rt-4.2.2

RT 4.2.2 -- 2014-01-13

We are pleased to announce that RT 4.2.2 is now available.

http://download.bestpractical.com/pub/rt/release/rt-4.2.2.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.2.2.tar.gz.asc

SHA1 sums

72faa454a02240cf21a94633b880e2158325efa1  rt-4.2.2.tar.gz
e45c6d244cd0b8e5c5cec57f4ceb8207d6a2ed81  rt-4.2.2.tar.gz.asc

This release is primarily a bugfix release; of particular note is that
it contains schema changes for MySQL. Though the changes are limited,
it is especially important to take, and verify you can recover from, a
database backup prior to upgrading.

Also notable is that this release fixes a bug in 4.2.0 and 4.2.1 where
failures of the HTML-to-text conversion would silently cause mail to
fail to be sent. When using the rich text editor, RT will also now
quote the the HTML parts of email, and not simply their text
equivalents.

Other changes include:

Documentation

• Wording fixes in Shredder
• Clean up examples in Lifecycles documentation
• Document additional indexes that increase performance of Shredder
• Replace a suggested GnuPG option with one which is not deprecated
• Note that errors reported from the GnuPG infrastructure may be caused
  by GnuPG not being configured, but having been automatically enabled.

Database

• Ensure that even disabled scrips get the same id-to-name change that
  other scrips got during the 4.0 -> 4.2 upgrade.
• On MySQL, alter the character set of all columns used to store email
  addresses to UTF-8
• Ensure that invalid byte sequences that may have snuck into the
  database previously (on earlier versions on MySQL, for instance) are
  not blindly interpreted as UTF-8 when retrieved from the database.
  As a result, invalid bytes will be returned from the API as the four
  characters "\xHH", where HH is the hexadecimal encoding of the byte.
• Ensure that all data containing non-ASCII is quoted-printable encoded
  for PostgreSQL, instead of merely all data not claiming to be
  "text/plain"
• Additional warnings prevention on Oracle; tests now pass cleanly
• Allow fully-automated database upgrades using --upgrade-from and
  --upgrade-to options to rt-setup-database
• Clean out any remaining traces of RTFM that lingered in custom fields
  and custom field values that were disabled at the time of the
  previous upgrade step.
• Bullet-proof a 3.8 -> 4.0 upgrade step for Scrips with no Condition

Serializer/importer

• Install rt-serializer and rt-importer into sbin/
• Ensure that incremental upgrade steps only run on incremental
  serializations, not all exports
• Fix a runtime error in the incremental upgrade path to 4.2
• Ensure that inflated Users and Groups are created with the same id as
  their Principal
• Disable in-memory record caching when serializing and importing to
  improve performance
• Only search non-Disabled custom fields when looking up BasedOn in
  initialdata files
• Set up logging properly; warnings are now displayed during
  serialization and importing

Email

• Don't die if HTML -> text conversion throws an error, which would
  silently prevent outgoing mail from being sent. Instead, fall back
  to just sending text/html with no text/plain
• Replying to an HTML mail with the rich text editor will now quote the
  HTML part, not the equivalent text version.
• Set a transfer encoding on outgoing dashboards; this resolves issues
  with long lines when using the Sendmail MTA.
• Cope with mangled and overly-quoted recipient headers occasionally
  generated by Outlook.

General user UI

• Stop localizing custom field names, for consistency
• Show a useful error on "show outgoing mail" if the user has no rights
  to see the page, rather than displaying an empty page.
• Adjust UI to not block header on "show outgoing email" page
• Hide the Take and Steal menu items if you already own the ticket,
  closing a regression in 4.2.0 and above.
• Autocompletion custom fields now properly autocomplete when placed in
  custom field groupings
• Improve rendering on Internet Explorer 6
• Fix cascaded custom fields on Internet Explorer 8 and below.
• Fix third-level cascading custom fields, broken in 4.2.1
• Minor rendering bugs with Charts placed on homepages and dashboards
• Whitelist "show outgoing email" and chart results from CSRF
  protection
• RT 4.0.7 introduced a performance regression when building ticket
  searches that query Links; switch back to a much better-indexed
  query.
• Fix "Clone ticket" functionality with Select-multiple custom fields.
• Show the queue ID for the current queue in the ticket edit page, even
  if the user does not have SeeQueue; this prevents the user from
  accidentally changing the queue.
• Respect custom field groupings on user preferences page

