles easier to configure and manage. Once RT 5.0.6 was released and users started testing with more complicated existing lifecycles, some bugs were discovered. The following bugs are addressed in RT 5.0.7.
* Merge existing lifecycle mapping configuration on save. Previously, in some cases, existing mappings would be incorrectly deleted.
* Restore loading lifecycle configuration from files and add a message to admins to remove config files to delete. The previous change was introduced to allow lifecycles to be deleted, but it also impacted loading new lifecycle configurations from files, like when installing an extension. Now admins will be warned on delete if a lifecycle is being loaded from a file on disk. Additional Updates
* On the queue admin page, warn if queue addresses are the same as a user address
* In the reports menu, retain the desired order when adding reports
* Prevent Show/Hide \"quoted text\"/\"full description\" click events from propagating
* Tweak lifecycle delete button text to make it more clear it deletes the lifecycle
* Document db configs and also the merge behavior of hash configs
* Correct POD warnings in Config docs
* Avoid reloading configs multiple times on configuration content update
* Remove duplicate CLI options
* Do not cast as decimal if using \"LIKE\" operator for numeric custom fields
* Update the attribute of CustomFieldView to be the same as CustomField
* Thu Sep 19 2024 Lars Vogdt - update to 5.0.6 Strict Browser Cache Configuration Option CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the \"back\" button. Someone who gains access to a host computer could potentially view ticket data using the back button, even after logging out of RT. The CVE specifically references RT version 4.4.1, but this behavior is present in most browsers viewing all versions of RT before 5.0.6. RT 5.0.6 adds a new configuration option, $WebStrictBrowserCache, which instructs the browser not to cache page content from RT. If you run RT, including RTIR, with highly sensitive ticket data, you can enable this new option to prevent browser caching. The default is still disabled, to allow for normal browser functionality, so you need to enable this option to run with the new feature. General user features
* Support to hide empty custom roles on ticket display page
* Support to explicitly bind Business Hours for CustomDateRanges
* Distinguish business hours by adding related css classes in search chart table
* Process ticket owner updates before message updates
* Prevent double-clicking from submitting forms multiple times
* Open results from chart table in new tab
* Create UI for adjusting dashboard column width
* Load owner dropdown via AJAX for inline edit on list to speed up page load
* Multiple updates to provide autocomplete for asset links and to improve other linking autocomplete (based on code from gibus, thanks!)
* Set filename of attachments when it\'s absent for Outlook
* Escape one-time checkbox name in case it contains special regex characters
* Provide initial support for charts with transaction searches
* Fix Create Linked Ticket modal on Self Service Asset page
* Move asset widget to right column on self service ticket
* Support inline edit for assets
* On search filter, use a wider modal for Created column just like LastUpdated
* Support URL shortener for links in search pagination
* Add initial support for charts with assets
* Add search filter support to assets
* On charts, increase \"Group By\" rows to 5 to group by 2 more fields
* Fix ticket/attachment links on SelfService transaction display page
* Remove the empty option from multiple-value select custom fields
* Load the first catalog current user can create assets in on asset create page
* Submit form when catalog changes on asset simple search page
* Improve styling for self service article search
* Make header in search result TSV more consistent with the one in web UI
* Do not use Inter font for monospace so pre tags render correctly in ticket history
* Fix \"Update\" operation for article saved searches
* Add option to find disabled articles in search
* Support to sort/limit axis labels in search charts
* On SMIME decrypt, try next address if current certificate does not match
* Automatically hide inline edit links/buttons if there are no fields to edit
* Allow one-time email addresses to wrap, preventing overlap with long addresses
* Hide inline edit by default for asset \"Dates\" that lacks grouped custom fields
* Sync checkboxes before deciding to check/uncheck TxnSendMailToAll Documentation
* Document restricting access to REST 1.0 mail-gateway
* Update POD with Region example
* Document WebSecureCookies in README
* Fix spelling in documentation (thanks Andrew!)
* Add date search documentation
* Update the outdated config name $InlineDashboardCSS in docs
* Fix internal pod links in docs
* Switch the README to Markdown and improve layout on GitHub
* Increase client_max_body_size to 100M in Nginx config example
* Correct POD headers for CustomField methods (thanks nreiling!)
* Dashboards are now in the Reports menu, not Home
* Remove unresolved link to the configure script
* Link AutoAddWatchers to metacpan and not RT docs Administration
* Avoid creating duplicated custom fields from initialdata
* Clear all RT crypt headers from incoming email before processing
* Add region to Amazon::S3 params
* Load RT size only on demand to speed up configuration page load
* Support custom labels for ValidateCustomFields
* Hide search and bulk update links on My Assets in self service
* Set id as the PRIMARY KEY of AttachmentsIndex for Pg
* Fix Enable checkbox behavior on Scrip Creation
* Add $WebStrictBrowserCache option to disable browser cache
* Add option to set number of rows in dashboard subscriptions
* Fix shredder boolean argument inputs
* Add StatementLog support for REST2
* Rewrite dashboard emailer to use the CLI interface
* Clean up lifecycles on save when possible
* Trim any leading and trailing spaces from name on lifecycle create
* Support to delete lifecycles
* Show lifecycle warnings to admins who are accessing lifecycle pages
* Support to update maps of a lifecycle via JSON on Advanced page
* In Lifecycle admin, add links to help map statuses that have the same name
* Add mysql5/MariaDB db types to install old DBD::mysql version
* Don\'t add Unlimited automatically in Rows per page
* Make rt-setup-fulltext-index generally work on Oracle 23c
* Document the workaround of the grant error of CTXSYS.CTX_DDL on Oracle 23c
* Wed Sep 18 2024 Lars Vogdt - update to 5.0.5 Security
* RT is vulnerable to accepting unvalidated RT email headers in incoming email and the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41259.
* RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41260. Related to the above, in addition to upgrading to this new version, access to the mail-gateway REST endpoint can, and in most cases should, be restricted to only the RT server itself (localhost). This access restriction can typically be applied in the web server running with your RT (Apache or other). This configuration is more clearly documented as part of this release and we recommend all RT admins review your web server configuration and consider restricting access to this mail-gateway REST endpoint.
* RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. This vulnerability is assigned CVE-2023-45024. Thanks to edk and bakerst of Libera Chat for reporting this finding.
* RT 5.0 can reveal information about data on various RT objects in errors and other response messages to REST 2 requests. General user features
* Include \"Create\" transactions when checking if there are unread messages
* Support HasUnreadMessages and HasNoUnreadMessages criteria for ticket search
* Make simple search result refresh always function
* Support to download custom field attachments from SelfService
* Allow additional ticket relationship graph directions
* Add the missing Principals autocomplete URL for Self Service
* On the People page, list current user in \"All Recipients\" if it\'s a watcher
* Align existing attachment list
* Show direct members for charts grouped by watchers in perl calculation
* Add the same separator as ticket cfs for user cfs in Spreadsheet
* Exclude owner email address from one time Cc/Bcc inputs
* Require unique name for Conditions and Actions
* Enable the selectpicker class for multiselect cfs
* Don\'t highlight \"RT for\" as the active menu
* Show that a principal is disabled while editing people inline
* Fix empty updates sending emails with html signatures
* Remove mobile restrictions for CKEditor
* Get the Stylesheet of the called user object instead of its CurrentUser
* Tweak quoted selection content and quote it with blockquote for html
* Fix lifecycle new status removal
* Improve Lifecycle validation messages
* Allow to wrap for normal collection list headers
* Make search chart tables responsive
* Adjust EmailInput element to use the correct autocomplete helper
* Make Principals Helper compatible with EmailInput element
* Add a __SelectedUser__ search placeholder and portlet to set it
* Do not disable inline edit after errors
* Fix Find Group portlet input size
* Fix Find Asset portlet input size
* Avoid adding duplicated prefixes like \"Ticket ID: \" on bulk update pages
* Use id prefix for core field update messages consistently
* Rebalance page menu when the entire page (not just DOM) is ready
* Return success when disabling a disabled record via REST 2
* On ticket update, update names in Cc/Bcc select boxes when checking/unchecking one-time \"All recipients\"
* On dashboard edit, drop height CSS rules for each section in source selection boxes to prevent overlap Documentation
* Add documentation for using rt-crontool with multiple --action parameters
* Fix formatting in docs for $DateTimeFormat config examples
* Document default Name setting in RT::User
* Provide examples for CanonicalizeEmailAddress match and replace
* Fix docs on RT::Queue::IsWatcher
* Fix the link to RT_Config\'s External-storage section in pod
* Custom Roles cannot apply globally; correct docs
* Fix typo in transaction-type argument in rt-crontool docs (thanks robAATTlonap.net!)
* Fix \"Reffered\" typo in metadata doc (thanks nreiling!)
* Fix \'followoing\' typo in docs (thanks nreiling!)
* Clarify usage of the $EmailSubjectTagRegex setting
* Fix ticket_metadata.pod: Incorrect documentation of parent/child (thanks nreiling!)
* Improve documentation for RT::Search modules
* Document MySQL 8 support (actual MySQL 8 support was added in RT 5.0.4)
* Document web deployment with apache+proxy_fcgi
* Remove trailing / from mailgate url examples
* Fix users -> uses typo in query builder docs
* Document the new __SelectedUser__ search placeholder
* Remove duplicate REST 2 asset examples
* Document changes to some update messages
* Update NAME header in rt-munge-attachments POD (thanks andrew!) Administration
* Remove state criteria for invalid utf8 error warnings to allow the full-text indexer to continue to run
* Improve template \'Error: public key\'
* Don\'t error if users4 index has been removed
* Update required versions for GD::Graph and Date::Extract
* A client terminating a connection shouldn\'t kill a FCGI process (thanks andrew!)
* Add configuration option $AllowGroupAutocompleteForUnprivileged
* Allow selection of SSL providers with SMIME
* Add new page where admins can preview results of search modules
* Add RT::Interface::Web::ReportsRegistry package, allowing extensions to add custom reports more easily
* Index SortOrder of ObjectCustomFieldValues
* Re-work indexes on Links table
* Bump SearchBuilder to 1.77 to fix a possible sorting issue
* Add a dropdown with values for RedistributeAutoGeneratedMessages config
* Fill up CachedGroupMembers at the end of importer for performance
* Add --all to serializer to export all data with UIDs and not check dependencies
* Reload scrubber rules for current process that changes configs
* Create a local version of $RULES{img} to update it dynamically based on configs
* Tweak code logic to short-circuit config checks when img rules are pre-defined
* Update legacy timezones
* Add --limit-queues and --no-queues support for rt-dump-initialdata
* Support to dump and import CustomFieldDefaultValues attributes with cf name
* Add new Scrip Logging page
* In the Lifecycle editor, set on_create status only if it\'s absent
* Add expiration option for auth tokens
* Tue Sep 17 2024 Lars Vogdt - update to 5.0.4 Security
* jQuery UI is updated to version 1.13.2, which addresses a security issue in earlier jQuery UI (CVE-2022-31160). This issue does not impact RT directly as RT does not currently use the impacted code. General user features
* Split the select of watcher criteria in query builder; with a single select, this list would grow too long
* Display entry hint in people section of ticket display page
* Add missing css rules to buttons to improve UI consistency
* Increase search field column width, mainly for role fields
* Include custom roles in the core watcher search criteria
* Hide asset menu search if simple search is disabled
* Fix multiple mt-
* classes that are applied at the same time to fix display bugs
* Retain Class and ObjectType when query parsing contains errors; prevents query parsing actions in transaction search from reverting to ticket search
* Clear floating elements from correspondence
* Show custom field diffs in transaction history
* Fix bug that caused HTML custom fields to show \'text/html\' as value
* Move user custom fields on \"Settings > About me\"\" page to make better use of space
* Fix the menu drift when clicking on repositioned submenus caused by screen width overflow
* Fix issue where a submenu could flash out when clicking a submenu option (specifically, in Chrome-based browsers)
* Fix runtime error in SelfService Asset Display (I#37377)
* Improve Reports/Update This Menu CSS styling
* Improve \'Error: public key\' template to avoid confusion for new installs (I#37360)
* Show RT support email address in the RemoteAuth error page
* Show RT support email address on PSGI/database error page
* Block ticket creation/update when there\'s invalid recipients
* Disable browser spell check for custom code box (thanks Christian Mehlmauer!)
* Make Actions page menu scrollable in case it\'s too long to fit on screen
* Allow CKEditor (rich text) boxes to vary in height based on context/usage
* Fix bug preventing the toggling/display of initially rolled-up widgets
* Allow unchecking of \"Suppress if empty\" checkbox for dashboard subscriptions
* Load more history for unread messages with on scroll setting so new messages can be accessed via the \"Jump to Unread\" button
* Exclude favion.png from generated dashboard email
* Add extra css to dashboard emails to improve display for some email web clients (such as Gmail and Outlook)
* Fix Ticket/Create.html\'s display of Links block
* Refactor Edit Links to fix bug in page display
* Exclude asset custom roles from ticket search
* Fix custom role\'s name in the result message when adding members
* Add support for custom roles in asset searches
* Improve performance of one-time email lookup
* Improve page layout by dropping an extra form-row wrapper (LabeledValue already has one)
* Fix layout of ticket graph page
* Add back missing current-value span to fix alignment of rows in asset widget of ticket page
* Re-add the missing Creator row for article display
* Revert LabeledValue changes to role inputs
* Make article autocomplete case insensitive
* Force EmailAddress to be the default return value for EmailInput
* Prettify \"Show ticket history\" by making it look like a button
* Add multiple order by and order indicators in search results header
* Make autocomplete work in dynamically created modal popup
* Support to pass user name as default value for owner input autocomplete
* Allow to show empty option even when default value is present; allows current Priority filter to show while allowing user to unset it
* Allow users to filter ticket search results via headers
* Allow text but not icons to wrap in search header (in Firefox)
* Provide default \'select all\' for some search terms; prevents erroneous \"error parsing your search query\" messages (I#36902)
* Reset queue-level default values on queue change on ticket create page; previously, defaults didn\'t change even if another queue was selected (I#37242)
* Show end users a message if a SQL error occurs
* Update search results to use Bootstrap/modern pagination styles
* Add box to jump to search results page
* Add UI for custom field validation hints
* Improve color and spacing for custom field FriendlyPattern UI
* Target keyboard shortcuts accurately for search result modal popups
* Fix combobox controls to not clear user inputs on dropdown click
* Format auth token list with a title box
* Removed extra space between Cc and Bcc in the ticket update cc Element
* Handle implicit form submissions in search filter modals (i.e., act as if the \"Apply\" button was clicked)
* Fix broken search input formatting on \"Manage GnuPG Keys\" page
* Always show a Logout link in the menu
* Make number of search results per-page configurable
* Add information about search preferences
* Remove extra space from titleboxes in query builder\'s Sort and Display Columns boxes
* Prevent main navigation from overlapping with custom logo
* Make pie/bar in js charts clickable again for saved searches
* Automatically enable live search for selects that have 10 or more options
* Force to use light theme for dashboard emails; prevents broken display of dashboard emails in email clients that try to automatically apply your system\'s dark/light theme to emails
* In query builder, show a solid funnel next to header column if that column is a filter in the search
* Add \"unknown\" default priority option to priority select list; shows if a ticket\'s priority is unknown or no longer valid
