RT 5.0.4 -- 2023-05-04

RT 5.0.4 is now available for general use. The list of changes
included with this release is below.

May the Fourth be with you!

https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz
https://download.bestpractical.com/pub/rt/release/rt-5.0.4.tar.gz.asc

SHA-256 sums

916d870d22d92027f843798be6f880aaf1517aebc3f6ab25f456f4e772f4834d rt-5.0.4.tar.gz
191436164473423796c7b34cfe4cc8891d2fd1db8bef5584d34f50083bd3396e rt-5.0.4.tar.gz.asc

Security

• jQuery UI is updated to version 1.13.2, which addresses a security issue in
  earlier jQuery UI (CVE-2022-31160). This issue does not impact RT directly
  as RT does not currently use the impacted code.

General user features

• Split the select of watcher criteria in query builder; with a single
  select, this list would grow too long
• Display entry hint in people section of ticket display page
• Add missing css rules to buttons to improve UI consistency
• Increase search field column width, mainly for role fields
• Include custom roles in the core watcher search criteria
• Hide asset menu search if simple search is disabled
• Fix multiple mt-* classes that are applied at the same time to fix
  display bugs
• Retain Class and ObjectType when query parsing contains errors;
  prevents query parsing actions in transaction search from reverting
  to ticket search
• Clear floating elements from correspondence
• Show custom field diffs in transaction history
• Fix bug that caused HTML custom fields to show 'text/html' as value
• Move user custom fields on "Settings > About me"" page to make better
  use of space
• Fix the menu drift when clicking on repositioned submenus caused by
  screen width overflow
• Fix issue where a submenu could flash out when clicking a submenu
  option (specifically, in Chrome-based browsers)
• Fix runtime error in SelfService Asset Display (I#37377)
• Improve Reports/Update This Menu CSS styling
• Improve 'Error: public key' template to avoid confusion for new
  installs (I#37360)
• Show RT support email address in the RemoteAuth error page
• Show RT support email address on PSGI/database error page
• Block ticket creation/update when there's invalid recipients
• Disable browser spell check for custom code box (thanks Christian
  Mehlmauer!)
• Make Actions page menu scrollable in case it's too long to fit on
  screen
• Allow CKEditor (rich text) boxes to vary in height based on
  context/usage
• Fix bug preventing the toggling/display of initially rolled-up widgets
• Allow unchecking of "Suppress if empty" checkbox for dashboard
  subscriptions
• Load more history for unread messages with on scroll setting so new
  messages can be accessed via the "Jump to Unread" button
• Exclude favion.png from generated dashboard email
• Add extra css to dashboard emails to improve display for some
  email web clients (such as Gmail and Outlook)
• Fix Ticket/Create.html's display of Links block
• Refactor Edit Links to fix bug in page display
• Exclude asset custom roles from ticket search
• Fix custom role's name in the result message when adding members
• Add support for custom roles in asset searches
• Improve performance of one-time email lookup
• Improve page layout by dropping an extra form-row wrapper
  (LabeledValue already has one)
• Fix layout of ticket graph page
• Add back missing current-value span to fix alignment of rows in asset
  widget of ticket page
• Re-add the missing Creator row for article display
• Revert LabeledValue changes to role inputs
• Make article autocomplete case insensitive
• Force EmailAddress to be the default return value for EmailInput
• Prettify "Show ticket history" by making it look like a button
• Add multiple order by and order indicators in search results header
• Make autocomplete work in dynamically created modal popup
• Support to pass user name as default value for owner input
  autocomplete
• Allow to show empty option even when default value is present;
  allows current Priority filter to show while allowing user to unset it
• Allow users to filter ticket search results via headers
• Allow text but not icons to wrap in search header (in Firefox)
• Provide default 'select all' for some search terms; prevents erroneous
  "error parsing your search query" messages (I#36902)
• Reset queue-level default values on queue change on ticket create
  page; previously, defaults didn't change even if another queue was
  selected (I#37242)
• Show end users a message if a SQL error occurs
• Update search results to use Bootstrap/modern pagination styles
• Add box to jump to search results page
• Add UI for custom field validation hints
• Improve color and spacing for custom field FriendlyPattern UI
• Target keyboard shortcuts accurately for search result modal popups
• Fix combobox controls to not clear user inputs on dropdown click
• Format auth token list with a title box
• Removed extra space between Cc and Bcc in the ticket update cc Element
• Handle implicit form submissions in search filter modals (i.e., act
  as if the "Apply" button was clicked)
• Fix broken search input formatting on "Manage GnuPG Keys" page
• Always show a Logout link in the menu
• Make number of search results per-page configurable
• Add information about search preferences
• Remove extra space from titleboxes in query builder's Sort and Display
  Columns boxes
• Prevent main navigation from overlapping with custom logo
• Make pie/bar in js charts clickable again for saved searches
• Automatically enable live search for selects that have 10 or more
  options
• Force to use light theme for dashboard emails; prevents broken
  display of dashboard emails in email clients that try to automatically
  apply your system's dark/light theme to emails
• In query builder, show a solid funnel next to header column if that
  column is a filter in the search
• Add "unknown" default priority option to priority select list; shows
  if a ticket's priority is unknown or no longer valid
• Make search filter modal popups scrollable (in case of long content)
• In query builder, increase queue limit to 100 in search filter (as
  the modal is now scrollable)
• Add URL shortening of search URLs
• Add shortener support to saved searches
• Shorten subqueries on chart page
• Fix bug that adds duplicated criteria to queries generated on chart
  page
• Reduce whitespace between the continuous descriptive paragraphs
• When commenting or corresponding, only quote text from transaction
  areas in the ticket history
• Remove unnecessary spacing in layout of user custom fields in
  SelfService Prefs
• Fix label typo for asset description
• Fix bug that could prevent live-search in select widgets (Safari and
  Firefox)
• Improve UI consistency by wrapping textarea/attachment inputs in a
  form-row
• Remove extra vertical space of select inputs to be consistent with
  other inputs
• Use consistent space among input rows for ticket forms
• Replace fontawesome funnel icon with bootstrap version
• Drop the obsolete fontawesome filter icon
• Removed extra space between Cc and Bcc in the ticket update cc Element
• Update data-live-search attr for bootstrap select before initialization
• Show customized operator/value inputs for cfs on admin user search page
• Support to wrap textarea/attachment inputs into a form-row for space settings
• Remove extra vertical space of selectized inputs to be consistent with other inputs
• Use consistent space among input rows for ticket forms
• Use HTML content for articles by default
• Format article HTML content correctly when EscapeHTML is disabled
• Add extra newlines to make boundaries of different article fields clear
• Clarify usage of the $EmailSubjectTagRegex setting
• Adapt formatting for mixed HTML and plain text quoting in Outlook message
• Display key details for text/calendar messages (meeting invitations)
• Various improvements for search filter controls
• Limit dropdown size in owner search filter modal
• Convert some search icons to inline svg for easier styling
• Drop the duplicated div.value in EditTopics
• Hide tooltips everywhere on click

