Pre-release

@protich protich released this Jul 17, 2018 · 266 commits to 1.11.x since this release

Assets 3

Major New Features

  • Create Ticket or Task from Thread Entry
  • Custom Columns/Custom Queues
  • Inline Edit
  • Ticket Referral
  • Support CC (Collaborators)
  • Export Agent CSV
  • Department Access CSV
  • Archive Help Topics/Departments
  • Nested Knowledgebase Categories

Enhancements

  • Fix Custom Department Field (#3976)
  • Remove Future Search/Filter Criteria if Invalid
  • Dashboard Statistics
  • Fix Vimeo iFrames
  • Fix randNumber()
  • Section Break Hint
  • List & Choice Searching (#3703, #3493, #2625)
  • Adds osTicket Favicons (#4112)
  • Fix Most Redactor Issues (#3849)
  • Send Login Errors Still Sends (#4073)
  • Private FAQs In Sidebar Search
  • User Password Reset (#4030)
  • Disabled & Private Help Topic (#3538)
  • Helpdesk Status Help Tip
  • Local Names In Validation Errors
  • User Registration Form (#4043)
  • Organization User List Pages Link (#4116)
  • Ticket Edit Internal Note (#4028)
  • Disable Canned Responses On New Ticket (#3971)
  • Canned Response Margin
  • Ticket Preview Custom Fields
  • Help Topic SLA (#3979)
  • Fix Agent Identity Masking (#2955, #3524)
  • Force Keys For Choice Field Options (#4071)
  • Check Missing Required Fields
  • Task Action Button Styling
  • Add Fullscreen To Embedded Videos
  • Fix Serbian Flag Icon (#3952)
  • Optimize Lock Table
  • Fix Outdated Alerts Link (#3935)
  • Fix Default Dept. Private Error (#3934)
  • Mailto TLD Length (#4063)
  • Remove Primary Contacts (#3903)
  • Fix Reset Button(s) (#3670)
  • Newsletter Link
  • Offline Page Images (#3869)
  • User Login Page Translation (#3860)
  • Translate Special Characters (#3842)
  • Custom Form Deletion (#3542, #4059)
  • Client Side Long FAQ Title (#3380)
  • Client FAQ Last Updated Time (#3475)
  • Email Banlist Sorting (#3452)
  • Fix New Ticket Cancel Button (#2624, #2881)
  • SQL Error Unknown column 'relevance' (#2655)
  • Fixes issue with last_update ticket variable
  • Ticket Notice Alert
  • Fix CSRF fail + shake effect (#3928, #3546)
  • Issue/ticket preview collabs
  • Allowing translation of copyrights in footers
  • User/Organization are not translated (#3650)
  • Fix DatePicker on client side (#3625, #3817, #3804, 0fbc09a)
  • Add Custom Forms to Ticket Filter Data
  • Fix for LDAP/AD auth plugin (#4198, #3460, #3544, #3549)

@protich protich released this Jul 17, 2018 · 122 commits to 1.10.x since this release

Assets 3

osTicket v1.10.4

Enhancements

  • issue: Auto-Assignment Log (#4316)
  • issue: Language Pack Locale Mismatch (#4326)
  • issue: CLI Deploy Missing Bootstrap (#4332)
  • issue: User Import No Email (#4330)
  • issue: Ticket Lock On Disable (#4335)

Performance and Security

  • security: Fix Multiple XSS Vulnerabilities (#4331)
  • department: Error Feedback (#4331)

@protich protich released this Jul 17, 2018 · 159 commits to 1.10.x since this release

Assets 2

Enhancements

  • issue: Org. User Account Status (#4219)
  • upgrader: Flush Cache On Upgrade (#4227)
  • issue: Outlook _MailEndCompose (#4206)
  • issue: Files - deleteOrphans() (#4253)
  • issue: Fix imap_open Disable Authenticator (#4195)
  • Check permissions before displaying Close Task (#4177)

Performance and Security

  • issue: Information Page Performance (#4275)
  • issue: Prevent Click Jacking (#4266)
  • orm: queryset: Fix circular reference error (#4247)

@protich protich released this Mar 22, 2018 · 161 commits to develop since this release

Assets 3

Performance and Security

  • Prevent Account Takeover (be0133b)
  • Prevent Agent Directory XSS (36651b9)
  • Httponly Cookies (5b2dfce)
  • File Upload Bypass (3eb1614)
  • Only allow image attachments to be opened in the browser window (4c79ff8)
  • Fix randNumber() (5b8b95a)
  • CSRF in users.inc.php URL (285a292)
  • AJAX Reflected XSS (e919d8a)