* Make search filter modal popups scrollable (in case of long content)
* In query builder, increase queue limit to 100 in search filter (as the modal is now scrollable)
* Add URL shortening of search URLs
* Add shortener support to saved searches
* Shorten subqueries on chart page
* Fix bug that adds duplicated criteria to queries generated on chart page
* Reduce whitespace between the continuous descriptive paragraphs
* When commenting or corresponding, only quote text from transaction areas in the ticket history
* Remove unnecessary spacing in layout of user custom fields in SelfService Prefs
* Fix label typo for asset description
* Fix bug that could prevent live-search in select widgets (Safari and Firefox)
* Improve UI consistency by wrapping textarea/attachment inputs in a form-row
* Remove extra vertical space of select inputs to be consistent with other inputs
* Use consistent space among input rows for ticket forms
* Replace fontawesome funnel icon with bootstrap version
* Drop the obsolete fontawesome filter icon
* Removed extra space between Cc and Bcc in the ticket update cc Element
* Update data-live-search attr for bootstrap select before initialization
* Show customized operator/value inputs for cfs on admin user search page
* Support to wrap textarea/attachment inputs into a form-row for space settings
* Remove extra vertical space of selectized inputs to be consistent with other inputs
* Use consistent space among input rows for ticket forms
* Use HTML content for articles by default
* Format article HTML content correctly when EscapeHTML is disabled
* Add extra newlines to make boundaries of different article fields clear
* Clarify usage of the $EmailSubjectTagRegex setting
* Adapt formatting for mixed HTML and plain text quoting in Outlook message
* Display key details for text/calendar messages (meeting invitations)
* Various improvements for search filter controls
* Limit dropdown size in owner search filter modal
* Convert some search icons to inline svg for easier styling
* Drop the duplicated div.value in EditTopics
* Hide tooltips everywhere on click Web Administration
* Allow default custom field values for group, user, and article objects
* Add custom roles to assets
* Add lookup type to custom role admin page listing
* Make comment and signature boxes half-page width, not full page width
* Add SameSite to cookies from WebSameSiteCookies, helping to protect from CSRF attacks ($WebSameSiteCookies in RT config)
* Update default value for WebSecureCookie so cookies are secure by default
* Support sending test dashboard emails on dashboard subscription page
* Record ACL changes in transactions
* Show a default entry hint based on the type of validation for custom field admin pages
* Fix display of plugin arguments on Shredder page
* Update Scrips modify page to line up \"Applies to\" with the other values
* Remove unnecessary current-value span for rows not in forms
* Use LabledValue to generate current-value spans
* Add search functionality for config edit page
* Add configuration option to disable quoting of selected text on ticket update
* Fix lifecycle editor warning messages: \"actions\" is the key name, not \"action\"
* In lifecycle editor, show objects where the lifecycle is applied
* Add Shortener page (Admin > Tools > Shortener Viewer) to show content of specified shortener code
* Create optional article portlet for ticket display page
* Hide article portlet if current user does not right to see the article
* Add a Checkbox RenderType for select type custom fields
* Scrub permissively for non-ticket related custom field values
* Add %ScrubCustomFieldOnSave config to scrub custom field values on save Server Administration
* RT now supports MySQL 8
* Upgrade jquery-ui to 1.13.2
* Upgrade CKEditor to 4.20.1
* Add clibboard.js to RT
* Update fontawesome to 5.15.4
* Updated dependencies: DBIx::SearchBuilder 1.76+ for MySQL 8, combined count/results Require DBD::SQLite 1.72 Require GD::Graph 1.56 Require Date::Extract 0.07 Module::Runtime::require_module (replaces UNIVERSAL::require
* Removed dependencies: Data::Page::Pageset Pod::Select (deprecated) Pod::PlainText (deprecated) UNIVERSAL::require (deprecated)
* Drop obsolete babel-minify-webpack-plugin
* Add --recipient to send dashboard emails to a single recipient only
* Add --dashboards argument to specify dashboard IDs to send via rt-email-dashboards
* Add option to inline CSS for dashboard email; allows dashboard emails to resemble the RT display while decreasing email size by removing unused CSS classes
* Refactor implementation of --no-auto-commit to support --originalid
* Add $DatabaseQueryTimeout setting to set the maximum seconds a single SQL query should be allowed to run.
* Add Info/Debug/Error messages to the RT logs when a user logs in or out via web remote user auth.
* Add support to shred class/topic/article objects
* Add support to shred catalog/asset objects
* Shred only ticket roles when shredding queues
* When loading an initialdata file, don\'t add the same custom fields multiple times.
* Extract pre-defined custom field validation rules to the AATTCustomFieldValuesValidations config setting
* Add source IP address to the external auth login log message
* Clarify logout messages for local and SAML logouts
* Add rt-clean-shorteners CLI utility to clean up temporary shorteners
* Add Shorteners to serializer when running in clone mode
* Show customized operator/value inputs for searching custom fields in user admin (similar to how Query Builder works)
* Handle SetConfig changes in same way as text custom fields
* Dump GroupBy custom field items in saved charts using Name for improved portability when using rt-dump-initialdata
* Fix LDAP filter string debug output
* Add rt-clean-attributes to delete obsolete DeferredRecipients attributes
* Allow additional ticket relationship graph directions
* Support loading users via user custom fields
* Add new tables to reset-sequences utility
* Fix inconsistent normalized owner group member for merged tickets in rt-validator
* In vulnerable-passwords upgrade script, Page users to save memory in case there are too many records
* Dump GroupBy custom field items in saved charts using Name for portability
* Fix the partially quoted index name for MariaDB/MySQL- adjust dependencies in spec fiile as given above
* Mon Sep 16 2024 Lars Vogdt - update to 5.0.3 Security
* RT is vulnerable to cross-site scripting (XSS) when displaying attachment content with fraudulent content types. This vulnerability is assigned CVE-2022-25802.
* RT 5.0 is vulnerable to unvalidated, or open, redirects in ticket searches. This vulnerability is assigned CVE-2022-25803.