Query Builder

• Warnings avoidance for searches with more than 1000 results.
• Allow IS NULL to search for dates which are unset
• Properly quote CF names containing non-ASCII characters in query
  builder, broken since 4.2.0
• Add "UpdatedBy" TicketSQL limit

Admin

• Correct a package load order problem which prevented the web
  installer from working since 4.2.0
• Report the correct setting name in rt-validate-aliases
• Fix real-time updating of Theme CSS on Internet Explorer 8 and below
• Fix a minor display bug in the CF Admin pages, where the queue number
  instead of queue name would be displayed in requests shortly after
  server startup.
• Add "Extra Info" as a possible field for "More About Requestor"

REST

• Allow searching for users, queues, and groups in REST
• Prevent a server error when attempting to guess content-type in the
  REST interface.

Development

• Allow running tests with an explicit set of plugins enabled.
• Custom Action and Condition packages (as supplied by extensions;
  these are not the text entry boxes in the UI) are now loaded at
  server startup time, to catch compile-time errors in such classes
  early as well as reducing RT's memory footprint on mod_perl.
  Previously, these errors would have logged errors only when their
  Scrip failed to fire. This restores the behavior found in RT 3.8,
  which was mistakenly removed in RT 4.0.0.
• Additional callbacks, including in charts, and on ticket reply pages
• Remove an unused Makefile target

A complete changelog is available from git by running:
git log rt-4.2.1..rt-4.2.2
or visiting
rt-4.2.1...rt-4.2.2

rt-4.0.19

RT 4.0.19 -- 2014-01-13

We are pleased to announce RT 4.0.19 is now available.

http://download.bestpractical.com/pub/rt/release/rt-4.0.19.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.19.tar.gz.sig

SHA1 sums

ce7bae429ed56603fef9e7a46d976d1ea9ed1e14  rt-4.0.19.tar.gz
fefb23bb549f94e65e803de295e747f143384557  rt-4.0.19.tar.gz.sig

This release is primarily a bugfix release; of particular note is that
it contains schema changes for MySQL, the first notable such in the 4.0
series. Though the changes are limited, it is especially important to
take, and verify you can recover from, a database backup prior to
upgrading.

Other changes of note:

Documentation

• Add documentation for rt-crontool
• Clean up examples in Lifecycles documentation
• Document additional indexes that increase performance of Shredder
• Replace a suggested GnuPG option with one which is not deprecated
• Note that errors reported from the GnuPG infrastructure may be caused
  by GnuPG not being configured, but having been automatically enabled.

Database

• On MySQL, alter the character set of all columns used to store email
  addresses to UTF-8
• Ensure that invalid byte sequences that may have snuck into the
  database previously (on earlier versions on MySQL, for instance) are
  not blindly interpreted as UTF-8 when retrieved from the database.
  As a result, invalid bytes will be returned from the API as the four
  characters "\xHH", where HH is the hexadecimal encoding of the byte.
• Ensure that all data containing non-ASCII is quoted-printable encoded
  for PostgreSQL, instead of merely all data not claiming to be
  "text/plain"
• Additional warnings prevention on Oracle; tests now pass cleanly
• Allow fully-automated database upgrades using --upgrade-from and
  --upgrade-to options to rt-setup-database
• Clean out any remaining traces of RTFM that lingered in custom fields
  and custom field values that were disabled at the time of the
  previous upgrade step.
• Bullet-proof a 3.8 -> 4.0 upgrade step for Scrips with no Condition

Email

• Set a transfer encoding on outgoing dashboards; this resolves issues
  with long lines when using the Sendmail MTA.
• Cope with mangled and overly-quoted recipient headers occasionally
  generated by Outlook.

