RTIR 3.0.4 is a bug fix release for the RTIR 3.0 series and is now available.
If you've been waiting to upgrade to RTIR 3.2.0, please consider testing RTIR 3.2.0rc5 and sending feedback to the mailing list or bugtracker.
RT 4.2.9 Released
RT 4.2.9 has been released.
RT for Incident Response 3.0.3 Released
RTIR 3.0.3 contains a number of bugfixes from 3.0.2.
RT for Incident Response 3.2.0 Release Candidate available
We released our first release candidate for RTIR 3.2.0rc1 earlier this week.
You can read the release notes or download a tarball.
RT 4.2.8 released
We have released RT version 4.2.8 to resolve CVE-2014-7227, along with a small number of bugfixes; see the release notes for a complete list.
Security vulnerability in RT 4.2.x - CVE-2014-7227
We have discovered a security vulnerability in RT 4.2.x, detailed below.We are releasing RT version 4.2.8 to resolve this vulnerability, as well as patches which apply atop all released versions of 4.2.
RT 4.2.0 and above may be vulnerable to arbitrary execution of code by way of CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, or CVE-2014-6271 -- collectively known as "Shellshock." This vulnerability requires a privileged user with access to an RT instance running with SMIME integration enabled; it applies to both mod_perl and fastcgi deployments. If you have already taken upgrades to bash to resolve "Shellshock," you are protected from this vulnerability in RT, and there is no need to apply this patch. This vulnerability has been assigned CVE-2014-7227.
As there is no SMIME integration available for RT 4.0, it is not vulnerable to this attack. The RT-Crypt-SMIME extension for RT 3.6.0, while also vulnerable, is no longer supported.
Patches for all releases of 4.2.x are available (signature). Versions of RT older than 4.0.0 are unsupported and do not receive security patches; please contact sales@bestpractical.com if you need assistance with an older RT version.
The README in the tarball contains instructions for applying the patches. If you need help resolving this issue locally, we will provide discounted pricing for single-incident support; please contact us at sales@bestpractical.com for more information.
There are still spots in our upcoming RT training in Los Angeles!
This is just a reminder that Best Practical's next Request Tracker training is taking place on November 4-5 in Los Angeles, CA. This will be our last public session of 2014! This training will introduce you to the new features in RT 4.2 as part of a comprehensive overview of RT. Whether you've been using Request Tracker for years or are a recent convert, you'll have a good understanding of all of RT's features and functionality by the end of the session.
For both days, it is USD $1,495 for one person. This includes training materials, continental style breakfast, and snacks. You can register by heading over to our shop to pay via credit card (Amex not accepted, unfortunately.) You can also drop us a note at training@bestpractical.com if you'd rather we send an invoice. Finally, if you're from an academic institution, or would like to send more than 3 people, let us know so we can give you a bit of a discount. Please feel free to write in with any questions you have!
RT 4.0.22 and 4.2.7
We are pleased to announce that RT 4.0.22 and RT 4.2.7 have just been released. They are primarily a bugfix releases; most notably, they rework UTF8 data handling to work with versions of DBD::Pg 3.3.0 and above. On PostgreSQL, this requires a newer version of DBIx::SearchBuilder. A complete list of changes is available from the release notes.
Announcing our Q4 Request Tracker Training: Los Angeles, California
Great news! Our Q4 RT training session will be held in Los Angeles, CA on November 4-5, 2014! We do have a limit on how many people we can effectively teach, so please register as soon as you can to make sure you get a seat. If you can't make LA, please feel free to suggest a future location by dropping us a line at training@bestpractical.com! Also, we still have a few spots in our upcoming Boston training! If you haven't registered yet but want to attend, now is the time!
This training will introduce you to the new features in RT 4.2 as part of a comprehensive overview of RT. Whether you're an old hand at RT or a recent convert, you'll have a good understanding of all of RT's features and functionality by the end of the session.
The first day starts off with a tour of RT's web interface and continues with a detailed exploration and explanation of RT's functionality, aimed at non-programmer RT administrators. We'll walk through setting up a common helpdesk configuration, from rights management, constructing workflows and notifications, and the basics of Lifecycles.
The second day of training picks up with server-side RT administration and dives into what you need to safely customize and extend RT. We'll cover upgrading and deploying RT, database tuning, advanced Lifecycle configurations, writing tools with RT's API, building an extension, and demonstrate how to extensibly alter the web UI and internal functions.
It goes without saying that you'll get the most out of training if you attend both days of the course, but we've designed the material so that you can step out after the first day with a dramatically improved understanding of how to use RT.
For both days, the cost is USD $1,495. A single day is USD $995. Each class includes training materials, a continental breakfast, and snacks (lunch is not provided).
If you'd like to pay with Visa, MasterCard or Discover, please visit Best Practical's online store. Unfortunately we are unable to accept American Express or PayPal. If you'd prefer to pay with a purchase order, please email us at training@bestpractical.com. Be sure to include: if you want to attend both days or a single day and the full names and email addresses of attendees.
Finally, please contact us at training@bestpractical.com for discounted pricing if you are from an academic institution or if you'd like to send more than 3 people.
Don't forget! Best Practical is hosting an RT training in our hometown!
There are still spots left in our Boston training, taking place September 9-10! This training will introduce you to the new features in Request Tracker 4.2 as part of a comprehensive overview of RT. Whether you're an old hand at RT or a recent convert, you'll have a good understanding of all of RT's features and functionality by the end of the session.
The first day starts off with a tour of RT's web interface and continues with a detailed exploration and explanation of RT's functionality, aimed at non-programmer RT administrators. We'll walk through setting up a common helpdesk configuration, from rights management, constructing workflows and notifications, and the basics of Lifecycles.
The second day of training picks up with server-side RT administration and dives into what you need to safely customize and extend RT. We'll cover upgrading and deploying RT, database tuning, advanced Lifecycle configurations, writing tools with RT's API, building an extension, and demonstrate how to extensibly alter the web UI and internal functions.
Your registration fee of $1,495 includes class materials, continental breakfast, and snacks both days. You can register by visiting shop.bestpractical.com or emailing us at Training@bestpractical.com. If you are from an educational institution or want to send more than 3 people, please drop us a note at Training@bestpractical.com as you are eligible for a discount.
Hope to see you there!