@protich protich released this Sep 14, 2017 · 192 commits to develop since this release

Assets 3

Enhancements

  • Users: Support search by phone number
  • i18n: Fix getPrimaryLanguage() on non-object (#3799)
  • Add TimezoneField (#3786)
  • Chunk long text body (#3757, 7b68c99)
  • Spyc: convert hex strings to INTs under PHP 7 (#3621)
  • forms: Proper Field Deletion
  • Move orphaned tasks on department deletion to the default department (42e2c55)
  • List: Save List Item Abbreviation (8513f13)

Performance and Security

  • XSS: Encode html entities of advanced search title (#3919)
  • XSS: Encode html entities of cached form data (#3960, bcd58e8)
  • ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa691)

@protich protich released this Sep 14, 2017

Assets 3

Performance and Security

  • XSS: Encode html entities of cached form data (#3960, bcd58e8)
  • ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa691)

@protich protich released this Nov 1, 2016 · 264 commits to develop since this release

Assets 3

Enhancements

  • Support Passive Email Threading (#3276)
  • Introduce the concept of Trusted Proxies and Local Networks (4396f91)
  • Account for agents' name format setting when sorting agents (#3274, 5c548c7)
  • Ticket Filters: Support Lookup By Name (#3274, ef9b743)
  • Enable preloaded canned responses by default (#3274, 7267531)

Improvements

  • Task: Missing Description on create (#3274, 865db9)
  • Save task due date on create (#3438)
  • Show overlay on forms submit (#3426, #3391)
  • upgrader: Fix crash on SequenceLoader (#3421)
  • upgrader: Fix undefined js function when upgrading due to stale JS file (#3424)
  • Use help topic as the subject line when issue summary is disabled (#3274, 74bdc02)
  • PEAR: Turn off peer name verification by default (SMTP) (#3274, 4f68aeb)
  • Cast orm objects to string when doing db_real_escape (#3274, e63ba58)
  • Save department on __create (#3274, c664c93)
  • Limit records to be indexed per cron run to 500 (#3274, 9174bab)

Performance and Security

  • Fix memory leak when applying 'Use Reply-To Email' ticket filter action (#3437, 84f085d)
  • XSS: Sanitize and validate HTTP_X_FORWARDED_FOR header (#3439, 4396f91)
  • XSS: Encode html chars on help desk title/name (#3439, 2fb47bd)

@protich protich released this Nov 1, 2016 · 3 commits to 1.9.x since this release

Assets 3

Enhancements

  • Introduce the concept of Trusted Proxies and Local Networks (4396f91)

Performance and Security

  • Fix memory leak when applying 'Use Reply-To Email' ticket filter action (8ca6bc3)
  • XSS: Sanitize and validate HTTP_X_FORWARDED_FOR header (#3439, 4396f91)
  • XSS: Encode html chars on help desk title/name (#3439, 2fb47bd)
Pre-release

@greezybacon greezybacon released this Jun 12, 2016 · 346 commits to develop since this release

Assets 3

Enhancements

  • Compatibility with PHP7 (#2828)
  • Share tickets among organization members (#2405)
  • Add lock semantics compatible with v1.9 (lock on view) (f826189)
  • Staff login backdrop is customizable (#2468)
  • Add advanced search for closed date, thread last message, thread last response (#2444)
  • Disable auto-claim by department (#2591)
  • Properly flag SYSTEM thread postings (#2702)
  • Add option to use dept/agent name on replies (#2700)
  • Add a preference option to set the sort order of the thread entries in DESC or ASC order (#2700)
  • Thread dates can be shown as relative or absolute timestamps (#2700)
  • Make Avatars optional on thread view (#2701)
  • Make Authentication Tokens Optional (auto-login links in emails) (#2714)
  • Use icons for ticket and task actions (#2760)
  • role: Add option to use primary role on assignment (#2832)

