RT 4.0.1rc1 available for testing

We're happy to announce that RT 4.0.1rc1 is now available for testing.
If you had any problems with 4.0.0 or have been preparing for an upgrade, we'd appreciate your feedback as we prepare for the 4.0.1 release. 

http://download.bestpractical.com/pub/rt/devel/rt-4.0.1rc1.tar.gz
http://download.bestpractical.com/pub/rt/devel/rt-4.0.1rc1.tar.gz.sig

SHA1 sums
9cf2baab4db8bd085ed95e3f4f2ac0f296c1af65  rt-4.0.1rc1.tar.gz
ee050fe10819bee0f341db304c10182e5e470c0e  rt-4.0.1rc1.tar.gz.sig

This release contains a number of bugfixes identified since the 4.0.0 release as well as some changes that didn't make the 4.0.0 code freeze.

  • Fixes for MySQL+Sphinx and native PostgreSQL full text search and  improved documentation.
  • Javascript to forbid running RT in a frame, to prevent clickjacking  attacks.
  • Better detection and hinting of common web path misconfigurations.

You will also find a new tarball, rt-4.0.1rc1-third-party-source.tar.gz
This contains the uncompiled source of any code that we ship (such as the minified source of jQuery).

A complete changelog is available from git by running 
git log rt-4.0.0..rt-4.0.1rc1 
on the 4.0.1-releng branch.  You can read more about how to get a clone of our git repo and branch it in the new docs/hacking.pod

 

Share this post:

What's New in 4: Editing rights just got easier

Screenshot: global group rights editor

We completely revamped the user and group rights editor for RT 4. The new editor features a number of usability improvements:

  • Only the users or user-defined groups with rights granted to them are shown. This means you don't see every privileged user in the system when you just want to change rights for one. It also makes the editing rights much faster for systems with large numbers of users or groups.
  • Each right has a description which helps you find the one you actually want. If you're used to the short right names like us, you can click on those too.
  • Rather than a tiny select box or one long list, the rights are now grouped into logical tabs based on the most common type of user you might grant them to. The tabs are just suggestions though, and there are bound to be times when you want, for example, Requestors to have a right normally reserved for your staff.
  • Any subgroups of a group are shown next to the group name when you're editing rights. This quickly shows who else will inherit the rights you add or remove.

Adding rights to a user or group

If the group already has rights granted to it, simply click on the group name, click the rights you want to add, and Save Changes.

If the group doesn't have existing rights, begin typing its name into the Add Group field, and a list of autocompleted options will pop up. Choose the group you're looking for and then click on the rights you want to add, saving changes when you're done.

Removing all rights from a user or group

Uncheck every right from the user/group and click Save Changes. You should see a number of Right Revoked status messages (one for each right previously granted), and the user/group shouldn't appear in the left hand list. If they still appear, then you likely missed a right and should check again.

Share this post:

What's New in 4: Autocompletion of requestors, owners, and more

In the past, RT's requestor, Cc, and other user fields were just plaintext boxes that accepted email addresses or usernames. It was easy to typo an address or misspell a username and end up with not quite the ticket you wanted. Often making matters worse, the Owner field was limited to a dropdown. This worked fine for sites with a small number of possible owners, but it fell down quickly with more than a few dozen potential owners.

RT 4 solves the problems above by introducing built-in autocompletion for requestors, owners, Ccs, and AdminCcs. Out of the box, requestors and the other user fields now autocomplete as you type. The owner list remains a dropdown by default, but you can easily enable owner autocompletion by changing your preferences. You may prefer to enable it site-wide by adding Set($AutocompleteOwners, 1); to your RT_SiteConfig.pm file.

Screenshot: autocomplete for ticket create

Where do I see user autocomplete in action?

An autocompletion box should pop up for any field that accepts a username or email address. This includes the ticket create, update, jumbo, and people pages. Adding a requestor to a ticket is now much quicker, for example. Just go to the People page and start typing the email address, username, or real name of the new requestor in the input box under Add New Watchers. Select the user from the autocomplete, change Type to Requestor and click Save Changes. The old style find people form still works as usual, of course.

Screenshot: autocomplete for the ticket people page

The user administration page in RT 4 sports a "Go to user" input box at the top that autocompletes against all the users in the system. If you have a long list of privileged users, or you're looking for an unprivileged one, it's now a breeze to jump to their record.

Screenshot: autocomplete for user admin page

Customizing for your organization

Out of the box, user autocomplete matches against the beginning of email addresses, usernames, and any part of real names. This should suit most organizations well, but don't fear if it doesn't work for yours, there's an easy way to change it!

Perhaps there are a lot of people named Joe in your company and you want to match on RT's nickname field as well. Adding this bit to your RT_SiteConfig.pm would do the trick:

# See more valid options here by running: perldoc /opt/rt4/etc/RT_Config.pm Set($UserAutocompleteFields, { # Keep the defaults EmailAddress => 'STARTSWITH', Name => 'STARTSWITH', RealName => 'LIKE', # Add the NickName field -- too many Joes! NickName => 'LIKE', });

Or perhaps a help desk wants to pick users by phone number when adding requestors.

