All Versions
Latest Version
Avg Release Cycle
136 days
Latest Release
5 days ago

Changelog History
Page 1

  • v5.0.0.beta1

    May 20, 2020
  • v5.0.0.alpha1

    February 14, 2020
  • v4.6.0

    December 03, 2018
  • v4.6.0-pre1

    December 03, 2018
  • v4.4.4beta2

    February 01, 2019
  • v4.4.4.beta2

    February 01, 2019
  • v4.4.4.beta1

    January 11, 2019
  • v4.4.3

    June 26, 2018

    RT 4.4.3 -- 2018-06-26

    We're pleased to announce the general availability of RT 4.4.3. This
    🛠 release introduces several new features and also bugfixes.


    SHA-256 sums

    738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1 rt-4.4.3.tar.gz
    29e0f9c44e30fb8bb2d23448f1930593aef28e4b3faf5bd22619f52e53229c4f rt-4.4.3.tar.gz.asc

    💻 General user UI

    • 👉 Show the Ticket's Subject when modifying the ticket.
    • 📜 Re-format RT/ so the # loc comment parses correctly.
    • Sort saved searches alphabetically by name rather than by id.
    • 🚚 In Self Service, provide a path to remove attachments from the session
      when they are deleted from dropzone by the user (I#32663).
    • 🛠 Fix evaluation of set vs. unset custom fields on display for correct hiding.
    • 🔧 Set dropzone attachment size based on RT's MaxAttachmentSize configuration.
    • ➕ Add a configuration option TreatAttachedEmailAsFiles to treat attached email
      📜 as a file attachment instead of parsing as regular email.
    • ⏪ Restore email header parsing for items like email addresses when
      TreatAttachedEmailAsFiles is not set. This was disabled in a previous
      🔖 version.
    • 0️⃣ Respect default queue settings in Create linked ticket dropdown (I#32884).
    • ⚡️ More fixes for recipient checkboxes on update. This version removes previous
      ⚡️ problematic fixes and gives a visual indication (shading) when RT is updating
      recipients in the background and checkboxes should not be changed (I#33027).
    • Provide a way to reset personal search preferences back to the RT system
      0️⃣ default (I#32854).
    • ➕ Add an Untake action to the Actions tab.
    • ➕ Add active and inactive status to query builder.
    • 🏗 Re-add Queue to 'Order by' dropdown in Search Builder.
    • 👉 Make admin searches for queue and group case insensitive making it easier to
      find groups.
    • 0️⃣ When editing ticket basics, always add valid default value to queue selection,
      👀 taking into account SeeQueue rights.
    • Set dropzone parallelUploads to 1 to avoid losing attachments. Also
      set parallelUploads when the dropzone object is created.
    • 💻 Correct error messages on user rights for CF admin UI.
    • In ticket history, respect ShowHeaders option from request for
      ScrollShowHistory (I#32699).
    • 🛠 Fix ExtraArgs of callback ExtraShowHistoryArguments in ScrollShowHistory.
    • In the ticket history with scroll set, continue to get transactions until all
      have been shown, even if a block has been hidden for some reason (rights, etc.).
    • ➕ Add PreferDropzone config/pref option for users. Dropzone is not accessible
      to screen readers and this enables the previous attachments interface which
      is accessible.
    • 🏗 In the query builder, set operator to "IS" or "IS NOT" for NULL values.
      🛠 This fixes a regression from pre-4.4 RT behavior.
    • Don't create ticket if user clicks "Go" buttons of "Include Article".
    • 🛠 Fix CF name escape for asset search's spreadsheet download.
    • 👉 Show the user in single member custom roles even if the user is
      disabled (I#32949).


    • Stop wrapping ShowUser in tags to avoid unnecessary nested links.
    • When listing group members, sort by text-only representation of the
      👉 user, not HTML (I#30771)
    • In the group admin page, stop pre-computing ShowUser.
    • In shredder, check for both id and name mismatches when loading objects.
    • ➕ Add a new rt-passwd command to make it easy to reset passwords on the
    • 👌 Support custom roles in RT serializer/importer tools.
    • 👌 Support catalogs and assets in RT serializer/importer tools.
    • ⚡️ Update RT's module dependencies for SSL (https) to align with updates
      to the CPAN module ecosystem.
    • ➕ Add age, batchsize, and dry-run options to rt-externalize-attachments.
    • Set proper HTTP Status codes on Abort.
    • The value for converting the owner dropdown to an autocomplete textbox can
      ⚡️ now be updated in configuration with DropdownMenuLimit.
    • 👯 Switch to Clone::clone to copy config structures in Obfuscate callbacks. This
      🔧 restores support for REGEXP and CODE configuration on the System Configuration page.
    • 🔧 Provide a way to pass more options to Net::LDAP from LDAPImport configuration.
    • Provide more debug output on connection failures in LDAPImport.
    • 🌲 Store log messages until RT::Logger is initialized. This means messages logged
      before the logger is available, like "Change of config option..." can now
      🔧 respect the configured log level.
    • In shredder, check for both id and name mismatches when loading objects
    • Retain scrip sort order in pagination links


    • 🐎 Cache OCFVs to improve performance searching for duplicates when adding
    • ✂ Remove unused dependencies on File::Copy and Carp.
    • On Oracle, return the empty string instead of undef for Subject when it
      has no value on a ticket.
    • 🍱 When linking, load assets by id to confirm the asset exists. This makes
      asset link handling consistent with ticket handling.
    • 🛠 Various fixes for compatibility with perl 5.26.
    • 👌 Support unicode characters in constant time comparison function
    • 👍 Allow merge for tickets only, not other types like reminders (I#32700).
    • Preload Encode with UTF-8 to avoid masking other errors (I#32648).
    • 🖨 Process multiple links via the REST 1.0 interface.
    • ➕ Add SLA field support on REST 1.0.
    • 🏗 Build table attributes for RT::Asset. This is needed to allow assets to work
      properly with REST 2.0.
    • Avoid uninitialized value warnings with CustomField.
    • Call DoAuth only if ExternalAuthPriority is not empty, allowing use of
      ExternalAuthInfo without ExternalAuthPriority set.
    • 0️⃣ Use "id asc" as the default sort order of GroupMembers for consistent ordering.
    • 🐎 Cache OCFVs to improve performance searching for duplicates on add.
    • ⚠ In CollectionAsTable, fix the uninitialized warning in case @order is empty.
    • ⚡️ In rt-validator, update link checking regex to match asset links.
    • ✂ Remove trailing "/" from RT::URI::asset::LocalURIPrefix for consistency.
    • ⚠ Use RT::Logger for EmailInputEncodings config warnings.
    • "Die" properly when receiving an invalid query via to FromSQL.


    • Avoid using $id in /Ticket/Display.html so callbacks can modify id in ARGS.
    • 📜 Pass the MIME entity to ParseTicketId in addition to subject.
    • ✂ Remove a 'This is scary' comment from code that has been running fine for
      over 10 years.
    • 👌 Improve warning tracking for automated tests.
    • ➕ Add an Initial callback to Bulk.html.
    • ✅ Don't fail externalauth/auth_config.t tests if Net::LDAP is missing.
    • ✅ Find an idle port for LDAP test server to avoid tests hanging when running
      in parallel mode.
    • ✅ When testing, make sure DevelMode is on to catch compilation errors.
    • ⚠ Avoid uninitialized warnings of empty ticket subjects on Oracle.
    • 0️⃣ In the MessageBox template, default callback, pass $message by reference in
      MessageRef, as the variable name implies. This will break previous use of
      MessageRef as a scalar.
    • ➕ Add support for a NeverNotifyActor argument to Notify actions.

    📚 Documentation

    • 📄 Mention the RT-Attach-Message: yes header in template docs.
    • 🛠 Fix incorrect path in portlet documentation.
    • 📜 In $ParseNewMessageForTicketCcs docs, mention the RT::Action::AutoAddWatchers
    • Document queue-level template overrides.
    • ✅ Document using prove and RT_TEST_PARALLEL for tests.
    • ⬆️ Note in UPGRADING that RT::Extension::AdminConditionsAndActions is now in core.
    • ✂ Remove unnecessary AUTHORS sections from docs.
    • 📚 Update rt-static-docs documentation processing to fix broken links.
    • ➕ Add MariaDB support to documentation and rt-setup-fulltext-index.


    • ♻️ Many changes to refactor sections of RT's internationalization code.

    A complete changelog is available from git by running:
    🌲 git log rt-4.4.2..rt-4.4.3
    or visiting

  • v4.4.3.beta1

    May 02, 2018
  • v4.2.16

    March 05, 2019

    RT 4.2.16 -- 2019-03-05

    We're pleased to announce the general availability of RT 4.2.16. It
    ⚡️ mainly contains several security updates. The list of changes included
    🚀 with this release is below.


    SHA-256 sums

    1bbe619072b05efb55725c9df851363892b77ad6788dfd28eadce6a8f84a8209 rt-4.2.16.tar.gz
    c7dedccdb6a5c96d20b418d10326dea0175fde0d09cfb47408ab472f696594ba rt-4.2.16.tar.gz.asc

    ⚡️ Security Updates

    ⚡️ One of RT's dependencies, the Perl module Email::Address, has a denial of service vulnerability which could induce a denial of service of RT itself. We recommend updating to Email::Address version 1.912 or later. The Email::Address vulnerabilities are assigned CVE-2015-7686 and CVE-2015-12558. CVE-2015-7686 was addressed in RT with a previous update. Email::Address version 1.912 addresses both of these CVEs with updates directly in the source module. Thanks to Ricardo Signes for helping us with these updates.

    🛠 One of RT's dependencies, the Perl module Email::Address::List, relies on and operates similarly to Email::Address and therefore also has potential denial of service vulnerabilities. These vulnerabilities are assigned CVE-2018-18898. We recommend administrators install Email::Address::List version 0.06 or later. Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for contributing fixes.

    ⚡️ An optional RT dependency, HTML::Gumbo, incorrectly escaped HTML in some cases. Since RT relies on this module to escape HTML content, it's possible this issue could allow malicious HTML to be displayed in RT. For RT's using this optional module, we recommend administrators install HTML::Gumbo version 0.18 or later. Thanks to Ruslan Zakirov for updating this module.

    ⚡️ The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version.

    A complete changelog is available from git by running:
    🌲 git log rt-4.2.15..rt-4.2.16
    or visiting