General user UI

• When using the back button to return to a reply page with the rich
  text editor, contents will no longer be doubly HTML-encoded
• Improve rendering on Internet Explorer 6
• Fix cascaded custom fields on Internet Explorer 8 and below.
• Support cascaded selects for all Select render types (dropdown,
  select box, radio buttons, checkboxes)
• Minor rendering bugs with Charts placed on homepages and dashboards
• Add "mark as seen" functionality to SelfService ticket display pages
• Link the ModifyPeople page when the user has Watch or WatchAsAdminCc
• Whitelist "show outgoing email" and chart results from CSRF
  protection
• RT 4.0.7 introduced a performance regression when building ticket
  searches that query Links; switch back to a much better-indexed
  query.
• Fix "Clone ticket" functionality with Select-multiple custom fields.
• Show the queue ID for the current queue in the ticket edit page, even
  if the user does not have SeeQueue; this prevents the user from
  accidentally changing the queue.

Query Builder

• Support CF.Foo in addition to CF.{Foo} and 'CF.{Foo}' in format
  strings. This follows the trend of allowing brace-less forms
  whenever possible.
• Ensure that format strings from the Query Builder escape quotes
  correctly, and correctly parse existing formats with quotes.
• Autocomplete CF values for custom fields of type "Autocomplete" in
  the Query Builder.
• Warnings avoidance for searches with more than 1000 results.

Admin

• Fix real-time updating of Theme CSS on Internet Explorer 8 and below
• Fix a minor display bug in the CF Admin pages, where the queue number
  instead of queue name would be displayed in requests shortly after
  server startup.
• Add "Extra Info" as a possible field for "More About Requestor"

iCal

• Ensure that iCal dates are formatted with a leading space on the
  first nine days of each month, for correctness.
• Show iCal dates (when omitting times) in the user's timezone, not UTC

REST

• Prevent a server error when attempting to guess content-type in the
  REST interface.

Development

• Custom Action and Condition packages (as supplied by extensions;
  these are not the text entry boxes in the UI) are now loaded at
  server startup time, to catch compile-time errors in such classes
  early as well as reducing RT's memory footprint on mod_perl.
  Previously, these errors would have logged errors only when their
  Scrip failed to fire. This restores the behavior found in RT 3.8,
  which was mistakenly removed in RT 4.0.0.
• rt-dump-metadata has slightly more documentation and options
• Additional callbacks, including in charts, and on ticket reply pages
• Show customized rights under their appropriate categories
• Remove an unused Makefile target
• Ensure that RT::Template->Create returns (result,message) and not
  simply result

A complete changelog is available from git by running:
git log rt-4.0.18..rt-4.0.19
or visiting
rt-4.0.18...rt-4.0.19

rt-4.2.1

RT 4.2.1 -- 2013-11-13

We're pleased to announce that RT 4.2.1 is now available.

http://download.bestpractical.com/pub/rt/release/rt-4.2.1.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.2.1.tar.gz.asc

SHA1 sums

08bd8e4d28c065030aac7b33c0a15a789a6e11f9  rt-4.2.1.tar.gz
5b70a33237a9c387ca7b2e98762108a6694e325e  rt-4.2.1.tar.gz.asc

This release is primarily a bugfix release; notable changes include:

Oracle:

• Resolve numerous issues with the 4.0 -> 4.2 upgrade steps on Oracle
• In-database sessions on Oracle are no longer truncated at 8k,
  leading to spurious logouts

Internet Explorer:

• Fix submission issues under Internet Explorer

Rich text editor:

• If returning to a reply/correspond page with the back button, the
  rich text editor will no longer double-escape previously written
  content.

REST:

• Fix an empty 'text/plain' part when tickets are created using the
  REST interface.

