Re: [rt-users] Unable to grant Status changes rights to user
Hi Chrilly, > 2015/06/29 8:28、Chrilly Cheng のメール: > > Issue resolved by rename the rights. It only supports 25 characters length. Thanks for following up with your solution. I’ll see if I can remove that limit in RT, or at least warn about it! > BR, > Chrilly Thanks, Shawn signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [rt-users] 2 Questions, Dashboard subscriptions and Error messages via Script
> 2015/07/31 5:13、Ashley Etherington のメール: > > Good morning all. Hi Ashley, > First Question: > We recently set-up a Dashboard with subscriptions for a daily email report > for incoming jobs. This had some searches and some charts. The first 2 > emails it sent us were perfect, formatted and were generally very nice to > look at. The 3rd and all emails since are now unformatted, have no images > and just attachments with the graphs. Nothing has changed on the dashboard > since and we have tested it on several browsers/mobile devices/email clients. > I am just wondering if this is a known issue or if there is something I can > change to make it reliable. Do you have anything in your config for @EmailDashboardRemove? I wonder if someone added something to it between the second and third mails. > Second Question: > For a long time we have had RT hooked up to an external service run by Apple. > This is working great, But now we would like to get deeper integration with > the system, This means we need to improve the current error handling we have > at the moment (For invalid details and various other bits of information) Is > there a way using RT Scripts to invoke the yellow or red error bar with a > custom message? Or would this have to be done through a plugin of sorts. Any > information would be great. If the error is specific to a particular ticket, I’d use an attribute on the ticket object for this. It’s sorta like a custom field but doesn’t show up in the UI. It’s lets code stash extra data on RT records. In your scrip when you detect an error condition, use $ticket->AddAttribute(Name => “AppleError”, Content => “Uh oh! $error”); When things are back to working, $ticket->DeleteAttribute(“AppleError”). In your ticket display page, check $ticket->Attributes->Named(‘AppleError’) and if it’s present display a bar. (Maybe add an “Acknowledge” link that also does the ->DeleteAttribute). If it’s not specific to a particular ticket, you can use an attribute on RT->System instead of the ticket. > Thank you for reading. > Ashley Etherington. Hope this helps, Shawn signature.asc Description: Message signed with OpenPGP using GPGMail
[rt-users] [rt-announce] Security vulnerabilities in RT
We have discovered security vulnerabilities which affect both RT 4.0.x and RT 4.2.x. We are releasing RT versions 4.0.24 and 4.2.12 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 4.0 and 4.2. The vulnerabilities addressed by 4.0.24, 4.2.12, and the below patches include the following: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected. Patches for all releases of 4.0.x and 4.2.x are available for download below. Versions of RT older than 4.0.0 are unsupported and do not receive security patches; please contact sa...@bestpractical.com if you need assistance with an older RT version. https://download.bestpractical.com/pub/rt/release/security-2015-08-12.tar.gz https://download.bestpractical.com/pub/rt/release/security-2015-08-12.tar.gz.asc 0ffdfae09837c09957f69e9de69660735d3099ee security-2015-08-12.tar.gz 92c8d4d299c7bc205eb8382274306dc3aaa14970 security-2015-08-12.tar.gz.asc The README in the tarball contains instructions for applying the patches. If you need help resolving this issue locally, we will provide discounted pricing for single-incident support; please contact us at sa...@bestpractical.com for more information. signature.asc Description: Message signed with OpenPGP using GPGMail ___ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce
[rt-users] [rt-announce] RT 4.2.12 released
RT 4.2.12 -- 2015-08-12 --- RT 4.2.12 contains important security fixes. https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.2.12.tar.gz.asc SHA1 sums ddbf70752c2b96354caf7687534addf075859d4d rt-4.2.12.tar.gz 8e76c69a56a60afbe0a75673874a1f4510355350 rt-4.2.12.tar.gz.asc This release is a security release which addresses the following vulnerabilities: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected. A complete changelog is available from git by running: git log rt-4.2.11..rt-4.2.12 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.11...rt-4.2.12 signature.asc Description: Message signed with OpenPGP using GPGMail ___ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce
[rt-users] [rt-announce] RT 4.0.24 released
RT 4.0.24 -- 2015-08-12 --- RT 4.0.24 contains an important security fix. https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz https://download.bestpractical.com/pub/rt/release/rt-4.0.24.tar.gz.sig SHA1 sums 0588b678cc1f13ae1504e9fffede1b8485d172f7 rt-4.0.24.tar.gz 8f8b69532112aa01d6fe540478de6a7046ad6fb0 rt-4.0.24.tar.gz.sig This release is a security release which addresses the following vulnerability: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. A complete changelog is available from git by running: git log rt-4.0.23..rt-4.0.24 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.23...rt-4.0.24 signature.asc Description: Message signed with OpenPGP using GPGMail ___ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce
Re: [rt-users] Action: Extract Custom Field Values - RT don't show me this option
On 2015年11月16日 at 17:17:53, Marcelo Calado | TBS TAX Services (mcal...@tbstaxservices.com) wrote: Hello Everyone! Hi Marcelo, When I tried to create the Scrip, I can’t see the Action “Extract Custom Field Valeus” Did you run “make initdb” from the ExtractCustomFieldValues directory? That adds the necessary Action record to your database. Everything else looks to be in order. Tks, Marcelo Calado. Thanks, Shawn
Re: [rt-users] RT 4.4 RC1 Update
On 2015年11月20日 at 12:56:15, Max McGrath (mmcgr...@carthage.edu) wrote: > Hello - Hi Max, > Just tried upgrading from RT 4.2.12 to RT 4.4 RC1 in my test environment to > give you some feedback. Hopefully this is the proper place to post this: Thank you for testing the RC! This is a perfectly fine place to discuss it. :-) > […] Now I am getting this: […] > Can't locate Scope/Upper.pm in @INC (@INC contains: > […] This is the root of the problem. You’re missing one of the new dependencies in RT, the Perl module Scope::Upper. It looks like RT is declaring that dependency correctly, so this might have just been a fluke. If you run “make fixdeps” again it should install that module for you. > I don't claim to be a Perl or Apache expert, so if I'm missing something > simple -- some help would be appreciated! > > Thanks! > > Max Thank you :) Shawn
Re: [rt-users] RT 4.4 Errors
Hi Max, On 2015年11月23日 at 15:59:38, Max McGrath (mmcgr...@carthage.edu) wrote: > [12001] [Mon Nov 23 17:04:12 2015] [error]: Can't call method "loc" on an > undefined value at /opt/rt4/sbin/../lib/RT/Ticket.pm line 1371. Can you upgrade to 4.4.0 rc2? That includes a fix for this bug. > Max Thanks! Shawn
Re: [rt-users] RT 4.4.RC3
On 2016年1月11日 at 15:29:03, Max McGrath (mmcgr...@carthage.edu) wrote: > Hello - Hi Max, > I just upgraded from RT 4.4 RC2 to 4.4 RC3 in my test environment. I had > an issue in RC2 that I still have in RC3. Thank you for testing the RCs! > [24618] [Mon Jan 11 20:31:59 2016] [error]: RT::User::ExternalAuthId > Unimplemented in RT::Record. (/opt/rt4/sbin/../lib/RT/Record.pm line 958) The ExternalAuthId column was removed from the users table in RT 4.4. I suspect you’re still using it in ExternalSettings in RT_SiteConfig. If it’s not clear, send that over and we’ll have a look. Just be sure to censor any sensitive information in there. Thanks, Shawn
Re: [rt-users] RT 4.2 suddenly reset to a nonsensical view
On 2016年2月9日 at 15:57:44, Boris Epstein (borepst...@gmail.com) wrote: Hello listmates, Hi Boris, Has anybody ever discovered a situation where all of a sudden your view resets to a non-sensical view where your search, tickets, etc. configs - all the advanced options - are gone and all you see is a view which is essentially useless. Tickets, however, seem to be there - if you specify them by number. Any idea what this could be - or how to reset it to something reasonable? What’s the URL? Sounds like you ended up in self-service. Thanks. Boris. Thanks, Shawn - RT 4.4 and RTIR Training Sessions (http://bestpractical.com/services/training.html) * Hamburg Germany March 14 & 15, 2016
Re: [rt-users] Problems with RT::Authen::ExternalAuth::LDAP after upgrade to 4.4
Hi John,
On 2016年2月10日 at 2:11:18, John Andersen (j...@yvig.com) wrote:
> For background. this particular installation went live 10 years ago and has
> been carried over (mostly flawlessly I might add) from version to version
> over that 10 years; I try to stay on the most recent stable version.
