Changelog:
RT 4.2.10 -- 2015-02-26
-----------------------
RT 4.2.10 contains important security fixes, as well as minor bugfixes.
This release is primarily a security release; it addresses CVE-014-9472,
a denial-of-service via RT's email gateway, as well as CVE-2015-1165 and
CVE-2015-1464, which allow for information disclosure and session
hijacking via RT's RSS feeds.
As part of these security updates, RT's dependency on the Encode module
has been changed, to Encode 2.64. If upgrading, be sure to run
rt-test-dependencies to verify that your installed version of Encode
meets this requirement; if not, you will need to install a newer version
from CPAN.
This release is also a bugfix release; most notably, it addresses a bug
which causes RT to generate blank outgoing text/plain parts. This fix
requires installing the HTML::FormatExternal module, and having an
external tool (w3m, elinks, etc) installed on the server.
It also introduces indexed full-text searching for MySQL without the
need to recompile MySQL to use the external Sphinx tool; instead, a
MyISAM table is used for indexing. On MySQL 5.6 and above, an
additional InnoDB table can also be used.
The complete list of changes includes:
General user UI
* Speed up the default simple search on all FTS-enabled installs by not
OR'ing it with a Subject match. This returns equivalent results for
almost all tickets, and allows the database to make full use of the
FTS index.
* Pressing enter in user preference form fields no longer instead
resets the auth token (#19431)
* Pressing enter in ticket create and modify form fields now creates or
updates the ticket, instead being equivalent to "add more
attachments", or the "search" on People pages (#19431)
* Properly encode headers in forwarded emails that contain non-ASCII
text (#29753)
* Allow users to customize visibility of chart/table/TicketSQL in saved
charts
* Allow groups to be added as requestors on tickets
* Perform group searches case-insensitively on People page (#27835)
* Ticket create transactions for tickets created via the web UI now
contain mocked-up From, To, and Date headers; this causes them to
render more correctly when forwarded
* Update wording of error message for saved searches without a
description (#30435)
* Flush TSV download every 10 rows, for responsiveness
* Retain values in Quick Create on homepage if it fails (#19431)
* Limit the custom field value autocomplete to 10 values, like other
autocompletes (#30190)
* Fix a regression in 4.0.20/4.2.4 which caused some users to have
blank homepages (#30106)
* Fix styling on "unread messages" box on Ballard and Web2 themes
* Fix format of Date headers in RSS feeds (#29712)
* Adjust width of transaction date to accommodate all date formats
(#30176)
* Allow searching for tickets by queue lifecycle
Command-line
* Fix server name displayed at password prompt when RT is deployed at
a non-root path like /rt (#22708)
Admin
* If the optional HTML::FormatExternal module is installed, use w3m,
elinks, links, html2text, or lynx to format HTML to text. This
addresses problems with the pure-Perl HTML-to-text converted which
resulted in blank outgoing emails. (#30176)
* Add support for native (non-Sphinx) indexed full-text search on
MySQL. This uses the InnoDB fulltext engine on MySQL 5.6, and an
additional MyISAM table on prior versions of MySQL.
* Support MySQL database names with dashes in them (#7568)
* Properly escape quotes and backslashes in config options in web
installer (#29990)
* Increase length of template title form input
* Clarify wording on updating old Organization values by rt-validator
* Resolve a runtime error for SMIME without secret keys (#30436)
* Empty email addresses are no longer caught as being "an RT address"
if there exist queues without Correspond addresses set (#18380)
* Allow Parents/Children/Members/MemberOf in CreateTickets action
* Allow RT-Originator to be overridden in templates
* Ensure that HTML-encoded entities are indexed in FTS
* Fix uninitialized value warnings from charts grouped by date
* Remove no-op $CanonicalizeOnCreate configuration variable;
RT::User->CanonicalizeUserInfo is always called
* Make NotifyGroup action respect AlwaysNotifyActor argument
* Fix X-RT-Interface header on incoming email on existent tickets
* Warn on startup if queues have invalid lifecycles set (#28352)
Developer
* Add AfterHeaders callback to ShowMessageHeaders
* Update all upgrade steps to use .in files (#18856)
* Add policy tests to enforce the new upgrade step standards
* Remove +x bit from multiple non-executable files
* Make Obfuscate callback in configuration options be passed the
current user, as was documented
* Remove obsolete _CacheConfig parameters
* Preferentially use IN rather than multiple OR clauses
* Respect RowsPerPage for external custom field values
* Localize default statuses from RT_Config.pm, instead of hardcoding
* Add callbacks within Dates box after each type of Date
* Pass the CustomFieldObj down to CustomFieldValue objects intact, so
its ContextObj can be inspected; this is particularly useful for
external custom fields.
* Allow more than one right per @ACL in initialdata
* Don't hardcode share/html in tests, for non-default layouts
* Base detection of new themes on presence of main.css file, not
base.css file (#30554)
* Allow for relative "lib" in @INC when running tests
* Allow EditComponentName customfield callback to alter Rows/Cols
values
Serializer/importer
* Memory usage improvements in both serialization and import
* Templates, Scrips, and ObjectScrips now serialize correctly
when not cloning
Documentation
* Document how to enable un-indexed full-text-search, and its drawbacks
* Note that after restoring from backups, PostgreSQL may need to have
statistics updated
* New documentation on writing portlets
* Add an =pod directive so the first paragraph of UPGRADING is not
skipped
* Clarify when UPGRADING-x.y steps should be run
* Better document known bugs with Sphinx FTS
* Add missing semicolon on Shredder suggested indexes
## 1.2.1
- fix error for draft 76 when leftovers are empty
## 1.2.0
- Remove support for Ruby 1.8
- Add support for sending custom headers for Client
- Better detection and handling of draft 76
- Multiple small fixes and optimizations
pkgsrc change: Add pkg_alternatives support.
== 1.6.3 Protein Powder
* Add HTTP 422 status code [rajcybage]
* Add warning about EM reactor still running when stopping.
* Remove version number from "Server" HTTP header. [benbasson]
* Adding `--ssl-disable-verify` to allow disabling of client cert requests when SSL enabled [brucek]
* Ensure Tempfiles created by a large request are closed and deleted. [Tonkpils]
The TYPO3 Community announces the version 6.2.10 LTS of the TYPO3 Enterprise
Content Management System.
We announce the release of TYPO3 CMS 6.2.10 LTS, which is a regular
maintenance release that contains over 200 bug fixes and improvements.
For details about the release, please visit the following wiki page:
http://wiki.typo3.org/TYPO3_CMS_6.2.10
Performance Improvements
Additionally, a new extraordinary change in regard of performance was
included. The existing functionality for loading PHP classes was improved by
also including the autoloader functionality from the Composer project. This
is a backport from TYPO3 CMS 7.1 and will speed up requests for both
frontend pages and the TYPO3 Backend up to 20%, especially on sites with
non-cached frontend pages.
The backport to TYPO3 6.2.10 loads all PHP classes from the required system
extensions via a static class map based on the PSR-4 standard. All other PHP
classes are still loaded via the existing TYPO3-internal class loader.
For details about the integration and the functionality, see the
corresponding wiki page on http://wiki.typo3.org/ComposerClassLoader.
CHANGES IN V1.0.66
- cups-browsed: SECURITY FIX: Fixed a bug in the remove_bad_chars()
failing to reliably filter out illegal characters if there are two
or more subsequent illegal characters, allowing execution of
arbitrary commands with the rights of the "lp" user, using forged
print service announcements on DNS-SD servers (Bug #1265).
- pdftoopvp: Added conditionals to also build with Poppler 0.31.0
and newer. Thanks to Armin K. (krejzi at email dot com) for the
patch (Bug #1254).
2015/02/25
+ modify gauge widget to keep from erasing a second gauge widget, e.g.,
via the "--and-widget" option. This is a cosmetic change to match
behavior of dialog 1.0 (report by Jason Orendorf).
+ add configure option "--with-man2html"
+ add configure options for versioned symbols, from ongoing work on
ncurses.
+ update configure macros, e.g., for shared libraries
libmpdclient 2.10 (2015/02/23)
* support abstract sockets with "@" prefix
* support tag "MUSICBRAINZ_RELEASETRACKID"
* add TCP keepalive internal and external APIs
* support MPD protocol 0.19
- status: support sample formats "float" and "dsd"
- song: report duration with milliseconds precision
- search: support constraint "modified-since"
* support MPD protocol 0.20
- the "window" parameter for commands "find"/"search"
--------------
Version 1.50b:
--------------
- Fixed a flock() bug that would prevent dir reuse errors from kicking
in every now and then.
- Renamed references to ppvm (the project is now called recidivm).
- Fixed a typo or two.
- Made improvements to file descriptor handling.
NEW IN WAF 1.8.7
----------------
* Fixed the default libdir installation suffix on Redhat 64-bit systems #1536
* Fixed the Python 2.6 detection on Redhat systems #1538
* Enabled gccdeps to work with clang
* Fixed the detection of clang from the gcc tools
* Added orig_run_str to help subclasses (do not use Task.hcode)
* Fixed the detection of older clang compilers versions
* NEC compiler support
* Enabled batched_cc.py to work with msvc too
* Enabled unity.py to process c files
* Faster dependency calculation in c_dumbpreproc
* New stracedeps example (cfg blog entry)
* Added support for xz compression in waf and waf dist (Python 3.5)
12.3
----
* Documentation is now linked using the rst.linker package.
* Fix ``setuptools.command.easy_install.extract_wininst_cfg()``
with Python 2.6 and 2.7.
* Issue #354. Added documentation on building setuptools
documentation.