Other bugfixes:

• Optimize transaction display code to speed up long ticket displays
  by short-circuiting transaction custom field checking.
• Supply a default $PATH for SMIME and GnuPG under FastCGI
• Support index upgrade steps on Pg when in a custom schema
• Close a memory leak in ColumnMap
• Fix "check all" checkboxes for new jQuery version
• Secondarily sort user ticket lists by id, as well as priority.
• Remove call to deprecated function used by PreviewScripMessages
• Many localization fixes (thanks to Emmanuel Lacour)
• Show customized rights in their correct tabs
• Ensure RFC2822 date format uses two-digit days in output
• Display iCal dates in the user's timezone, resolving off-by-one
  errors for timezones significantly off from GMT.
• Correctly parse complex format strings for listing in the bottom of
  the Query Builder

Callbacks:

• Move ModifyQueryProperties callback to before its values are used
• Additional callbacks on ticket modify pages
• Additional callbacks on ticket reply/comment page
• Additional callback on search results page
• Additional callback before transactions in history list
• Allow header callback to modify %ARGS

Features

• Allow bulk update to delete all CF values for a given CF
• Support CF.Foo in columnmaps, in addition to CF.{Foo} and
  CF.{Foo}
• Autocompletion CFs now autocomplete in search builder
• Support cascaded selects with any combination of listbox, dropdown,
  and radio button
• Support ShowUnreadMessageNotifications in SelfService

A complete changelog is available from git by running:
git log rt-4.2.0..rt-4.2.1
or visiting
rt-4.2.0...rt-4.2.1

rt-4.0.18

RT 4.0.18 -- 2013-10-15

We're pleased to announce that RT 4.0.18 is now available.

http://download.bestpractical.com/pub/rt/release/rt-4.0.18.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.18.tar.gz.sig

SHA1 sums

c023227267b6fdfc4514b233d53e1b1bc31b51a1  rt-4.0.18.tar.gz
d3fb6f14b3bd51cd25cf5681d1ae668701ddc4fb  rt-4.0.18.tar.gz.sig

This release is primarily a bugfix release; most notably, it addresses
compatibility issues with recent versions of the Encode perl module.
Notable changes include:

Email

• Cope with Encode version 2.33 and later, which altered their internal
  functionality and caused RT to double-encode Subject lines in
  outgoing email.
• Fix HTML rendering errors in dashboard emails.
• Fix overzealous quoting around decoded MIME words.

Administration

• In the rights UI, entering the name of a user or group which already
  has rights will now correctly select them for rights granting, as if
  their name had been selected.
• Display types in the "applies to" dropdown for custom fields in
  consistent order
• Paginate the Queues list in the administrative interface into 50
  results per page.
• Support for cascading selections with a multiple-select parent.
• Clarify that $ParseNewMessageForTicketCcs only applies to new, and
  not existing, tickets.
• Clarify how an undefined $RTAddressRegexp is treated, and that it
  does not come at any notable performance penalty.

Logging

• Fix verbosity of syslog messages; now only the 'debug' level includes
  originating filename and line.
• Include process ID in log messages, for ease of isolation in a
  multi-process environment.
• Log the From: address of incoming mail which triggered an error, for
  ease of debugging.

Other Bugfixes

• Avoid linking trailing punctuation, or html tags, in URL anchors in
  MakeClicky
• Fix the Quick Search (QueueSummary) portlet when non-lowercase statuses are used.
• Show Date and DateTime custom fields in the user's format and time
  zone in search results.
• Allow rt-email-group-admin to be passed an email address that RT is
  not already aware of.
• Show submitted content from the user on errors in REST submission,
  for ease of re-editing and re-submission.

A complete changelog is available from git by running:
git log rt-4.0.17..rt-4.0.18
or visiting
rt-4.0.17...rt-4.0.18

rt-4.2.0

RT 4.2.0 -- 2013-10-03

We're incredibly pleased to announce the availability of RT 4.2.0 - the
first release for the next major version of RT. This release adds
exciting new functionality, as well as streamlining and generalizing the
internals.

