![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / devel / rt4
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.17 / (download) - annotate - [select for diffs], Sun Aug 21 20:44:05 2022 UTC (13 months ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
HEAD
Changes since 1.16: +2 -1
lines
Diff to previous 1.16 (colored)
rt4: Fix bug exposed by perl 5.36
Revision 1.16 / (download) - annotate - [select for diffs], Tue Oct 26 10:19:23 2021 UTC (22 months, 3 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
archivers: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Could not be committed due to merge conflict: devel/py-traitlets/distinfo The following distfiles were unfetchable (note: some may be only fetched conditionally): ./devel/pvs/distinfo pvs-3.2-solaris.tgz ./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip
Revision 1.15 / (download) - annotate - [select for diffs], Thu Oct 7 13:43:22 2021 UTC (23 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.14: +1 -2
lines
Diff to previous 1.14 (colored)
devel: Remove SHA1 hashes for distfiles
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jun 13 03:19:13 2019 UTC (4 years, 3 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.13: +6 -6
lines
Diff to previous 1.13 (colored)
Update to 4.2.16
This patch is provided by spz@, thank you.
Changelog:
4.2.16
Security Updates
* One of RT's dependencies, the Perl module Email::Address, has a
denial of service vulnerability which could induce a denial of
service of RT itself. We recommend updating to Email::Address
version 1.912 or later. The Email::Address vulnerabilities are
assigned CVE-2015-7686 and CVE-2015-12558. CVE-2015-7686 was
addressed in RT with a previous update. Email::Address version
1.912 addresses both of these CVEs with updates directly in the
source module. Thanks to Ricardo Signes for helping us with these
updates.
* One of RT's dependencies, the Perl module Email::Address::List,
relies on and operates similarly to Email::Address and therefore
also has potential denial of service vulnerabilities. These
vulnerabilities are assigned CVE-2018-18898. We recommend
administrators install Email::Address::List version 0.06 or
later. Thanks to Lukas Kramer for reporting the issue and Alex
Vandiver for contributing fixes.
* An optional RT dependency, HTML::Gumbo, incorrectly escaped HTML
in some cases. Since RT relies on this module to escape HTML
content, it's possible this issue could allow malicious HTML to be
displayed in RT. For RT's using this optional module, we recommend
administrators install HTML::Gumbo version 0.18 or later. Thanks
to Ruslan Zakirov for updating this module.
* The version of jQuery used in RT 4.2 and 4.4 has a Cross-site
Scripting (XSS) vulnerability when using cross-domain Ajax
requests. This vulnerability is assigned CVE-2015-9251. RT does
not use this jQuery feature so it is not directly
vulnerable. jQuery version 1.12 no longer receives official
updates, however a fix was posted with recommendations for
applications to patch locally, so RT will follow this
recommendation and ship with a patched version.
4.2.15
General user UI
* Show the Ticket's Subject when modifying the ticket.
* Re-format RT/Config.pm so the `# loc` comment parses correctly.
Web Administration
* Stop wrapping ShowUser in <a> tags to avoid unnecessary nested links.
* When listing group members, sort by text-only representation of the
user, not HTML (I#30771)
* In the group admin page, stop pre-computing ShowUser.
* In shredder, check for both id and name mismatches when loading objects
* Retain scrip sort order in pagination links
Internals
* Cache OCFVs to improve performance searching for duplicates when adding
values.
* Remove unused dependencies on File::Copy and Carp.
* On Oracle, return the empty string instead of undef for Subject when it
has no value on a ticket.
* Handle alphabetic words in RT::Plugin::Version
Developer
* Avoid using $id in /Ticket/Display.html so callbacks can modify id in ARGS.
Documentation
* Mention the RT-Attach-Message: yes header in template docs.
* Fix incorrect path in portlet documentation.
Internationalization
* Many changes to refactor sections of RT's internationalization code.
4.2.14
Security
* RT 4.0.0 and above are vulnerable to an information leak of cross-site
request forgery (CSRF) verification tokens if a user visits a specific
URL crafted by an attacker. This vulnerability is assigned
CVE-2017-5943. It was discovered by a third-party security researcher.
* RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack
if an attacker uploads a malicious file with a certain content type.
Installations which use the AlwaysDownloadAttachments config setting are
unaffected. This fix addresses all existant and future uploaded
attachments. This vulnerability is assigned CVE-2016-6127. This was
responsibly disclosed to us first by Scott Russo and the GE Application
Security Assessment Team.
* One of RT's dependencies, a Perl module named Email::Address, has a
denial of service vulnerability which could induce a denial of service
of RT itself. We recommend administrators install Email::Address version
1.908 or above, though we additionally provide a new workaround within
RT. The Email::Address vulnerability was assigned CVE-2015-7686. This
vulnerability's application to RT was brought to our attention by Pali
Rohár.
* RT 4.0.0 and above are vulnerable to timing side-channel attacks for
user passwords. By carefully measuring millions or billions of login
attempts, an attacker could crack a user's password even over the
internet. RT now uses a constant-time comparison algorithm for secrets
to thwart such attacks. This vulnerability is assigned CVE-2017-5361.
This was responsibly disclosed to us by Aaron Kondziela.
* RT's ExternalAuth feature is vulnerable to a similar timing side-channel
attack. Both RT 4.0/4.2 with the widely-deployed RT::Authen::ExternalAuth
extension, as well as the core ExternalAuth feature in RT 4.4 are
vulnerable. Installations which don't use ExternalAuth, or which use
ExternalAuth for LDAP/ActiveDirectory authentication, or which use
ExternalAuth for cookie-based authentication, are unaffected. Only
ExternalAuth in DBI (database) mode is vulnerable.
* RT 4.0.0 and above are potentially vulnerable to a remote code execution
attack in the dashboard subscription interface. A privileged attacker
can cause unexpected code to be executed through carefully-crafted saved
search names. Though we have not been able to demonstrate an actual
attack owing to other defenses in place, it could be possible. This fix
addresses all existant and future saved searches. This vulnerability is
assigned CVE-2017-5944. It was discovered by an internal security audit.
* RT 4.0.0 and above have misleading documentation which could reduce
system security. The RestrictLoginReferrer config setting (which has
security implications) was inconsistent with its implementation, which
checked for a slightly different variable name. RT will now check for the
incorrect name and produce an error message. This was responsibly
disclosed to us by Alex Vandiver.