Web Administration

• Allow default custom field values for group, user, and article objects
• Add custom roles to assets
• Add lookup type to custom role admin page listing
• Make comment and signature boxes half-page width, not full page width
• Add SameSite to cookies from WebSameSiteCookies, helping to protect
  from CSRF attacks ($WebSameSiteCookies in RT config)
• Update default value for WebSecureCookie so cookies are secure by
  default
• Support sending test dashboard emails on dashboard subscription page
• Record ACL changes in transactions
• Show a default entry hint based on the type of validation for custom
  field admin pages
• Fix display of plugin arguments on Shredder page
• Update Scrips modify page to line up "Applies to" with the other
  values
• Remove unnecessary current-value span for rows not in forms
• Use LabledValue to generate current-value spans
• Add search functionality for config edit page
• Add configuration option to disable quoting of selected text on
  ticket update
• Fix lifecycle editor warning messages: "actions" is the key name,
  not "action"
• In lifecycle editor, show objects where the lifecycle is applied
• Add Shortener page (Admin > Tools > Shortener Viewer) to show content
  of specified shortener code
• Create optional article portlet for ticket display page
• Hide article portlet if current user does not right to see the article
• Add a Checkbox RenderType for select type custom fields
• Scrub permissively for non-ticket related custom field values
• Add %ScrubCustomFieldOnSave config to scrub custom field values on save