When upgrading, please be sure to review the upgrading documentation
available in docs/UPGRADING-4.2, as there are a number of
backward-incompatible changes that come along with the new version
number. Upgrading documentation is also available at
http://www.bestpractical.com/docs/rt/latest/UPGRADING-4.2.html

http://download.bestpractical.com/pub/rt/release/rt-4.2.0.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.2.0.tar.gz.asc

a24bd767263cdcee92bf52c6b06a1a573aa0a615  rt-4.2.0.tar.gz
0717fd7d928efaadba2228de855c014e6be735cb  rt-4.2.0.tar.gz.asc

A partial list of the new features in RT 4.2.0 is included below, and on
http://bestpractical.com/rt/whats-new/ Many of the new features will also
be described and demoed in a series of blog posts on
http://blog.bestpractical.com/ in the coming weeks.

If you have questions as you upgrade, please don't hesitate to write to
[email protected] for community support. If you'd rather
have professional support from the folks who built RT, drop us a line at
[email protected].

• Alex Vandiver, for Best Practical
  • Much improved reporting via search result charting
    • Multiple group by and statistic calculations in a table
    • Time statistics such as average, minimum, and maximum durations
      between Created and Resolved, Created and Started, Started and
      Resolved, and more.
    • More robust layout of charts
  • Increased performance for searches and ticket pages
    • Faster searches on all databases (especially Pg)
    • Ticket pages load quicker
    • Menus load before the rest of the page is loaded
    • History is loaded asynchronously
    • Faster serving of static assets
  • Scrips per queue
    • Apply scrips globally or ad-hoc to individual queues, a la custom
      fields
    • Less duplication of scrips and/or need for empty templates
  • Custom field groupings
    • Display CFs in configurable groupings (boxes) on the ticket
      display/edit pages
    • Includes arbitrary grouping names as well as standard ticket
      groupings (Basics, Dates, People, Links, etc.)
  • User summary pages
    • Display information about users such as tickets, history, groups,
      etc.
    • An extended "More about requestors" page for any user
    • Easy to get to via links and user search
  • HTML templates enabled by default for new installs, available for
    upgrades too
  • History improvements
    • Rich text/HTML messages are preferred for display by default
    • Images are inlined with text in ticket history display instead of
      presented at bottom
    • Clickable users, tickets, articles, and other items
  • Many interface improvements, such as:
    • Per-user preferences for the dashboards which appear in the Home
      menu
    • Floating page menu for quicker access to ticket actions, subpages,
      etc.
    • Autocomplete for ticket links, including when merging
    • Autocomplete available to self service users
    • Improved CF and links display in search results
    • Sticky simple search for quick search refinements
    • Attachments on reply can no longer be mixed up when replying to
      multiple tickets at once
    • ReassignTicket right to assign tickets without stealing first;
      useful for managers
  • S/MIME support integrated with GnuPG support
    • Decrypt and verify incoming GPG and SMIME messages
    • Send all outgoing messages as either GPG or SMIME
  • Migration tools
    • Migrate from one database type to another (MySQL, Pg, Oracle)
    • Merge multiple RT instances together
  • Thousands of bug fixes; nearly 2000 commits totalling more than
    250,000 lines of code changed.

rt-4.0.17

RT 4.0.17 -- 2013-08-02

This release fixes an important regression in the upgrade script
included in 4.0.14, 4.0.15, and 4.0.16. Attempting to upgrade from 3.x
would skip key upgrade steps. New installs, and sites upgrading from
within the 4.0.x series, are unaffected.

