|
|
|
|
@@ -1,3 +1,837 @@
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Sep 20 13:50:25 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
|
|
|
|
|
|
|
|
|
|
- update to 5.0.7
|
|
|
|
|
Lifecycle Updates
|
|
|
|
|
|
|
|
|
|
RT 5.0.6 included some updates to RT internals to make lifecycles easier
|
|
|
|
|
to configure and manage. Once RT 5.0.6 was released and users started testing
|
|
|
|
|
with more complicated existing lifecycles, some bugs were discovered. The
|
|
|
|
|
following bugs are addressed in RT 5.0.7.
|
|
|
|
|
|
|
|
|
|
* Merge existing lifecycle mapping configuration on save. Previously, in some
|
|
|
|
|
cases, existing mappings would be incorrectly deleted.
|
|
|
|
|
|
|
|
|
|
* Restore loading lifecycle configuration from files and add a message to
|
|
|
|
|
admins to remove config files to delete. The previous change was introduced
|
|
|
|
|
to allow lifecycles to be deleted, but it also impacted loading new lifecycle
|
|
|
|
|
configurations from files, like when installing an extension. Now admins will be
|
|
|
|
|
warned on delete if a lifecycle is being loaded from a file on disk.
|
|
|
|
|
|
|
|
|
|
Additional Updates
|
|
|
|
|
* On the queue admin page, warn if queue addresses are the same as a user address
|
|
|
|
|
* In the reports menu, retain the desired order when adding reports
|
|
|
|
|
* Prevent Show/Hide "quoted text"/"full description" click events from propagating
|
|
|
|
|
* Tweak lifecycle delete button text to make it more clear it deletes the lifecycle
|
|
|
|
|
* Document db configs and also the merge behavior of hash configs
|
|
|
|
|
* Correct POD warnings in Config docs
|
|
|
|
|
* Avoid reloading configs multiple times on configuration content update
|
|
|
|
|
* Remove duplicate CLI options
|
|
|
|
|
* Do not cast as decimal if using "LIKE" operator for numeric custom fields
|
|
|
|
|
* Update the attribute of CustomFieldView to be the same as CustomField
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 19 23:48:16 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
|
|
|
|
|
|
|
|
|
|
- update to 5.0.6
|
|
|
|
|
|
|
|
|
|
Strict Browser Cache Configuration Option
|
|
|
|
|
|
|
|
|
|
CVE-2024-3262 describes previously viewed pages being stored in the
|
|
|
|
|
browser cache, which is the typical default behavior of most browsers to
|
|
|
|
|
enable the "back" button. Someone who gains access to a host computer could
|
|
|
|
|
potentially view ticket data using the back button, even after logging out
|
|
|
|
|
of RT. The CVE specifically references RT version 4.4.1, but this behavior
|
|
|
|
|
is present in most browsers viewing all versions of RT before 5.0.6.
|
|
|
|
|
|
|
|
|
|
RT 5.0.6 adds a new configuration option, $WebStrictBrowserCache, which
|
|
|
|
|
instructs the browser not to cache page content from RT. If you run RT,
|
|
|
|
|
including RTIR, with highly sensitive ticket data, you can enable this new
|
|
|
|
|
option to prevent browser caching. The default is still disabled, to
|
|
|
|
|
allow for normal browser functionality, so you need to enable this option
|
|
|
|
|
to run with the new feature.
|
|
|
|
|
|
|
|
|
|
General user features
|
|
|
|
|
* Support to hide empty custom roles on ticket display page
|
|
|
|
|
* Support to explicitly bind Business Hours for CustomDateRanges
|
|
|
|
|
* Distinguish business hours by adding related css classes in search chart table
|
|
|
|
|
* Process ticket owner updates before message updates
|
|
|
|
|
* Prevent double-clicking from submitting forms multiple times
|
|
|
|
|
* Open results from chart table in new tab
|
|
|
|
|
* Create UI for adjusting dashboard column width
|
|
|
|
|
* Load owner dropdown via AJAX for inline edit on list to speed up page load
|
|
|
|
|
* Multiple updates to provide autocomplete for asset links and to
|
|
|
|
|
improve other linking autocomplete (based on code from gibus, thanks!)
|
|
|
|
|
* Set filename of attachments when it's absent for Outlook
|
|
|
|
|
* Escape one-time checkbox name in case it contains special regex characters
|
|
|
|
|
* Provide initial support for charts with transaction searches
|
|
|
|
|
* Fix Create Linked Ticket modal on Self Service Asset page
|
|
|
|
|
* Move asset widget to right column on self service ticket
|
|
|
|
|
* Support inline edit for assets
|
|
|
|
|
* On search filter, use a wider modal for Created column just like LastUpdated
|
|
|
|
|
* Support URL shortener for links in search pagination
|
|
|
|
|
* Add initial support for charts with assets
|
|
|
|
|
* Add search filter support to assets
|
|
|
|
|
* On charts, increase "Group By" rows to 5 to group by 2 more fields
|
|
|
|
|
* Fix ticket/attachment links on SelfService transaction display page
|
|
|
|
|
* Remove the empty option from multiple-value select custom fields
|
|
|
|
|
* Load the first catalog current user can create assets in on asset create page
|
|
|
|
|
* Submit form when catalog changes on asset simple search page
|
|
|
|
|
* Improve styling for self service article search
|
|
|
|
|
* Make header in search result TSV more consistent with the one in web UI
|
|
|
|
|
* Do not use Inter font for monospace so pre tags render correctly in ticket history
|
|
|
|
|
* Fix "Update" operation for article saved searches
|
|
|
|
|
* Add option to find disabled articles in search
|
|
|
|
|
* Support to sort/limit axis labels in search charts
|
|
|
|
|
* On SMIME decrypt, try next address if current certificate does not match
|
|
|
|
|
* Automatically hide inline edit links/buttons if there are no fields to edit
|
|
|
|
|
* Allow one-time email addresses to wrap, preventing overlap with long addresses
|
|
|
|
|
* Hide inline edit by default for asset "Dates" that lacks grouped custom fields
|
|
|
|
|
* Sync checkboxes before deciding to check/uncheck TxnSendMailToAll
|
|
|
|
|
|
|
|
|
|
Documentation
|
|
|
|
|
* Document restricting access to REST 1.0 mail-gateway
|
|
|
|
|
* Update POD with Region example
|
|
|
|
|
* Document WebSecureCookies in README
|
|
|
|
|
* Fix spelling in documentation (thanks Andrew!)
|
|
|
|
|
* Add date search documentation
|
|
|
|
|
* Update the outdated config name $InlineDashboardCSS in docs
|
|
|
|
|
* Fix internal pod links in docs
|
|
|
|
|
* Switch the README to Markdown and improve layout on GitHub
|
|
|
|
|
* Increase client_max_body_size to 100M in Nginx config example
|
|
|
|
|
* Correct POD headers for CustomField methods (thanks nreiling!)
