http://open-source-security-software.net/project/rtir/releases.atom 2024-05-19T02:32:25.064955+00:00 python-feedgen rtir 4.0.0 2016-07-20T16:44:09+00:00 # RTIR 4.0.0 - 2016-07-20 We're very excited to announce the availability of RTIR 4.0.0: the first release for the next major version of RTIR. We have completely rearchitected RTIR queues in order to significantly improve RTIR's flexibility and performance. As this is a new major version number, with many changes throughout the entire system, we urge you to carefully test your configuration and customizations. Additionally, RTIR 4.0.0 is the first release of RTIR compatible with RT 4.4. A quick note on the version number: while this next version of RTIR was under development, we had naturally labelled it RTIR 3.4. However, to reflect the significant architectural changes we made for constituencies and multiple queues, we decided to give this release a new major version number. If you're looking for the version of RTIR compatible with RT 4.4, RTIR 4.0 is it! If you are also upgrading to RT 4.4, be sure to also read its documentation, available at https://docs.bestpractical.com/rt/4.4/UPGRADING-4.4.html https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.0.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.0.tar.gz.asc SHA1 sums b660855cd7467cad1fec60b4050437dacb77cb91 RT-IR-4.0.0.tar.gz f0d9051b250e1d29570e64cd8c6d78310aeb7f64 RT-IR-4.0.0.tar.gz.asc A list of the major new features in RTIR 4.0.0 is included below. We'll be describing and demoing these new features in a series of blog posts on https://bestpractical.com/blog/ in the coming weeks. - Shawn M Moore, for Best Practical - The constituency system has been completely redesigned from the ground up. Don't worry, your existing constituencies will be migrated as part of the upgrade. Now constituencies get a full-fledged queue for each stage of the incident response workflow (one for each of reports, incidents, investigations, and countermeasures). This lets constituency queues tap into much more of RT's flexibility around custom fields, watchers, scrips, etc. This addresses many longstanding limitations around the previous constituency queue design, and significantly improves performance as well. - You may now have multiple queues for each type of RTIR queue: multiple Incident Report queues, multiple Incident queues, etc. Each of these queues may have its own custom fields, watchers, permissions, scrips, templates, and so on. We're excited to hear about how you make use of this new flexibility. - If a user has permissions to work with multiple constituencies, it is now possible to limit RTIR's web interface to a single constituency by clicking a link from the new "Work with constituency" box on the RTIR homepage. - Blocks have been renamed to Countermeasures to reflect their more generic use case. There were many, many changes throughout RTIR to support these major new features. Here is an abbreviated list of additional changes: General user UI - The main navigation menu for RTIR has been rearranged; RT's menus have been moved to underneath the RT heading. - Maintain message format when launching an Investigation (I#30786) - IPs, email addresses, etc which are annotated with buttons in messages now look like buttons (I#31259) - Clean up the visual design of the Lookup tool page - Make the blue header bar darker to hint you're within RTIR (I#31297) - It is currently no longer possible to simultaneously launch an Investigation on the Incident creation page due to the new architecture - Fix lowercase lifecycle display names on Lookup tool - Fix grammar error in Lookup tool - Improve support for infinite scroll (I#32137) - Fix broken attachment download links under infinite scroll (I#32084) - Suppress lookup and other RTIR auto linking in SelfService (I#31868) - Avoid error when all queues of a type are disabled - Avoid double concatenation of ?id=X on txn anchors - Allow users to set SLA on create, view the value, and update (I#32167) - Fix Search Builder submit for non-root WebPath Command-line - add_constituency now produces less output in the ordinary case, but if you want to see every change it makes, you