Set($UserAutocompleteFields, { # Keep the defaults EmailAddress => 'STARTSWITH', Name => 'STARTSWITH', RealName => 'LIKE', # Useful for fielding support phone calls WorkPhone => 'STARTSWITH', });

With that in place, your staff will be able to add requestors by phone number in RT.

Share this post:

What's New in 4: New custom field types and display options

Out of the box, RT supports many custom field types. Beyond the simple "type in a value" and "select a value from this list", RT's custom fields can be images, wikitext, multiple attachments, and more. This variety in custom field types goes a long way towards helping organizations achieve the exact workflow they need.

In RT 4.0, we add two new types to this list: Date/DateTime and IP Address custom fields. We also add new display types for select-value custom fields: dropdown, radio list, and checklist.

Date and DateTime custom fields

RT has several DateTime fields built into its core, including Due, Starts, Resolved, etc.

When you edit such DateTime fields, RT pops up a calendar and a time selector so you can quickly click a date and time instead of typing them. But if you do type in a value, we're smart about parsing people-friendly date formats. Type in "next Monday" and we'll convert that into RT's timestamp format for you. RT's search engine also has logic for dates so that you can search for them in a natural way. If you use the search builder to construct a Resolved = '2011-03-21' (or Resolved = 'yesterday') clause, we rewrite that internally to (Resolved >= '2011-03-21 00:00:00' AND Resolved <= '2011-03-21 23:59:59') since that's the logic you want. Finally, users can configure the format that RT displays DateTime fields to them. While I personally like 2011-03-21 20:00:35, someone else may want Mon, 21 Mar 2011 20:00:35 GMT.

Screenshot: search for a datetime

In RT 4.0, your business-specific custom fields can enjoy these features too! For example, you can use a DateTime custom field to track when your customer's package left your warehouse, then later search for tickets within a particular shipment window. Many sites are using the "type in a value" custom field type for dates. When you upgrade to RT 4.0, you'll be able to upgrade those custom fields to get better (and consistent) searching, entry, and display. When someone types "next Monday" into a DateTime custom field, you'll actually be able to find that ticket again.

Screenshot: datetime search results

RT 4.0 also adds date-only custom fields, for when you don't need to-the-second granularity. You still get all the benefits of a consistent format, user-specific display preferences, and intelligent searching and input.

IP Address custom fields

RT for Incident Response, our computer security response system built on RT, has had support for IP address custom fields since its inception. We want to share that bit of RTIR with the greater RT community, so we've factored IP address custom fields into the core.

RT's IP address custom fields include support for IPv4 and IPv6, as well as IP address ranges (in CIDR format or simply 192.168.1.0-192.168.1.255). You can search for tickets with IP addresses in a particular range, using either the CIDR format or the regular range format.

We also validate what you type into IP address custom fields are actually possible IP addresses.

Display types

RT has always used a listbox widget for editing select-one and select-many custom fields. With RT 4.0, we've added an oft-requested feature: dropdown and radio lists for select-one custom fields, and checkboxes for select-many custom fields.

Dropdown custom fields are compact and are consistent with the rest of the select-one fields in RT. Dropdowns also have great support from many mobile web browsers.

Screenshot: dropdown custom field

Radio lists let you see every option at once. It takes only a single click to select a value.

Screenshot: radio list custom field

Whether you use a dropdown or radio button list is up to you; it probably depends on how many values the custom field can have. If there are a lot of values, a radio list is unwieldy.

Select many custom fields also have a new display type: checkboxes.

Screenshot: checkbox list custom field

Share this post:

What's New in 4: Integrated mobile interface

A few months ago, we wrote RT::Extension::MobileUI to give RT a mobile interface. We liked it so much that we quickly integrated it into RT 4.0, fixing some bugs along the way.

Screenshot: mobile UI on iPhone
Screenshot: mobile UI on Android

If you've already installed the extension, you should disable and uninstall it before upgrading to RT 4.0. When you do upgrade to 4.0, it'll already be there ready for you.

For more information, see our original blog post about the mobile UI.

Share this post:

RT-Authen-ExternalAuth 0.09 Released

We've released version 0.09 of RT-Authen-ExternalAuth. This is primarily a bugfix release. It ensures compatibility with all of the changes made in 3.8.10 and 4.0.0. If you've been having difficulty deploying RT-Authen-ExternalAuth or have been delaying an upgrade, please give it a test.

The extension is available from CPAN: http://search.cpan.org/dist/RT-Authen-ExternalAuth/

Share this post:

What's New in 4: Brand RT with your own custom theme

When your customers, clients, or the general public use your RT, brandingit to match the rest of your web sites can be important. RT 4 makes it easier than ever to rebrand RT to suit your needs. You can upload your own logo, set page colors from your logo or a color wheel, and customize CSS on the fly.