|
|
|
|
|
* Dashboards are now in the Reports menu, not Home
|
|
|
|
|
* Remove unresolved link to the configure script
|
|
|
|
|
* Link AutoAddWatchers to metacpan and not RT docs
|
|
|
|
|
|
|
|
|
|
Administration
|
|
|
|
|
* Avoid creating duplicated custom fields from initialdata
|
|
|
|
|
* Clear all RT crypt headers from incoming email before processing
|
|
|
|
|
* Add region to Amazon::S3 params
|
|
|
|
|
* Load RT size only on demand to speed up configuration page load
|
|
|
|
|
* Support custom labels for ValidateCustomFields
|
|
|
|
|
* Hide search and bulk update links on My Assets in self service
|
|
|
|
|
* Set id as the PRIMARY KEY of AttachmentsIndex for Pg
|
|
|
|
|
* Fix Enable checkbox behavior on Scrip Creation
|
|
|
|
|
* Add $WebStrictBrowserCache option to disable browser cache
|
|
|
|
|
* Add option to set number of rows in dashboard subscriptions
|
|
|
|
|
* Fix shredder boolean argument inputs
|
|
|
|
|
* Add StatementLog support for REST2
|
|
|
|
|
* Rewrite dashboard emailer to use the CLI interface
|
|
|
|
|
* Clean up lifecycles on save when possible
|
|
|
|
|
* Trim any leading and trailing spaces from name on lifecycle create
|
|
|
|
|
* Support to delete lifecycles
|
|
|
|
|
* Show lifecycle warnings to admins who are accessing lifecycle pages
|
|
|
|
|
* Support to update maps of a lifecycle via JSON on Advanced page
|
|
|
|
|
* In Lifecycle admin, add links to help map statuses that have the same name
|
|
|
|
|
* Add mysql5/MariaDB db types to install old DBD::mysql version
|
|
|
|
|
* Don't add Unlimited automatically in Rows per page
|
|
|
|
|
* Make rt-setup-fulltext-index generally work on Oracle 23c
|
|
|
|
|
* Document the workaround of the grant error of CTXSYS.CTX_DDL on Oracle 23c
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 18 22:46:24 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
|
|
|
|
|
|
|
|
|
|
- update to 5.0.5
|
|
|
|
|
Security
|
|
|
|
|
* RT is vulnerable to accepting unvalidated RT email headers in
|
|
|
|
|
incoming email and the mail-gateway REST interface. This vulnerability
|
|
|
|
|
is assigned CVE-2023-41259.
|
|
|
|
|
* RT is vulnerable to information leakage via response messages returned
|
|
|
|
|
from requests sent via the mail-gateway REST interface. This vulnerability
|
|
|
|
|
is assigned CVE-2023-41260.
|
|
|
|
|
|
|
|
|
|
Related to the above, in addition to upgrading to this new version, access
|
|
|
|
|
to the mail-gateway REST endpoint can, and in most cases should, be restricted
|
|
|
|
|
to only the RT server itself (localhost). This access restriction can typically
|
|
|
|
|
be applied in the web server running with your RT (Apache or other). This
|
|
|
|
|
configuration is more clearly documented as part of this release and we recommend
|
|
|
|
|
all RT admins review your web server configuration and consider restricting access
|
|
|
|
|
to this mail-gateway REST endpoint.
|
|
|
|
|
|
|
|
|
|
* RT 5.0 is vulnerable to information leakage via transaction searches made by
|
|
|
|
|
authenticated users in the transaction query builder. This vulnerability is
|
|
|
|
|
assigned CVE-2023-45024. Thanks to edk and bakerst of Libera Chat for reporting
|
|
|
|
|
this finding.
|
|
|
|
|
* RT 5.0 can reveal information about data on various RT objects in errors and
|
|
|
|
|
other response messages to REST 2 requests.
|
|
|
|
|
|
|
|
|
|
General user features
|
|
|
|
|
* Include "Create" transactions when checking if there are unread messages
|
|
|
|
|
* Support HasUnreadMessages and HasNoUnreadMessages criteria for ticket search
|
|
|
|
|
* Make simple search result refresh always function
|
|
|
|
|
* Support to download custom field attachments from SelfService
|
|
|
|
|
* Allow additional ticket relationship graph directions
|
|
|
|
|
* Add the missing Principals autocomplete URL for Self Service
|
|
|
|
|
* On the People page, list current user in "All Recipients" if it's a watcher
|
|
|
|
|
* Align existing attachment list
|
|
|
|
|
* Show direct members for charts grouped by watchers in perl calculation
|
|
|
|
|
* Add the same separator as ticket cfs for user cfs in Spreadsheet
|
|
|
|
|
* Exclude owner email address from one time Cc/Bcc inputs
|
|
|
|
|
* Require unique name for Conditions and Actions
|
|
|
|
|
* Enable the selectpicker class for multiselect cfs
|
|
|
|
|
* Don't highlight "RT for" as the active menu
|
|
|
|
|
* Show that a principal is disabled while editing people inline
|
|
|
|
|
* Fix empty updates sending emails with html signatures
|
|
|
|
|
* Remove mobile restrictions for CKEditor
|
|
|
|
|
* Get the Stylesheet of the called user object instead of its CurrentUser
|
|
|
|
|
* Tweak quoted selection content and quote it with blockquote for html
|
|
|
|
|
* Fix lifecycle new status removal
|
|
|
|
|
* Improve Lifecycle validation messages
|
|
|
|
|
* Allow to wrap for normal collection list headers
|
|
|
|
|
* Make search chart tables responsive
|
|
|
|
|
* Adjust EmailInput element to use the correct autocomplete helper
|
|
|
|
|
* Make Principals Helper compatible with EmailInput element
|
|
|
|
|
* Add a __SelectedUser__ search placeholder and portlet to set it
|
|
|
|
|
* Do not disable inline edit after errors
|
|
|
|
|
* Fix Find Group portlet input size
|
|
|
|
|
* Fix Find Asset portlet input size
|
|
|
|
|
* Avoid adding duplicated prefixes like "Ticket ID: " on bulk update pages
|
|
|
|
|
* Use id prefix for core field update messages consistently
|
|
|
|
|
* Rebalance page menu when the entire page (not just DOM) is ready
|
|
|
|
|
* Return success when disabling a disabled record via REST 2
|
|
|
|
|
* On ticket update, update names in Cc/Bcc select boxes when
|
|
|
|
|
checking/unchecking one-time "All recipients"
|
|
|
|
|
* On dashboard edit, drop height CSS rules for each section in source
|
|
|
|
|
selection boxes to prevent overlap
|
|
|
|
|
|
|
|
|
|
Documentation
|
|
|
|
|
* Add documentation for using rt-crontool with multiple --action parameters
|
|
|
|
|
* Fix formatting in docs for $DateTimeFormat config examples
|
|
|
|
|
* Document default Name setting in RT::User
|
|
|
|
|
* Provide examples for CanonicalizeEmailAddress match and replace
|
|
|
|
|
* Fix docs on RT::Queue::IsWatcher
|
|
|
|
|
* Fix the link to RT_Config's External-storage section in pod
|
|
|
|
|
* Custom Roles cannot apply globally; correct docs
|
|
|
|
|
* Fix typo in transaction-type argument in rt-crontool docs (thanks rob@lonap.net!)
|
|
|
|
|
* Fix "Reffered" typo in metadata doc (thanks nreiling!)
|
|
|
|
|
* Fix 'followoing' typo in docs (thanks nreiling!)
|
|
|
|
|
* Clarify usage of the $EmailSubjectTagRegex setting
|
|
|
|
|
* Fix ticket_metadata.pod: Incorrect documentation of parent/child (thanks nreiling!)
