From jesse at bestpractical.com Fri May 2 10:10:12 2003 From: jesse at bestpractical.com (Jesse Vincent) Date: Sun Apr 11 16:02:37 2004 Subject: [rt-announce] RT2 to RT3 1.11 Message-ID: <20030502141012.GQ28117@fsck.com> This version fixes a username encoding issue that could halt imports and a problem with the directory counter that could put tickets in the wrong place in the import directory. -- http://www.bestpractical.com/rt -- Trouble Ticketing. Free. From jesse at bestpractical.com Wed May 7 09:28:06 2003 From: jesse at bestpractical.com (Jesse Vincent) Date: Sun Apr 11 16:02:37 2004 Subject: [rt-announce] RT 3.0.2pre6 Message-ID: <20030507132806.GQ28117@fsck.com> RT 3.0.2pre6 includes fixes to the email canonicalization system, to some chunks of the internationalization system, processing of [rt #] tags and to one particularly heavy SQL statement. It's available from http://fsck.com/pub/rt/devel/ I'd very much like to hear feedback on this release relative to pre4 and pre5. -j Project "rt.3", Branch 0 Page 1 Change Log Wed May 7 09:18:46 2003 rt.3.D000, C0, jesse, Thu Mar 13 20:43:23 2003, RT: Request Tracker, branch 3.0. RT: Request Tracker, branch 3.0. Change Delta Brief Description 76 49 [#2437] CanonicalizeEmailAddress fixes; [# 2449] html fixes for right editing; [# 2457] email addresses weren't always being canonicalized 77 50 Fixing bogus anchor tags 78 51 More performance work on WhoHaveRight; removing an extra join 79 52 Cleaning up RT tag processing 80 53 Importing utf8 fixes, _Vendor overlay support from ourinternet 81 54 Bumping the version to 3.0.2pre6 rt.3.0.D054, C81, jesse, Wed May 7 09:18:28 2003, Bumping the version to 3.0.2pre6 From: Jesse Vincent Date: Wed May 7 15:16:55 2003 Warning: the original change was in the 'being_developed' state none rt.3.0.D053, C80, jesse, Wed May 7 09:02:24 2003, Importing utf8 fixes, _ Vendor overlay support from ourinternet From: Jesse Vincent Date: Wed May 7 14:52:58 2003 none rt.3.0.D052, C79, jesse, Wed May 7 07:05:14 2003, Cleaning up RT tag processing From: Jesse Vincent Date: Wed May 7 13:04:17 2003 none rt.3.0.D051, C78, jesse, Wed May 7 07:03:27 2003, More performance work on WhoHaveRight; removing an extra join From: Jesse Vincent Date: Wed May 7 13:00:43 2003 none rt.3.0.D050, C77, jesse, Fri May 2 11:23:23 2003, Fixing bogus anchor tags From: Jesse Vincent Date: Fri May 2 17:19:54 2003 none rt.3.0.D049, C76, jesse, Fri May 2 10:26:30 2003, [#2437] CanonicalizeEmailAddress fixes; [# 2449] html fixes for right editing; [# 2457] email addresses weren't always being canonicalized From: Jesse Vincent Date: Fri May 2 16:24:40 2003 none -- http://www.bestpractical.com/rt -- Trouble Ticketing. Free. From jesse at bestpractical.com Wed May 7 09:45:57 2003 From: jesse at bestpractical.com (Jesse Vincent) Date: Sun Apr 11 16:02:37 2004 Subject: [rt-announce] RT2 to RT 3 1.12 Message-ID: <20030507134557.GR28117@fsck.com> Thanks to a patch from Gary Oberbrunner, the rt2 import tool should now handle global custom field import correctly. Version 1.12 is available at: http://fsck.com/pub/rt/devel/rt2-to-rt3-v1.12.tar.gz -- http://www.bestpractical.com/rt -- Trouble Ticketing. Free. From jesse at bestpractical.com Thu May 8 07:14:05 2003 From: jesse at bestpractical.com (Jesse Vincent) Date: Sun Apr 11 16:02:37 2004 Subject: [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks Message-ID: <20030508111405.GE28117@fsck.com> All versions of RT 1.0, up to and including RT 1.0.7 are vulnerable to a cross site scripting attack with content included in message bodies. If you use RT 1.0 to handle mail from unknown or possibly malicious users, an attacker could exploit this hole to perform actions within RT as any staff user who uses RT 1.0's web interface to view a malicious message. More information on CSS attacks is available at http://www.cgisecurity.com/articles/xss-faq.shtml We recommend that all users upgrade to RT 2.0.15 or RT 3.0, as we don't currently plan to release a new version of RT 1.0.x (It's been retired for several years now.) If an end-user provides us with a verifiable patch to resolve this issue, we would be delighted to publish it as RT 1.0.8. Information about current versions of RT is available at http://bestpractical.com/rt. If, for some reason, you are unable to upgrade from RT 1.0.x and require commercial support, please address all inquiries to sales@bestpractical.com. We are grateful to Troy Davis and the Semaphore Corporation for bringing this issue to our attention. Best, Jesse Vincent Best Practical Solutions, LLC -- http://www.bestpractical.com/rt -- Trouble Ticketing. Free. From jesse at bestpractical.com Mon May 12 20:44:38 2003 From: jesse at bestpractical.com (Jesse Vincent) Date: Sun Apr 11 16:02:37 2004 Subject: [rt-announce] RT 3.0.2 Message-ID: <20030513004438.GQ28117@fsck.com> RT 3.0.2 corrects a number of oversights and issues in RT 3.0.1, chief among them a tainting issue with the FastCGI handler and a number of UTF-8 bugs. Some users have reported that there are additional UTF-8 issues remaining. These will be addressed as quickly as we can get to them. This version is recommended for all current users of RT 3.0.1. Aside from the version #, RT 3.0.2 is identical to RT 3.0.2pre6; There is no need to upgrade from that version. Grab it now from: http://fsck.com/pub/rt/release/rt-3-0-2.tar.gz Jesse Project "rt.3", Branch 0 Page 1 Change Log Mon May 12 20:31:30 2003 rt.3.D000, C0, jesse, Thu Mar 13 20:43:23 2003, RT: Request Tracker, branch 3.0. RT: Request Tracker, branch 3.0. Change Delta Brief Description 63 38 Fixing a showmessagestanza bug found in RTIR 65 39 Fixing an untainting bug in 3.0.1 66 40 Quicksearch bug fix from Stan 69 43 make ids clicky 72 46 bulk links 75 48 bumped version to 3.0.2pre5; attachments performance fixes; utf-8 mailgateway fixes; more extension hooks; template updates for approvals 76 49 [#2437] CanonicalizeEmailAddress fixes; [# 2449] html fixes for right editing; [# 2457] email addresses weren't always being canonicalized 77 50 Fixing bogus anchor tags 78 51 More performance work on WhoHaveRight; removing an extra join 79 52 Cleaning up RT tag processing 80 53 Importing utf8 fixes, _Vendor overlay support from ourinternet 82 55 Bumping the version to RT 3.0.2 -- http://www.bestpractical.com/rt -- Trouble Ticketing. Free. From jesse at bestpractical.com Fri May 16 19:27:42 2003 From: jesse at bestpractical.com (Jesse Vincent) Date: Sun Apr 11 16:02:37 2004 Subject: [rt-announce] RT2 to RT3 1.13 Message-ID: <20030516232742.GF23719@fsck.com> The RT2 to RT3 migration tool has been upgraded to fix a bug where certain incorrect data in an RT2 database could cause an import error. (It would die after complaining about not knowing what to do with a hash) Version 1.13 is immediately available from http://fsck.com/pub/rt/devel/rt2-to-rt3.tar.gz -- http://www.bestpractical.com/rt -- Trouble Ticketing. Free. From jesse at bestpractical.com Fri May 23 16:24:05 2003 From: jesse at bestpractical.com (Jesse Vincent) Date: Sun Apr 11 16:02:37 2004 Subject: [rt-announce] Development Snapshot 3.0.2++ Message-ID: <20030523202405.GF23719@fsck.com> This isn't a formal pre-release of RT 3.0.3, but a snapshot that fixes some of the utf8 issues in RT 3.0.2 that have been biting western-european users. If you don't have utf8-issues that you need to deal with ASAP, hold off a bit. http://fsck.com/aegis/aegis.cgi/rt.3.0.C91.tar.gz?file@aetar+project@rt.3.0+change@91 Jesse -- http://www.bestpractical.com/rt -- Trouble Ticketing. Free.