General user UI
* Avoid divide-by-zero in charts with no data (I#32143)
* Remove dashboard from menu if it can't be loaded (I#29719)
* Avoid wrapping one-time recipient checkbox separately from its
label (I#32117)
* Use only top-level attachments for generating one-time recipient lists
to avoid e.g. phishing addresses
* Fix bulk update for asset custom fields (I#32509)
* Sort one-time recipient addresses (I#31879)
* Fix article quicksearch degrading the article menu (#31591)
* Avoid noisy "CF changed from 0 to 0" messages (I#32440)
* Avoid showing a truncated list of articles due to permissions (I#31989)
* Include the new Request Tracker logo
* Stop double-escaping HTML which is made into links (I#31169)
Email
* Avoid overaggressively trimming whitespace from MIME encoded-words
* Add config option $OverrideMailPrecedence to help avoid out-of-office
autoreplies
* Fix issues with encrypted attachments being unreadable/absent
Database
* Replace deprecated NOCREATEUSER with NOSUPERUSER for
Postgres 9.6 (I#32511)
rt-serializer/rt-importer
* Fix several incorrect references in output (I#31803, I#31804, I#31805,
I#31808)
* Add --exclude-organization option (I#31812, I#31813)
* Add --limit-queues and --limit-cfs options
* Suppress semi-unmigrated link relationships by default
* Add --hyperlink-unmigrated option
* Fix queue change transactions to mention unmigrated queues by name
* Support for dashboards in menu preference (I#31810)
* Support for RT at a Glance preference (I#31809)
* Don't skip RT->System searches
* Avoid breaking rights granted to users (I#31806)
Web Administration
* Add checkbox for selecting all custom field values in admin UI
* Log a history entry when adjusting whether a user is Privileged
* Log history entries when adding/removing a group member both to
the group and to the member
* Hide disabled scrips by default, adding a "include disabled scrips"
checkbox (I#30131)
* Add missing timezone field on user create/modify (I#29977)
* Add RT extension names and versions to System Configuration page (I#31482)
Server Administration
* Avoid error messages in 4.0.1 upgrade step
* Improve automatic identification of `find` command
* Add RefreshIntervals config option for managing homepage and
dashboard refresh
* Log failure to unlink temp file after email parse (I#32142)
* Make automatically linking a used article to the ticket configurable
with $LinkArticlesOnInclude config
* Avoid undef warnings with mbox MailCommand and FastCGI
* Avoid regex deprecation warnings on perl 5.21.1+
* Avoid issues with modern Perl versions excluding ./ from @INC
* Reduce log levels of custom field loading issues caused by ordinary
end-user actions (I#31742)
* Adapt SMIME probe to work with openssl 1.1
* Double bcrypt cost for password hashing
* Avoid "Couldn't load object RT::Transaction #0" warnings (I#31548)
* Avoid broken DateTime::Locale versions (I#31542)
* Avoid incompatible DBD::mysql version (I#32670)
Developer
* Clarify the usage of skip_update in /Ticket/Update.html BeforeUpdate
callback
* Fix whitespace-related test failures under Mojolicious 7.0
* Fix test failures when /usr/bin/sendmail absent
* Factor out _OutgoingMailFrom into a separate method for extensibility
* Ensure that Test::NoWarnings is skipped if skip_all is used
* Fix bug where RT::Ticket->Create's SquelchMailTo would squelch only
to the first address (I#31600)
* Avoid test failure caused by hash randomization
* Set up default args for customizations calling SignEncrypt directly
* New callbacks:
/Elements/ShowCustomFieldWikitext WikiFormatArgs
/Search/Elements/Chart AfterChartTable
* Improved callbacks:
/Elements/Tabs Privileged adds Search_Args and Has_Query parameters
Documentation
* Update links to the RT wiki
* Update mailing list references to point to community forum
* Improve documentation around creating a custom theme (I#31800)
* Document how to include custom fields in format strings
Internationalization
* Improvth @RefreshIntervals
* Update translations for: Brazilian Portuguese, Dutch, German, Latvian,
Macedonian, Russian, Serbian, Slovenian, and Spanish
4.2.13
General User UI
* Avoid race condition where a ticket's Started timestamp could be
before its Created timestamp
* Users without ability to update a saved search are no longer shown
an Update button
* IP custom field textboxes now wide enough for full IPv6 addresses (I#24565)
* Self-service Cc field now allows for autocompleting multiple users
* When possible sort charts numerically rather than ascii-betically
* QuickCreate now respects DefaultQueue and RememberDefaultQueue (I#30913)
* Make user preferences use label tags for better clickiness (I#30953)
* Hide "Transaction has no content" from Extract Article (I#31027)
* Improve CSRF detection by whitelisting more specific parameters (I#31090)
* Empty selection boxes no longer render 1px wide (I#31316)
* Show queue ID if the user can't see the queue name
* Search builder display format now properly supports "large" sizing
* Fix SMIME encoding issue (I#31155)
* Improve messaging and logging around reminders that users can't see
* Queue name on ticket display is now a link to a search for all active
tickets in that queue
* Support autocomplete custom fields in bulk update (I#15259)
* Hint to the user that not all CF types are supported by bulk update,
instead of silently excluding them (I#15259)
* Improve compliance with RFC4480 for GPG armor lines (I#30372)
* Restore behavior of $EditCustomFieldsSingleColumn config (I#18555)
* Fix a regression with time zones in datetime custom fields (I#31674)
* Fix certain attachment links containing HTML metacharacters from
double escaping (I#31751)
* Fix custom attachment URLs for self-service users (I#30960)
Database
* "schema" upgrade files no longer issue CREATE INDEX statements, instead
there are now "indexes" upgrade files that describe the end state of the
indexes RT requires. This better handles indexes that may have been
deployed by hand or otherwise already exist.
* We now correctly shred ObjectCustomFields records when shredding a
CustomField
* Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning
no limit) for tuning how very large attachments are included in the
full-text index
* Improve 4.0 upgrade scripts running under 4.2
Web Administration
* We now record transactions for changes to queues
* Improve visual design of Shredder forms
Server Administration
* Add missing dependency on Encode 2.64
* New RT_SiteConfig.pm files now get a "use utf8;" by default to allow
config options to use Unicode
* bcrypt cost has been doubled on schedule to improve password hashing
security
* Allow multiple --action and --action-arg options in rt-crontool
* Fix "use of localtime without parentheses" warning
* rt-email-dashboards now has a --log parameter for setting log level
* Add config %ReferrerComponents to provide fine-grained control over
referrer checking behavior
* Clarify web config validation log messages (I#31117)
* Add a no_ticket_transactions option to user shredder
* Remove now-unnecessary dependency on Apache::DBI (I#31210)
* Avoid DateTime::Locale versions 1.00 and 1.01
https://rt.cpan.org/Public/Bug/Display.html?id=110244
* Have ./configure test whether to use GNU-style syntax or BSD-style
syntax for `find -perm` (I#31308)
Developer
* Improve test compatibility with File::Which 1.17
* Improve test compatibility with HTML::FormatText::WithLinks::AndTables
* Remove unused RT::Shredder::Record
* Transactions now have a ColumnMap
* New callbacks:
/Ticket/Create.html MassageCloneArgs
/Admin/Queues/Modify.html FormStart
/Ticket/Elements/ShowBasics AfterTimeLeft, AfterPriority, AfterQueue,
and AfterTable
/Ticket/Elements/ShowSummary AfterBasics, AfterPeople, AfterReminders,
and AfterDates
/Ticket/Graphs/index.html BeforeActionList, FormStart, AfterForm, and
Default
/Ticket/Update.html RightColumnBottom
/Admin/CustomFields/Modify.html EndOfPage
/Elements/CollectionAsTable/Row EachField
/Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields,
and MassageSubscriptionFields
/Elements/ShowTransactionAttachments BeforeAttachment
* Improved callbacks:
/Admin/CustomFields/Modify.html Initial adds $Results
Documentation
* New documentation on format strings (docs/format-strings.pod) for
controlling how search results are displayed
* Update documentation to expect that most installations will deploy
fulltext search
* Also remind users that they should set up backups in the README
* Fix UPGRADING-4.2's description of PostgreSQL full-text search using
GiST; it uses GIN indexes (I#31844)
Internationalization
* Adjust the string "CustomFields" to instead use the existing
"Custom Fields" to ease translation
* We now display translated ticket properties and statuses on graphs
* Update translations for: Brazilian Portuguese, Czech, Finnish, French,
German, Greek, Hungarian, Japanese, Latvian, Lithuanian, Occitan, Polish,
Russian, Spanish, Swedish, and Turkish
Revision 1.13 / (download) - annotate - [select for diffs], Sat Jan 30 23:54:20 2016 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.12: +5 -5
lines
Diff to previous 1.12 (colored)
Update to 4.2.12 Changelog: This release is a security release which addresses the following vulnerabilities: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kope at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Nov 3 03:29:20 2015 UTC (7 years, 10 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Add SHA512 digests for distfiles for devel category Issues found with existing distfiles: distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip distfiles/fortran-utils-1.1.tar.gz distfiles/ivykis-0.39.tar.gz distfiles/enum-1.11.tar.gz distfiles/pvs-3.2-libraries.tgz distfiles/pvs-3.2-linux.tgz distfiles/pvs-3.2-solaris.tgz distfiles/pvs-3.2-system.tgz No changes made to these distinfo files. Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Revision 1.11 / (download) - annotate - [select for diffs], Mon May 18 13:35:30 2015 UTC (8 years, 4 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.10: +4 -4
lines
Diff to previous 1.10 (colored)
Update to RT 4.2.11
RT 4.2.11 -- 2015-05-07
--------------------------
This release is a bugfix release; most notably, it improves indexing
time for full-text search, as well as improving support for Apache 2.4
and MySQL 5.5. Interactive command-line tools (including upgrade tools)
will now also default to displaying warnings to STDERR, to aid in
awareness of potential errors.
The complete list of changes includes:
General user UI
* If storing a transaction failed, note the failure obviously in the
ticket history (#30419)
* Make sub-menus accessible on screen-readers
* Prevent Dashboard portlet from rendering with too many columns
* Hint that a transaction is Correspondence, using red background, on Jumbo
and Bulk Update pages as well.
* Articles distinction between "no classes exist" and "none visible to user"
(#30638)
* Skip Articles Class selection page if there is only one valid option
(#29975)
* For consistency with other roles, don't attempt to send email
notifications to owners that are disabled
* Improve search performance when searching custom field values on users
* Allow ModifyTicket to change nobody -> someone else, without OwnTicket
* Allow HTML5 <s> and <del> tags for the replaced <strike> tag
* Respect the user's chosen units for Time Worked across page loads, instead
of always defaulting to minutes. (#17985)
* In Jumbo, preserve ticket basics so in progress changes persist after
returning to the page
* Make elements styled as .button render the same as other buttons
* Add print styles for button and .button that match other inputs
Command-line
* Default to enabling error warnings to the screen for interactive commands
* Standardize --help, --quiet and --verbose options across tools
* Allow GSSAPI authentication with bin/rt (#25074)
Web Administration
* Don't show rights on role groups rights list which are nonsensical (#30556)
* Support setting multiply-valued custom fields during REST ticket creation
* Fix an infinite loop in multiple-valued custom field parsing
* Recover gracefully on template creation failure (#29021)
* Provide a user-legible representation of the user's GPG key (#25376)
* Ability to change back to "role" UsernameFormat
* Consistently store un-encoded header data for forwards (#29714)
Server Administration
* Improve full-text indexing by 1-2 orders of magnitude, on both PostgreSQL
and MySQL.
* Warn if innodb_log_file_size would limit uploads to < 5M on MySQL 5.5 and later
* Increase the warn threshold on max_allowed_packet to 5M
* Validate lifecycle right name length
* For convenience, allow using the distribution name instead of package
name in Plugin(); for example: Plugin('RT-Extension-SLA')
* Suggest explicit binlog_path for sphinx >= 1.10
* Drop DatabaseRequireSSL option that does nothing; replace with
DatabaseExtraDSN option to allow passing of arbitrary additional
database parameters to the database interface
* Respect configure-time FontPath configuration
* Configurable transaction suppression for EscalatePriority (#29465)
* Switch from Oracle DBA-only tables to tables the user can inspect (#30393)
* Properly handle large IN sql arguments by breaking them up in to separate
statements
Developer
* Deprecate unused RT::Interface::CLI::debug sub
* Standardize and simplify boilerplate for command-line options
* Make rt-validator infinite loop checker actually work
* Add 'mbox' option to $MailCommand which writes mbox-formatted output
* Allow attributes to be set after object creation in initialdata
files (#13036)
* Do not set charset and body on multipart messages in ContentAsMIME (#23671)
* Look harder for content in message/rfc822 parts
* Allow creation of multipart/related via REST, by providing Content-IDs
* Fold RT::Shredder code into core record classes
* Skip Shredder tests on all non-SQLite databases
* Built in HTTP Basic auth and htpasswd support in rt-apache tool
* New callbacks for Ticket/Elements/ShowBasics, AfterTimeEstimated and
AfterTimeWorked
* Use %ARGS values in /Admin/Users/Modify.html to allow callbacks to modify
them (#27655)
* Allow passing SquelchMailTo to Ticket->Create
* Explicitly depend on Class::Accessor::Fast not Class::Accessor
* Add BodyClass parameter to Elements/Header so callbacks can more easily
style only their own pages.
Documentation
* Extend the documentation to support Apache 2.4 deployment
* Attempt to improve reliability in lighttpd by suggesting sockets instead of
TCP connection
* Information on finding and installing plugins
* Information on the new rights interface in the UPGRADING doc (#29515)
Internationalization
* Localize EmailFrequency properties
* Updated localizations (German, Spanish, French, Icelandic, Italian,
Japanese, Lithuanian, Russian, Swedish, Traditional Chinese)
Revision 1.10 / (download) - annotate - [select for diffs], Sun Mar 1 21:25:17 2015 UTC (8 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.9: +4 -4
lines
Diff to previous 1.9 (colored)
Update to 4.2.10 Changelog: RT 4.2.10 -- 2015-02-26 ----------------------- RT 4.2.10 contains important security fixes, as well as minor bugfixes. This release is primarily a security release; it addresses CVE-014-9472, a denial-of-service via RT's email gateway, as well as CVE-2015-1165 and CVE-2015-1464, which allow for information disclosure and session hijacking via RT's RSS feeds. As part of these security updates, RT's dependency on the Encode module has been changed, to Encode 2.64. If upgrading, be sure to run rt-test-dependencies to verify that your installed version of Encode meets this requirement; if not, you will need to install a newer version from CPAN. This release is also a bugfix release; most notably, it addresses a bug which causes RT to generate blank outgoing text/plain parts. This fix requires installing the HTML::FormatExternal module, and having an external tool (w3m, elinks, etc) installed on the server. It also introduces indexed full-text searching for MySQL without the need to recompile MySQL to use the external Sphinx tool; instead, a MyISAM table is used for indexing. On MySQL 5.6 and above, an additional InnoDB table can also be used. The complete list of changes includes: General user UI * Speed up the default simple search on all FTS-enabled installs by not OR'ing it with a Subject match. This returns equivalent results for almost all tickets, and allows the database to make full use of the FTS index. * Pressing enter in user preference form fields no longer instead resets the auth token (#19431) * Pressing enter in ticket create and modify form fields now creates or updates the ticket, instead being equivalent to "add more attachments", or the "search" on People pages (#19431) * Properly encode headers in forwarded emails that contain non-ASCII text (#29753) * Allow users to customize visibility of chart/table/TicketSQL in saved charts * Allow groups to be added as requestors on tickets * Perform group searches case-insensitively on People page (#27835) * Ticket create transactions for tickets created via the web UI now contain mocked-up From, To, and Date headers; this causes them to render more correctly when forwarded * Update wording of error message for saved searches without a description (#30435) * Flush TSV download every 10 rows, for responsiveness * Retain values in Quick Create on homepage if it fails (#19431) * Limit the custom field value autocomplete to 10 values, like other autocompletes (#30190) * Fix a regression in 4.0.20/4.2.4 which caused some users to have blank homepages (#30106) * Fix styling on "unread messages" box on Ballard and Web2 themes * Fix format of Date headers in RSS feeds (#29712) * Adjust width of transaction date to accommodate all date formats (#30176) * Allow searching for tickets by queue lifecycle Command-line * Fix server name displayed at password prompt when RT is deployed at a non-root path like /rt (#22708) Admin * If the optional HTML::FormatExternal module is installed, use w3m, elinks, links, html2text, or lynx to format HTML to text. This addresses problems with the pure-Perl HTML-to-text converted which resulted in blank outgoing emails. (#30176) * Add support for native (non-Sphinx) indexed full-text search on MySQL. This uses the InnoDB fulltext engine on MySQL 5.6, and an additional MyISAM table on prior versions of MySQL. * Support MySQL database names with dashes in them (#7568) * Properly escape quotes and backslashes in config options in web installer (#29990) * Increase length of template title form input * Clarify wording on updating old Organization values by rt-validator * Resolve a runtime error for SMIME without secret keys (#30436) * Empty email addresses are no longer caught as being "an RT address" if there exist queues without Correspond addresses set (#18380) * Allow Parents/Children/Members/MemberOf in CreateTickets action * Allow RT-Originator to be overridden in templates * Ensure that HTML-encoded entities are indexed in FTS * Fix uninitialized value warnings from charts grouped by date * Remove no-op $CanonicalizeOnCreate configuration variable; RT::User->CanonicalizeUserInfo is always called * Make NotifyGroup action respect AlwaysNotifyActor argument * Fix X-RT-Interface header on incoming email on existent tickets * Warn on startup if queues have invalid lifecycles set (#28352) Developer * Add AfterHeaders callback to ShowMessageHeaders * Update all upgrade steps to use .in files (#18856) * Add policy tests to enforce the new upgrade step standards * Remove +x bit from multiple non-executable files * Make Obfuscate callback in configuration options be passed the current user, as was documented * Remove obsolete _CacheConfig parameters * Preferentially use IN rather than multiple OR clauses * Respect RowsPerPage for external custom field values * Localize default statuses from RT_Config.pm, instead of hardcoding * Add callbacks within Dates box after each type of Date * Pass the CustomFieldObj down to CustomFieldValue objects intact, so its ContextObj can be inspected; this is particularly useful for external custom fields. * Allow more than one right per @ACL in initialdata * Don't hardcode share/html in tests, for non-default layouts * Base detection of new themes on presence of main.css file, not base.css file (#30554) * Allow for relative "lib" in @INC when running tests * Allow EditComponentName customfield callback to alter Rows/Cols values Serializer/importer * Memory usage improvements in both serialization and import * Templates, Scrips, and ObjectScrips now serialize correctly when not cloning Documentation * Document how to enable un-indexed full-text-search, and its drawbacks * Note that after restoring from backups, PostgreSQL may need to have statistics updated * New documentation on writing portlets * Add an =pod directive so the first paragraph of UPGRADING is not skipped * Clarify when UPGRADING-x.y steps should be run * Better document known bugs with Sphinx FTS * Add missing semicolon on Shredder suggested indexes
Revision 1.9 / (download) - annotate - [select for diffs], Sun Nov 30 00:20:44 2014 UTC (8 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
Update to 4.2.9
Changelog:
RT 4.2.9 -- 2014-10-29
General user UI
* Fix Subject header during ticket printing (#30362)
* Comparisons of long text Custom Fields were erroneously reporting
updates (#30378)
* Broken logo link for the mobile UI when used with $WebPath
* No longer leak base64 data to non-english users who change a Dashboard
subscription and futureproof for other Attribute updates (#24665)
* Previous column selection is remembered when updating search formats (#16972)
* Charts could return quadrupled data for aggregate data (such as Time
Worked) depending on your rights configuration.
