, ,

Please Join Us For RT 4.4 Training in Chicago!

, ,

We’ve been hard at work on the next new major release of RT and it’s almost here! The first release candidate for RT 4.4 will be available in early November!

To celebrate the new release of RT, we’ll be holding our next RT training in Chicago, IL on December 14-15, 2015.

This training will introduce you to the new features in RT 4.4 as part of a comprehensive overview of RT. Whether you're an old hand at RT or a recent convert, you'll have a good understanding of all of RT's features and functionality by the end of the session.

We also can’t wait to tell you about what we’ve added for you in RT 4.4, including Assets, for tracking physical and digital resources. We’ll show you how to set up service-level agreements (SLA) which take your business hours and holidays into account. There’s a new builtin timer for tracking time worked on tickets. You can upload multiple files at once with a quick drag-and-drop, as well as reuse existing attachments on replies.

We’ll also show how RT 4.4 improves things behind the scenes for you. You can have your users authenticate against external services (LDAP). RT can now seamlessly store attachments outside of its database, putting them on the filesystem, uploading to Amazon S3, or in Dropbox. You can even serve them directly out of S3. You can create custom role groups and assign them to queues and tickets. These custom roles can have their own permissions and notifications and so are foundational for improving your automation. There are some major performance enhancements like gradual ticket history loading that will improve your team’s experience every day.

Agenda

The first day of training starts off with a tour of RT's web interface and continues with a detailed exploration and explanation of RT's functionality, aimed at non-programmer RT administrators. We'll walk through setting up a common helpdesk configuration, from rights management, constructing workflows and notifications, and the basics of Lifecycles.

The second day of training picks up with server-side RT administration and dives into what you need to safely customize and extend RT. We'll cover upgrading and deploying RT, database tuning, advanced Lifecycle configurations, writing tools with RT's API, building an extension, and demonstrate how to extensibly alter the web UI and internal
functions.

It goes without saying that you'll get the most out of training if you attend both days of the course, but we've designed the material so that you can step out after the first day with a dramatically improved understanding of how to use RT.

Attending

We do have a limit on how many people we can effectively teach, so please register as soon as you can to make sure you get a seat. If you can't make Chicago, please feel free to suggest a future location by dropping us a line at training@bestpractical.com!

For both days, the cost is USD $1,495. A single day is USD $995. Each class includes training materials, a continental breakfast, and snacks (lunch is not provided).

If you'd like to pay with Visa, MasterCard or Discover, please visit Best Practical's online store. Unfortunately we are unable to accept American Express or PayPal. If you'd prefer to pay with a purchase order, please email us at training@bestpractical.com. Be sure to include: if you want to attend both days or a single day and the full names and email addresses of attendees.

Finally, please contact us at training@bestpractical.com for discounted pricing if you are from an academic institution or if you'd like to send more than 3 people.

Share this post:

Security vulnerabilities in RT

We have discovered security vulnerabilities which affect both RT 4.0.x and RT 4.2.x.  We are releasing RT versions 4.0.24 and 4.2.12 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 4.0 and 4.2.
 
The vulnerabilities addressed by 4.0.24, 4.2.12, and the below patches include the following:
 
RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages.  This vulnerability is assigned CVE-2015-5475.  It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center.
 
RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface.  This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected.
 
Patches for all releases of 4.0.x and 4.2.x are available (signature). Versions of RT older than 4.0.0 are unsupported and do not receive security patches; please contact sales@bestpractical.com if you
need assistance with an older RT version.
  
The README in the tarball contains instructions for applying the patches.  If you need help resolving this issue locally, we will provide discounted pricing for single-incident support; please contact us at sales@bestpractical.com for more information.

Share this post:

,

RT 4.2.11 released

,

We have released RT version 4.2.11. This is a bugfix release; most notably, it improves indexing time for full-text search, as well as improving support for Apache 2.4 and MySQL 5.5. Interactive command-line tools (including upgrade tools) will now also default to displaying warnings to STDERR, to aid in awareness of potential errors.

See the release notes for a complete list.

Share this post:

We're hiring!

We are looking for a motivated, customer service oriented engineer to participate in all aspects of the software development cycles including requirements gathering, design, development, implementation, upgrades, maintenance and documentation. You will be responsible for ensuring that new or upgraded systems are fully deployed and functioning per the clients specification. You will also design and code new functionality or add new functionality to our products to add new features. Other responsibilities will include debugging issues and correcting defects reported by our users, testing new releases and updating code to address errors and overall performance. We work in a very dynamic and fast paced environment so you will need to be flexible to handle a consistent variety of things on a daily basis.