can pass the new --verbose flag Mail - X-RT-Mail-Extension no longer sets constituency; instead you can now use ordinary RT features to filter incoming mail into the correct queue Web Administration - DutyTeams now have the ForwardMessage right by default - Different queues may now have a different default whois server, controlled by the "RTIR default WHOIS server" custom field Server Administration - $MaxInlineBody's default has changed from unlimited, which can cause performance issues, to 25kb - Bail out from `make initdb` early if RT::IR isn't in Plugins (I#31961) - Update required RT version from 4.4.0 to 4.4.1 (I#32093) Developer - Many of the methods in RTIR's codebase now produce explicit return values - RT::IR::FlushCustomFieldsCache is now a supported API - RT::IR::Test::Web's unused merge_ticket method has been removed - The guts of bin/add_constituency have been factored out into an RT::IR::ConstituencyManager which makes it much easier to create constituencies programmatically - Added a RT::IR->HREFTo helper function which maintains the user's currently-selected constituency - Innumerable API changes were made to support RTIR's constituency queues - The Lookup tool page now has four callbacks (BeforeCurrent, AfterCurrent, BeforeTools, AfterTools) - The body HTML tag now has an "rtir" class to aid in styling Documentation - Fix several POD errors - Improve clarity around RTIR install instructions A complete changelog is available from git by running: git log 3.2.0..4.0.0 or visiting https://github.com/bestpractical/rtir/compare/3.2.0...4.0.0 2016-07-20T16:44:09+00:00 rtir 3.2.1 2018-06-21T13:24:56+00:00 RTIR 3.2.1 - 2018-06-19 ----------------------- We're pleased to announce the general availability of RTIR 3.2.1. It contains several improvements and also a few bug fixes. The list of changes included with this release is below. RTIR should always be run with the correct corresponding version of RT. The 3.2.1 release runs best with RT 4.2.15. As noted in the upgrading documentation, when upgrading, both RTIR and RT should be upgraded at the same time. https://download.bestpractical.com/pub/rt/release/RT-IR-3.2.1.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-3.2.1.tar.gz.asc SHA-256 sums 331f11d915002ba8e8e0ebdd4e0f13feb70a0522b137cff31a8d7fefebb1f67e RT-IR-3.2.1.tar.gz ee79b22b4efe6605b91e97644dbd21ea887308bf4dde1b1ac35e59abe3e9cf2c RT-IR-3.2.1.tar.gz.asc General * The default MaxInlineBody is increased. It is still not unlimited by default because very large message bodies can cause performance issues with content that is automatically converted to links. * Update with a new RTIR logo. * Compatibility with Perl 5.26.1. Bugs * Show only statuses applicable to the current queue when creating a new ticket. * Remove incorrect duplicate id parameters in links in ticket history. * Many fixes to various incorrect or failing tests and updates to align tests with changes in core RT. * Update two uses of the Mason redirect with RT's redirect which makes sure redirects work for all conditions including running on non-standard ports. * Correctly handle custom fields, including those in custom field groupings, to avoid warnings when creating an incident and investigation at the same time. A complete changelog is available from git by running: git log 3.2.0..3.2.1 or visiting https://github.com/bestpractical/rtir/compare/3.2.0...3.2.1 2018-06-21T13:24:56+00:00 rtir 4.0.1 2018-06-26T15:53:02+00:00 RTIR 4.0.1 - 2018-06-28 ========================== We're pleased to announce the general availability of RTIR 4.0.1. It contains several improvements and also bugfixes. The list of changes included with this release is below. https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.1.