* Charts can now be grouped by Priority
* Ticket Creation form now leaves Requestor blank on page reload if you
cleared it out.
Localizations
* "check to delete all values" is now localized
Command-line
* BeforeDue action now accepts 2D as well as 2d (#30449)
* bin/rt no longer shows a default Due date unless one is configured
on the Queue. Additionally, Starts and Due are served in your time
zone (#20334)
Admin
* Improvements to the layout of the Group Members page
Developer
* Fix tests that used send_via_mailgate to properly check returns (#19156)
* Improvements to rt-static-docs for generating online documentation
* Proper warnings testing for cf_date tests
* Remove unused code to render Rules during replies/comments
* Undo a regression that meant Custom Fields passed to Ticket->Create
needed to be readable by the user creating the ticket.
Documentation
* Add a mention of SelfService to the documentation of $AllowUserAutocompleteForUnprivileged
* Update our backups documentation to cover restoring from the suggested
backups.
RT 4.2.8 -- 2014-10-02
General user UI
* Properly hide ticket list when MoreAboutRequestorTicketList is set to
"None"
Localizations
* Allow text in Squelch box on ModifyPeople page to be translatable.
* Updated German, Basque, French, Hungarian, and Russian translations.
Admin
* Allow $OverrideOutgoingMailFrom to key by queue id, as an alternative
to name
* Stop calling the deprecated _SQLLimit method when limiting by
transaction date
* Stop hiding the value of the AllowLoginPasswordAutoComplete setting
in System Configuration (#30417)
* Resolve CVE-2014-7227, arbitrary execution of code by privileged
users via SMIME by way of CVE-2015-6271.
Developer
* Add a ModifyMaxResults callback for Autocomplete endpoints
* Properly pass collection class to ColumnMap in /Elements/TSVExport
Documentation
* Update POD for AddRoleMember/DeleteRoleMember being in
RT::Record::Role::Roles now, not RT::Record.
RT 4.2.7 -- 2014-09-11
General user UI
* Fix algorithm for determining which links to display in ticket
relationship graphs with a MaxDepth
* Use "Correspondence added" or "Comment added" rather than the general
"Message recorded"
* Loading saved charts should load all of their settings (#29015)
* Stop fixing the width of "New ticket in" button (#27649)
* Record transactions in ticket history when attachments were dropped
or truncated due to $MaxAttachmentSize
* Still delay transaction loading when "full headers" have been
requested
* Add an "overdue" class on Due columns, to match DueRelative columns.
* Only show "overdue" class if the ticket status is still active
* Fix styling of "There are unread messages" box in aileron
* Keep date and datetime custom field inputs during failed ticket
creation
* Silence warnings from emails without Content-Transfer-Encoding
headers
* Silence warnings on user modify pages for disabled users
* Let custom field grouping boxes link on Display pages link to the
appropriate anchor on editing pages (#30195)
Localizations
* Localize "Recursive" column title in group memberships page
* Additional missing locstrings for numerous titleboxes
* Stop translating titles piecemeal in SelfService (#14736)
* Updated Catalan, German, Basque, Italian, Japanese, Dutch, Brazilian
Portuguese, and Russian translations
Command-line
* Reduce values queried using "rt ls" to only those displayed; this
speeds request time significantly when a large number of custom
fields are applied
* Add -s option to "rt comment", to set status when adding a comment or
correspondence (#30375)
Admin
* Add %AdminSearchResultRows configuration for altering the number of
rows per page of object types in the administrative interface
* Add an additional suggested index on Attachments' Creator for
deleting users with Shredder
* Fix rt-dump-metadata, by removing PrivateKey from _Accessible
(#22465)
* Rework internals dealing with characters/bytes, for better internal
consistency, and su support DBD::Pg 3.3.0 and above.
* Provide rt-mailgate version in User-Agent string (#18420)
* Reword errors given for rt-crontool when no valid user is found
(#18621)
* Show the right error message when rt-crontool fails to load a module
(#22991)
* Properly detect when rt-server is called without --listen
* Detect auto-generated mail in the presence of multiple Precedence:
headers
* Strip non-word characters from custom field variable names in Simple
templates; this allows use of custom fields with spaces (#18446)
* Streamline 3.8 -> 4.0 and 4.0 -> 4.2 upgrade steps by reducing the
number of ALTER TABLE calls that are run, adding/dropping multiple
columns at once (#21309)
* Remove LogoImageHeight and LogoImageWidth configuration varables,
which had no effect (#26827)
Developer
* Add a callback to manipulate which link types are displayed on
tickets
* Allow Object to be a subref in @Attributes in initialdata, to allow
for attributes on arbitrary objects
* Ignore vim swap files when testing
* Allow the SuccessfulLogin callback to alter where RT redirects to
* Add a callback to alter arguments to Showhistory
* Consistently use ->_GroupingClass when determining record class for
grouping lookup.
* Allow ->Deprecated to take a loglevel
* Switch from MIME::Head->set(), deprecated for the last 16 years, to
->replace() (#18417)
Documentation
* Correct documentation on where Shredder places sqldump files (#19167)
* Consistently use say 1/0 instead of true/false in RT_Config.pm
documentation
* Document how ordering in lifecycle transitions controls ordering in
the status drop-down
RT 4.2.6 -- 2014-07-16
General web UI
* Fix a regression introduced in 4.2.4, which caused lack of formatting
of plain text when responding via the rich text editor.
* Allow tables in HTML mail if the optional HTML::Gumbo dependency is
installed
* Fix a regression in 4.2.5 which prevented core date fields (Due,
Starts, etc) from being unset (#30180)
* Hide empty transaction custom fields when they have no value; this
fixes a regression in 4.2.1 where transaction custom fields began
displaying on all transactions. (#29757)
* Allow searching on requestor city, state, zip, and country in query
builder (#26960)
* Don't attempt to parse IP/Date(time) CFs if the value is NULL; this
prevents warnings.
* Remove border-radius: 0 to allow Firefox to use native text entry
widgets (#28233)
* Allow Firefox to reflow the data table below the chart on rudder
* Whitelist user search from CSRF restrictions
* Only include closing paren in MakeClicky link if it included an open
paren (#29064)
* Canonicalize CF values (including dates, IP addresses, and IP ranges)
before comparing to the database value; this prevents spurious
"changed from a to a" messages.
* Allow downloading 0-length files if they have a filename (#9050)
* Quick Create now defaults to the lifecycle's default create status,
instead of hardcoding "new"
* Show Wikitext CFs in bulk update
* Add autocompletion to link boxes on bulk update
Internationalization
* Add localization strings for Articles admin pages
* Add localization strings for user "Create Ticket" user summary portlet
* Add new #loc{key} form, to allow for more concise Lifecyles in config
* Updated German translation
Web administration
* Provide a default Category on External custom fields, for performance
* Provide a new "Notify Owner or AdminCCs" action
* Move search widgets for custom field admin interface to the top of
the page, to match other admin pages
* Use "LIKE" as the default search operator in the queue admin interface
* Enable searching by Lifecycle and SubjectTag in the queue admin
interface
* Add SubjectTag to the default AdminSearchResultFormat for queues
* Move Disabled to the last column of the default Queue admin search
result format, to match Scrips
* Add Disabled column to AdminSearchResultFormat for Classes,
CustomFields, Groups, and Users
* Add Disabled ColumnMap entry for Classes, Groups, and Users
* Prevent RT from locking up if a too-large image was uploaded for the
logo (#29929)
* Fix bugs in cascaded CFs of radio buttons and checkboxes when
categories contained spaces or periods.
* Quiet "No valid Type specified" warnings from queue watcher page for
user search results that were left blank (#29993)
Server administration
* DBD::Pg 3.3.0 conflicts with RT's UTF-8 handling; for this release,
it has been blacklisted. If you are using PostgreSQL as your
database and have DBD::Pg 3.3.0 installed, you will need to download
and install DBD::Pg 3.2.1 from CPAN.
* Allow the validator to fix incorrect values for Owner (#28403)
* Fix a regression in 4.2.5 which caused errors when calling
rt-crontool with a numeric --template argument.
