Request Tracker (RT) is widely integrated into email-driven support workflows. Security depends on fast patching, extension governance, and strict rights control.\n\n## 1) Follow RT security disclosure and update cycle\n\n- monitor RT security announcements and patch promptly\n- use supported RT branches only; avoid stale unsupported deployments\n- maintain documented emergency patch procedure for active incidents\n\n## 2) Restrict rights and extension attack surface\n\n- grant ModifyTicket/Admin rights only where operationally required\n- review plugin and extension list for known vulnerabilities\n- remove unused extensions and keep remaining ones updated\n\n## 3) Secure email and web interfaces\n\n- enforce HTTPS and hardened session settings for web UI\n- protect inbound/outbound mail processing and cryptography integrations\n- encrypt RT database/backups and test full restore regularly
Any questions?
Feel free to contact us. Find all contact information on our contact page.