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.1.tar.gz.asc SHA-256 sums da942cd2e9facb65809518757b8b8ec010b83a140677f1a296c209b06f210b5e RT-IR-4.0.1.tar.gz bd924a10710c03c17cc567d55d59c6e1c597d9b9190a01c1ebf04797b02e03c0 RT-IR-4.0.1.tar.gz.asc General user UI * Fix charting to be inline with RT 4.4.1 * Fix compatibility with RT's new status selector in search * Improve due and start date field widths on incident create (I#31870) * On RT 4.4.2, support new recently-viewed ticket feature (I#32484) * Improve alignment of Link and New buttons on Incident (I#31748) * Make Link, New, Take, Lookup buttons on IRs smaller * Respect rich-text input preference on incident pages (I#32166) * Fix Show Email link when show history pref is set to "immediate" * Include the new RTIR logo * Add button to save whois and traceroute results to ticket (I#31257) * Remove extra ?id= in transaction history links (I#30744) * Remove Type arg from call to UpdateData to load correct editor on Incidents * Add button to save Whois and Traceroute results to a ticket (I#31257) * Remove extra table row at bottom of RTIR ticket display * Restore styling for single column create/update layout * Provide a new option to use RT's search page directly rather than always redirecting to the RTIR search page * Add Lifecycle as an extra arg on Link * Update IPv6 matching to use stronger boundary conditions and avoid matches with non-IPv6 strings * Handle emails with +tags in 'Investigate to' MakeClicky links Server Administration * Avoid dependency on Sort::Versions * Avoid regex deprecation warnings on perl 5.21.1+ * Remove stale callback on upgrade from RTIR 3.2 that broke admin UI for ticket custom fields (I#32100) * Include RT 4.4.2 schema changes in the RTIR upgrade test * Remove unnecessary query debug log for Charts * Use Lifecycle to load queue-specific Formats * Wrap RT upgrade to catch warnings * During upgrades, correctly derive status from state CF for all cases * Only enable Net::Whois debug logs if RT's log level is debug Developer * Add AfterWorked callback to /RTIR/Update.html * Add AfterHidden callback to /RTIR/Incident/Reply/index.html * Add AfterHidden callback to /RTIR/Incident/Create.html * Add ARGSRef and SaveChanges parameters to Initial callback on /RTIR/Edit.html * Add BeforeDisplay callback to /RTIR/Display.html * Add TicketObj parameter to BeforeDisplay callback on /RTIR/Incident/Create.html * Improve test compatibility with RT 4.4.2 * Fix test failure with HTML::Mason versions prior to 1.52 * Use RT's new version of SelectStatus * Remove unused EditComponentName callback file on upgraded systems * In RTIR/Update.html Initial callback, pass ARGS as a reference Internals * Use RT::Handle's cmp_version function in upgrade version checks * Various fixes for perl 5.26 compatibility * Redirect to the correct display page from Update.html * Normalize SkipNotification checkbox value to an arrayref * Differentiate RTIR Reports menu from RT Reports in tests * Confirm TicketObj is defined before checking for queue whois server * Remove explicit require of Auth::Crypt that could cause errors when not installed * Stop parsing empty URIs to avoid warnings * Convert a queue name reference in tests to use lifecycle * When merging, default to empty string values for unset constituencies * In tests, use lexical iterator so inline test server can render articles * Filter CFs when creating Incident and Investigation at the same time A complete changelog is available from git by running: git log 4.0.0..4.0.1 or visiting https://github.com/bestpractical/rtir/compare/4.0.0...4.0.1 2018-06-26T15:53:02+00:00 rtir 5.0.0 2020-07-16T13:03:46+00:00 RTIR 5.0.0 - 2020-07-17 ======================= We're pleased to announce the general availability of RTIR 5.0.0. This release introduces a major update of the web UI, following the RT update to the popular open source Bootstrap front-end toolkit. This brings to RTIR (and RT) a modern, responsive layout, keeping all of the familiar features of RTIR. Details on this and other changes and new features are below. You can get the new version here: https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.0.