* Quiet warnings in the 4.2.2 upgrade step for users upgrading from
4.0.x
* Add not_member_of restriction for User shredder plugin
* Warnings avoidance for RT::Attachments->Address when run as the
System User
* Update logo attribute as the current user, to allow auditing of who
changed it last
* Alter Links table on MySQL to support Unicode URLs (#19338)
* Warn on non-ASCII right names (#19339)
* Support Sphinx builds compiled with --enable-id64
* For compatibility with RT::Extension::MergeUsers, ensure that
Shredder checks that a user (possibly resolved from a merged user) is
valid before attempting to shred them
* Correctly detect presence of graphviz binary (`dot`), instead of
libgraph.so, for perl dependency calculation
* When merging instances with identical $Organization values, do not
qualify groups and queues
Developer
* Move AboutThisUser callback back to /Ticket/Elements/ShowGroupMembers
where it appears to originate, from where RT 4.2.0 accidentally moved
it, /Elements/ShowPrincipal/AboutThisUser
* Move all runtime module loading to UNIVERSAL::require
* Correct error message from RT::Date->Timezone
* Simplify code to assume Postgres 8.4, as RT 4.2 requires
* Add more class and id attributes to user admin pages and preferences
* Pass right number of arguments to sprintf, for Perl 5.22
compatibility
* Move sbin/rt-message-catalog into devel/tools and streamline to unify
with Launchpad import format
* Adjust more tests for RT_TEST_WEB_HANDLER=inline
* Remove dependency checks in t/, as they are covered by required
developer dependencies
Documentation
* Improved documentation for RT::Date
* Link POD, URLs, and emails in HTML generated from README
* Document "Satisfy any" technique for allowing rt-mailgate to post to
RT when $WebRemoteUserAuth and Apache authentication is used
* Document explicit steps for adding a new status to a lifecycle
Revision 1.8 / (download) - annotate - [select for diffs], Thu Sep 4 21:46:40 2014 UTC (9 years ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Define location of local plugins directory. Bump PKGREVISION.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Jul 6 06:32:32 2014 UTC (9 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.6: +4 -5
lines
Diff to previous 1.6 (colored)
Update to 4.2.5 from 4.2.1 Changelog: From http://bestpractical.com/release-notes/rt/4.2.5 This release is primarily a bugfix release; most notably, it explicitly updates a dependency to fix a previously-announced security vulnerability, resolves two serious bugs in the serializer, and fixes the "paste" feature in the Rich Text editor. Updated dependencies * Updated Email::Address::List dependency, to resolve CVE-2014-1474, as was previously announced in http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html * Bump CGI dependency (under perl 5.20 and above, only) to quash warnings about CGI.pm's deprecation in core (#29053) Serializer/Importer * Serialize binary data as binary, not as UTF-8 codepoints; this fixes a regression introduced in 4.2.3 which corrupted all binary data in serialized data. * Serialize ObjectScrips when cloning, which had been mistakenly omitted; this only partially resolves #29949, as it does not address serialization of ObjectScrips when not cloning. General web UI * Force CKEDITOR_BASEPATH; this fixes errors during pasting into the Rich Text editor (#29780, #29987) * Ticket autocompletion (for links) is more predictable when completing on strings containing numbers (#25755) * Fix "Show Outgoing Email" and Reply/Comment/Forward links in Approvals (#29800) * Correctly decode text/html parts of old (RT 3.6.5 and prior) emails Internationalization * Updated localizations (German, Greek, Slovak, Lithuanian) Web administration * Display clean Stage name in ColumnMaps (#28739) * Add Scrips Select/Create menu, and maintain context on which list of Scrips the Select page should link to (#28787) * Granting rights to new groups no longer requires clicking in textbox twice in Firefox (#29911) Server administration * Log when Encode::HanExtra would be useful in decoding emails, and make use of it if it is available. * Squash warnings in 4.1.17 upgrade step (#29595) * Reorder DROP IF EXISTS on 4.1.1 Postgres upgrade step to drop sequence after dropping the table; avoids bugs on upgrading in a previously-upgraded database * Stop hardcoding the list of available themes, instead auto-detecting new themes as they are added (#14667) * Explicitly point to $AutocompleteOwners setting in warning that RT is switching to the autocompleter due to too many owners. * Remove caching of template object in rt-crontool; this fixes a bug where the same content would be sent on all tickets (#29454) * rt-fulltext-indexer now locks, to prevent more than one instance from running at once (#17423) Developer * Add BeforeMessageBox callback in ModifyAll.html for parity with Create.html and Update.html * BeforeCustomFields callback in ShowCustomFields now takes $Table parameter * Default callback in ShowTransaction can now modify $ShowBody * Add a RT::Date->IsSet method * Fix invalid ContextObject on RT::CustomField->LoadByName when passed Queue => 0; this led to invalid LookupType limits on later calls to ->LoadByName. * Generalize RT::CustomField->LoadByName to work with non-Queue context objects, and to optionally return globally-applied CFs and not Disabled CFs. * Tests now pass again using RT_TEST_WEB_HANDLER=inline * ->AddCustomFieldValues no longer allows adding repeated values (#4553) Documentation * Drop references to MySQL 4.1, as RT 4.2 requires MySQL 5.1 * Updated example plugins used in documentation, and suggest Plugin() over Set(@Plugins, ...) (#29978) * Documentation for ColumnMap From http://bestpractical.com/release-notes/rt/4.2.4 This release is primarily a bugfix release; notable changes include: Database changes * Add the AutoOpenInactive action for upgrades; clean installs of RT 4.2.0 or higher have this action already * Force Lifecycle and Disabled properties of the internal __Approvals queue to the values RT needs to function correctly Notable new features * If indexed full-text searching is enabled, the simple search will search in both Content and Subject. * Align headers of collections to their content, by default. This right-aligns the "#" header of ticket collections, for instance. * Send caching headers for all static content; this fixes a regression from RT 4.0, which correctly set caching headers on static images (#28640) * Re-order JS to optimize parallel resource fetching, and decrease load times * Allow LIKE and NOT LIKE with Status limits (#29654) Regression fixes * Resolve a regression in 4.2.3 wherein TITLE information was lost after parsing on the Advanced page (#29425) * Fix a regression in 4.2.2, which caused "select" custom fields to not pick up their defaults when cloning tickets (#29751) * Fix a regression in 4.2.2 which caused checkbox CFs to add the same value multiple times (#29392) * Fix a regression in 4.2.2 when categories were set on a CF without using the "based on" feature. * Show reminders without due dates if $OnlyOverdue is set; this fixes a regression from RT 4.0 Email * Use "white-space: pre-wrap" when inserting plain-text into HTML templates. This preserves line breaks but allows clients to wrap lines if need be. Localization * Updated localizations from Launchpad; new Persian translation * Better cluing of pluralization and quantified terms for translators * Remove untranslatable locstrings (#29798) * Fix extra/missing numbers in Czech localization (#29741) * Remove no longer translated right names from PO files * Disambiguate "M" for "month" vs "megabyte" General web UI * Better splitting of phrases with numbers in ticket link autocompletion * Autocomplete email addresses in Forward page (#28441) * Allow non-ASCII characters in passwords (#28784) * Add a "Reset" button to revert homepage portlet formatting to the system default * Remove uninitialized value warnings for upgrades from RT 3.8 (#17505) * Allow downloading attachments whose filenames contain a leading dot (#29700) * Prevent uninitialized value warning on search result pages with no query (#29699) * Hide user summary links in mobile UI, as there is no user summary page for mobile (#28788) * Always add the trailing delimiter when autocompleting multiple-entry objects, such as email addresses * Compress PNG images to decrease initial page load times * Avoid "That is already the current value" warning when changing between two queues with differing lifecycles but a same-name mapping * Don't nest <a> tags to User Summaries in queue watcher page * Require that saved searches have names in order to be created (#20210) * Give a proper error when attempting to merge a ticket into itself (#26407) * Searching for "ip version 6" no longer limits to ticket 6; the 6 is instead searched for in the subject. (#22470) * Give SystemError transactions their own CSS style * Fix ticket link autocompletion during ticket creation * Require that one or more addresses be provided to forward (#25308) * Respect the "color" attribute in HTML mail (#28389) * Rework the JS that prevented form resubmission; instead of disabling the submit button (which interacted poorly with the browser's back button), instead use an attribute on the form (#27489) * Squash warnings triggered by query builder when more than 50 different users had OwnTicket * Serve rich text editor JS with the rest of the compressed JS; this ensures that it is better cached Web administration * Allow external custom fields to have a "based on" category. * Hide the queue name, lifecycle, and disabled box on the edit page for the __Approvals queue; these must remain unchanged for Approvals functionality. * Correctly page user results in User Summary searches * Prevent warnings on Scrip edit pages if the user did not have global ShowTemplate rights Configuration options * Add a new option ($AllowLoginPasswordAutoComplete) to allow the browser to