Navigate to Configuration → Tools → Theme as a superuser (such as root) and you'll see:

Screenshot: Branding and theme editor, defaults

From here you can upload a logo and pick colors for the various page sections. RT will automatically pick out the six most frequent primary colors from your logo and offer them as options next to the color wheel. In less than a minute, you can upload a logo and set a few colors:

Screenshot: RT, with a Hiveminder logo and colors

After trying out your color scheme, be sure to click Save to make it stick. If you ever want to wipe the slate clean, just use one (or both!) of the "Reset to default" buttons.

Going further

The theme editor lets you do a bit more if you know your way around CSS or have a web designer who does. By writing your own styles in the Custom CSS box, you can quickly customize the RT look and feel pretty extensively:

Screenshot: RT as Hiveminder

After making CSS changes click Try to see how they look, and when you're done be sure to Save.

We hope the new theme editor lets you integrate RT even better into the rest of your services.

Share this post:

What's New in 4: An overview

Over the coming weeks, we'll be highlighting some of the most excitingnew features in RT4 in a series of blog posts. You can find a list of what we have planned at the end of this post.

To kick it off, let's look at the first change you'll see when you start up RT 4, the new default Aileron theme:

Screenshot: RT at a glance homepage

Aileron uses less screen space and lets RT take up the whole width of your browser. You'll find RT's menus at the top of the page. The extra space for ticket results and dashboards make RT a lot easier to use on smaller screens. The new menus are more compact, but let you dig deeper into RT before than before with many fewer clicks and page loads. You can now find your dashboards in the Home menu from any page with just a single click.

When you need to add or update users, groups, queues, or just about anything else, it's a lot easier to get exactly where you want to go the first time:

Screenshot: Flyout menus

Menus aren't the only bit of UI we've improved. The ticket create and update pages now sport a a nifty new two column layout that puts content front and center. Metadata like owner, status, update type and custom fields appear to the right.

To make it easier to notice whether you're writing back to a requestor, the message box itself turns light red for replies and stays white for private comments. We found that made it a lot easier to catch cases when we meant to send something to customers but instead added a private comment. It even helped us catch a couple cases where we almost sent private comments to customers.

Screenshot: Ticket update page

If the browser window is too narrow, the two columns will automatically collapse to one. If you'd rather always use the one-column layout, there's a new preference you can set to have RT keep them that way no matter how wide your browser is.

Stay tuned! There's much more to come.

We're highlighting some of our favorite new features of RT 4 in a series of blog posts over the next few weeks titled What's New in 4. Each post will focus on a new feature, showing you where to find it, how to use it and how to configure it. The following posts are currently on deck; We're hoping to push out two or three of them per week.

If you want to keep up to date with what's new in RT, subscribe to the feed in your favorite feed reader.

Share this post:

RT 4.0.0 Released

Today we're releasing RT 4.0.0. This release represents over a yearof hard work and more than 2000 commits. With a new major version number, we took this opportunity to tidy up some of the older bits of RT and allow us to grow features through the RT 4 series. We hope you'll find it a worthy successor to RT 3.

Many, but not all, of our new features are the result of work done for clients. Enhanced full-text search, the integration of RTFM as Articles, refreshed ticket create and update pages, better control of ticket notifications, Lifecycles, and quote-folding of emails in ticket display all began life as extensions we built for clients.

We've also heard your requests in the form of feature requests, bug reports and patches and they've driven our new theme for RT 4, a new logo and theme editor, new custom field types and display options, the mobile UI and reorganized and revised documentation. As a result of your feedback, we also fixed hundreds of bugs and improved performance.

With so many changes by 16 authors over the course of a year, it would be hard to summarize everything we added, fixed or improved. Over the next few weeks, we'll be posting a series of articles on what's new in RT 4.0 to this blog. A list of new features in RT 4.0 is also available at bestpractical.com/rt/whats-new-in-4.html.

If you'd like to explore all of the changes we've made in the run up to 4.0.0, visit github.com/bestpractical/rt/.

Download

download.bestpractical.com/pub/rt/release/rt-4.0.0.tar.gz
download.bestpractical.com/pub/rt/release/rt-4.0.0.tar.gz.sig

SHA1 Sums

b2cf8d2ceb8bf97e5eeb08cb7d05760ca148df9f  rt-4.0.0.tar.gz
5a6b04bf9bb6437b74138bc6ad7eabae39d36e6d  rt-4.0.0.tar.gz.sig

We've done our best to ensure that upgrading from RT 3 to RT 4.0 will be as smooth as possible for you. If you have questions as you upgrade, please don't hesitate to write to rt-users@lists.bestpractical.com for community support. If you'd rather have professional support from the folks who built RT, drop us a line at sales@bestpractical.com.

We've talked our sales team into including free basic upgrades from RT 3 to RT 4 if you sign up for a new RT 4 support contract within the next two months. The new RT 4 support contracts are less expensive and come with lots of great new features.

Share this post:

Security vulnerabilities in RT

In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT.We are releasing versions 3.6.11, 3.8.10, and 4.0.0rc8 to resolve these vulnerabilities, as well as patches which apply atop 3.6.10 and all versions of RT 3.8.

Share this post: