Skip to content

rt-4.2.12
Compare
Choose a tag to compare
@bestpractical-mirror bestpractical-mirror released this 12 Aug 18:41
· 5566 commits to stable since this release
rt-4.2.12
This tag was signed with the committer’s verified signature. The key has expired.
sartak Shawn M Moore
GPG key ID: 3756E25431440520
Expired
Verified
Learn about vigilant mode.
46e61e0

RT 4.2.12 -- 2015-08-12

RT 4.2.12 contains important security fixes.

https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz
https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz.asc

SHA1 sums

ddbf70752c2b96354caf7687534addf075859d4d  rt-4.2.12.tar.gz
8e76c69a56a60afbe0a75673874a1f4510355350  rt-4.2.12.tar.gz.asc

This release is a security release which addresses the following
vulnerabilities:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages. This vulnerability is assigned
CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance
Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface. This vulnerability could allow an attacker
with a carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.

A complete changelog is available from git by running:
git log rt-4.2.11..rt-4.2.12
or visiting
rt-4.2.11...rt-4.2.12

Assets 2
Loading