* RT did not perform full rights checks on accesses to file or image type custom fields, possibly allowing access to these custom fields by users without rights to access to the associated objects (like the ticket it is associated with). As an additional security note, RT 5.0.3 also updates jQuery to version 3.6.0 and that includes a security fix (CVE-2020-11022). General user features
* Add a message and link to the new GnuPG key trust admin page
* Update user admin menu to just Keys
* Convert datetime cf values to user timezone on ticket clone
* Search Name/Summary case insensitively for SelfService article search
* Group custom field values by category
* Fix the bug that transaction cfs can not be saved on queue default values page
* Check email of custom role members on ticket create
* Improve checking of CustomFieldValue SortOrder
* Improve \"not a unique value\" error messages to show more hints
* Validate \"unique values\" custom fields correctly on web create
* Improve recognition of urlified subject tags
* Support different custom field groupings at category level
* Only use col-2/10 layout for transaction custom fields
* Cache CustomDateRanges in ColumnMap for performance
* Add response/comment css class after CKEditor is fully loaded in dark mode
* Default to not render old appearance of EntryHint for MultiUserRoleInput
* Add tooltip for custom role inputs on search bulk page
* Respect $Name argument in SelectDashboard
* Support to specify attribute name of system default dashboard, mainly for RTIR
* Don\'t trigger inline edit if user clicks links, buttons or their children
* Strip leading/trailing spaces from Group name automatically on create/update
* Support custom roles by name on ticket update
* Switch to link button for \"Close\" in modal of \"Grant Dashboard Rights\"
* Support to customize global MyRT configuration page
* Remove unneeded padding on ticket update
* Try harder to not only wrap help tooltip in labels
* Allow deleting RT addresses from roles
* Remove extra closing
element on custom role admin page
* Migrate plain checkboxes to bootstrap\'s custom-checkbox for consistency
* Show correct tooltips with multiple charts
* Verify PGP signatures on the original decrypted content
* Do not try to decrypt PGP public keys
* Don\'t warn if mixed newlines are found in decrypted GPG content
* Refresh status for Category select box on custom field edit page
* Remove duplicate my reminders portlet from default dashboard
* Notify user when unable to include an article
* Add configurable search for Include Article
* Allow DefaultCatalog to be unset in Web Interface
* Center values on custom field edit page
* Add the HTML CustomField type
* Allow HTML signatures
* Allow browser spellchecker to work in CKEditor windows
* Fix improper HTML tag nesting in EditDates
* Bypass selectize\'s client filter by showing all search results
* Change display from block to inline for create elements
* In the Theme editor, restore \"try\" behavior to the Try button rather than saving changes Administration
* Upgrade jQuery to 3.6.0
* Upgrade jQuery UI to 1.13.0
* Upgrade bootstrap to 4.6.1
* Upgrade bootstrap select to 1.13.18
* Add --no-auto-commit option for rt-importer
* Add Article and Asset counts to RT Size
* Add index on ObjectCustomFields.ObjectId
* In rt-shredder CLI tool, make setting sqldump actually work (thanks, grifferz!)
* Suppress warnings with rt-fulltext-indexer --quiet
* Exit success if rt-fulltext-indexer is running
* Add --log support in RT::Interface::CLI
* Explicitly set SSL_verify_mode in mailgate
* In rt-importer, put all dependencies of current object to the head of stack to reduce memory usage
* Support to sync Disabled field for groups in LDAP import
* When shredding users, only replace fields that match the to-be-wiped user
* Replace obsolete AC_HELP_STRING with supported AS_HELP_STRING
* Removed unused Revision macro
* RT 3 is EOL so no one should be configuring an rt3 group
* RT 4 and later do not support modperl 1, remove the option
* Reduce memory usage for rt-importer
* Suppress incorrect attachment warning when session attachments exist
* Set the UserAssetExtraInfo widget for display on web config page
* Register \"Show Details\" toggle handler only once for each button in scroll mode
* Remove modperl1 feature from cpanfile
* Fri Mar 08 2024 Tina Müller - Use %autosetup instead of deprecated %patchN
* Mon Oct 11 2021 larsAATTlinux-schulserver.de - 5.0.2- update to 5.0.2 Security
* In previous versions, RT\'s native login system is vulnerable to user enumeration through a timing side-channel attack. This means an external entity could try to find valid usernames by attempting logins and comparing the time to evaluate each login attempt for valid and invalid usernames. This vulnerability does not allow any access to the RT system. This vulnerability is assigned CVE-2021-38562 and is fixed in this release.
* RT uses the chart.js package and the previous version has vulnerabilities described here: https://snyk.io/test/npm/chart.js/2.8.0 This RT release updates chart.js to version 2.9.4 as recommended in that advisory. General features and fixes
* Update Starts on SLA changes even if Starts was already set
* Accept usernames for email input fields on ticket create/update
* Support group:NAME and group:ID in non-single role input fields
* Create an autocompleter for Principals (works with both users and groups)
* Support more characters for user/group names in non-single role input fields
* Normalize and validate time inputs
* Support to generate different dashboard content for each recipient
* Use user timezone for date \"=\" queries in ticket search
* Add \"Create Via Email\" and \"Create Via Web\" conditions
* Fix table wrapping error in Ticket/Update.html
* Don\'t escape queue name in title generation stage as it\'ll be escaped later
* Allow to squelch recipients that also exist in one time inputs
* Show all valid statuses on Asset bulk update page
* In the datepicker, reset the time part after date input is cleared
* Support columns as values in ticket search (ticket values on right-hand side in searches)
* Support a friendly syntax for custom field columns as values in ticket search
* Allow to specify CF Content/LargeContent columns in the keyword part of SQL
* Support role searches like Owner = CF.cid or Owner = Creator
* Improve UI of unread messages notification
* Sync one time inputs back to checkboxes on ticket update page
* Automatically load more txns to fill browser window on scroll history mode
* Fix duplicated closing tag for attachment delete links
* Remove search string including numbers in ticket autocomplete search on select
* Fix RecentlyViewedTickets to deal with shredded/merged tickets
* Fix bug that kept 11 tickets in the \"recently visited\" list instead of 10
* Show dependencies (like dashboards) and confirm before deleting saved searches
* Fill up cells of record\'s last row in search results
* Add support of \"Lifecycle =\" and \"Queue LIKE\" to GetReferencedQueues for more search options
* Support copying saved charts like searches
* Fix wrongly duplicated one-time addresses on ticket update page
* Add various missing ColumnMap entries
* Fix error when removing multiple holders of an asset
* Add basic stacked bar chart support
* Remove extra closing div on Login/Logout pages
* Add option to disable ticket linking in articles by class
* Add entry hint as custom field tooltip
* Disable submit on enter when input\'s autocomplete list shows up
* Support quoted custom fields as values
* Exclude end time when limiting txn date to a day
* Trigger UpdateCc/UpdateBcc input change only once when clicking \"All recipients\"
* Sync one-time checkboxes to text inputs in a consistent way
* Translate selfservice articles search button (thanks, elacour!)