Server Administration

• RT now supports MySQL 8
• Upgrade jquery-ui to 1.13.2
• Upgrade CKEditor to 4.20.1
• Add clibboard.js to RT
• Update fontawesome to 5.15.4
• Updated dependencies:
  DBIx::SearchBuilder 1.76+ for MySQL 8, combined count/results
  Require DBD::SQLite 1.72
  Require GD::Graph 1.56
  Require Date::Extract 0.07
  Module::Runtime::require_module (replaces UNIVERSAL::require
• Removed dependencies:
  Data::Page::Pageset
  Pod::Select (deprecated)
  Pod::PlainText (deprecated)
  UNIVERSAL::require (deprecated)
• Drop obsolete babel-minify-webpack-plugin
• Add --recipient to send dashboard emails to a single recipient only
• Add --dashboards argument to specify dashboard IDs to send via
  rt-email-dashboards
• Add option to inline CSS for dashboard email; allows dashboard emails
  to resemble the RT display while decreasing email size by removing
  unused CSS classes
• Refactor implementation of --no-auto-commit to support --originalid
• Add $DatabaseQueryTimeout setting to set the maximum seconds a single
  SQL query should be allowed to run.
• Add Info/Debug/Error messages to the RT logs when a user logs in or
  out via web remote user auth.
• Add support to shred class/topic/article objects
• Add support to shred catalog/asset objects
• Shred only ticket roles when shredding queues
• When loading an initialdata file, don't add the same custom fields
  multiple times.
• Extract pre-defined custom field validation rules to the
  @CustomFieldValuesValidations config setting
• Add source IP address to the external auth login log message
• Clarify logout messages for local and SAML logouts
• Add rt-clean-shorteners CLI utility to clean up temporary shorteners
• Add Shorteners to serializer when running in clone mode
• Show customized operator/value inputs for searching custom fields in
  user admin (similar to how Query Builder works)
• Handle SetConfig changes in same way as text custom fields
• Dump GroupBy custom field items in saved charts using Name for
  improved portability when using rt-dump-initialdata
• Fix LDAP filter string debug output
• Add rt-clean-attributes to delete obsolete DeferredRecipients
  attributes
• Allow additional ticket relationship graph directions
• Support loading users via user custom fields
• Add new tables to reset-sequences utility
• Fix inconsistent normalized owner group member for merged tickets
  in rt-validator
• In vulnerable-passwords upgrade script, Page users to save memory
  in case there are too many records
• Dump GroupBy custom field items in saved charts using Name for portability
• Fix the partially quoted index name for MariaDB/MySQL