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.0.tar.gz.asc SHA-256 sums 1230c6b689435bff5798431f740830aadedb98626a72bf51210dc648a0a675d4 RT-IR-5.0.0.tar.gz 72fbb7fc2534243890cc95a2f41dfc85e9d755649ac23735b369feab109b9be1 RT-IR-5.0.0.tar.gz.asc As with previous versions of RTIR, it's import to install with a matching version of RT. The RTIR 5.0 series is compatible with the RT 5.0 series. If you have used past versions of RTIR, you'll know that in the past the version numbers were independent, which could lead to some confusion. With this new release, the major series version numbers between RTIR and RT are the same and we hope this makes it easier to find compatible versions. If you are upgrading from a previous RTIR version, be sure to review the RTIR UPGRADING-5.0 upgrade documentation: https://docs.bestpractical.com/rtir/5.0.0/UPGRADING-5.0.html If you are also upgrading to RT 5.0.0, be sure to also read its documentation, available at https://docs.bestpractical.com/rt/5.0.0/UPGRADING-5.0.html There were many, many changes throughout RTIR to support these major new features. In addition to the theme updates, RTIR has a new feed reader, the search and charting interface now uses RT's core search system, and default custom field values now use RT's core default values feature. Here is an abbreviated list of additional changes: * Convert to Bootstrap as base web design framework, aligning with RT * Remove table-based page layout and make design responsive * Support RT's new elevator-light and elevator-dark themes * Convert many on-screen hints/help to tooltips * Add Fontawesome and update all icons to svg * The main navigation menu for RTIR has been restored to the previous main RTIR menu item, and this menu now appears next to the Home menu * Queue can now be selected on the ticket create page * Use RT's LinkedQueuePortlets feature for linked queues on Incident display * Add RTIR_DefaultQueue option to set a default queue in RTIR create pages * Fix message box colors for reply/comment on reply pages * Migrate to RT core search for RTIR search pages * Use RT ListActions to show warnings for Incident reply page * Remove hard coded width values for RTIR simple search * Add Priority to RTIR portlets and orderby Priority 2nd * Remove the session cache of the "RTIR at a glance" portlet lists * Use new search selection interface for editing RTIR home page * Update style on RTIR default reporting page * Add new feature to display information from security feeds * Convert Updates to new column map to show message count * Link to RT ticket create on RTIR create pages * Update testing infrastructure to Docker and TravisCI * Restore Incident and Investigation create on one page * Add new domain parsing to a custom field similar to IP parsing * Use core default values instead of RTIR_CustomFieldsDefaults config * Display RTIR::Ticket CF groupings on queue admin Default Values tab * Add autocomplete for select Incident input * Rename SelectIncident input from 'More' to 'Add' * Remove the confusing incident Reply sub-menu link on Incident Reply pages A complete changelog is available from git by running: git log 4.0.1..5.0.0 or visiting https://github.com/bestpractical/rtir/compare/4.0.1...5.0.0 2020-07-16T13:03:46+00:00 rtir 5.0.1 2021-01-29T15:53:03+00:00 RTIR 5.0.1 - 2021-01-29 ======================= RTIR 5.0.1 is now available for general use. The list of changes included with this release is below. https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.1.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.1.tar.gz.asc SHA-256 sums 704e3c8c3f06492dd9f5b7003c6f8e9062b4556da58cb752ae3d1f37183715ed RT-IR-5.0.1.tar.gz 35e8342650b7ee842a32ec67234fac8dddead8e34c2f66c58f1a2bbd67372109 RT-IR-5.0.1.tar.gz.asc General Updates and Fixes * Add inline edit functionality to custom RTIR ticket pages * Pass Requestors through queue selection modal if provided * Handle emails with +tags in 'Investigate to' MakeClicky links * Disable IncludeWebPath flag on ExteneralFeeds link generation * Include full web path for RTIR page edit cog * Move file attachment box below message box for consistency with RT * For clarity, convert Incident report Take/Steal button from icon to text * Don't override default empty messages if it's not RTIR queue * Remove countermeasure queues from %LinkedQueuePortlets when disabled * Customize search "Show Results" menu text for action pages to avoid confusion * Fix Query used for "Edit Search" menu on merge pages * Add ARG for /RTIR/Elements/ShowIncidents to add classes when in a form A complete changelog is available from git by running: git log 5.0.0..5.0.1 or visiting https://github.com/bestpractical/rtir/compare/5.0.0...5.0.1 2021-01-29T15:53:03+00:00 rtir 4.0.2 2021-09-14T20:01:19+00:00 RTIR 4.0.2 - 2021-09-14 ======================= RTIR 4.0.2 is now available, primarily providing updates for compatibility with RT 4.4.5. The list of changes included with this release is below. If you upgrade RT to 4.4.5 on your RTIR instance, you also need to update to RTIR 4.0.2. https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.2.