I’m very happy to hear that RT has been running smoothly for you for so long!
> Set( $ExternalAuthPriority,['LDAP_DIR3']);
> Set( $ExternalInfoPriority,['LDAP_DIR3']);
> Set( $ExternalServiceUsesSSLorTLS, 0);
> Set( $AutoCreateNonExternalUsers, 1);
> Set($ExternalSettings, {
> ...
> );
Could you try adding this as well?
Set( $ExternalAuth, 1 );
> I'd be grateful for any ideas or pointers!
Please let us know if that gets you back up and running. We’ll do a better job
about this in 4.4.1.
> Thank you,
> John
Thanks!
Shawn
-
RT 4.4 and RTIR Training Sessions
(http://bestpractical.com/services/training.html)
* Hamburg Germany March 14 & 15, 2016
Re: [rt-users] Problems with RT::Authen::ExternalAuth::LDAP after upgrade to 4.4
Hi Gavin,
On 2016年2月11日 at 10:20:44, Gavin Henry (gavin.he...@gmail.com) wrote:
> Undefined subroutine
> &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at
> /opt/rt4/sbin/../lib/RT/User.pm line 787.
Could you try loading that module in that bit of code, near
/opt/rt4/lib/RT/User.pm line 787. Changing:
if($config->{'type'} eq 'ldap'){
($found, %params) =
RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value);
} elsif ($config->{'type'} eq 'db') {
to:
if($config->{'type'} eq 'ldap’){
require RT::Authen::ExternalAuth::LDAP;
($found, %params) =
RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value);
} elsif ($config->{'type'} eq 'db') {
Please let us know if that makes it any better.
Thanks,
Shawn
-
RT 4.4 and RTIR Training Sessions
(http://bestpractical.com/services/training.html)
* Hamburg Germany March 14 & 15, 2016
Re: [rt-users] Problems with SLA since upgrading to 4.4
On 2016年2月11日 at 0:46:59, Yourevilness (sli...@onthenet.com.au) wrote: > Hello, Hi, > Recently upgraded from 4.2.11 > 4.4.0 which has SLA in its core config. […] > Doesn't appear to work. Can someone have a look over my settings or tell me > what i'm missing? Could you check each queue’s Basics admin page to see if “SLA Enabled” is checked? Thanks, Shawn - RT 4.4 and RTIR Training Sessions (http://bestpractical.com/services/training.html) * Hamburg Germany - March 14 & 15, 2016 * Washington DC - May 23 & 24, 2016
Re: [rt-users] disable url links in ticket history
On 2016年3月25日 at 18:32:36, user1...@qet.be (user1...@qet.be) wrote: > Hi all, Hi U, > Does anyone know if it is possible, or a good way to go to disable the links > in the ticket > history. > I clarify: > We get a lot of tickets where people send us phishing mails they received or > mails containing > a possible malicious url to analyse. > What we like to do is implement something that those urls in the history are > "not clickable” > so that nobody of the first line handlers can incidentally get infected. The automatic linking in the ticket history is done by a feature called MakeClicky. It was designed so that you can add your own parser to augment text in other ways too, not limited to just hyperlinking urls (or for that matter, “just” hyperlinking). The example in our documentation makes “ticket #xyz” into clickable links. But, the way it’s implemented allows you to turn it off completely with the following config: Set(@Active_MakeClicky, qw()); See https://docs.bestpractical.com/rt/4.4.0/extending/clickable_links.html for more information. > kind regards, > > U Cheers, Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] Custom role?