Developer

• Update .gitignore to ignore all of var/ to help protect developers
  from accidentally checking in session data or RT databases in var/
• Add a warning as a hint to RT developers about WebSecureCookies
• Add a new "LabeledValue" component to provide a standard way to show a
  value with a label attached to it
• Add CustomRoleObj method for loading RT records by GroupType
• Abstract RT::Ticket::RoleAddresses so it can be used for assets too.
• Factor out a LookupType role from CustomFields so it supports custom
  roles on assets and other record types
• Add API for interacting with custom roles on assets
• Move ShowHistoryHeader title into parameter, allowing calling
  components to set the title (thanks mzagrabe!)
• Add RT::Action::ClearCustomFieldValues ScripAction to clear a custom
  field
• Disable jump to page form by default in CollectionList
• Use custom role names as keys for ticket endpoints in REST2, making
  custom roles consistent with core roles
• Recurse into t/ directory to run all tests
• Test empty keys in saved chart content
• Test custom role groups in ACL initialdata
• Test HTML custom field changes
• Test invalid queries on transaction search edit page
• Add tests for LoadOrCreateByEmail
• Make tests require $WebSecureCookies=0 since they don't use HTTPS
• Tests for loading users via UserCFs
• Test order indicator in search results header
• Test shredder for class/topic/article objects
• Test shredder for catalog/asset objects
• Test shredder for ObjectCustomRoles of queues
• Switch to Test::MockTime::HiRes in date api test
• Add case-sensitivity tests for Articles autocomplete
• Update tests for new added ValidationHint feature
• Update basic_auth.t test since logout will be always available
• Update tests for the keys change of CustomRoles in REST2
• Add tests for new article methods
• Test optimized ticket/transactions/asset searches
• Update tests for the default priority change when PriorityAsString is
  enabled
• Add tests for %PriorityAsString that does not have "0" mapped
• Update tests to account for URL shortener being enabled by default
• Add basic tests for search url shortener
• Add basic tests for shortener viewer
• Add tests for saved search shortener
• Update tests for EN datetime locale change to space
• Update txn ids in tests because of new added acl transactions
• Adjust tests to account for new brief descriptions of SetConfig
  transactions
• Use a bigger FcgidMaxRequestLen value for apache+fcgid tests
• Test textual and UTF-8 encoded "message/..." attachments
• New callbacks:
  /Widgets/TitleBox Added ModifyContent to modify content presented by
  a TitleBox widget
  /Elements/ShowTransaction Added ModifyShowCFDiff to modify when
  CustomField diff details show in ticket history
  /Search/Elements/PickObjectCFS Added ModifyCFs, primarily to hide
  custom field (such as transaction or queue custom fields) that
  some users may be unfamiliar with
• Modified callbacks:
  ModifyLoginRedirect - moved to the end of Logout processing
  BeforeActionList Added Actions parameter
  /Search/Results.html - added calculated result count as parameter to
  BeforeResults and AfterResults callbacks
  EditCustomFields - Restored ModifyFieldClasses callback

Documentation

• Fix formatting in docs for $DateTimeFormat config examples
• Add docs about receiving email warnings from RT
• Document default Name setting in RT::User
• Update docs for showing article search in self-service
• Reference the assets menu right in the asset docs
• Document how OwnerEmail is used
• Correct documentation error for RT::Queue::IsWatcher
• Fix incorrect links in shredder's ticket docs
• Add build instructions for CKEditor 4
• Add docs for scheduling rt-clean-shorteners
• Document URL shortener in UPGRADING
• Document new process articles feature
• Fix broken link to RT_Config's External-storage section
• Provide examples for CanonicalizeEmailAddress match and replace
• Use HelpDesk as the plugin example in site config
• Corrected doc error - Custom Roles cannot apply globally
• Document the configuration needed to load JSON initialdata
• Render no-target header links more like normal text in shredder docs
• Fix broken Pod in rt-validator
• Fix typo in transaction-type argument in rt-crontool docs (thanks
  Rob Lister!)
• Fix 'pririty' typo in RT_Config.pm.in (thanks NReilingh!)
• Update rt-crontool documentation with multiple action example
• Fix "Reffered" typo in metadata doc (thanks NReilingh!)
• Fix 'followoing' typo in docs (thanks NReilingh!)
• Add upgrade note for $EmailDashboardInlineCSS option for dashboard
  emails
• Update Query Builder documentation with Dynamic Filtering and Sorting
• Update docs to remove references to UNIVERSAL::require
• Add docs for user-visible permalink features
• Document steps to generate initialdata changes file