|
|
|
|
|
* Improve documentation for RT::Search modules
|
|
|
|
|
* Document MySQL 8 support (actual MySQL 8 support was added in RT 5.0.4)
|
|
|
|
|
* Document web deployment with apache+proxy_fcgi
|
|
|
|
|
* Remove trailing / from mailgate url examples
|
|
|
|
|
* Fix users -> uses typo in query builder docs
|
|
|
|
|
* Document the new __SelectedUser__ search placeholder
|
|
|
|
|
* Remove duplicate REST 2 asset examples
|
|
|
|
|
* Document changes to some update messages
|
|
|
|
|
* Update NAME header in rt-munge-attachments POD (thanks andrew!)
|
|
|
|
|
|
|
|
|
|
Administration
|
|
|
|
|
* Remove state criteria for invalid utf8 error warnings to allow
|
|
|
|
|
the full-text indexer to continue to run
|
|
|
|
|
* Improve template 'Error: public key'
|
|
|
|
|
* Don't error if users4 index has been removed
|
|
|
|
|
* Update required versions for GD::Graph and Date::Extract
|
|
|
|
|
* A client terminating a connection shouldn't kill a FCGI process (thanks andrew!)
|
|
|
|
|
* Add configuration option $AllowGroupAutocompleteForUnprivileged
|
|
|
|
|
* Allow selection of SSL providers with SMIME
|
|
|
|
|
* Add new page where admins can preview results of search modules
|
|
|
|
|
* Add RT::Interface::Web::ReportsRegistry package, allowing extensions to
|
|
|
|
|
add custom reports more easily
|
|
|
|
|
* Index SortOrder of ObjectCustomFieldValues
|
|
|
|
|
* Re-work indexes on Links table
|
|
|
|
|
* Bump SearchBuilder to 1.77 to fix a possible sorting issue
|
|
|
|
|
* Add a dropdown with values for RedistributeAutoGeneratedMessages config
|
|
|
|
|
* Fill up CachedGroupMembers at the end of importer for performance
|
|
|
|
|
* Add --all to serializer to export all data with UIDs and not check dependencies
|
|
|
|
|
* Reload scrubber rules for current process that changes configs
|
|
|
|
|
* Create a local version of $RULES{img} to update it dynamically based on configs
|
|
|
|
|
* Tweak code logic to short-circuit config checks when img rules are pre-defined
|
|
|
|
|
* Update legacy timezones
|
|
|
|
|
* Add --limit-queues and --no-queues support for rt-dump-initialdata
|
|
|
|
|
* Support to dump and import CustomFieldDefaultValues attributes with cf name
|
|
|
|
|
* Add new Scrip Logging page
|
|
|
|
|
* In the Lifecycle editor, set on_create status only if it's absent
|
|
|
|
|
* Add expiration option for auth tokens
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 17 20:40:50 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
|
|
|
|
|
|
|
|
|
|
- update to 5.0.4
|
|
|
|
|
Security
|
|
|
|
|
* jQuery UI is updated to version 1.13.2, which addresses a security issue in
|
|
|
|
|
earlier jQuery UI (CVE-2022-31160). This issue does not impact RT directly
|
|
|
|
|
as RT does not currently use the impacted code.
|
|
|
|
|
|
|
|
|
|
General user features
|
|
|
|
|
* Split the select of watcher criteria in query builder; with a single
|
|
|
|
|
select, this list would grow too long
|
|
|
|
|
* Display entry hint in people section of ticket display page
|
|
|
|
|
* Add missing css rules to buttons to improve UI consistency
|
|
|
|
|
* Increase search field column width, mainly for role fields
|
|
|
|
|
* Include custom roles in the core watcher search criteria
|
|
|
|
|
* Hide asset menu search if simple search is disabled
|
|
|
|
|
* Fix multiple mt-* classes that are applied at the same time to fix
|
|
|
|
|
display bugs
|
|
|
|
|
* Retain Class and ObjectType when query parsing contains errors;
|
|
|
|
|
prevents query parsing actions in transaction search from reverting
|
|
|
|
|
to ticket search
|
|
|
|
|
* Clear floating elements from correspondence
|
|
|
|
|
* Show custom field diffs in transaction history
|
|
|
|
|
* Fix bug that caused HTML custom fields to show 'text/html' as value
|
|
|
|
|
* Move user custom fields on "Settings > About me"" page to make better
|
|
|
|
|
use of space
|
|
|
|
|
* Fix the menu drift when clicking on repositioned submenus caused by
|
|
|
|
|
screen width overflow
|
|
|
|
|
* Fix issue where a submenu could flash out when clicking a submenu
|
|
|
|
|
option (specifically, in Chrome-based browsers)
|
|
|
|
|
* Fix runtime error in SelfService Asset Display (I#37377)
|
|
|
|
|
* Improve Reports/Update This Menu CSS styling
|
|
|
|
|
* Improve 'Error: public key' template to avoid confusion for new
|
|
|
|
|
installs (I#37360)
|
|
|
|
|
* Show RT support email address in the RemoteAuth error page
|
|
|
|
|
* Show RT support email address on PSGI/database error page
|
|
|
|
|
* Block ticket creation/update when there's invalid recipients
|
|
|
|
|
* Disable browser spell check for custom code box (thanks Christian
|
|
|
|
|
Mehlmauer!)
|
|
|
|
|
* Make Actions page menu scrollable in case it's too long to fit on
|
|
|
|
|
screen
|
|
|
|
|
* Allow CKEditor (rich text) boxes to vary in height based on
|
|
|
|
|
context/usage
|
|
|
|
|
* Fix bug preventing the toggling/display of initially rolled-up widgets
|
|
|
|
|
* Allow unchecking of "Suppress if empty" checkbox for dashboard
|
|
|
|
|
subscriptions
|
|
|
|
|
* Load more history for unread messages with on scroll setting so new
|
|
|
|
|
messages can be accessed via the "Jump to Unread" button
|
|
|
|
|
* Exclude favion.png from generated dashboard email
|
|
|
|
|
* Add extra css to dashboard emails to improve display for some
|
|
|
|
|
email web clients (such as Gmail and Outlook)
|
|
|
|
|
* Fix Ticket/Create.html's display of Links block
|
|
|
|
|
* Refactor Edit Links to fix bug in page display
|
|
|
|
|
* Exclude asset custom roles from ticket search
|
|
|
|
|
* Fix custom role's name in the result message when adding members
|
|
|
|
|
* Add support for custom roles in asset searches
|
|
|
|
|
* Improve performance of one-time email lookup
|
|
|
|
|
* Improve page layout by dropping an extra form-row wrapper
|
|
|
|
|
(LabeledValue already has one)
|
|
|
|
|
* Fix layout of ticket graph page
|
|
|
|
|
* Add back missing current-value span to fix alignment of rows in asset
|
|
|
|
|
widget of ticket page
|
|
|
|
|
* Re-add the missing Creator row for article display
|
|
|
|
|
* Revert LabeledValue changes to role inputs
|
|
|
|
|
* Make article autocomplete case insensitive
|
|
|
|
|
* Force EmailAddress to be the default return value for EmailInput
|
|
|
|
|
* Prettify "Show ticket history" by making it look like a button
|
|
|
|
|
* Add multiple order by and order indicators in search results header
|
|
|
|
|
* Make autocomplete work in dynamically created modal popup
|
|
|
|
|
* Support to pass user name as default value for owner input
|
|
|
|
|
autocomplete
|
|
|
|
|
* Allow to show empty option even when default value is present;
|
|
|
|
|
allows current Priority filter to show while allowing user to unset it
|
|
|
|
|
* Allow users to filter ticket search results via headers
|
|
|
|
|
* Allow text but not icons to wrap in search header (in Firefox)
|
|
|
|
|
* Provide default 'select all' for some search terms; prevents erroneous
|
|
|
|
|
"error parsing your search query" messages (I#36902)
|
|
|
|
|
* Reset queue-level default values on queue change on ticket create
|
|
|
|
|
page; previously, defaults didn't change even if another queue was
|
|
|
|
|
selected (I#37242)
|
|
|
|
|
* Show end users a message if a SQL error occurs
|
|
|
|
|
* Update search results to use Bootstrap/modern pagination styles
|
|
|
|
|
