I'm happy to announce that RT 3.8.11 is now available.

This release contains a number of bugfixes and a minor security update in one of our dependencies:

• Adjust FCGI dependency to one which resolves FCGI's CVE-2011-2766

• New WebHttpOnlyCookies option, enabled by default, which hides RT's cookie from direct Javascript access.

• Compatibility with perl 5.12 and 5.14, by removing deprecated "for qw(...)" and "defined %hash" syntax.

• MySQL 5.5 compatibility, by specifying ENGINE=InnoDB rather than TYPE=InnoDB

• Ensure that RT::Interface::Web's _Overlay, _Local, and _Vendor files are loaded correctly.

• Fix session cleaner for on-disk sessions, broken since 3.8.0.

• Ensure that only one "Based on" attribute is stored for each custom field.

• Fix the loading of Shredder plugins, broken in 3.8.10.