Changelog:
This release is a security release which addresses the following
vulnerabilities:
RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages. This vulnerability is assigned
CVE-2015-5475. It was discovered and reported by Marcin KopeÄ at Data Reliance
Shared Service Center.
RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface. This vulnerability could allow an attacker
with a carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.
78cfa9cc40