* Add box to jump to search results page
|
|
|
|
|
* Add UI for custom field validation hints
|
|
|
|
|
* Improve color and spacing for custom field FriendlyPattern UI
|
|
|
|
|
* Target keyboard shortcuts accurately for search result modal popups
|
|
|
|
|
* Fix combobox controls to not clear user inputs on dropdown click
|
|
|
|
|
* Format auth token list with a title box
|
|
|
|
|
* Removed extra space between Cc and Bcc in the ticket update cc Element
|
|
|
|
|
* Handle implicit form submissions in search filter modals (i.e., act
|
|
|
|
|
as if the "Apply" button was clicked)
|
|
|
|
|
* Fix broken search input formatting on "Manage GnuPG Keys" page
|
|
|
|
|
* Always show a Logout link in the menu
|
|
|
|
|
* Make number of search results per-page configurable
|
|
|
|
|
* Add information about search preferences
|
|
|
|
|
* Remove extra space from titleboxes in query builder's Sort and Display
|
|
|
|
|
Columns boxes
|
|
|
|
|
* Prevent main navigation from overlapping with custom logo
|
|
|
|
|
* Make pie/bar in js charts clickable again for saved searches
|
|
|
|
|
* Automatically enable live search for selects that have 10 or more
|
|
|
|
|
options
|
|
|
|
|
* Force to use light theme for dashboard emails; prevents broken
|
|
|
|
|
display of dashboard emails in email clients that try to automatically
|
|
|
|
|
apply your system's dark/light theme to emails
|
|
|
|
|
* In query builder, show a solid funnel next to header column if that
|
|
|
|
|
column is a filter in the search
|
|
|
|
|
* Add "unknown" default priority option to priority select list; shows
|
|
|
|
|
if a ticket's priority is unknown or no longer valid
|
|
|
|
|
* Make search filter modal popups scrollable (in case of long content)
|
|
|
|
|
* In query builder, increase queue limit to 100 in search filter (as
|
|
|
|
|
the modal is now scrollable)
|
|
|
|
|
* Add URL shortening of search URLs
|
|
|
|
|
* Add shortener support to saved searches
|
|
|
|
|
* Shorten subqueries on chart page
|
|
|
|
|
* Fix bug that adds duplicated criteria to queries generated on chart
|
|
|
|
|
page
|
|
|
|
|
* Reduce whitespace between the continuous descriptive paragraphs
|
|
|
|
|
* When commenting or corresponding, only quote text from transaction
|
|
|
|
|
areas in the ticket history
|
|
|
|
|
* Remove unnecessary spacing in layout of user custom fields in
|
|
|
|
|
SelfService Prefs
|
|
|
|
|
* Fix label typo for asset description
|
|
|
|
|
* Fix bug that could prevent live-search in select widgets (Safari and
|
|
|
|
|
Firefox)
|
|
|
|
|
* Improve UI consistency by wrapping textarea/attachment inputs in a
|
|
|
|
|
form-row
|
|
|
|
|
* Remove extra vertical space of select inputs to be consistent with
|
|
|
|
|
other inputs
|
|
|
|
|
* Use consistent space among input rows for ticket forms
|
|
|
|
|
* Replace fontawesome funnel icon with bootstrap version
|
|
|
|
|
* Drop the obsolete fontawesome filter icon
|
|
|
|
|
* Removed extra space between Cc and Bcc in the ticket update cc Element
|
|
|
|
|
* Update data-live-search attr for bootstrap select before initialization
|
|
|
|
|
* Show customized operator/value inputs for cfs on admin user search page
|
|
|
|
|
* Support to wrap textarea/attachment inputs into a form-row for space settings
|
|
|
|
|
* Remove extra vertical space of selectized inputs to be consistent with other inputs
|
|
|
|
|
* Use consistent space among input rows for ticket forms
|
|
|
|
|
* Use HTML content for articles by default
|
|
|
|
|
* Format article HTML content correctly when EscapeHTML is disabled
|
|
|
|
|
* Add extra newlines to make boundaries of different article fields clear
|
|
|
|
|
* Clarify usage of the $EmailSubjectTagRegex setting
|
|
|
|
|
* Adapt formatting for mixed HTML and plain text quoting in Outlook message
|
|
|
|
|
* Display key details for text/calendar messages (meeting invitations)
|
|
|
|
|
* Various improvements for search filter controls
|
|
|
|
|
* Limit dropdown size in owner search filter modal
|
|
|
|
|
* Convert some search icons to inline svg for easier styling
|
|
|
|
|
* Drop the duplicated div.value in EditTopics
|
|
|
|
|
* Hide tooltips everywhere on click
|
|
|
|
|
|
|
|
|
|
Web Administration
|
|
|
|
|
* Allow default custom field values for group, user, and article objects
|
|
|
|
|
* Add custom roles to assets
|
|
|
|
|
* Add lookup type to custom role admin page listing
|
|
|
|
|
* Make comment and signature boxes half-page width, not full page width
|
|
|
|
|
* Add SameSite to cookies from WebSameSiteCookies, helping to protect
|
|
|
|
|
from CSRF attacks ($WebSameSiteCookies in RT config)
|
|
|
|
|
* Update default value for WebSecureCookie so cookies are secure by
|
|
|
|
|
default
|
|
|
|
|
* Support sending test dashboard emails on dashboard subscription page
|
|
|
|
|
* Record ACL changes in transactions
|
|
|
|
|
* Show a default entry hint based on the type of validation for custom
|
|
|
|
|
field admin pages
|
|
|
|
|
* Fix display of plugin arguments on Shredder page
|
|
|
|
|
* Update Scrips modify page to line up "Applies to" with the other
|
|
|
|
|
values
|
|
|
|
|
* Remove unnecessary current-value span for rows not in forms
|
|
|
|
|
* Use LabledValue to generate current-value spans
|
|
|
|
|
* Add search functionality for config edit page
|
|
|
|
|
* Add configuration option to disable quoting of selected text on
|
|
|
|
|
ticket update
|
|
|
|
|
* Fix lifecycle editor warning messages: "actions" is the key name,
|
|
|
|
|
not "action"
|
|
|
|
|
* In lifecycle editor, show objects where the lifecycle is applied
|
|
|
|
|
* Add Shortener page (Admin > Tools > Shortener Viewer) to show content
|
|
|
|
|
of specified shortener code
|
|
|
|
|
* Create optional article portlet for ticket display page
|
|
|
|
|
* Hide article portlet if current user does not right to see the article
|
|
|
|
|
* Add a Checkbox RenderType for select type custom fields
|
|
|
|
|
* Scrub permissively for non-ticket related custom field values
|
|
|
|
|
* Add %ScrubCustomFieldOnSave config to scrub custom field values on save
|
|
|
|
|
|
|
|
|
|
Server Administration
|
|
|
|
|
* RT now supports MySQL 8
|
|
|
|
|
* Upgrade jquery-ui to 1.13.2
|
|
|
|
|
* Upgrade CKEditor to 4.20.1
|
|
|
|
|
* Add clibboard.js to RT
|
|
|
|
|
* Update fontawesome to 5.15.4
|
|
|
|
|
* Updated dependencies:
|
|
|
|
|
DBIx::SearchBuilder 1.76+ for MySQL 8, combined count/results
|
|
|
|
|
Require DBD::SQLite 1.72
|
|
|
|
|
Require GD::Graph 1.56
|
|
|
|
|
Require Date::Extract 0.07
|
|
|
|
|
Module::Runtime::require_module (replaces UNIVERSAL::require
|
|
|
|
|
* Removed dependencies:
|
|
|
|
|
Data::Page::Pageset
|
|
|
|
|
Pod::Select (deprecated)
|
|
|
|
|
Pod::PlainText (deprecated)
|
|
|
|
|
UNIVERSAL::require (deprecated)
|
|
|
|
|
* Drop obsolete babel-minify-webpack-plugin
|
|
|
|
|
* Add --recipient to send dashboard emails to a single recipient only
|
|
|
|
|
* Add --dashboards argument to specify dashboard IDs to send via
|
|
|
|
|
rt-email-dashboards
|
|
|
|
|
* Add option to inline CSS for dashboard email; allows dashboard emails
|
|
|
|
|
to resemble the RT display while decreasing email size by removing
|
|
|
|
|
unused CSS classes
|
|
|
|
|
* Refactor implementation of --no-auto-commit to support --originalid
|
|
|
|
|
* Add $DatabaseQueryTimeout setting to set the maximum seconds a single
|
|
|
|
|
SQL query should be allowed to run.