On 2016年5月5日 at 4:45:55, Guadagnino Cristiano (guadagnino.cristi...@creval.it) wrote: > Hi all, Hi Cris, > I am trying to use the new "custom role" functionality in RT 4.4, but > I'm not sure I understand how it works. > > I created the new "GroupManager" role and I assigned some queue > privileges to it. > > The problem is: how am I supposed to assign the role to a user? You’ll first have to pick which queues the GroupManager role should be applied to, just like you do for custom fields. Admin -> Custom Roles -> GroupManager -> "Applies to" lets you select the queues. Then, when you’re creating or updating tickets in that queue, you’ll see GroupMember alongside other People fields. It’ll be next to either AdminCc/Cc/Requestor if it’s a multi-member role, or in this case, since it sounds like a single-member role, alongside Owner. If it’s a multi-member role, you can also add members on the queue level by going to Admin -> Queues -> (select your queue) -> Watchers, just like you can for Cc and AdminCc. > Thank you in advance > > Cris Thanks! Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] Custom role?
Hi Guadagnino, On 2016年5月6日 at 3:08:53, Guadagnino Cristiano (guadagnino.cristi...@creval.it) wrote: > Shawn, > I'm sorry but I think I still need some help. > > I disabled the single-member custom role and created a new > multiple-member custom role. > > I applied it to a queue, and then I entered the queue configuration and > added myself as GroupManager on that queue. > > After that, if I look at the tickets in that queue (both those > pre-existing and those created afterwards) I see no user in the > GroupManager field. > > I would have expected to see my name as GroupManager. > How is this supposed to work? You won’t see your name as GroupManager on individual tickets, since your user was added at the queue level. You should be able to add additional users on the ticket level and they’ll show up on tickets. However, permissions, notifications, (e.g. anything that uses the list of role members) will include both ticket-level and queue-level members. This is how the builtin roles AdminCc and Cc work too. > Thank you in advance. > Cris Thanks, Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] Angular web page breaks when I try to access it from the local/html directory of RT 4.4.2
On 2016年5月11日 at 13:54:01, Keith Creasy (kcre...@aph.org) wrote: > Hello. Hi Keith, > We have a similar script, that doesn't use angular.js, that works. > > Any idea if RT is simply not compatible with Angular.js markup? I’ve done some prototyping with Angular (1.x) within RT’s UI and I don’t recall having any particular problems. > Is there any hope of updating RT to be more REST and json compliant as well > as making it so > it doesn't try to mangle scripts? We are eager to release a new REST API with JSON support, but as of right now it’s still in the works. RT certainly shouldn’t be mangling scripts in any case! > Keith Thanks, Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] accessing role object from template
On 2016年5月21日 at 3:21:17, Woody - Wild Thing Safaris
(wo...@wildthingsafaris.com) wrote:
> Hi all,
Hi Woody,
> I've created a custom role "Transfer Operators" and i wanted to email
> all those people from a scrip/template, but i have found that the
> argument in ScripActions cannot take a word boundary - renaming the role
> to TransferOperators and the argument in ScripActions sends a mail.
One workaround would be to use the RT::CustomRole-1 syntax (where 1 is the
role’s ID) in the ScripAction argument.
I’ve made a ticket for adjusting how the argument parsing works, since you’re
right, that is a bit limiting:
https://issues.bestpractical.com/Ticket/Display.html?id=31997
> It would seem that either Role Names need to be restricted to single
> words, or Notify.pm needs an update to cope with spaces in Role Names
>
> My question is however, how can i access Role member info from a template
>
> something like:
>
> { $Ticket->RoleObj("TransferOperators")->RealName }
Two options:
Load the role by name:
my $role = RT::CustomRole->new($CurrentUser);
$role->Load(“TransferOperators”);
$Ticket->RoleGroup($role->GroupType);
or specify the internal ID directly:
$Ticket->RoleGroup(“RT::CustomRole-1”);
This will return an RT::Group object. If you only need email address(es), you
can use $Ticket->RoleAddresses(“RT::CustomRole-1”) directly.
> w.
By the way, we’d love to hear more about how you’re using custom roles :)
Thanks!