* Support shallow searches for ticket roles
* Support to search user defined group names in watcher limit
* Support order by watcher\'s custom fields for ticket search
* Support more watcher fields including user cfs in search result format
* Add more watcher fields including user cfs to OrderBy/Columns in search builder
* Upgrade OrderBy \"Owner\" to new version \"Owner.Name\" in saved searchs
* Create a standard RT Time Worked report
* Add grouping by custom roles for ticket search charts
* Reduce space used by Current search on Query Builder to avoid saved search overlap
* Group by direct members of role groups for ticket search charts
* Use Name as the default watcher field in search results
* Allow clearing roles on bulk updates page
* Remove unexpected leading spaces in user signature input
* Add label text to old-attach form for accessibility
* Add the missing \"form-control\" class to autocomplete cf inputs in query builder
* Fix EditSearches title after submission on Query Builder page
* Let article summary take the whole width in article list
* Pass all request arguments to /SelfService/Open.html
* Disable inline edit for related tickets in \"Assets\" widget of ticket display
* Transactions on History.html page should link to transaction display page
* Clear \"Add Columns\" select after change on Query Builder
* Translate selfservice articles search button
* Render a label for both cases when displaying shredder objects, making checkbox available to select objects to shred
* Align label/value columns for Assets widget in ticket display
* Use checkbox class for multi select list input
* Remove blue background on dropdown-item active
* Explicitly exclude \"deleted\" status from queue list portlet
* Require Name field when creating or editing Article
* Add QueueListAllStatuses portlet to show tickets info of all statuses
* In Self Service, don\'t explicitly call PageLayout as it\'s included already
* Remove extra closing div on Login/Logout pages
* Use 2/10 col layout for custom fields only in transaction display
* Use an independent col for each asset custom field grouping
* Add the missing from-control css class for queue autocomplete input
* Move asset field-specific css classes up to the row instead of just label
* Add autocomplete for assets input
* Don\'t change background color on click of dropdown items
* Load user-level search preferences for ticket searches only, fixing errors with custom search formats and transaction search results
* Add more ticket info to transaction display page
* Register the missing autocomplete handler for refreshed inline-edited row
* Add webpath to RelatedData href (thanks, jtlarson!)
* Update principal input labels to reference groups
* Always default to no value for select type CFs on bulk update
* Fix context quoting on ticket update with top-quoted signatures in rich text editor
* On the query builder, restore OR accidentally changed in bootstrap updates Administration
* Generalize Owner logic in Shredder to any Single role group
* In shredder, remove SetWatcher rows in transaction history as well
* Add setting $AssetMultipleOwner to allow many owners on assets
* Default --libs-group value from \"bin\" to \"root\"
* Add --dry-run option to rt-crontool
* In validator, ensure tickets and queues have all of their default role groups, individually
* In validator, prompt to create missing default role groups
* Skip merged tickets in role groups validation
* Allow to create missing queue-level custom role groups when needed
* For external auth, support cf mappings like CF.foo and UserCF.foo
* Support array and code in attr_map of external auth
* Don\'t quote table names in shredder SQL output
* Avoid \"Wide character in print\" warnings when generating shredder SQL output
* Add QuoteWrapWidth option for text quoted during reply/comment
* Set the $AttachmentListCount config\'s default value to 5
* Clarify external auth logging when users are not found
* Fix removal of scrips when shredding queues
* Avoid errors in shredder when Organization has a hyphen
* Avoid errors in shredder when username has a hyphen
* Avoid errors in shredder when queue name have a hyphen
* Log number of records returned from LDAP search
* Support searching NULL(unset) values on user/group admin pages
* Only show hints for user CFs configured in external settings on create
* Fix removal of custom fields when shredding queues
* Add transaction records for dashboard/savedsearch changes
* For articles, do not encode HTML if skip Escape HTML option selected
* In rt-crontool, add reload-ticket option to refresh metadata before processing
* Avoid a known problem version of Mojo::DOM::CSS
* Update DBIx::SearchBuilder to 1.68 to avoid segfaults on MariaDB 10.2+
* Add parallel support for crontool
* Add Parallel::ForkManager to dependency for parallel crontool
* Log the object that exceeds DependenciesLimit in shredder
* Remove SetOwner rows in transaction history on user shred
* Add ExternalAuth to the exceptions for requiring a password
* Reset ObjectCustomField sort order when re-enabling a Custom Field
* Update ObjectCustomField sort order only if necessary on re-enable
* Pass SavedChartSearchId from chart portlet
* Skip rights check when setting default object custom field values
* Add support to clear mason cache via web interface
* Add LDAP email authentication to External Auth
* Don\'t shred subgroups\' member relationships when shredding ticket role groups
* Provide a way to select privileged and unprivileged users in admin
* Remember IncludeSystemGroups value on page navigation
* Add statement-log option to render statement logs in CLI
* Support to set sort order of applied custom roles
* Show custom roles in correct order on queue watcher and ticket pages
* Add no-sqldump option to rt-shredder to avoid generating backups
* Add paging support for group Members page
* Tweak css for page links to not overflow in Firefox
* Add $ShowSearchNavigation option to skip building search navigation links
* Add ability to search for disabled users
* Restore Ticket object to arguments passed to Preformatted, making ArticleTemplates work again
* Reload scrubber rules when web config changes are made
* Make statuses having upper cased chars work on lifecycle mappings page
* Multiple updates to set proper inputs on RT web configuration page
* Restyle admin user select page with a bare titlebox
* Upgrade Chart.js to 2.9.4
* In rt-dump-initialdata, add config for \"no\" variant of the disabled option
* In rt-dump-initialdata, skip attributes of attributes in serializeration as it\'s unsupported yet
* Log database config overrides via PreInitLoggerMessages
* Add support for deleting configs in database from web UI
* On user admin page, remember IncludeSystemGroups value on page navigation
* Create new config option for home page support email
* Support deleting custom field values on form submit in CF config
* In CreateTickets action, allow skipping of create ticket blocks through passing arg
* Add support for custom fields on article classes
* Disable inline editing for dashboard emails as clients don\'t support it (thanks J.P.Knight!)
* No need to fix up attribute contents in clone mode Email Encryption/Signing
* Support separate certificates for SMIME encryption and signing
* Add encryption and signing options for digest email
* Provide an option to skip GnuPG tests
* Handle encrypted outgoing emails in digest email
* Add OtherCertificatesToSend option for SMIME
* Set path to GnuPG binary in GnuPG::Interface constructor (thanks, aruthven!)
* Fix uninitialized warnings of $latest_user_main_key for gpg 2.2
* Handle FAILURE keyword for gpg 2.2
* Add gpg.conf for gpg 2.2 so we can specify passphrase in command line
* Update warning message tests for gpg 2.2
* Don\'t override fingerprint if it exists already
* Make t/mail/crypt-gnupg.t pass with gpg 2.2
* Quit gpg-agent after tests for gpg 2.2
* Move signed_old_style_with_attachment.eml to emails directory
* Always use temp gpg homedir to get a cleaner env
* Add extra ignored keywords for gnupg 2.2.x
* Fix unit test to cope with variations in how different versions of OpenSSL print certificates
* Default cert-digest-algo from SHA1 to SHA256
* Bump GnuPG::Interface to 1.00 to support gpg 2.2
* Report the cert authority in an \"assured by ...\" clause
* Report the S/MIME signer correctly when there is no EmailAddress
* Fix a bug in the logic that suppresses the \"email is unsigned\" warning
* Add AgorithmName to info returned by ParseKeysInfo
* For GnuPG, add a tooltip with additional info about the signature
* Add ability to download GnuPG public keys
* Store and display additional info about S/MIME signatures
* Extract email addresses from S/MIME certificates as specified in RFC 5750
* Support SMIME certificate revocation using OCSP/CRL
* Add deprecation warnings to RT::Test::GnuPG and RT::Test::SMIME.
* Allow specification of outbound signing/encryption protocol on a per-queue basis
* In Admin/Users/Keys.html, do not call \"UseForOutgoing\" when we have no $Queue object
* Explain conversion of legacy list args to a hash in CheckRecipients
* Add RT::Attachment->CryptStatus method
* Fix error if a CA certificate does not define CRLDistributionPoints
* Keep entire GnuPG fingerprint; don\'t truncate to 8 characters
* Include S/MIME certificate serial number in tooltip
* Add ability to download S/MIME certificates
* Switch from key to fingerprint for user PrivateKey
* Add admin page to manage GnuPG keys
* Show \"Preferred GnuPG key\" input only if GnuPG is enabled
* Migrate remaining RT::Test::SMIME in tests to RT::Test::Crypt
* Bump GnuPG::Interface to 1.02 to fix secret key deletion issue for gnupg 2.2
* Disable using WKD on GnuPG tests that might attempt to use the network (thanks, puck!) ... An even more complete changelog is available by visiting: https://github.com/bestpractical/rt/compare/rt-5.0.1...rt-5.0.2- add full url for source download- add source signing signature- new CORE dependency: Parallel::ForkManager
* Tue Apr 20 2021 larsAATTlinux-schulserver.de - 5.0.1- add missing runtime dependencies: + perl(Apache::DBI) + perl(Module::Pluggable) + perl(Pod::Select) + perl(Business::Hours) + perl(CSS::Minifier::XS) + perl(Data::Page::Pageset) + perl(JavaScript::Minifier::XS) + perl(Net::IP) + perl(Scope::Upper)- sort the layout file to match the current RT5 path layout- install GnuPG, RT-Shredder and SMIME work directories- recommend w3m, because of: \"Running with the internal HTML converter can result in performance issues with some HTML. Install one of the following utilities with your package manager to improve performance with an external tool: w3m, elinks, links, html2text, lynx\"- enhance README.SUSE
* Tue Apr 13 2021 larsAATTlinux-schulserver.de - 5.0.1- update to 5.0.1: Database Changes + For MySQL and MariaDB, the default character set has been updated to utf8mb4 to accommodate more unicode characters including emojis. See README.MySQL and README.MariaDB for details. + The Id field in some tables is changed from INT to BIGINT to accommodate large RT systems that may hit the maximum number of ids. Because this change touches large RT tables like Transactions and Attachments, this upgrade step may take a while to run. + You also will need free disk space equal to the size of these tables while running because MySQL, MariaDB, and Postgres will create a temporary copy of the table while running. If you don\'t have sufficient space, it can cause this step to fail. Notable Changes + System configuration options can now be changed by SuperUsers via the web UI. File-based configuration options are still loaded. Changes made via the web UI take precedence over file-based options if both are set. + If you prefer to keep all configuration in files and disable editing in the web UI, set this option to 0: Set($ShowEditSystemConfig, 0); + The variables which alter the set of HTML elements allowed in HTML scrubbing have moved; they have been renamed, and are now found under RT::Interface::Web::Scrubber. + The articles interface on tickets has been simplified, now showing only a dropdown for selecting articles. This dropdown converts to an autocomplete box when the dropdown contains more than $DropdownMenuLimit items. + With this simplified interface, the \"hotlist\" feature is no longer needed as all articles in classes applied to a given queue are available in the dropdown/autocomplete field. To prevent articles in a class from appearing for a queue, you can unapply the class