|
|
|
|
|
* Add Info/Debug/Error messages to the RT logs when a user logs in or
|
|
|
|
|
out via web remote user auth.
|
|
|
|
|
* Add support to shred class/topic/article objects
|
|
|
|
|
* Add support to shred catalog/asset objects
|
|
|
|
|
* Shred only ticket roles when shredding queues
|
|
|
|
|
* When loading an initialdata file, don't add the same custom fields
|
|
|
|
|
multiple times.
|
|
|
|
|
* Extract pre-defined custom field validation rules to the
|
|
|
|
|
@CustomFieldValuesValidations config setting
|
|
|
|
|
* Add source IP address to the external auth login log message
|
|
|
|
|
* Clarify logout messages for local and SAML logouts
|
|
|
|
|
* Add rt-clean-shorteners CLI utility to clean up temporary shorteners
|
|
|
|
|
* Add Shorteners to serializer when running in clone mode
|
|
|
|
|
* Show customized operator/value inputs for searching custom fields in
|
|
|
|
|
user admin (similar to how Query Builder works)
|
|
|
|
|
* Handle SetConfig changes in same way as text custom fields
|
|
|
|
|
* Dump GroupBy custom field items in saved charts using Name for
|
|
|
|
|
improved portability when using rt-dump-initialdata
|
|
|
|
|
* Fix LDAP filter string debug output
|
|
|
|
|
* Add rt-clean-attributes to delete obsolete DeferredRecipients
|
|
|
|
|
attributes
|
|
|
|
|
* Allow additional ticket relationship graph directions
|
|
|
|
|
* Support loading users via user custom fields
|
|
|
|
|
* Add new tables to reset-sequences utility
|
|
|
|
|
* Fix inconsistent normalized owner group member for merged tickets
|
|
|
|
|
in rt-validator
|
|
|
|
|
* In vulnerable-passwords upgrade script, Page users to save memory
|
|
|
|
|
in case there are too many records
|
|
|
|
|
* Dump GroupBy custom field items in saved charts using Name for portability
|
|
|
|
|
* Fix the partially quoted index name for MariaDB/MySQL
|
|
|
|
|
- adjust dependencies in spec fiile as given above
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 16 21:37:19 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
|
|
|
|
|
|
|
|
|
|
- update to 5.0.3
|
|
|
|
|
Security
|
|
|
|
|
* RT is vulnerable to cross-site scripting (XSS) when displaying
|
|
|
|
|
attachment content with fraudulent content types. This vulnerability
|
|
|
|
|
is assigned CVE-2022-25802.
|
|
|
|
|
* RT 5.0 is vulnerable to unvalidated, or open, redirects in ticket
|
|
|
|
|
searches. This vulnerability is assigned CVE-2022-25803.
|
|
|
|
|
* RT did not perform full rights checks on accesses to file or image type
|
|
|
|
|
custom fields, possibly allowing access to these custom fields by users
|
|
|
|
|
without rights to access to the associated objects (like the ticket it
|
|
|
|
|
is associated with).
|
|
|
|
|
|
|
|
|
|
As an additional security note, RT 5.0.3 also updates jQuery to
|
|
|
|
|
version 3.6.0 and that includes a security fix (CVE-2020-11022).
|
|
|
|
|
|
|
|
|
|
General user features
|
|
|
|
|
* Add a message and link to the new GnuPG key trust admin page
|
|
|
|
|
* Update user admin menu to just Keys
|
|
|
|
|
* Convert datetime cf values to user timezone on ticket clone
|
|
|
|
|
* Search Name/Summary case insensitively for SelfService article search
|
|
|
|
|
* Group custom field values by category
|
|
|
|
|
* Fix the bug that transaction cfs can not be saved on queue default values page
|
|
|
|
|
* Check email of custom role members on ticket create
|
|
|
|
|
* Improve checking of CustomFieldValue SortOrder
|
|
|
|
|
* Improve "not a unique value" error messages to show more hints
|
|
|
|
|
* Validate "unique values" custom fields correctly on web create
|
|
|
|
|
* Improve recognition of urlified subject tags
|
|
|
|
|
* Support different custom field groupings at category level
|
|
|
|
|
* Only use col-2/10 layout for transaction custom fields
|
|
|
|
|
* Cache CustomDateRanges in ColumnMap for performance
|
|
|
|
|
* Add response/comment css class after CKEditor is fully loaded in dark mode
|
|
|
|
|
* Default to not render old appearance of EntryHint for MultiUserRoleInput
|
|
|
|
|
* Add tooltip for custom role inputs on search bulk page
|
|
|
|
|
* Respect $Name argument in SelectDashboard
|
|
|
|
|
* Support to specify attribute name of system default dashboard, mainly for RTIR
|
|
|
|
|
* Don't trigger inline edit if user clicks links, buttons or their children
|
|
|
|
|
* Strip leading/trailing spaces from Group name automatically on create/update
|
|
|
|
|
* Support custom roles by name on ticket update
|
|
|
|
|
* Switch to link button for "Close" in modal of "Grant Dashboard Rights"
|
|
|
|
|
* Support to customize global MyRT configuration page
|
|
|
|
|
* Remove unneeded padding on ticket update
|
|
|
|
|
* Try harder to not only wrap help tooltip in labels
|
|
|
|
|
* Allow deleting RT addresses from roles
|
|
|
|
|
* Remove extra closing </div> element on custom role admin page
|
|
|
|
|
* Migrate plain checkboxes to bootstrap's custom-checkbox for consistency
|
|
|
|
|
* Show correct tooltips with multiple charts
|
|
|
|
|
* Verify PGP signatures on the original decrypted content
|
|
|
|
|
* Do not try to decrypt PGP public keys
|
|
|
|
|
* Don't warn if mixed newlines are found in decrypted GPG content
|
|
|
|
|
* Refresh status for Category select box on custom field edit page
|
|
|
|
|
* Remove duplicate my reminders portlet from default dashboard
|
|
|
|
|
* Notify user when unable to include an article
|
|
|
|
|
* Add configurable search for Include Article
|
|
|
|
|
* Allow DefaultCatalog to be unset in Web Interface
|
|
|
|
|
* Center values on custom field edit page
|
|
|
|
|
* Add the HTML CustomField type
|
|
|
|
|
* Allow HTML signatures
|
|
|
|
|
* Allow browser spellchecker to work in CKEditor windows
|
|
|
|
|
* Fix improper HTML tag nesting in EditDates
|
|
|
|
|
* Bypass selectize's client filter by showing all search results
|
|
|
|
|
* Change display from block to inline for create elements
|
|
|
|
|
* In the Theme editor, restore "try" behavior to the Try button rather
|
|
|
|
|
than saving changes
|
|
|
|
|
|
|
|
|
|
Administration
|
|
|
|
|
* Upgrade jQuery to 3.6.0
|
|
|
|
|
* Upgrade jQuery UI to 1.13.0
|
|
|
|
|
* Upgrade bootstrap to 4.6.1
|
|
|
|
|
* Upgrade bootstrap select to 1.13.18
|
|
|
|
|
* Add --no-auto-commit option for rt-importer
|
|
|
|
|
* Add Article and Asset counts to RT Size
|
|
|
|
|
* Add index on ObjectCustomFields.ObjectId
|
|
|
|
|
* In rt-shredder CLI tool, make setting sqldump actually work (thanks, grifferz!)
