We have discovered security vulnerabilities which affect both RT 4.0.x
and RT 4.2.x. We are releasing RT versions 4.0.24 and 4.2.12 to resolve
these vulnerabilities, as well as patches which apply atop all released
versions of 4.0 and 4.2.
The vulnerabilities addressed by 4.0.24, 4.2.12, and the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We have discovered security vulnerabilities which affect both RT 4.0.x
and RT 4.2.x. We are releasing RT versions 4.0.23 and 4.2.10 to resolve
these vulnerabilities, as well as patches which apply atop all released
versions of 4.0 and 4.2.
The
We discovered a number of security vulnerabilities which affect both RT
3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to
resolve these vulnerabilities, as well as patches which apply atop all
released versions of 3.8 and 4.0.
The vulnerabilities addressed by 3.8.17, 4.0.13,
We have determined a number of security vulnerabilities which affect
both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and
4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as well
as patches which apply atop all released versions of 3.8 and 4.0.
The vulnerabilities
Internal audits of the RT codebase have uncovered a number of security
vulnerabilities in RT. We are releasing versions 3.8.12 and 4.0.6 to
resolve these vulnerabilities, as well as patches which apply atop all
released versions of 3.8 and 4.0.
The vulnerabilities addressed by 3.8.12, 4.0.6,
On Tue, 2012-05-22 at 10:34 -0400, Alex Vandiver wrote:
In addition to releasing RT versions 3.8.12 and 4.0.6 which address
these issues, we have also collected patches for all releases of 3.8 and 4.0
into a distribution available for download at this link:
In the process of preparing the release of RT 4.0.0, we performed an
extensive security audit of RT's source code. During this audit,
several vulnerabilities were found which affect earlier releases of RT.
We are releasing versions 3.6.11, 3.8.10, and 4.0.0rc8 to resolve these
vulnerabilities, as
On Thu, 2011-04-14 at 10:18 -0400, Murphy, Kevin wrote:
Just to clarify: after applying the patch to 3.8.9, do I have 3.8.10?
The page footer and system configuration page still say 3.8.9 and
don't mention the patch.
No. The security patchsets are a minimal set of security patches which
do