remember user passwords on RT's login screen (#29071) * Add new $DefaultSearchResultOrderBy and $DefaultSearchResultOrder options to control the global default ordering of tickets * When the stylesheet is set to an unknown style, default to rudder, not aileron (#29132) Server administration * Use one fewer database connections per rt-server process; this is most notable on FastCGI deployments, which spawn a number of rt-server processes * Default to connecting to sphinx via 127.0.0.1 instead of localhost on MySQL 5.5, due to http://sphinxsearch.com/bugs/view.php?id=1815 * rt-validator can now detect and fix links to Articles with the wrong $Organization set * Check that the version in sbin/rt-server matches the version in lib/RT/Generated.pm during server startup * Follow up to 3 HTTP redirects when POSTing to the mail gateway. This covers the common case of http: redirecting to https:, but the mail gateway referencing http: (#14114) * Return a status code 503 if we cannot connect to the database (#23332) Installation * When configuring, pull the primary group of the current user using perl, instead of `groups`, which may not list the primary group first. * Ensure that rt-test-dependencies re-execs itself using its full path, as module installations may have changed the directory (#29024) * Properly detect an existing database but missing schema in the web installer * On perl 5.19.3 and above, a more recent version of Symbol::Global::Name is required, due to core perl changes Upgrades * Bulletproof 4.0 Articles upgrade steps by dropping tables before attempting to create them * Correct documentation path in upgrade warning * In database upgrades, skip the "BACK UP BEFORE THIS STEP" warning if the --force option was provided, which gives no change to stop at that point. * Remove a warning in the optional time-worked-history.pl upgrade step REST * Allow arbitrary Content-Disposition in REST uploads (#19770) Developer * Add a comment warning about the use of the SetFieldsOnce callback in BuildFormatString; it will be removed in RT 4.4. * Fix behavior of RT::Date->AddDays when passed 0 days * Check POD of all files * Allow RT::Users->WhoBelongToGroups to optionally return unprivileged users * Provide hooks to implement a cache on MakeClicky * Document ExtractTicketId and ParseTicketId, as useful methods for local overrides * Update RT::CustomField->LoadByName, when called with a Queue argument, to return only ticket CFs; in 4.2, it also began finding queue CFs. This reverts to the behavior from 4.0. * The Articles URI implementation is now consistent with Ticket URIs; ->LocalURIPrefix does not contain /article/ * Allow @JSFiles to include files not under /static/js/ if they have a leading / * Add a generic style for reverse-color ticket titlebox tabs * Allow plugins to wrap the PSGI application in its entirety * Bulletproof role resolution for single-user roles * Win32 and IIS are not a supported platform; remove all lingering references to them * Allow ModifyAll.html's Default callback to change @results, like Modify.html * Make Widgets/Form/Select honor the Multiple flag (#12447) * Remove extraneous direct uses of Time::ParseDate (#24498) * Add a callback after Attachments on ticket display * Fix SetDisabled's return message on failure (#29802) * Refactor CSV export to allow its use by non-ticket collections Documentation * Updated parts of RT::StyleGuide * Document the --no-users and --no-groups options to rt-serializer more clearly * Add documentation for rt-validate-aliases * Remove misleading comment about "an rt-mailgate user" from rt-mailgate documentation * Remove ambiguity of direction of $CanonicalizeEmailAddressMatch and $CanonicalizeEmailAddressReplace * Update schema.dot for the ObjectScrips table, new in 4.2 * List SQLite in documentation as a possible database backend, for non-production use. * Update suggested backup strategy on MySQL to no longer require LOCK TABLES privileges (#22893) * Note that changing queue subject tags may require altering $EmailSubjectTagRegex * Suggest /etc/cron.d instead of root's crontab, for discoverability From http://bestpractical.com/release-notes/rt/4.2.3 This release is primarily a bugfix release; notable changes include: Administrator tasks * Avoid starting a FastCGI process manager in the common case of the FastCGI process being started by the webserver, and communicating over STDIN. This restores the behavior from 4.0, where the process name is the full path to rt-server.fcgi, and not the static string "perl-fcgi-pm" or "perl-fcgi". * Automatically clean out Mason cache when updated HTML is installed during upgrades; this should prevent a common class of errors. * Fix paths in rt-importer when importing from a serialized dump which was written to an absolute path. * Additional optional upgrade script for users upgrading from RT 3.8 who previously used RT::Extension::CustomField::Checkbox. * Pass characters, not bytes, to _EncodeLOB during de-serialization; this prevents invalid UTF-8 from a serialized dump from entering the new database. * Catch and warn of additional common misconfigurations of GPG/SMIME integration. * Prevent a possible infinite loop in rt-validator --resolve if Principal records were missing; default to forcing their creation. Localization * Localization updates from Launchpad. General user UI * Date and DateTime customfields now pass "mandatory" validation if unchanged. * "1970-01-01" is now treated as "unset" for purposes of Date and DateTime validation. * Add Date and DateTime fields to bulk update. * Don't conduct a user search if no string was entered. * Signal if a user is disabled at the top of User Summary pages. * Resolve regression in 4.2, which caused warnings during ticket creation when transaction custom fields were applied. * Respect transaction squelching during GPG/SMIME signing and encryption. Lack of public key for a squelched user will no longer trigger errors, for instance. * Resolve regression in 4.2, where the recipient squelching checkboxes did not properly synchronize state between users who appeared multiple times. * Adjust the bottom edge of rolled-up tabs in ticket pages. * Sort data groupings in charts numerically, not ASCIIbetically, if they all appear to be numbers. * Ensure that Sidebar / Body panes in dashboard configuration display in a consistent order on perl 5.18 and above. * For strict DOM compliance, move a "name" attribute on <div> to "data-name". * Prevent "Can't call method "DependsOn" on an undefined value" error in bulk update if tickets were deleted. * Show links to tickets which are not readable by the user as numbers, not as blank titles. * Add a "ticket-active" class, as well as the current status as a class, to ticket links on ticket display page. * Fix a regression in 4.2 which caused an error when a user with only limited rights (Watch or WatchAsAdminCc) removed themselves as a watcher from a ticket or queue. * Allow SeeCustomField on a single queue to show its custom fields during search if the search is limited to that queue. Documentation * Remove obsolete wording mentioning CPAN 1.84, which we guaranteed to already have a more recent version of, by way of perl 5.10.1. * Correct reminders documentation to suggest RT::Action::Notify, not RT::Action::SendEmail. * Documentation on writing extensions for RT. Admin interface * Fix "Queue" and "QueueId" columns in admin Scrips listing to emulate their display in 4.0. * Additional ModifyDropdownLimit in SelectOwnerDropdown to allow sites to increase the previously-hardcoded limit of 50 users in the drop-down before it switched to autocompletion. * Correctly style warnings about Articles needing configuration. * Resolve regression in 4.2 in admin interface, where the current group and rights tab is not preserved across rights submission. * Show static content roots in System Configuration, alongside Mason content roots. * Catch and warn of template compilation errors, such as unbalanced braces. Database * Improve right-checking query plan (at least on PostgreSQL 9.3) by de-duplicating ACL equivalence objects, and using the RT::System's id. * Upgrade steps from RT 4.0 -> 4.2 now DROP IF EXISTS tables and sequences before attempting to create them, except on Oracle. This resolves the common case of testing an upgrade before re-importing a backup atop it for the final upgrade, leaving the new tables still in place. * Fix a regression in 4.2 which caused rt-server to hold extra database handles open. For FastCGI processes, this was one extra per FastCGI process; for standalone servers, only one overall. Callbacks * MassageDisplayHeaders callback in ShowTransactionAttachments is now passed $ShowHeaders. * Callbacks in EditTransactionCustomFields are now passed $InTable. * MassageCustomFields callback in EditCustomField is now correctly passed $CustomFields. * Correct a typo in the documentation for MakeClicky callbacks. Developer * Provide and use a GetCustomFieldInputName() function to programmatically determine form field names from custom field objects. * Resolve a bug when associating unknown users with single-user roles; this primarily only affects Assets. * Allow consumers of /Elements/SimpleSearch to provide the placeholder text. * Default Stage for Scrips to be TransactionCreate; primarily for initialdata, but affects all callers of RT::Scrip->AddToObject. * Adjust etc/upgrade/shrink_transactions_table.pl to avoid new deprecation warnings. * Fix precedence errors of "return ... or ..." found by perl 5.19. * Allow consumers of EditCustomField to specify undef $Rows or $Cols to omit the respective attributes during form element rendering. * Prevent warnings on perl 5.19 and above. * Allow members to be added to groups during group creation in initialdata. * Prevent race conditions in 99-policy.t by skipping t/tmp/ and other volatile directories. * Pass Ticket object to ShowAttachments on Ticket/Forward.html, to allow for greater extensibility by providing