from that queue. + The upgrade steps remove the hotlist configuration from your RT database by removing that column from the Articles table. Since the article class must be applied to a queue for the hotlist items to appear, all articles should continue to appear in the new interface. + The updated rich text editor now shows the browser context menu (right-click menu) by default, so the MessageBoxUseSystemContextMenu configuration option is no longer needed and has been removed. + Dashboards previously in the Home menu have been moved to the Reports menu. The reports previously in the Reports menu are still there, but you can now edit the Reports menu like the previous Home menu, so you can remove the default reports if you like. + All other dashboard menu functionality should be the same including editing your own menu, the global settings, and setting a user\'s menu from the user admin page for that user. + Accessing RT from a mobile device no longer defaults to the mobile-optimized interface. RT 5.0 is fully responsive so the full UI can be used on mobile devices. Set the configuration option $ShowMobileSite to true to restore the previous behavior. + RT can now run with GnuPG 2.2. On install or upgrade, it requires the updated version of GnuPG::Interface. make testdeps will test for the correct version. RT should also still run with GnuPG 1.4.x. It is not supported for GnuPG versions 2.0 or 2.1. + RT search results now allow inline editing of ticket metadata, greatly improving usability and convenience. Editable fields are now the default for most ticket fields in search results. + The ticket Owner field sometimes requires extra work to build and can result in slower page load times, so the default Owner format is read-only. To enable inline edit for Owner, update your search to use the format OwnerNameEdit. + If you experience slower page loads with OwnerNameEdit, you can display Owner as an autocomplete box rather than a dropdown using the AutocompleteOwners configuration option. This may also help other areas of RT in addition to searches. + We are investigating options to improve the underlying queries. Some users have reported improved performance with the following indexes, at least on Postgres: CREATE INDEX ACL2 ON acl (objecttype, objectid); CREATE INDEX ACL3 ON acl (principalid, rightname, principaltype); We are performing testing and looking for additional feedback before adding these to default RT. Extensions Integrated into RT 5 The following extensions are now part of RT 5. If you previously used any as an extension, you no longer need the extension after upgrading and can remove the Plugin line from your RT configuration. Changes you may need to apply if you previously used the extension are described below. RT::Extension::QuoteSelection RT::Extension::RightsInspector RT::Extension::ConfigInDatabase If you previously used RT::Extension::ConfigInDatabase as an extension, run the upgrade-configurations utility after completing all the other upgrade steps from the README. This will migrate your existing configuration to the new core RT tables. RT::Extension::CustomRole::Visibility RT::Extension::PriorityAsString If you previously used numbers for priority and would like to continue to do so, you can set the new $EnablePriorityAsString option to false. That will disable the new string-based display. If you would like to now use strings for priority like Low, Medium, High, check the new %PriorityAsString configuration option. RT provides a simple default setting that may be sufficient. Set new values if you would like to customize your priority options. If you were previously using the PriorityAsString extension, you no longer need the extension installed. The %PriorityAsString> configuration is simplified and consolidated, so check the documentation for details on updating your previous configuration. RT::Extension::AssetSQL The configuration option $AssetSQL_HideSimpleSearch is now $AssetHideSimpleSearch. The configuration option $AssetSearchFormat is now $AssetSimpleSearchFormat. See the configuration documentation in RT_Config.pm for new configuration options added for AssetSQL and the new asset query builder. RT::Extension::LifecycleUI RT::Extension::REST2 RT::Authen::Token If you previously used RT::Authen::Token as an extension, run the etc/upgrade/upgrade-authtokens utility after completing all the other upgrade steps from the README. This will migrate your existing tokens to the new core RT tables.- refreshed patches: + enable-build-as-non-root.patch + request-tracker-use_local_lib.patch- New CORE CORE dependencies: + perl(Encode::Detect::Detector) + perl(Encode::HanExtra) + perl(GnuPG::Interface) + perl(HTML::FormatExternal) + perl(HTML::Gumbo) + perl(Module::Path) + perl(Moose) + perl(MooseX::NonMoose) + perl(MooseX::Role::Parameterized) + perl(Path::Dispatcher) >= 1.07 + perl(Text::WordDiff) + perl(Web::Machine) >= 0.12- New EXTERNALAUTH dependencies + perl(Net::LDAP)- removed deprecated configure option \"with-apachectl\"- added new configure options: enable-smime, enable-externalauth and defined bin/libs-owner (root) libs-group (root) and rt-group (rt)- new sub-packages (including README\'S for the initial setup): + request-tracker-attachment-storage-S3 + request-tracker-attachment-storage-Dropbox
* Wed Oct 28 2020 Dirk Stoecker - 4.4.4- fix build with perl 5.32
  
ICM