Internals

• Treat RT::System-Role the same as other roles in ACL initialdata
• Use name for custom role groups in ACL
• Don't default Name to EmailAddress in LoadOrCreateByEmail
• Add SLA to args CreateTickets accepts
• Log recorded SQL statements, even without CurrentUser; allows
  StatementLog to function when invoked in places where there may not
  be a current user (such as the CLI)
• Remove state criteria for invalid utf8 error warnings (MySQL and
  MariaDB)
• Rewind uploaded file after reading (thanks elacour!)
• Support arbitrary user names in .rt_sessions
• Port RT UI to use new LabeledValue component
• Bring Asset Search rendering back to the status-quo-ante
• Encode content for textual "message/..." attachments
• Set MasonLocalComponentRoot via RT->Config->Set so apache can see it
• Exempt some format strings from HTML::Gumbo structure check
• Do not check acl when auto-setting core date fields (thanks elacour!)
• Ignore disabled lifecycles when validating mappings
• Require LDAPImport after init, allowing overlays for RT::LDAPImport
• Wrap direct SQL in rights checks to SearchBuilder's SimpleQuery to
  log SQL when StatementLog is enabled
• Don't duplicate system object in EquivObjects on system rights check
• Allow RegisterLookupType to provide options besides just FriendlyName
• Clear old data when registering custom roles
• Relax requirements about role names to be unique for each lookup type
• Convert OR'd role group names in ticket ACL check to IN for better
  performance
• Skip existing catalog role groups on import
• Serialize OldValue/NewValue to user references in SetWatcher/SetOwner
  transactions
• Clear unneeded anchors and HTML comments
• Don't error if users4 index has been removed
• Pass multiple Order/OrderBy values as array references
• Pass datetime in UTC as LastUpdated is stored that way
• Convert to preferred constructor for Data::Page
• Clean up duplicated widget arguments
• Add ValidationHint column for CustomFields table
• Convert $cf->FriendlyPattern to use ValidationHint
• Respect env variable "RT_DATABASE_QUERY_TIMEOUT" on database connect
• Add JOIN criteria for transaction searches to improve performance
• Simplify setting the redirect URL on logout
• Add helper methods on Class for article display settings
• Add pass-through methods for class-level display flags
• Convert Preformatted template to use new article API
• Update /SelfService/Article/Display.html to new API
• Page users to save memory in case there are too many records
• Include referenced queues/catalogs only for active/inactive status
  searches
• Convert "OR" clauses in transactions/assets searches to "IN" for
  better performance
• Replace CSS::Inliner->require with RT::StaticUtil::RequireModule
• Combine search and count for search result pages (if possible) to
  improve performance
• Combine search and count for saved searches on dashboards (if
  possible) for better performance
• Abstract GetStylesheet for web
• Refactor code to build search filter metadata in Header instead
• Calculate search filter modal content's max-height accurately
• Fix limit parameter for shredder URL on search pages
• Switch to POST method for search chart and refresh forms
• Add missing Class/ObjectType params to refresh form on search results
  page
• Default query to "id > 0" like other chart elements for ChartTable
• Provide a way to update config immediately in tests
• Disable legacy Table settings for asset date custom fields
• Suppress uninitialized value warnings seen in config history
• Exclude empty keys from search fields for saved charts
• Convert ticket link graph generator to GraphViz2
• No need to sync attribute links in PostInflateFixup
• No need to create transactions in PostInflateFixup
• Fix typo in DefaultDashboard handling of PostInflateFixup
• Import dashboards/savedsearches/subscriptions/prefs/bookmarks for
  merged users
• Add method to load an object based on a custom field value
• Directly use passed in $Default as label if it is already string
• Do not set SavedSearchId to chart search id
• Add system CurrentUserCanSee to make transaction's CurrentUserCanSee
  work
• Provide a simple framework for showing user messages
• Fall back priority to the first value in %PriorityAsStringMapping
  config
• Use name for custom role groups in ACL
• Treat RT::System-Role the same as other roles in ACL initialdata
• Ignore disabled lifecycles when validating mappings

A complete changelog is available from git by running:
git log rt-5.0.3..rt-5.0.4
or visiting
rt-5.0.3...rt-5.0.4