-
Posts
-
-
Dear all,
OTOBO has been further improved. We are proud to announce a new Patch Level Release today.
Release Date: 31 July 2020
Patch Level: OTOBO 10.0.2
Change Details: GitHub ChangeLog
Download: OTOBO Download pageEnjoy!
-
* OTOBO 10.0.5 available *
This is a security patchDear all,
OTOBO has been further improved. We are proud to announce a new Patch Level Release today.
Thanks to the Community for helping to improve OTOBO.New in 10.0.5: Security fix, bug fixes, enhanced migration process / documentation.
Security Advisory (OTOBO uses jquery version 3.4.1, which is vulnerable to cross-site scripting (XSS). Risk Level: 6.3 / 6.5 MEDIUM)
Change details: GitHub Milestones / ChangeLog
-
Hi all,
A new patch level has been released: OTOBO 10.0.6
Thanks to the Community for helping to improve OTOBO.
New in 10.0.6: Bug fixes, enhanced migration process.
Change details: GitHub Milestones / ChangeLog
Download: https://otobo.de/download
Enjoy!
-
Dear all,
A new patch level has been released: OTOBO 10.0.7
Thanks to the Community for helping to improve OTOBO!New in 10.0.7:
- Company Tickets
- Docker support for production systems
- bug fixes
- enhancements to OTRS-OTOBO migration
Change details: GitHub Milestones / ChangeLog
Download: https://otobo.de/downloadEnjoy!
-
Dear all,
A new patch level has been released: OTOBO 10.0.8
Thanks to the Community for helping to improve OTOBO!– This is a security patch–
New in 10.0.8:
Security fix
> update of CKEditorBug fixes
> scroll bars in dashboard
> docker migration with http
> package installation possible without internet connection
> web service integration for migrations with existing web services etc.New language: Danish
Security Advisory (Several Vulnerabilities in CKEditor. Risk Level: 5.5 MEDIUM)
Change details: GitHub Milestones / ChangeLog
Download: https://otobo.de/download
Enjoy!
-
* OTOBO 10.0.9 available *
* Survey Module 10.0.3 available *These are security patches
Dear all,
OTOBO has been further improved. We are proud to announce a new Patch Level Release today.
Thanks to the Community for helping to improve OTOBO.New in OTOBO 10.0.9:
Security fix OTOBO: In psgi-based Docker installations, it was possible for OTOBO admins to access sensitive data. (This only affects docker and installations, where psgi was explicitly chosen during installation. Installations done in the standard way described in the documentation are not affected)Enhancement: Printing of tickets by customer users by default does not contain extended customer information anymore.
This now has to be enabled via the SysConfig option „Ticket::Frontend::CustomerTicketPrint##CustomerInformation“.Minor bug fixes.
New in Survey module 10.0.3:
Security Fix: It was possible for the survey administrator to craft surveys in such a way that malicious code could be executed in the agent interface (i. e. another agent who wants to make changes in the survey. See security advisory 2021-01) -
*OTOBO 10.0.10 released*
Dear all,
we released OTOBO 10.0.10 on April 21, 2021.This is a security patch – please update your system as soon as possible.
More infos in the release note
Change details on GitHub: ChangeLog
Download: https://otobo.de/downloadEnjoy!
-
*OTOBO 10.0.11 released*
Dear all,
we released OTOBO 10.0.11 on June 29, 2021.This is a security patch – please update your system.
More infos in the release note
Change details on GitHub: ChangeLog
Download: https://otobo.de/downloadEnjoy!
-
OTOBO 10.1
Dear all,
OTOBO has been taken to a new level. We are proud to announce a new Major Release: OTOBO 10.1 stable.
A big thank you to everyone who contributed to this new OTOBO version!
Highlights in OTOBO 10.1.1:
- Processes: Customers can be involved in process tickets within Customer Interface now. Process templates make it easy to start creating your own processes.
- OpenIDConnect: modern SSO authentication based on OAuth2 for customer users and agents. Plus: authorisation for agents.
- Web services: enhanced error handling & Elasticsearch Selfrepair, templates to ease integration with JIRA, Bugzilla and OTOBO, and new invokers
- Enhanced S/MIME functionality: Icons mark encrypted/signed mails. Performance boost by decryption directly at receipt. Option to change the S/MIME Cipher used.
- Agent interface: new Dashboard element „My Last changed tickets“, change email addresses between To/Cc/Bcc with a klick, paste multiple email addresses, reporting feature, etc.
- Customer interface: new category types (labels), footer links for Privacy Policy and About text (Impressum), Service Catalogue package, Tool Tips for dynamic fields, extended ACL functionality etc.
