Changes from 3.8.11 to 3.8.12:
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.
* Upgrade prototype.js to version 1.7, for compatibility with google
charts.
* Remove ie7.js, which is no longer used.
* Ensure that TransactionBatch scripts are only run once.
Changes from 3.8.10 to 3.8.11:
This release contains a number of bugfixes and minor security updates
since the 3.8.10 release, most notably:
* Adjust FCGI dependency to one which resolves FCGI's CVE-2011-2766
* New WebHttpOnlyCookies option, enabled by default, which hides RT's
cookie from direct Javascript access.
* Compatibility with perl 5.12 and 5.14, by removing deprecated "for
qw(...)" and "defined %hash" syntax.
* MySQL 5.5 compatibility, by specifying ENGINE=InnoDB rather than
TYPE=InnoDB
* Ensure that RT::Interface::Web's _Overlay, _Local, and _Vendor files
are loaded correctly.
* Fix session cleaner for on-disk sessions, broken since 3.8.0.
* Ensure that only one "Based on" attribute is stored for each custom
field.
* Fix the loading of Shredder plugins, broken in 3.8.10.
b7c15a9cf9