+++ This bug was initially created as a clone of Bug #506236 +++ New RT upstream versions 3.6.8 and 3.8.4 were released, mentioning following security fix: The most important fix is that RT now requires the SuperUser right to edit global RT at a Glance. In all previous 3.8 releases, the "ShowConfigTab" right unintentionally enabled this. If you have not granted this right to any non-administrative user, then this issue should not affect you. References: http://lists.bestpractical.com/pipermail/rt-announce/2009-June/000169.html http://lists.bestpractical.com/pipermail/rt-announce/2009-June/000170.html Upstream announcements contain patches that can be used with older versions instead of moving to new upstream version. As a "quick fix", I am going to apply the patch from http://lists.bestpractical.com/pipermail/rt-announce/2009-June/000170.html to the FC10 and FC11 packages (both currently at rt-3.8.2), because the side-effects of upgrading to rt-3.8.4 currently are not sufficently clear to me and appear as to seems too risky (at least for now).
rt3-3.8.2-8.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/rt3-3.8.2-8.fc11
rt3-3.8.2-8.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/rt3-3.8.2-8.fc10
rt3-3.8.2-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
rt3-3.8.2-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.