more context. From http://bestpractical.com/release-notes/rt/4.2.2 This release is primarily a bugfix release; of particular note is that it contains schema changes for MySQL. Though the changes are limited, it is especially important to take, and verify you can recover from, a database backup prior to upgrading. Also notable is that this release fixes a bug in 4.2.0 and 4.2.1 where failures of the HTML-to-text conversion would silently cause mail to fail to be sent. When using the rich text editor, RT will also now quote the the HTML parts of email, and not simply their text equivalents. Other changes include: Documentation * Wording fixes in Shredder * Clean up examples in Lifecycles documentation * Document additional indexes that increase performance of Shredder * Replace a suggested GnuPG option with one which is not deprecated * Note that errors reported from the GnuPG infrastructure may be caused by GnuPG not being configured, but having been automatically enabled. Database * Ensure that even disabled scrips get the same id-to-name change that other scrips got during the 4.0 -> 4.2 upgrade. * On MySQL, alter the character set of all columns used to store email addresses to UTF-8 * Ensure that invalid byte sequences that may have snuck into the database previously (on earlier versions on MySQL, for instance) are not blindly interpreted as UTF-8 when retrieved from the database. As a result, invalid bytes will be returned from the API as the four characters "\xHH", where HH is the hexadecimal encoding of the byte. * Ensure that all data containing non-ASCII is quoted-printable encoded for PostgreSQL, instead of merely all data not claiming to be "text/plain" * Additional warnings prevention on Oracle; tests now pass cleanly * Allow fully-automated database upgrades using --upgrade-from and --upgrade-to options to rt-setup-database * Clean out any remaining traces of RTFM that lingered in custom fields and custom field values that were disabled at the time of the previous upgrade step. * Bullet-proof a 3.8 -> 4.0 upgrade step for Scrips with no Condition Serializer/importer * Install rt-serializer and rt-importer into sbin/ * Ensure that incremental upgrade steps only run on incremental serializations, not all exports * Fix a runtime error in the incremental upgrade path to 4.2 * Ensure that inflated Users and Groups are created with the same id as their Principal * Disable in-memory record caching when serializing and importing to improve performance * Only search non-Disabled custom fields when looking up BasedOn in initialdata files * Set up logging properly; warnings are now displayed during serialization and importing Email * Don't die if HTML -> text conversion throws an error, which would silently prevent outgoing mail from being sent. Instead, fall back to just sending text/html with no text/plain * Replying to an HTML mail with the rich text editor will now quote the HTML part, not the equivalent text version. * Set a transfer encoding on outgoing dashboards; this resolves issues with long lines when using the Sendmail MTA. * Cope with mangled and overly-quoted recipient headers occasionally generated by Outlook. General user UI * Stop localizing custom field names, for consistency * Show a useful error on "show outgoing mail" if the user has no rights to see the page, rather than displaying an empty page. * Adjust UI to not block header on "show outgoing email" page * Hide the Take and Steal menu items if you already own the ticket, closing a regression in 4.2.0 and above. * Autocompletion custom fields now properly autocomplete when placed in custom field groupings * Improve rendering on Internet Explorer 6 * Fix cascaded custom fields on Internet Explorer 8 and below. * Fix third-level cascading custom fields, broken in 4.2.1 * Minor rendering bugs with Charts placed on homepages and dashboards * Whitelist "show outgoing email" and chart results from CSRF protection * RT 4.0.7 introduced a performance regression when building ticket searches that query Links; switch back to a much better-indexed query. * Fix "Clone ticket" functionality with Select-multiple custom fields. * Show the queue ID for the current queue in the ticket edit page, even if the user does not have SeeQueue; this prevents the user from accidentally changing the queue. * Respect custom field groupings on user preferences page Query Builder * Warnings avoidance for searches with more than 1000 results. * Allow IS NULL to search for dates which are unset * Properly quote CF names containing non-ASCII characters in query builder, broken since 4.2.0 * Add "UpdatedBy" TicketSQL limit Admin * Correct a package load order problem which prevented the web installer from working since 4.2.0 * Report the correct setting name in rt-validate-aliases * Fix real-time updating of Theme CSS on Internet Explorer 8 and below * Fix a minor display bug in the CF Admin pages, where the queue number instead of queue name would be displayed in requests shortly after server startup. * Add "Extra Info" as a possible field for "More About Requestor" REST * Allow searching for users, queues, and groups in REST * Prevent a server error when attempting to guess content-type in the REST interface. Development * Allow running tests with an explicit set of plugins enabled. * Custom Action and Condition packages (as supplied by extensions; these are not the text entry boxes in the UI) are now loaded at server startup time, to catch compile-time errors in such classes early as well as reducing RT's memory footprint on mod_perl. Previously, these errors would have logged errors only when their Scrip failed to fire. This restores the behavior found in RT 3.8, which was mistakenly removed in RT 4.0.0. * Additional callbacks, including in charts, and on ticket reply pages * Remove an unused Makefile target
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jun 19 16:38:26 2014 UTC (9 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.5: +8 -0
lines
Diff to previous 1.5 (colored)
regen (was empty)
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 17 11:10:40 2014 UTC (9 years, 3 months ago) by markd
Branch: MAIN
Changes since 1.4: +0 -7
lines
Diff to previous 1.4 (colored)
Fix PKG_SYSCONFDIR and VARDIR handling, similar to rt3 package. Fix installing of update scripts (find using the non portable "-not") Bump PKGREVISION. OK'ed by ryoon.
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jan 1 03:31:50 2014 UTC (9 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.3: +6 -5
lines
Diff to previous 1.3 (colored)
Update to 4.2.1
Changelog:
4.2.1:
This release is primarily a bugfix release; notable changes include:
Oracle:
* Resolve numerous issues with the 4.0 -> 4.2 upgrade steps on Oracle
* In-database sessions on Oracle are no longer truncated at 8k,
leading to spurious logouts
Internet Explorer:
* Fix submission issues under Internet Explorer
Rich text editor:
* If returning to a reply/correspond page with the back button, the
rich text editor will no longer double-escape previously written
content.
REST:
* Fix an empty 'text/plain' part when tickets are created using the
REST interface.
Other bugfixes:
* Optimize transaction display code to speed up long ticket displays
by short-circuiting transaction custom field checking.
* Supply a default $PATH for SMIME and GnuPG under FastCGI
* Support index upgrade steps on Pg when in a custom schema
* Close a memory leak in ColumnMap
* Fix "check all" checkboxes for new jQuery version
* Secondarily sort user ticket lists by id, as well as priority.
* Remove call to deprecated function used by PreviewScripMessages
* Many localization fixes (thanks to Emmanuel Lacour)
* Show customized rights in their correct tabs
* Ensure RFC2822 date format uses two-digit days in output
* Display iCal dates in the user's timezone, resolving off-by-one
errors for timezones significantly off from GMT.
* Correctly parse complex format strings for listing in the bottom of
the Query Builder
Callbacks:
* Move ModifyQueryProperties callback to before its values are used
* Additional callbacks on ticket modify pages
* Additional callbacks on ticket reply/comment page
* Additional callback on search results page
* Additional callback before transactions in history list
* Allow header callback to modify %ARGS
Features
* Allow bulk update to delete _all_ CF values for a given CF
* Support CF.Foo in columnmaps, in addition to CF.{Foo} and
__CF.{Foo}__
* Autocompletion CFs now autocomplete in search builder
* Support cascaded selects with any combination of listbox, dropdown,
and radio button
* Support ShowUnreadMessageNotifications in SelfService
4.2.0:
RT 4.2.0 -- 2013-10-03
----------------------
We're incredibly pleased to announce the availability of RT 4.2.0 - the
first release for the next major version of RT. This release adds
exciting new functionality, as well as streamlining and generalizing the
internals.
When upgrading, please be sure to review the upgrading documentation
available in docs/UPGRADING-4.2, as there are a number of
backward-incompatible changes that come along with the new version
number. Upgrading documentation is also available at
http://www.bestpractical.com/docs/rt/latest/UPGRADING-4.2.html
http://download.bestpractical.com/pub/rt/release/rt-4.2.0.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.2.0.tar.gz.asc
a24bd767263cdcee92bf52c6b06a1a573aa0a615 rt-4.2.0.tar.gz
0717fd7d928efaadba2228de855c014e6be735cb rt-4.2.0.tar.gz.asc
A partial list of the new features in RT 4.2.0 is included below, and on
http://bestpractical.com/rt/whats-new/ Many of the new features will also
be described and demoed in a series of blog posts on
http://blog.bestpractical.com/ in the coming weeks.
If you have questions as you upgrade, please don't hesitate to write to
rt-users@lists.bestpractical.com for community support. If you'd rather
have professional support from the folks who built RT, drop us a line at
contact@bestpractical.com.