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.2.tar.gz.asc SHA-256 sums f5c5575e4f54dba5c6ffff89f2d0a4f198f150652763f25168ecd93e026ec608 RT-IR-4.0.2.tar.gz 2a4ad7222fa73ac93a32bcd83f2b7a39d0892ae9c89ae954a0fd974cdc13278c RT-IR-4.0.2.tar.gz.asc Changes * Update ticket search value quoting for compatibility with RT 4.4.5 * Allow more whitespace when matching has_watchers anchor tags to * Remove the bfk_dnslogger tool because it has been discontinued due to GDPR. A complete changelog is available from git by running: git log 4.0.1..4.0.2 or visiting https://github.com/bestpractical/rtir/compare/4.0.1...4.0.2 2021-09-14T20:01:19+00:00 rtir 4.0.3 2022-07-13T17:54:47+00:00 RTIR 4.0.3 - 2022-07-13 ======================= RTIR 4.0.3 is now available, primarily providing bug fixes. The list of changes included with this release is below. In addition to the bug fixes listed below, this release contains security fixes. When upgrading RTIR, you should also upgrade RT to version 4.4.6 for compatibility with this release and to get security updates in RT. https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.3.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-4.0.3.tar.gz.asc SHA-256 sums 2c6a57ff0da877f40b81d7d24c27609d350251ecfa97534e6657349a14bf10aa RT-IR-4.0.3.tar.gz a9ed2484fe64ab3e12380e055659b7bdb9c743619e5d2d77883b5709c8ccd944 RT-IR-4.0.3.tar.gz.asc Security The following security issues are fixed in this release. Thanks to the Polish Financial Supervision Authority IT Security Department (UKNF) for reporting these issues. * RTIR's Whois lookup tool is vulnerable to server-side request forgery (SSRF). It accepts queries in a way that could allow sending requests from the RTIR server to a resource other than the intended whois server. Because the request comes from the RTIR server, this could allow access to otherwise protected resources. This vulnerability is assigned CVE-2022-25800. * RTIR's Scripted Action tools is vulnerable to server-side request forgery (SSRF) similar to the one described above. This vulnerability is assigned CVE-2022-25801. General Updates and Fixes * Fix squelching functionality on update page * Remove unavailable TrustedSource.org from $RTIRIframeResearchToolConfig A complete changelog is available from git by running: git log 4.0.2..4.0.3 or visiting https://github.com/bestpractical/rtir/compare/4.0.2...4.0.3 2022-07-13T17:54:47+00:00 rtir 5.0.3 2022-07-13T18:20:06+00:00 RTIR 5.0.3 - 2022-07-13 ======================= RTIR 5.0.3 is now available for general use. The list of changes included with this release is below. In addition to the new features and bug fixes listed below, this release contains security fixes. When upgrading RTIR, you should also upgrade RT to version 5.0.3 for compatibility with this release and to get security updates in RT. Note that there was no RTIR 5.0.2 public release. https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.3.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.3.tar.gz.asc SHA-256 sums 3f59e713cb439f33b3abbcc18226ee6ab9f782a3607317e0529e72dbe443f89f RT-IR-5.0.3.tar.gz 9b6b0610492443fb0f0abb7d945276e4fe6b1eceab43e240757a11ba162c3741 RT-IR-5.0.3.tar.gz.asc Security The following security issues are fixed in this release. Thanks to the Polish Financial Supervision Authority IT Security Department (UKNF) for reporting these issues. * RTIR's Whois lookup tool is vulnerable to server-side request forgery (SSRF). It accepts queries in a way that could allow sending requests from the RTIR server to a resource other than the intended whois server. Because the request comes from the RTIR server, this could allow access to otherwise protected