4.65v Small improvements

1. Department statistic modal window will show department online status. Useful for investigations.
2. Case insensitive will be a global in additional chat variables.
3. Sometimes while logging as other operator did not work and operator was logged out instantly.
4. vars_encrypted option should be respected in popup.
5. If condition support in bot individualization. https://doc.livehelperchat.com/docs/bot/multiple-languages#setting-translations-for-messages

execute doc/update_db/update_333.sql for update

What's Changed

Full Changelog: 4.64v...4.65v

4.64v

1. Departments widget will show online operators counter also, not only their slots.
2. Copy CURL Command will be available in audit login also. Click info icon and you will find it.
3. Debug window in chat will preparse chat_variables for better understandability.
4. If user message contained LHC internal tags, Rest API was reparsing them again.
5. Chat tabs will have light background for better visibility.
6. Option to have custom back office site access more easily. https://doc.livehelperchat.com/docs/security
7. Changes to avoid notices in case invalid requests are made.

execute doc/update_db/update_332.sql for update

What's Changed

Full Changelog: 4.63v...4.64v

4.63v

1. Attribute to set additional variable to check if it is encrypted in the first place.
2. Permission tab in user window will allow checking which group/role grants specific permission.
3. Holding CTRL will open chat tab in the background.
4. Possibility to search by trigger body in the bot constructor.
5. When logging Rest API message as system message, it will enable generating CURL request by logged data.
6. Search in system configuration.

execute doc/update_db/update_331.sql for update

What's Changed

Full Changelog: 4.62v...4.63v

4.62v

1. Option to show hidden chat variable directly in the chat window.

execute doc/update_db/update_330.sql for update

What's Changed

Full Changelog: 4.61v...4.62v

4.61v Security fixes

Multiple XSS vulnerabilities were fixed (all required operator login to exploit)
These were minor security issues that couldn't be exploited by anonymous visitors

Reported by:

• Name: Manojkumar Jaganathan (TheWhiteEvil)
• LinkedIn: https://www.linkedin.com/in/manojkumar-j-7ba35b202/
• HackerOne Profile: https://hackerone.com/the-white-evil?type=user
• Company: HackerBro Technologies
• Their website https://www.hackerbro.net

Specific fixes included:
1. Properly escaping operator names in the dropdown filtering box
2. Escaping bot usernames in the Telegram module
3. Escaping operator names in the change owner window
4. Escaping "Alias nick" field in department assignment modals
5. Escaping Facebook page "Name" fields
6. Escaping canned message content in chat window flows
New Features
1. Added logging capability for chat priority rules application
2. Added support for passing chat_id and chat_hash parameters
3. Improved UI to show which siteaccess is being used for translated text in widget themes

execute doc/update_db/update_329.sql for update

What's Changed

Full Changelog: 4.60v...4.61v

4.60v Improvements

1. Disabled operators departments relations will be stored in separate table. Performance improvement.
2. Ignore message in Rest API option in text message. Will avoid message being send inside previous_visitor_messages_list_url loop.
3. Option in chat configuration Delete chat on close there there is no visitor messages in chat usefull in case you are using auto chat start in start chat form settings.
4. sensitive, raw, sensitive_raw prefixes support for sensitive_{{args.item.msg}} syntax inside previous_visitor_messages_list_url loop
5. Encrypted variables passing additional options https://doc.livehelperchat.com/docs/custom-fields-and-prefill#how-securely-pass-attributes
6. JS api to hide need help widget manually. https://doc.livehelperchat.com/docs/javascript-arguments#hide-need-help-widget

What's Changed

Full Changelog: 4.59v...4.60v

4.59v Improvements

1. Fixed an issue where the assigned operator's statistics were not updated if the chat was auto-assigned but handled by another operator.
2. Optimized database indexing for the online operators widget, improving data fetching speed by 40–50%.
3. Browser notifications now display unread messages instead of just indicating the assigned chat.
4. Improved clarity of explanations in mobile settings.
5. Added support for canned messages in the mobile app.
6. Implemented a workaround for a Chrome bug: Chromium issue 414284085.
7. Added the option to display a custom message for connection issues.
8. Fixed an issue where the widget, when set to embed mode with a popup-on-click action, failed to render. This now properly handles misconfigurations.
9. The foreach loop in REST API calls now supports a {skip_empty_msg} option to ignore empty messages.
10. The dropdown search component now aborts previous API calls when a new one is made.
11. Migrated browser confirm dialogs to modal-based dialogs to resolve a Safari issue where confirm and submit actions were not handled correctly.
12. Improved user experience when scrolling to previous messages.
13. Fixed an issue causing double replacements in bot trigger texts.
14. Added an option to crop visitor-uploaded images to a square in file upload settings.
15. Option in chat list search by chat close time.
16. lh_transfer table was not cleaned up in some scenarios.
17. Various minor improvements throughout the system.

What's Changed

Full Changelog: 4.58v...4.59v

4.58v

What's Changed

1. In some cases open action was not logged for chats.
2. Module function can be assigned as Exclude type. Allows scenarios then operator has permission to all module functions, but excludes some.
3. Replaceable variables available in Rest API now also. {{replaceable.}}
4. Option to control after how many characters new row appears in the widget. Widget theme.
5. Bot individual trigger action can be checked against conditions. Allows easier migration of live bot.
6. Login as was fixed.

execute doc/update_db/update_326.sql for update

Full Changelog: 4.57...4.58v

4.57

• Link to chat was not activating chat tab on first open.
• Push notifications based browser notifications. You can receive notifications even if back office is closed.
• Rest API for mail conversations and chat Rest API will support search by department identifier.
• Option to log operator actions (chat open/preview...) in audit log.
• Bunch of other small fixes...

What's Changed

Full Changelog: 4.56v...4.57v

4.56v

What's Changed

1. Low priority XSS issue with saving XMP settings.
2. Chat/Mail open, preview, search, export actions will be logged if operator does not have 'lhaudit','ignore_view_actions' permission.
3. Continuous webhooks for mails will support {condition syntax.
4. Widget scroll improvements
5. Permission window fixes
6. Widget will remain closed of page reloads and chat is not started.
7. New permission export for chats and mails

execute doc/update_db/update_324.sql for update

Full Changelog: 4.55v...4.56v