- Third party repo with Rocket.Chat integration, OTOpar package repository directly available via OTOBO package manager
and much more!
Read more in the Release Notes: English | Deutsch
All details in the ChangeLog
-
OTOBO 10.1.2 – Patch Level Release
Dear all,
OTOBO has been further improved.
That’s new in OTOBO 10.1.2
- Enhancements:
- Include -h (help) option for console commands
- Update the docker image to Debian 11
- Add the possibility to provide specific ssl options for the connection to an OpenID provider
- Translate dynamic field tooltips in the customer interface
- Bug Fixes:
- Fix some bugs with database dynamic fields
- Double slashes in urls will be merged for docker based systems, too
- Fix the OpenID implicit code flow (the authorization code flow is still recommended)
- Fix patch and put requests in the generic interface
+more
Thanks to the Community for helping to improve OTOBO!
Read more in the Release Notes: English | Deutsch
All details in the ChangeLog on GitHub
¿Habla Espanol?
There’s a Spanish section in the OTOBO Community Forum now, administered by our partners from INTELICOLAB (Costa Rica). Thank you! - Enhancements:
-
OTOBO 10.0.16 and 10.1.3 – these are Security Patches!
Please update your system as soon as possible and please read the notes at the bottom of the relevant Release Notes before doing so.
Dear all,
OTOBO has been further improved.
OTOBO 10.1.3 – is a security patch
That’s new in OTOBO 10.1.3
- Security:
- OTOBO admins or attackers impersonating an OTOBO admin could use certain OTOBO features to obtain permissions on the server. Those features are only available after an explicit opt-in by the system administrator in future (details on the vulnerability and how we deal with it in OTOBO)
Criticality: High - Fixed an XSS vulnerability in package manager GUI (CVE-2022-0475).
Criticality: Medium
- OTOBO admins or attackers impersonating an OTOBO admin could use certain OTOBO features to obtain permissions on the server. Those features are only available after an explicit opt-in by the system administrator in future (details on the vulnerability and how we deal with it in OTOBO)
- Also new:
- Update to Elasticsearch Version 7.17.3
- Adapted S/MIME functionality to newer OpenSSL versions
- Updated JavaScript libraries
- Enhanced CustomerTicketCategories
- Added Type, Service and State to TicketZoom and TicketList, added an option to maintain translations in the frontend, templates and links.
- Support for CustomerIDRaw in GenericInterface TicketSearch
Read more in the OTOBO 10.1.3 Release Notes: English | Deutsch
OTOBO 10.1.4 – a mini patch
OTOBO 10.1.4 is a Mini Patch resolving a regression regarding LDAP user Roles synchronisation
OTOBO 10.1.4 Release Notes: English | Deutsch
OTOBO 10.0.16 – is a security patch
That’s new in OTOBO 10.0.16
- Security:
- OTOBO admins or attackers impersonating an OTOBO admin could use certain OTOBO features to obtain permissions on the server. Those features are only available after an explicit opt-in by the system administrator in future (details on the vulnerability and how we deal with it in OTOBO)
Criticality: High - Fixed an XSS vulnerability in package manager GUI (CVE-2022-0475).
Criticality: Medium
- OTOBO admins or attackers impersonating an OTOBO admin could use certain OTOBO features to obtain permissions on the server. Those features are only available after an explicit opt-in by the system administrator in future (details on the vulnerability and how we deal with it in OTOBO)
- Also new:
- Update to Elasticsearch Version 7.17.3
- Adapted S/MIME functionality to newer OpenSSL versions
- Updated JavaScript libraries
- Duplicate slashes are now merged in called url (PSGI)
- Removed DashboardBackend###0000-ProductNotify
- [Bugfix] CustomerTicketZoom: Corrected display for dynamic fields of type ‚Title‘ with long text
- [Bugfix] CustomerTicketZoom: Corrected a bug which caused an Enter in text fields (e.g. subject) to cancel replies.
- Update of default texts in CustomerDashboard.
- Highlight focused buttons in the customer interface (aditionally to hovered ones).
- [Bugfix] Corrected a bug which caused an error message upon Database Fields reinitialization.
Read more in the OTOBO 10.0.16 Release Notes: English | Deutsch
Please update your system as soon as possible and please read the notes at the bottom of the relevant Release Notes before doing so.
Thanks to the Community for helping to improve OTOBO!
All details in the ChangeLogs on GitHub: OTOBO 10.1 | OTOBO 10.0
- Security:
-
- You must be logged in to reply to this topic.