|
|
|
|
|
* Suppress warnings with rt-fulltext-indexer --quiet
|
|
|
|
|
* Exit success if rt-fulltext-indexer is running
|
|
|
|
|
* Add --log support in RT::Interface::CLI
|
|
|
|
|
* Explicitly set SSL_verify_mode in mailgate
|
|
|
|
|
* In rt-importer, put all dependencies of current object to the head of stack
|
|
|
|
|
to reduce memory usage
|
|
|
|
|
* Support to sync Disabled field for groups in LDAP import
|
|
|
|
|
* When shredding users, only replace fields that match the to-be-wiped user
|
|
|
|
|
* Replace obsolete AC_HELP_STRING with supported AS_HELP_STRING
|
|
|
|
|
* Removed unused Revision macro
|
|
|
|
|
* RT 3 is EOL so no one should be configuring an rt3 group
|
|
|
|
|
* RT 4 and later do not support modperl 1, remove the option
|
|
|
|
|
* Reduce memory usage for rt-importer
|
|
|
|
|
* Suppress incorrect attachment warning when session attachments exist
|
|
|
|
|
* Set the UserAssetExtraInfo widget for display on web config page
|
|
|
|
|
* Register "Show Details" toggle handler only once for each button in scroll mode
|
|
|
|
|
* Remove modperl1 feature from cpanfile
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 8 00:33:02 UTC 2024 - Tina Müller <tina.mueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- Use %autosetup instead of deprecated %patchN
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 11 10:17:55 UTC 2021 - lars@linux-schulserver.de - 5.0.2
|
|
|
|
|
|
|
|
|
|
- update to 5.0.2
|
|
|
|
|
Security
|
|
|
|
|
* In previous versions, RT's native login system is vulnerable to user enumeration
|
|
|
|
|
through a timing side-channel attack. This means an external entity could try to
|
|
|
|
|
find valid usernames by attempting logins and comparing the time to evaluate each
|
|
|
|
|
login attempt for valid and invalid usernames. This vulnerability does not allow any
|
|
|
|
|
access to the RT system. This vulnerability is assigned CVE-2021-38562 and is fixed
|
|
|
|
|
in this release.
|
|
|
|
|
* RT uses the chart.js package and the previous version has vulnerabilities
|
|
|
|
|
described here: https://snyk.io/test/npm/chart.js/2.8.0 This RT release updates
|
|
|
|
|
chart.js to version 2.9.4 as recommended in that advisory.
|
|
|
|
|
General features and fixes
|
|
|
|
|
* Update Starts on SLA changes even if Starts was already set
|
|
|
|
|
* Accept usernames for email input fields on ticket create/update
|
|
|
|
|
* Support group:NAME and group:ID in non-single role input fields
|
|
|
|
|
* Create an autocompleter for Principals (works with both users and groups)
|
|
|
|
|
* Support more characters for user/group names in non-single role input fields
|
|
|
|
|
* Normalize and validate time inputs
|
|
|
|
|
* Support to generate different dashboard content for each recipient
|
|
|
|
|
* Use user timezone for date "=" queries in ticket search
|
|
|
|
|
* Add "Create Via Email" and "Create Via Web" conditions
|
|
|
|
|
* Fix table wrapping error in Ticket/Update.html
|
|
|
|
|
* Don't escape queue name in title generation stage as it'll be escaped later
|
|
|
|
|
* Allow to squelch recipients that also exist in one time inputs
|
|
|
|
|
* Show all valid statuses on Asset bulk update page
|
|
|
|
|
* In the datepicker, reset the time part after date input is cleared
|
|
|
|
|
* Support columns as values in ticket search (ticket values on right-hand side in searches)
|
|
|
|
|
* Support a friendly syntax for custom field columns as values in ticket search
|
|
|
|
|
* Allow to specify CF Content/LargeContent columns in the keyword part of SQL
|
|
|
|
|
* Support role searches like Owner = CF.cid or Owner = Creator
|
|
|
|
|
* Improve UI of unread messages notification
|
|
|
|
|
* Sync one time inputs back to checkboxes on ticket update page
|
|
|
|
|
* Automatically load more txns to fill browser window on scroll history mode
|
|
|
|
|
* Fix duplicated closing tag for attachment delete links
|
|
|
|
|
* Remove search string including numbers in ticket autocomplete search on select
|
|
|
|
|
* Fix RecentlyViewedTickets to deal with shredded/merged tickets
|
|
|
|
|
* Fix bug that kept 11 tickets in the "recently visited" list instead of 10
|
|
|
|
|
* Show dependencies (like dashboards) and confirm before deleting saved searches
|
|
|
|
|
* Fill up cells of record's last row in search results
|
|
|
|
|
* Add support of "Lifecycle =" and "Queue LIKE" to GetReferencedQueues for more search options
|
|
|
|
|
* Support copying saved charts like searches
|
|
|
|
|
* Fix wrongly duplicated one-time addresses on ticket update page
|
|
|
|
|
* Add various missing ColumnMap entries
|
|
|
|
|
* Fix error when removing multiple holders of an asset
|
|
|
|
|
* Add basic stacked bar chart support
|
|
|
|
|
* Remove extra closing div on Login/Logout pages
|
|
|
|
|
* Add option to disable ticket linking in articles by class
|
|
|
|
|
* Add entry hint as custom field tooltip
|
|
|
|
|
* Disable submit on enter when input's autocomplete list shows up
|
|
|
|
|
* Support quoted custom fields as values
|
|
|
|
|
* Exclude end time when limiting txn date to a day
|
|
|
|
|
* Trigger UpdateCc/UpdateBcc input change only once when clicking "All recipients"
|
|
|
|
|
* Sync one-time checkboxes to text inputs in a consistent way
|
|
|
|
|
* Translate selfservice articles search button (thanks, elacour!)