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016
Re: [rt-users] Critical error after upgrading to RT 4.4.0
Hi Cris, On 2016年6月1日 at 5:58:31, Guadagnino Cristiano (guadagnino.cristi...@creval.it) wrote: > Yesterday I upgraded from RT 4.2.12 to RT 4.4.0. > > Today I am sometimes getting errors like this: > > [30091] [Wed Jun 1 09:13:03 2016] [critical]: Couldn't create ticket groups > for ticket > 133221. aborting Ticket creation. (/opt/rt4/sbin/../lib/RT/Ticket.pm:444) > > [30091] [Wed Jun 1 09:13:03 2016] [crit]: Ticket creation failed: I: AGG > MAGGIO 2016.xlsx: > Ticket could not be created due to an internal error > (/opt/rt4/sbin/../lib/RT/Interface/Email.pm: > 697) This is the first we’ve seen of this error. :/ If you can send over a stack trace that will help track it down. Adding this to your site config will do so: Set($LogStackTraces, “error"); > I am having difficulty understanding where the problem is (what's the meaning > of "ticket > groups"?) and hence how to solve it. Ticket groups are the groups that contain AdminCcs, Ccs, Requestors, etc. > Please help!!! Do you have any customizations? Which extensions are installed? And which database are you on? > Cris Best of luck, Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] Critical error after upgrading to RT 4.4.0
On 2016年6月6日 at 4:14:57, Guadagnino Cristiano (guadagnino.cristi...@creval.it) wrote: > Hi Shawn! Hi Cris, > Uhm. The only thing I can think of is that I have added a custom role. Maybe > this is the thing > that's giving me problems? > > Apparently however the custom role is behaving well. I replicated the issue (it happens when a user has CreateTicket but not ShowTicket) and I believe I’ve fixed it. Can you try the following patch? https://github.com/bestpractical/rt/commit/5d0a88d47f141f37fdb8bb7c6e3428c122aff423 The fix will be included as part of RT 4.4.1 as this is definitely a blocker! > Thank you! > > Cris Thanks for helping track this down, and sorry about the trouble. Cheers, Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] Can't set DBI::db=HASH(0x8b3efb0)->{PrintWarm}
Hi Daniel, On 2016年6月16日 at 13:30:18, Daniel M. via rt-users (rt-users@lists.bestpractical.com) wrote: > [/opt/rt4/local/html/Ticket/Update.html:200] This suggests that you’d customized RT’s code directly, so I bet you are running a 4.2-era (or older) /Ticket/Update.html file against RT 4.4. In other words, RT has made changes to that file as part of your upgrade to 4.4.0, but your local override is hiding those changes, so that’s why you’re seeing strange errors. The way to proceed (in descending order of preference) would be to refactor your customizations to be callbacks, which is the recommended way to customize RT’s templates, or simply remove your local override if you don’t need it, or finally apply your customizations again to 4.4’s version of /Ticket/Update.html. See https://docs.bestpractical.com/rt/latest/writing_extensions.html#Callbacks for more detail on the recommended approach. Thanks, Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] Error when initializing database with external auth enabled
On 2016年5月24日 at 20:27:02, Bart Bunting (bart.bunt...@ursys.com.au) wrote: > Hi there, Hi Bart, > I may be just missing something but this is failing miserably for me and > I am not sure what the correct way to fix it is: > > Running rt 4.4.1 rc1 as of today. I’m glad to hear it. :) > When I have the external authentication configuration enabled in > RT_SiteConfig.pm the > initial database import breaks. I think this is because when it trys to > add the "root" user it attempts to canonicalize the name from ldap which > fails. You’re exactly right. It’s even trying to canonicalize the RT System and Nobody users too. > I can work around this by having puppet install one version of > RT_SiteConfig.pm without > external authentication configured, run the database import and then > replace it with a version with external auth enabled. > > This works, I've tested it. > > It just feels terribly ugly and wrong. Indeed it is, but hey, it works. > Can anyone suggest what I might be doing wrong here or is this a genuine > issue? It’s a genuine issue. I’ve created an Issues ticket on your behalf: https://issues.bestpractical.com/Ticket/Display.html?id=32009 I’ve also fixed the underlying issue with the following two commits (the first for RT System and Nobody, the latter for the root user): https://github.com/bestpractical/rt/commit/86b45ac4e26 https://github.com/bestpractical/rt/commit/a32c5813bdd These fixes will be included in RT 4.4.1rc2, but if you want to apply the patches ahead of time, you can get rid of your double SiteConfig hack. > Kind regards > Bart Thank you for testing the RCs! Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