Affected installations (i.e., who upgraded from 3.x to 4.0.14, 4.0.15,
or 4.0.16) should install RT 4.0.17, and then run 'make
upgrade-database', specifying versions 3.9.9 through 4.0.0 as the
versions to upgrade from and to. This should produce:

Going to apply following upgrades:
* 4.0.0rc2
* 4.0.0rc4
* 4.0.0rc7

Due to the missed upgrade steps, passwords would work until after the
user first logged in, or until etc/upgrade/vulnerable-passwords was run.
Affected users may be found by running the following SQL query:

SELECT Name FROM Users WHERE Password LIKE '!sha512!%'
                         AND LENGTH(Password) = 40;

After completing the upgrade steps mentioned above, passwords for
affected users should be restored from backups, the admin UI (assuming
an administrator can log in), or (as a last resort) setting them
explicitly via:

perl -I/opt/rt4/local/lib -I/opt/rt4/lib -MRT=-init  \
     -e 'my $u = RT::User->new( RT->SystemUser );'   \
     -e '($u->Load("username"))[0] or die "Failed to load user";' \
     -e '$u->SetPassword("new_password");'

Adjust the username and password on the last two lines accordingly. You
may need to adjust /opt/rt4/local/lib and /opt/rt4/lib on the first
line if your RT is not installed into the default location of /opt/rt4

http://download.bestpractical.com/pub/rt/release/rt-4.0.17.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.17.tar.gz.sig

SHA1 sums

b348fa687001db08198bc2b014a348083108e801  rt-4.0.17.tar.gz
edc3848822315a14bc4a272d4d0fae60fe5ced8d  rt-4.0.17.tar.gz.sig

A complete changelog is available from git by running:
git log rt-4.0.16..rt-4.0.17
or visiting
rt-4.0.16...rt-4.0.17

rt-4.0.16

RT 4.0.16 -- 2013-07-29

This release fixes an important regression in the Shredder tool included
in 4.0.14 and 4.0.15. Attempting to run the Shredder tool from the
command line would fail with a compile-time error.

http://download.bestpractical.com/pub/rt/release/rt-4.0.16.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.16.tar.gz.sig

SHA1 sums

72dec0d1a6ffbedcab1db2dc1a8aee358e4fe731  rt-4.0.16.tar.gz
3fd72d7d7458577d286be2361c6be23fd95ab7d8  rt-4.0.16.tar.gz.sig

A complete changelog is available from git by running:
git log rt-4.0.15..rt-4.0.16
or visiting
rt-4.0.15...rt-4.0.16

rt-4.0.15

2013-07-25

This release fixes an important regression in the ugprade scripts
included in 4.0.14. If you attempted to upgrade from 3.8 with the RT
FAQ Manager tables (FM_*) in your database, one of the upgrade scripts
would error out.

If you were planning to upgrade from 3.8 using 4.0.14, please use 4.0.15
instead. If you have already upgraded to 4.0.14, there is no
functional change in 4.0.15.

RT 4.0.15

http://download.bestpractical.com/pub/rt/release/rt-4.0.15.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.15.tar.gz.sig

SHA1 sums

722b328a4e42c247233f4b1e6eb9feb1e7161534  rt-4.0.15.tar.gz
4aa528244e95c9d94a7b010c946174ef425049f2  rt-4.0.15.tar.gz.sig

A complete changelog is available from git by running:
git log rt-4.0.14..rt-4.0.15
or visiting
rt-4.0.14...rt-4.0.15

rt-4.0.14

2013-07-25

RT 4.0.14

http://download.bestpractical.com/pub/rt/release/rt-4.0.14.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-4.0.14.tar.gz.sig

SHA1 sums

5f058bb4ef44738c9b03e6e8b45d5593c30b02df  rt-4.0.14.tar.gz
e07bf7f6f5ad94d666fe28c9cb56879e4c9aac9b  rt-4.0.14.tar.gz.sig

This release is primarily a bugfix release. It also contains automated
tests for security vulnerabilities announced on 2012-10-25.