Qualifications

You should be a self-starter who has 3+ years experience with Perl, as well as some experience with at least a few of the following buzzwords:

  • Open source development practices
  • Distributed source control (git, branching, patches)
  • Test driven development (smoke testing, Test::More)
  • User interface design (HTML, CSS)
  • Documentation (user-facing, API)
  • Javascript (jQuery, AJAX)
  • SQL databases (MySQL, PostgreSQL, Oracle, SQLite)
  • Optimization, profiling and debugging
  • UNIX systems administration (web servers, mail servers)

It’s ok if you don’t know everything out of the gate but you should be able to learn on the fly and be comfortable asking questions before you get in over your head. Being vocal is a really important quality and being able to manage competing priorities with the help of your colleagues and project manager is key. RT is a large codebase to dive into, so you should be prepared to work with a project that’s too big to hold in your head all at once. If you want to see what you’ll be getting yourself into, you can find all of our open source code on github.

Location

You will be working from our office in Somerville, MA. The hours are somewhat flexible (East or West coast business hours), and we all telecommute some of the time...though we work from our office in the heart of Davis Square most days. While we do a fair amount of our collaboration in-person, you should also be comfortable using email and instant messaging to coordinate and get work done, as we have a few employees in other parts of the globe.

Compensation

DOE - This is a full-time salaried position, but the details are negotiable. We're a small, self funded company. The standard benefits apply, of course: health insurance, dental insurance, and junk food to make that dental insurance worthwhile.

How to apply

Send something approximating a cover letter, a resume in plain text, HTML or PDF, and a sample of some code you've written to resumes@bestpractical.com. If you're involved in open source development of one kind or another, please tell us about it. If you have a CPAN ID tell us what it is; we won't consider applications without some sort of code example to look at. We'll be paying particular attention to the readability, comments, and tests.

Share this post:

RT 4.2.10 released

We have released RT version 4.2.10 to resolve CVE-2014-9472, CVE-2015-1165, and CVE-2015-1464, along with a number of bugfixes; see the release notes for a complete list.

Share this post:

RT 4.0.23 released

We have released RT version 4.0.23 to resolve CVE-2014-9472, CVE-2015-1165, and CVE-2015-1464, along with a number of bugfixes; see the release notes for a complete list.

Share this post:

Security vulnerabilities in RT

We have discovered security vulnerabilities which affect both RT 4.0.xand RT 4.2.x. We are releasing RT versions 4.0.23 and 4.2.10 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 4.0 and 4.2.

The vulnerabilities addressed by 4.0.23, 4.2.10, and the below patches include the following:

RT 3.0.0 and above, if running on Perl 5.14.0 or higher, are vulnerable to a remote denial-of-service via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This denial-of-service may encompass both CPU and disk usage, depending on RT's logging configuration. This vulnerability is assigned CVE-2014-9472.

RT 3.8.8 and above are vulnerable to an information disclosure attack which may reveal RSS feeds URLs, and thus ticket data; this vulnerability is assigned CVE-2015-1165. RSS feed URLs can also be leveraged to perform session hijacking, allowing a user with the URL to log in as the user that created the feed; this vulnerability is assigned CVE-2015-1464.

We would like to thank Christian Loos for reporting CVE-2014-9472 and CVE-2015-1165; CVE-2015-1464 was found by internal review.

Patches for all releases of 4.0.x and 4.2.x are available (signature). Versions of RT older than 4.0.0 are unsupported and do not receive security patches; please contact sales@bestpractical.com if you need assistance with an older RT version.

The README in the tarball contains instructions for applying the patches. If you need help resolving this issue locally, we will provide discounted pricing for single-incident support; please contact us at sales@bestpractical.com for more information.

Share this post:

, ,

RT for Incident Response 3.2.0 Released

, ,

RTIR 3.2.0 is the first release of RTIR compatible with RT 4.2.

It is only compatible with RT 4.2.9 and later and will refuse to install on earlier versions of RT 4.2.

You should be sure to review both core RT's UPGRADING-4.2 as well as RTIR's UPGRADING-3.2 documentation and any other UPGRADING documentation which may be relevant to your old version.

You can find complete release notes and downloads on https://bestpractical.com/rtir/

Share this post: