We released our first release candidate for RTIR 3.2.0rc1 earlier this week.
You can read the release notes or download a tarball.
RT 4.2.8 released
We have released RT version 4.2.8 to resolve CVE-2014-7227, along with a small number of bugfixes; see the release notes for a complete list.
Security vulnerability in RT 4.2.x - CVE-2014-7227
We have discovered a security vulnerability in RT 4.2.x, detailed below.We are releasing RT version 4.2.8 to resolve this vulnerability, as well as patches which apply atop all released versions of 4.2.
RT 4.2.0 and above may be vulnerable to arbitrary execution of code by way of CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, or CVE-2014-6271 -- collectively known as "Shellshock." This vulnerability requires a privileged user with access to an RT instance running with SMIME integration enabled; it applies to both mod_perl and fastcgi deployments. If you have already taken upgrades to bash to resolve "Shellshock," you are protected from this vulnerability in RT, and there is no need to apply this patch. This vulnerability has been assigned CVE-2014-7227.
As there is no SMIME integration available for RT 4.0, it is not vulnerable to this attack. The RT-Crypt-SMIME extension for RT 3.6.0, while also vulnerable, is no longer supported.
Patches for all releases of 4.2.x are available (signature). Versions of RT older than 4.0.0 are unsupported and do not receive security patches; please contact sales@bestpractical.com if you need assistance with an older RT version.
The README in the tarball contains instructions for applying the patches. If you need help resolving this issue locally, we will provide discounted pricing for single-incident support; please contact us at sales@bestpractical.com for more information.
RT 4.0.22 and 4.2.7
We are pleased to announce that RT 4.0.22 and RT 4.2.7 have just been released. They are primarily a bugfix releases; most notably, they rework UTF8 data handling to work with versions of DBD::Pg 3.3.0 and above. On PostgreSQL, this requires a newer version of DBIx::SearchBuilder. A complete list of changes is available from the release notes.
Announcing our Q4 Request Tracker Training: Los Angeles, California
Great news! Our Q4 RT training session will be held in Los Angeles, CA on November 4-5, 2014! We do have a limit on how many people we can effectively teach, so please register as soon as you can to make sure you get a seat. If you can't make LA, please feel free to suggest a future location by dropping us a line at training@bestpractical.com! Also, we still have a few spots in our upcoming Boston training! If you haven't registered yet but want to attend, now is the time!
This training will introduce you to the new features in RT 4.2 as part of a comprehensive overview of RT. Whether you're an old hand at RT or a recent convert, you'll have a good understanding of all of RT's features and functionality by the end of the session.
The first day starts off with a tour of RT's web interface and continues with a detailed exploration and explanation of RT's functionality, aimed at non-programmer RT administrators. We'll walk through setting up a common helpdesk configuration, from rights management, constructing workflows and notifications, and the basics of Lifecycles.
The second day of training picks up with server-side RT administration and dives into what you need to safely customize and extend RT. We'll cover upgrading and deploying RT, database tuning, advanced Lifecycle configurations, writing tools with RT's API, building an extension, and demonstrate how to extensibly alter the web UI and internal functions.
It goes without saying that you'll get the most out of training if you attend both days of the course, but we've designed the material so that you can step out after the first day with a dramatically improved understanding of how to use RT.
For both days, the cost is USD $1,495. A single day is USD $995. Each class includes training materials, a continental breakfast, and snacks (lunch is not provided).
If you'd like to pay with Visa, MasterCard or Discover, please visit Best Practical's online store. Unfortunately we are unable to accept American Express or PayPal. If you'd prefer to pay with a purchase order, please email us at training@bestpractical.com. Be sure to include: if you want to attend both days or a single day and the full names and email addresses of attendees.
Finally, please contact us at training@bestpractical.com for discounted pricing if you are from an academic institution or if you'd like to send more than 3 people.
RT 4.2.5 released
We are pleased to announce that RT 4.2.5 has just been released. Is is primarily a bugfix releases; most notably, it explicitly updates a dependency to fix a previously-announced security vulnerability, resolves two serious bugs in the serializer, and fixes the "paste" feature in the Rich Text editor. A complete list of changes is available from the release notes.
RTIR 3.0.2, and RT 4.0.20 and 4.2.4 released
We are pleased to announce that RT 4.2.4 and RT 4.0.20 have just been released. Both are primarily bugfix releases; a complete list of changes is available from the release notes (for 4.2.4 and for 4.0.20)
Simultaneously, we have also released RTIR 3.0.2; the release notes are available here.
Local date header extension
We're testing a possible enhancement to core RT with anew extension that modifies the Date: display in RT's ticket history.
We've seen that some mail servers (particularly some versions of Microsoft Exchange) are now sending all emails with timestamps in UTC. This can be very confusing for users since RT will display that an email was received in the user's timezone, but then display an email Date header many hours "off" from the user's view. This has always been true when someone from New York sent email to an RT used by a user in Los Angeles, but the forced shift to UTC makes this even more noticeable.
Here is a standard RT display of such an email.
That same email with the extension enabled:
If you've noticed this display issue in your RT, give the RT::Extension::LocalDateHeader extension a try on your RT installation.
Bugs can be reported to bug-RT-Extension-LocalDateHeader [at] rt.cpan.org and we take pull requests at github.
Reminder: Request Tracker Training is coming to Dallas, TX!
Just a reminder that Best Practical's next RT training is taking place on May 20-21 in Dallas, TX. This training will introduce you to the new features in RT 4.2 as part of a comprehensive overview of RT. Whether you've been using Request Tracker for years or are a recent convert, you'll have a good understanding of all of RT's features and functionality by the end of the session.
For both days, it is USD $1,495 for one person. This includes training materials, continental style breakfast, and snacks. You can register by heading over to our shop to pay via credit card (Amex not accepted, unfortunately.) You can also drop us a note at training@bestpractical.com if you'd rather we send an invoice. Finally, if you're from an academic institution, or would like to send more than 3 people, let us know so we can give you a bit of a discount. We're always happy to answer any questions, so please don't be shy.
RT 3.8 reaches End-of-Life
As previously announced, the 3.8 series of RT has now reachedend-of-life, and is no longer supported by Best Practical. This also ends support for RTFM, as well as RTIR 2.4 and 2.6, as those products depended on RT 3.8.
Best Practical continues to support the RT 4.0 (maintenance) series, as well as RT 4.2 (stable). RTFM was integrated into RT 4.0 as Articles, and is thus forward-compatible. RTIR 3.0 is available for RT 4.0, and we expect release candidates for RTIR 3.2 (compatible with RT 4.2) to be available shortly.
If you are currently still running RT 3.8 (or earlier!) and would like help with your upgrade, you can get in touch with us at sales@bestpractical.com for professional assistance.