Features

• Ticket watcher searches that involve a large number of ORs will now
  use a much-improved SQL query, instead of the old many-join solution.
• Do a better job wrapping text before quoting it in a reply.
• Simple search now supports @example.com to search for tickets
  requested by users with email addresses ending in @example.com.
• If our display parsing of an HTML attachment fails for known reasons,
  a better error message is provided, directing admins to contact us with
  a sample.
• Tickets created via the REST interface can provide attachments.
• Comments and Replies in the REST interface may include a Content-Type.
• RT's Quote recognition now triggers on > and ignores things like
  !,|,#,% etc. This should resolve a number of false positives.
• RT is now compatible with perl 5.18.0.

Bugfixes

• Resolve several corner cases where RT's database handle can be
  disconnected unexpectedly.
• When a TicketSQL query fails, report that failure to the user rather
  than silently displaying an empty ticket list.
• Display and add attachments to tickets in alphabetical rather than
  random order.
• Ensure that LifeCycle statuses are compared case-insensitively.
• Report Reminder creation/updates back to the user more consistently.
• Ensure that Reminders are created in the reminder_on_open LifeCycle
  configuration.
• The Bookmarks portlet is no longer unlimited and obeys standard
  homepage restrictions.
• Display non-ticket links in search result formats.
• RT::CurrentUser->Attributes now returns attributes for the relevant
  User, resolves a bug noticed in RT-Extension-MergeUsers.
• Always filter empty OrderBy directives, which may come from old saved
  search preferences.
• Uploaded attachments are now always marked Content-Disposition: attachment.
• Allow Custom Field Values to change case.
• The error message for Truncated Attachments is now marked text/plain
  rather than plain/text.
• When bulk updating Tickets with Transaction Custom Fields, the
  list of Transaction Custom Fields is based on the Queues of the
  Tickets displayed, not the Queues of the Tickets updated in the
  previous update.

Administration

• Clarify the cause of certain PostgreSQL full text indexing errors.
• Remove an error preventing logging of an actual error related to
  problems storing sessions.
• Clean the lock files used for file based sessions more aggressively.
• SetOutgoingMailFrom will now accept an email address to be used
  globally.
• OverrideOutgoingMailFrom now falls back to the global
  CorrespondAddress if the Queue does not declare one.
• rt-setup-database now prints the DatabasePort when describing the
  database it is modifying.
• rt-setup-database tries to detect when it is being run from an invalid
  location or being given an invalid upgrade directory.
• rt-setup-database detects an upgrade running on Pg 9.2 and directs the
  admin to install a newer DBD::Pg.
• rt-email-digest no longer prints output when sending digests unless
  the --verbose flag is passed.

Developer

• CleanSlate on collections more thoroughly resets the collection.
• A new callback and better support for JS/CSS tweaking of our
  Autocompleter display formats.
• New warning when an RT::URI::* resolver object cannot be created.
• Extensions may use rt-setup-database --action upgrade --package
  extension to provide RT's friendlier upgrade infrastructure.
• Refactoring of TicketSQL parse to support TxnCF.{CFName} or
  QueueCF.{CFName} in the future.

Documentation

• Correct the example backup date command in backups.pod
• MailCommand's testfile argument is now documented.
• Multiple cleanups to better support http://docs.bestpractical.com
• RT::Classes and RT::Principals now default to honoring the Disabled flag.

A complete changelog is available from git by running:
git log rt-4.0.13..rt-4.0.14
or visiting
rt-4.0.13...rt-4.0.14

rt-3.8.17

RT 3.8.17 contains important security fixes.

http://download.bestpractical.com/pub/rt/release/rt-3.8.17.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.17.tar.gz.sig

SHA1 sums
4765c68f91a0e8e21ed0fd39397cd8e3970ca992 rt-3.8.17.tar.gz
a0aa9a3e284d4fc36ba7e6354d7e0772833f2a00 rt-3.8.17.tar.gz.sig

This release of RT resolves a number of security vulnerabilities:

CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374

It also includes a database upgrade, so please make sure to run make upgrade-database.

Details about the above CVEs are available at:
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

A complete changelog is available from git by running:
git log rt-3.8.16..rt-3.8.17
or visiting
rt-3.8.16...rt-3.8.17