Improvements

  • All improvements cited in v1.9.12 and v1.9.13
  • Fix deleting of custom logos (#2433)
  • Fix assignment setting on new tasks (#2452)
  • Fix subject display of non-short-answer fields on ticket view and ticket queue (#2463)
  • Fix advanced search of ticket source (#2479)
  • Forbid adding deleted forms via "Manage Forms" (#2483)
  • Use horizontal tabs for translatable article content rather than the left tabs in a table (#2484)
  • Fix lock expiration time if PHP and database have different time zones (#2533)
  • Fix user class and ID matching from email headers (#2549)
  • Fix emission of Content-Language header in client portal for multiple system languages, thanks @t-oster (#2555)
  • Fix deployment of fresh git repo or download on PHP 5.6 (#2571)
  • Fix handling of abbreviated database timezones like CDT (#2570)
  • Fix incorrect height display of avatars (#2580, #2609)
  • Sort help topic names case insensitively, thanks @jdelhome3578 (#2530)
  • Fix detection of looped emails (f2cac64)
  • Fix crash in ticket preview (popout) if ticket has no thread (bd9e9c5)
  • Fix javascript crash adding new ticket filter (d2af0eb)
  • Fix crash if the name field of a user is a drop-down (ec0b2c5)
  • Fix incorrect SQL query removing departments (cf6cd81)
  • Properly fallback to database file storage if system is misconfigured (1580136)
  • Fix crash handling fields with __ in the name in the VisibilityConstraint class (b3d09b6)
  • Remove staff-dept records when removing an agent (ecf6931)
  • Avoid crashing processing ORM records with NULL select_related models (#2589)
  • Fix several full-text search related issues (#2588, #2603)
  • Fix crash sending registration link for a guest user (#2552)
  • Avoid showing lock icon for expired locks on ticket listing (#2617)
  • Fix incorrect redirect from SSO authentication, thanks @kevinoconnor7 (#2641)
  • Fix vertical overflow of uploaded image preview (#2616)
  • Fix unnecessary dropping of CDATA table on MySQL 5.6 (#2638)
  • Fix several issues on user directory ticket listing (#2626)
  • Fix encoding of attachment filenames in emails (#2586)
  • Fix warning rendering advanced search dialog, thanks @t-oster (#2594)
  • Fix bounce message loop for message alert to a bad agent email address (#2639)
  • Make fulltext search optional on user lookup (#2657)
  • Add the [claim] feature again (#2681)
  • Fix agent's Signature & Timezone dropped on update (#2720)
  • Fix crash in user CSV import (#2708)
  • Fix crash in user ajax lookup (#2600)
  • Send Reference and In-Reply-To headers only for thread items pertinent to the receiving user (#2723)
  • Properly clean HTML custom fields (#2736)
  • Fix changing/saving properties on internal ticket statuses, with the exception of the state (#2767)
  • Fix CSV list import (#2738)
  • Fix late redirect header for single ticket typeahead result (#2830)
  • Add sortable column headers in the ticket and task queues (#2761)
  • Fix several issues with the file CLI app (#2808)
  • Fix config crash on install (#2827, #2844)
  • Set due date based on user's timezone (#2812, #2981)
  • Fix crash rendering some email addresses to string (#2844)
  • Fix crash rendering thread with invalid timestamps (#2844)
  • Log assignment note (comments), if any, when staff created ticket is assigned (#2944)
  • Change transient SLA, on transfer, if target department has a valid SLA (#2944)
  • Fix typo on task transfer modal dialog (#2944)
  • Fix ticket source on ticket edit (#2944)
  • Convert user time to database time when querying stats (#2944)
  • Fix date picker clearing input on invalid date format (#2944)
  • Show topic-specific thank-you page (#2915)
  • Department manager can be excluded from the new ticket alert (#2974)
  • Do not scrub iframe @src attribute (#2940)

Performance and Security

  • Use full-text search for quick-search typeahead boxes (#2479)
  • Speed up a few slow and noisy queries (5c68eb3, 340fee7, 208fcc3)
  • Lower memory requirements processing attachments (#2491, #2492)
  • Ensure agent still has access when reopening a ticket (#2768)
  • Always perform validation server-side for ajax uploads (#2844)
  • Protect access to files shown in the FileUpload field (#2618)
  • Decode entities prior to HTML scrubbing (#2940)

Known Issues

  • Uploading multiple files simultaneous (via drag and drop) will cause some files to be dropped

@greezybacon greezybacon released this Jun 11, 2016 · 12 commits to 1.9.x since this release

Assets 3

Enhancements

  • alerts: Do not include the manager with the members (#2974)

Improvements

  • Only change SLA if target department has an SLA
  • Unify ticket source and preserve original (e.g Web) source on ticket edit
  • filedrop: Use jQuery to remove filenode
  • pjax: Do not assume href attribute is set
  • Default to system default, if staff does not have page limit set, thanks @antriver (#2951)
  • plugins: Assume plugins might not have configuration
  • oops: Make sure __toString returns a string
  • autoresponse: Do not send out new message auto-response to ticket owner as well as collaborators on new ticket (#2639)
  • auth: Consider the destination clicked prior to SSO authentication, thanks @jdelhome3578 (#2916)
  • config: Add error message and default for max_open_tickets setting (#2914)
  • auth: This issue only impacts SSO auth plugins, @thanks kevinoconnor7 (#2641)
  • i18n: Support language pack compilation with new support for parallel releases with v1.10.x