[rt-users] [rt-announce] Security vulnerabilities in RT

2015-08-12 Thread Shawn Moore
We have discovered security vulnerabilities which affect both RT 4.0.x and RT 4.2.x. We are releasing RT versions 4.0.24 and 4.2.12 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 4.0 and 4.2. The vulnerabilities addressed by 4.0.24, 4.2.12, and the

[rt-users] [rt-announce] Security vulnerabilities in RT

2015-02-26 Thread Alex Vandiver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have discovered security vulnerabilities which affect both RT 4.0.x and RT 4.2.x. We are releasing RT versions 4.0.23 and 4.2.10 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 4.0 and 4.2. The

[rt-users] [rt-announce] Security vulnerabilities in RT

2013-05-22 Thread Thomas Sibley
We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed by 3.8.17, 4.0.13,

[rt-users] [rt-announce] Security vulnerabilities in RT

2012-10-25 Thread Alex Vandiver
We have determined a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and 4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities

[rt-users] [rt-announce] Security vulnerabilities in RT

2012-05-22 Thread Alex Vandiver
Internal audits of the RT codebase have uncovered a number of security vulnerabilities in RT. We are releasing versions 3.8.12 and 4.0.6 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed by 3.8.12, 4.0.6,

Re: [rt-users] [rt-announce] Security vulnerabilities in RT

2012-05-22 Thread Alex Vandiver
On Tue, 2012-05-22 at 10:34 -0400, Alex Vandiver wrote: In addition to releasing RT versions 3.8.12 and 4.0.6 which address these issues, we have also collected patches for all releases of 3.8 and 4.0 into a distribution available for download at this link:

[rt-users] [Rt-announce] Security vulnerabilities in RT

2011-04-14 Thread Alex Vandiver
In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT. We are releasing versions 3.6.11, 3.8.10, and 4.0.0rc8 to resolve these vulnerabilities, as

Re: [rt-users] [Rt-announce] Security vulnerabilities in RT

2011-04-14 Thread Alex Vandiver
On Thu, 2011-04-14 at 10:18 -0400, Murphy, Kevin wrote: Just to clarify: after applying the patch to 3.8.9, do I have 3.8.10? The page footer and system configuration page still say 3.8.9 and don't mention the patch. No. The security patchsets are a minimal set of security patches which do