|
|
|
|
|
* Support shallow searches for ticket roles
|
|
|
|
|
* Support to search user defined group names in watcher limit
|
|
|
|
|
* Support order by watcher's custom fields for ticket search
|
|
|
|
|
* Support more watcher fields including user cfs in search result format
|
|
|
|
|
* Add more watcher fields including user cfs to OrderBy/Columns in search builder
|
|
|
|
|
* Upgrade OrderBy "Owner" to new version "Owner.Name" in saved searchs
|
|
|
|
|
* Create a standard RT Time Worked report
|
|
|
|
|
* Add grouping by custom roles for ticket search charts
|
|
|
|
|
* Reduce space used by Current search on Query Builder to avoid saved search overlap
|
|
|
|
|
* Group by direct members of role groups for ticket search charts
|
|
|
|
|
* Use Name as the default watcher field in search results
|
|
|
|
|
* Allow clearing roles on bulk updates page
|
|
|
|
|
* Remove unexpected leading spaces in user signature input
|
|
|
|
|
* Add label text to old-attach form for accessibility
|
|
|
|
|
* Add the missing "form-control" class to autocomplete cf inputs in query builder
|
|
|
|
|
* Fix EditSearches title after submission on Query Builder page
|
|
|
|
|
* Let article summary take the whole width in article list
|
|
|
|
|
* Pass all request arguments to /SelfService/Open.html
|
|
|
|
|
* Disable inline edit for related tickets in "Assets" widget of ticket display
|
|
|
|
|
* Transactions on History.html page should link to transaction display page
|
|
|
|
|
* Clear "Add Columns" select after change on Query Builder
|
|
|
|
|
* Translate selfservice articles search button
|
|
|
|
|
* Render a label for both cases when displaying shredder objects,
|
|
|
|
|
making checkbox available to select objects to shred
|
|
|
|
|
* Align label/value columns for Assets widget in ticket display
|
|
|
|
|
* Use checkbox class for multi select list input
|
|
|
|
|
* Remove blue background on dropdown-item active
|
|
|
|
|
* Explicitly exclude "deleted" status from queue list portlet
|
|
|
|
|
* Require Name field when creating or editing Article
|
|
|
|
|
* Add QueueListAllStatuses portlet to show tickets info of all statuses
|
|
|
|
|
* In Self Service, don't explicitly call PageLayout as it's included already
|
|
|
|
|
* Remove extra closing div on Login/Logout pages
|
|
|
|
|
* Use 2/10 col layout for custom fields only in transaction display
|
|
|
|
|
* Use an independent col for each asset custom field grouping
|
|
|
|
|
* Add the missing from-control css class for queue autocomplete input
|
|
|
|
|
* Move asset field-specific css classes up to the row instead of just label
|
|
|
|
|
* Add autocomplete for assets input
|
|
|
|
|
* Don't change background color on click of dropdown items
|
|
|
|
|
* Load user-level search preferences for ticket searches only, fixing errors
|
|
|
|
|
with custom search formats and transaction search results
|
|
|
|
|
* Add more ticket info to transaction display page
|
|
|
|
|
* Register the missing autocomplete handler for refreshed inline-edited row
|
|
|
|
|
* Add webpath to RelatedData href (thanks, jtlarson!)
|
|
|
|
|
* Update principal input labels to reference groups
|
|
|
|
|
* Always default to no value for select type CFs on bulk update
|
|
|
|
|
* Fix context quoting on ticket update with top-quoted signatures in rich text editor
|
|
|
|
|
* On the query builder, restore OR accidentally changed in bootstrap updates
|
|
|
|
|
Administration
|
|
|
|
|
* Generalize Owner logic in Shredder to any Single role group
|
|
|
|
|
* In shredder, remove SetWatcher rows in transaction history as well
|
|
|
|
|
* Add setting $AssetMultipleOwner to allow many owners on assets
|
|
|
|
|
* Default --libs-group value from "bin" to "root"
|
|
|
|
|
* Add --dry-run option to rt-crontool
|
|
|
|
|
* In validator, ensure tickets and queues have all of their default role groups, individually
|
|
|
|
|
* In validator, prompt to create missing default role groups
|
|
|
|
|
* Skip merged tickets in role groups validation
|
|
|
|
|
* Allow to create missing queue-level custom role groups when needed
|
|
|
|
|
* For external auth, support cf mappings like CF.foo and UserCF.foo
|
|
|
|
|
* Support array and code in attr_map of external auth
|
|
|
|
|
* Don't quote table names in shredder SQL output
|
|
|
|
|
* Avoid "Wide character in print" warnings when generating shredder SQL output
|
|
|
|
|
* Add QuoteWrapWidth option for text quoted during reply/comment
|
|
|
|
|
* Set the $AttachmentListCount config's default value to 5
|
|
|
|
|
* Clarify external auth logging when users are not found
|
|
|
|
|
* Fix removal of scrips when shredding queues
|
|
|
|
|
* Avoid errors in shredder when Organization has a hyphen
|
|
|
|
|
* Avoid errors in shredder when username has a hyphen
|
|
|
|
|
* Avoid errors in shredder when queue name have a hyphen
|
|
|
|
|
* Log number of records returned from LDAP search
|
|
|
|
|
* Support searching NULL(unset) values on user/group admin pages
|
|
|
|
|
* Only show hints for user CFs configured in external settings on create
|
|
|
|
|
* Fix removal of custom fields when shredding queues
|
|
|
|
|
* Add transaction records for dashboard/savedsearch changes
|
|
|
|
|
* For articles, do not encode HTML if skip Escape HTML option selected
|
|
|
|
|
* In rt-crontool, add reload-ticket option to refresh metadata before processing
|
|
|
|
|
* Avoid a known problem version of Mojo::DOM::CSS
|
|
|
|
|
* Update DBIx::SearchBuilder to 1.68 to avoid segfaults on MariaDB 10.2+
|
|
|
|
|
* Add parallel support for crontool
|
|
|
|
|
* Add Parallel::ForkManager to dependency for parallel crontool
|
|
|
|
|
* Log the object that exceeds DependenciesLimit in shredder
|
|
|
|
|
* Remove SetOwner rows in transaction history on user shred
|
|
|
|
|
* Add ExternalAuth to the exceptions for requiring a password
|
|
|
|
|
* Reset ObjectCustomField sort order when re-enabling a Custom Field
|
|
|
|
|
* Update ObjectCustomField sort order only if necessary on re-enable
|
|
|
|
|
* Pass SavedChartSearchId from chart portlet
|
|
|
|
|
* Skip rights check when setting default object custom field values
|
|
|
|
|
* Add support to clear mason cache via web interface
|
|
|
|
|
* Add LDAP email authentication to External Auth
|
|
|
|
|
* Don't shred subgroups' member relationships when shredding ticket role groups
|
|
|
|
|
* Provide a way to select privileged and unprivileged users in admin
|
|
|
|
|
* Remember IncludeSystemGroups value on page navigation
|
|
|
|
|
* Add statement-log option to render statement logs in CLI
|
|
|
|
|
* Support to set sort order of applied custom roles
|
|
|
|
|
* Show custom roles in correct order on queue watcher and ticket pages
|
|
|
|
|
* Add no-sqldump option to rt-shredder to avoid generating backups
|
|
|
|
|
* Add paging support for group Members page
|
|
|
|
|
* Tweak css for page links to not overflow in Firefox
|
|
|
|
|
* Add $ShowSearchNavigation option to skip building search navigation links
|
|
|
|
|
* Add ability to search for disabled users
|
|
|
|
|
* Restore Ticket object to arguments passed to Preformatted, making ArticleTemplates work again
|
|
|
|
|
* Reload scrubber rules when web config changes are made
|
|
|
|
|
* Make statuses having upper cased chars work on lifecycle mappings page
|
|
|
|
|
* Multiple updates to set proper inputs on RT web configuration page
|
|
|
|
|
* Restyle admin user select page with a bare titlebox
|
|
|
|
|
* Upgrade Chart.js to 2.9.4
|
|
|
|
|
* In rt-dump-initialdata, add config for "no" variant of the disabled option
|
|
|
|
|
* In rt-dump-initialdata, skip attributes of attributes in serializeration as it's unsupported yet
|
|
|
|
|
* Log database config overrides via PreInitLoggerMessages
|
|
|
|
|
* Add support for deleting configs in database from web UI
|
|
|
|
|
* On user admin page, remember IncludeSystemGroups value on page navigation
|
|
|
|
|
* Create new config option for home page support email
|
|
|
|
|
* Support deleting custom field values on form submit in CF config
|
|
|
|
|
* In CreateTickets action, allow skipping of create ticket blocks through passing arg
|
|
|
|
|
* Add support for custom fields on article classes
|
|
|
|
|
* Disable inline editing for dashboard emails as clients don't support it (thanks J.P.Knight!)