resources. This vulnerability is assigned CVE-2022-25800. * RTIR's Scripted Action tools is vulnerable to server-side request forgery (SSRF) similar to the one described above. This vulnerability is assigned CVE-2022-25801. General Updates and Fixes * Migrate RTIR homepage to dashboard * Update ticket search value quoting to align with new RT search options * Support to hide unset fields on display pages * Remove the yellow border in warning message box * Add UPGRADING note about the change to dashboard RTIR homepage * Support to configure RTIR homepage globally * Add UPGRADING note about the global "RTIR at a glance" configuration page * Add tooltip to select incident text input if it's below the label * Skip default "Content" custom field when inserting articles from "Templates" * Replace discontinued Security Focus feed with Full Disclosure * Document deselecting the Content CF * Extract IP from more attachments if main content doesn't have any. * Allow users to comment on Incidents when resolving * Add the missing "?" delimiter for "New ..." menu links on FromIncident page * Add Custom Field "CVE ID" to keep track of CVE * Add CVE widget to show info from nvd.nist.gov * Extract CVE IDs from content * Add upgrading notes for CVE ID * Add ticket id info to "Back to ..." search page menus * Migrate plain checkboxes to bootstrap's custom-checkbox for consistency * Make ticket updates atomic on edit page * Document atomic change in Upgrading doc * Update TimeWorked for incident only on incident reply/resolve pages * Document changes to message and time processing Internals * Add maps from default to/from RTIR lifecycles * Update tests for the migration of Homepage => dashboard * Add callbacks to the feed listing and display pages * Add necessary callbacks for MandatoryOnTransition * Load queue object in GetRTIRDefaultQueue to make sure it's valid and visible * Add tests for default RTIR queue rights check * Add EndOfBasics callback to ticket display pages * Test IP extraction from more attachments * Test CVE ID extraction * Call ProcessUpdateMessage first to update TimeWorked on incident display page A complete changelog is available from git by running: git log 5.0.1..5.0.3 or visiting https://github.com/bestpractical/rtir/compare/5.0.1...5.0.3 2022-07-13T18:20:06+00:00 rtir 5.0.4 2023-05-04T16:28:03+00:00 RTIR 5.0.4 - 2023-05-04 ======================= RTIR 5.0.4 is now available for general use. The list of changes included with this release is below. When upgrading RTIR, you should also upgrade RT to version 5.0.4 for compatibility with this release and to get all updates in RT. May the Fourth be with you! https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.4.tar.gz https://download.bestpractical.com/pub/rt/release/RT-IR-5.0.4.tar.gz.asc SHA-256 sums a00fd1a723d8a7b67d66227168dfac3958d8f805134ff540532276fbb25a496d RT-IR-5.0.4.tar.gz dea6c11cedc49a97db8381338880506150408971dafc122a6bceb6aa40511c7d RT-IR-5.0.4.tar.gz.asc General Updates and Fixes * Set "How Reported" CF from CurrentInterface * Create How Reported with valid values of CurrentInterface * Adjust gnupg widget on reply incident page * Add Process Articles for Classification * Update upgrading instructions with Process Articles information * Update RTIR Admin Tutorial with Process Articles information * Add 'SeeCustomField' right to DutyTeam on Templates Articles class * Note the right change for the Templates class * Use consistent space among input rows for ticket forms * Document the changes to RTIR_SetHowReported in UPGRADING * Move "Templates" class creation from @Final to @Classes * End WHOIS commands with CRLF to avoid timeouts for whois searches * Improve External Feeds message when no content found Internals * Use RTs perl from the base docker image * Install dependencies with cpm * Split build and test in github actions * Test MariaDB current long term support version * Test against a supported Postgresql version * Run with 5 parallel processes like the core RT tests A complete changelog is available from git by running: git log 5.0.3..5.0.4 or visiting https://github.com/bestpractical/rtir/compare/5.0.3...5.0.4 2023-05-04T16:28:03+00:00