- Alex Vandiver, for Best Practical
* Much improved reporting via search result charting
- Multiple group by and statistic calculations in a table
- Time statistics such as average, minimum, and maximum durations
between Created and Resolved, Created and Started, Started and
Resolved, and more.
- More robust layout of charts
* Increased performance for searches and ticket pages
- Faster searches on all databases (especially Pg)
- Ticket pages load quicker
- Menus load before the rest of the page is loaded
- History is loaded asynchronously
- Faster serving of static assets
* Scrips per queue
- Apply scrips globally or ad-hoc to individual queues, a la custom
fields
- Less duplication of scrips and/or need for empty templates
* Custom field groupings
- Display CFs in configurable groupings (boxes) on the ticket
display/edit pages
- Includes arbitrary grouping names as well as standard ticket
groupings (Basics, Dates, People, Links, etc.)
* User summary pages
- Display information about users such as tickets, history, groups,
etc.
- An extended "More about requestors" page for any user
- Easy to get to via links and user search
* HTML templates enabled by default for new installs, available for
upgrades too
* History improvements
- Rich text/HTML messages are preferred for display by default
- Images are inlined with text in ticket history display instead of
presented at bottom
- Clickable users, tickets, articles, and other items
* Many interface improvements, such as:
- Per-user preferences for the dashboards which appear in the Home
menu
- Floating page menu for quicker access to ticket actions, subpages,
etc.
- Autocomplete for ticket links, including when merging
- Autocomplete available to self service users
- Improved CF and links display in search results
- Sticky simple search for quick search refinements
- Attachments on reply can no longer be mixed up when replying to
multiple tickets at once
- ReassignTicket right to assign tickets without stealing first;
useful for managers
* S/MIME support integrated with GnuPG support
- Decrypt and verify incoming GPG and SMIME messages
- Send all outgoing messages as either GPG or SMIME
* Migration tools
- Migrate from one database type to another (MySQL, Pg, Oracle)
- Merge multiple RT instances together
* Thousands of bug fixes; nearly 2000 commits totalling more than
250,000 lines of code changed.
4.0.18:
This release is primarily a bugfix release; most notably, it addresses
compatibility issues with recent versions of the Encode perl module.
Notable changes include:
Email
* Cope with Encode version 2.33 and later, which altered their internal
functionality and caused RT to double-encode Subject lines in
outgoing email.
* Fix HTML rendering errors in dashboard emails.
* Fix overzealous quoting around decoded MIME words.
Administration
* In the rights UI, entering the name of a user or group which already
has rights will now correctly select them for rights granting, as if
their name had been selected.
* Display types in the "applies to" dropdown for custom fields in
consistent order
* Paginate the Queues list in the administrative interface into 50
results per page.
* Support for cascading selections with a multiple-select parent.
* Clarify that $ParseNewMessageForTicketCcs only applies to new, and
not existing, tickets.
* Clarify how an undefined $RTAddressRegexp is treated, and that it
does not come at any notable performance penalty.
Logging
* Fix verbosity of syslog messages; now only the 'debug' level includes
originating filename and line.
* Include process ID in log messages, for ease of isolation in a
multi-process environment.
* Log the From: address of incoming mail which triggered an error, for
ease of debugging.
Other Bugfixes
* Avoid linking trailing punctuation, or html tags, in URL anchors in
MakeClicky
* Fix the Quick Search (QueueSummary) portlet when non-lowercase statuses are used.
* Show Date and DateTime custom fields in the user's format and time
zone in search results.
* Allow rt-email-group-admin to be passed an email address that RT is
not already aware of.
* Show submitted content from the user on errors in REST submission,
for ease of re-editing and re-submission.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Aug 24 00:27:50 2013 UTC (10 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.2: +4 -4
lines
Diff to previous 1.2 (colored)
Update to 4.0.17
Changelog:
RT 4.0.17 -- 2013-08-02
-----------------------
This release fixes an important regression in the upgrade script
included in 4.0.14, 4.0.15, and 4.0.16. Attempting to upgrade from 3.x
would skip key upgrade steps. New installs, and sites upgrading from
within the 4.0.x series, are unaffected.
RT 4.0.16 -- 2013-07-29
-----------------------
This release fixes an important regression in the Shredder tool included
in 4.0.14 and 4.0.15. Attempting to run the Shredder tool from the
command line would fail with a compile-time error.
4.0.15 Release Notes
2013-07-25
This release fixes an important regression in the ugprade scripts
included in 4.0.14. If you attempted to upgrade from 3.8 with the RT
FAQ Manager tables (FM_*) in your database, one of the upgrade scripts
would error out.
4.0.14 Release Notes
2013-07-25
This release is primarily a bugfix release. It also contains automated
tests for security vulnerabilities announced on 2012-10-25.
Features
* Ticket watcher searches that involve a large number of ORs will now
use a much-improved SQL query, instead of the old many-join solution.
* Do a better job wrapping text before quoting it in a reply.
* Simple search now supports @example.com to search for tickets
requested by users with email addresses ending in @example.com.
* If our display parsing of an HTML attachment fails for known reasons,
a better error message is provided, directing admins to contact us with
a sample.
* Tickets created via the REST interface can provide attachments.
* Comments and Replies in the REST interface may include a Content-Type.
* RT's Quote recognition now triggers on > and ignores things like
!,|,#,% etc. This should resolve a number of false positives.
* RT is now compatible with perl 5.18.0.
Bugfixes
* Resolve several corner cases where RT's database handle can be
disconnected unexpectedly.
* When a TicketSQL query fails, report that failure to the user rather
than silently displaying an empty ticket list.
* Display and add attachments to tickets in alphabetical rather than
random order.
* Ensure that LifeCycle statuses are compared case-insensitively.
* Report Reminder creation/updates back to the user more consistently.
* Ensure that Reminders are created in the reminder_on_open LifeCycle
configuration.
* The Bookmarks portlet is no longer unlimited and obeys standard
homepage restrictions.
* Display non-ticket links in search result formats.
* RT::CurrentUser->Attributes now returns attributes for the relevant
User, resolves a bug noticed in RT-Extension-MergeUsers.
* Always filter empty OrderBy directives, which may come from old saved
search preferences.
* Uploaded attachments are now always marked Content-Disposition: attachment.
* Allow Custom Field Values to change case.
* The error message for Truncated Attachments is now marked text/plain
rather than plain/text.
* When bulk updating Tickets with Transaction Custom Fields, the
list of Transaction Custom Fields is based on the Queues of the
Tickets displayed, not the Queues of the Tickets updated in the
previous update.
Administration
* Clarify the cause of certain PostgreSQL full text indexing errors.
* Remove an error preventing logging of an actual error related to
problems storing sessions.
* Clean the lock files used for file based sessions more aggressively.
* SetOutgoingMailFrom will now accept an email address to be used
globally.
* OverrideOutgoingMailFrom now falls back to the global
CorrespondAddress if the Queue does not declare one.
* rt-setup-database now prints the DatabasePort when describing the
database it is modifying.
* rt-setup-database tries to detect when it is being run from an invalid
location or being given an invalid upgrade directory.
* rt-setup-database detects an upgrade running on Pg 9.2 and directs the
admin to install a newer DBD::Pg.
* rt-email-digest no longer prints output when sending digests unless
the --verbose flag is passed.
Developer
* CleanSlate on collections more thoroughly resets the collection.
* A new callback and better support for JS/CSS tweaking of our
Autocompleter display formats.
* New warning when an RT::URI::* resolver object cannot be created.
* Extensions may use rt-setup-database --action upgrade --package
extension to provide RT's friendlier upgrade infrastructure.
* Refactoring of TicketSQL parse to support TxnCF.{CFName} or
QueueCF.{CFName} in the future.
Documentation
* Correct the example backup `date` command in backups.pod
* MailCommand's testfile argument is now documented.
* Multiple cleanups to better support http://docs.bestpractical.com
* RT::Classes and RT::Principals now default to honoring the Disabled flag.
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jun 11 13:54:19 2013 UTC (10 years, 3 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.1: +4 -4
lines
Diff to previous 1.1 (colored)
Update to 4.0.13 Changelog: This release of RT resolves a number of security vulnerabilities: CVE-2012-4733 CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374
Revision 1.1 / (download) - annotate - [select for diffs], Sun Apr 21 13:59:34 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
Import rt4-4.0.11 as devel/rt4. RT is an industrial-grade ticketing system. It lets a group of people intelligently and efficiently manage requests submitted by a community of users. RT is used by systems administrators, customer support staffs, NOCs, developers and even marketing departments at over a thousand sites around the world. This packages tracks RT 4.x branch.