|
|
|
|
|
* No need to fix up attribute contents in clone mode
|
|
|
|
|
Email Encryption/Signing
|
|
|
|
|
* Support separate certificates for SMIME encryption and signing
|
|
|
|
|
* Add encryption and signing options for digest email
|
|
|
|
|
* Provide an option to skip GnuPG tests
|
|
|
|
|
* Handle encrypted outgoing emails in digest email
|
|
|
|
|
* Add OtherCertificatesToSend option for SMIME
|
|
|
|
|
* Set path to GnuPG binary in GnuPG::Interface constructor (thanks, aruthven!)
|
|
|
|
|
* Fix uninitialized warnings of $latest_user_main_key for gpg 2.2
|
|
|
|
|
* Handle FAILURE keyword for gpg 2.2
|
|
|
|
|
* Add gpg.conf for gpg 2.2 so we can specify passphrase in command line
|
|
|
|
|
* Update warning message tests for gpg 2.2
|
|
|
|
|
* Don't override fingerprint if it exists already
|
|
|
|
|
* Make t/mail/crypt-gnupg.t pass with gpg 2.2
|
|
|
|
|
* Quit gpg-agent after tests for gpg 2.2
|
|
|
|
|
* Move signed_old_style_with_attachment.eml to emails directory
|
|
|
|
|
* Always use temp gpg homedir to get a cleaner env
|
|
|
|
|
* Add extra ignored keywords for gnupg 2.2.x
|
|
|
|
|
* Fix unit test to cope with variations in how different versions of OpenSSL print certificates
|
|
|
|
|
* Default cert-digest-algo from SHA1 to SHA256
|
|
|
|
|
* Bump GnuPG::Interface to 1.00 to support gpg 2.2
|
|
|
|
|
* Report the cert authority in an "assured by ..." clause
|
|
|
|
|
* Report the S/MIME signer correctly when there is no EmailAddress
|
|
|
|
|
* Fix a bug in the logic that suppresses the "email is unsigned" warning
|
|
|
|
|
* Add AgorithmName to info returned by ParseKeysInfo
|
|
|
|
|
* For GnuPG, add a tooltip with additional info about the signature
|
|
|
|
|
* Add ability to download GnuPG public keys
|
|
|
|
|
* Store and display additional info about S/MIME signatures
|
|
|
|
|
* Extract email addresses from S/MIME certificates as specified in RFC 5750
|
|
|
|
|
* Support SMIME certificate revocation using OCSP/CRL
|
|
|
|
|
* Add deprecation warnings to RT::Test::GnuPG and RT::Test::SMIME.
|
|
|
|
|
* Allow specification of outbound signing/encryption protocol on a per-queue basis
|
|
|
|
|
* In Admin/Users/Keys.html, do not call "UseForOutgoing" when we have no $Queue object
|
|
|
|
|
* Explain conversion of legacy list args to a hash in CheckRecipients
|
|
|
|
|
* Add RT::Attachment->CryptStatus method
|
|
|
|
|
* Fix error if a CA certificate does not define CRLDistributionPoints
|
|
|
|
|
* Keep entire GnuPG fingerprint; don't truncate to 8 characters
|
|
|
|
|
* Include S/MIME certificate serial number in tooltip
|
|
|
|
|
* Add ability to download S/MIME certificates
|
|
|
|
|
* Switch from key to fingerprint for user PrivateKey
|
|
|
|
|
* Add admin page to manage GnuPG keys
|
|
|
|
|
* Show "Preferred GnuPG key" input only if GnuPG is enabled
|
|
|
|
|
* Migrate remaining RT::Test::SMIME in tests to RT::Test::Crypt
|
|
|
|
|
* Bump GnuPG::Interface to 1.02 to fix secret key deletion issue for gnupg 2.2
|
|
|
|
|
* Disable using WKD on GnuPG tests that might attempt to use the network (thanks, puck!)
|
|
|
|
|
...
|
|
|
|
|
An even more complete changelog is available by visiting:
|
|
|
|
|
https://github.com/bestpractical/rt/compare/rt-5.0.1...rt-5.0.2
|
|
|
|
|
- add full url for source download
|
|
|
|
|
- add source signing signature
|
|
|
|
|
- new CORE dependency: Parallel::ForkManager
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 20 08:09:24 UTC 2021 - lars@linux-schulserver.de - 5.0.1
|
|
|
|
|
|
|
|
|
|
- add missing runtime dependencies:
|
|
|
|
|
+ perl(Apache::DBI)
|
|
|
|
|
+ perl(Module::Pluggable)
|
|
|
|
|
+ perl(Pod::Select)
|
|
|
|
|
+ perl(Business::Hours)
|
|
|
|
|
+ perl(CSS::Minifier::XS)
|
|
|
|
|
+ perl(Data::Page::Pageset)
|
|
|
|
|
+ perl(JavaScript::Minifier::XS)
|
|
|
|
|
+ perl(Net::IP)
|
|
|
|
|
+ perl(Scope::Upper)
|
|
|
|
|
- sort the layout file to match the current RT5 path layout
|
|
|
|
|
- install GnuPG, RT-Shredder and SMIME work directories
|
|
|
|
|
- recommend w3m, because of:
|
|
|
|
|
"Running with the internal HTML converter can result in performance
|
|
|
|
|
issues with some HTML. Install one of the following utilities with
|
|
|
|
|
your package manager to improve performance with an external tool:
|
|
|
|
|
w3m, elinks, links, html2text, lynx"
|
|
|
|
|
- enhance README.SUSE
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 13 15:36:42 UTC 2021 - lars@linux-schulserver.de - 5.0.1
|
|
|
|
|
|
|
|
|
|
|
