RT 4.2.12 -- 2015-08-12 ----------------------- RT 4.2.12 contains important security fixes.
https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz.asc SHA1 sums ddbf70752c2b96354caf7687534addf075859d4d rt-4.2.12.tar.gz 8e76c69a56a60afbe0a75673874a1f4510355350 rt-4.2.12.tar.gz.asc This release is a security release which addresses the following vulnerabilities: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected. A complete changelog is available from git by running: git log rt-4.2.11..rt-4.2.12 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.11...rt-4.2.12
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce