A new patch level has been released: OTOBO 10.0.8
Thanks to the Community for helping to improve OTOBO!
– This is a security patch–
New in 10.0.8:
Security fix
> update of CKEditor
Bug fixes
> scroll bars in dashboard
> docker migration with http
> package installation possible without internet connection
> web service integration for migrations with existing web services etc.
New language: Danish
Security Advisory (Several Vulnerabilities in CKEditor. Risk Level: 5.5 MEDIUM)
* OTOBO 10.0.9 available *
* Survey Module 10.0.3 available *
These are security patches
Dear all,
OTOBO has been further improved. We are proud to announce a new Patch Level Release today.
Thanks to the Community for helping to improve OTOBO.
New in OTOBO 10.0.9:
Security fix OTOBO: In psgi-based Docker installations, it was possible for OTOBO admins to access sensitive data. (This only affects docker and installations, where psgi was explicitly chosen during installation. Installations done in the standard way described in the documentation are not affected)
Enhancement: Printing of tickets by customer users by default does not contain extended customer information anymore.
This now has to be enabled via the SysConfig option „Ticket::Frontend::CustomerTicketPrint##CustomerInformation“.
Minor bug fixes.
New in Survey module 10.0.3:
Security Fix: It was possible for the survey administrator to craft surveys in such a way that malicious code could be executed in the agent interface (i. e. another agent who wants to make changes in the survey. See security advisory 2021-01)
OTOBO has been taken to a new level. We are proud to announce a new Major Release: OTOBO 10.1 stable.
A big thank you to everyone who contributed to this new OTOBO version!
Highlights in OTOBO 10.1.1:
Processes: Customers can be involved in process tickets within Customer Interface now. Process templates make it easy to start creating your own processes.
OpenIDConnect: modern SSO authentication based on OAuth2 for customer users and agents. Plus: authorisation for agents.
Web services: enhanced error handling & Elasticsearch Selfrepair, templates to ease integration with JIRA, Bugzilla and OTOBO, and new invokers
Enhanced S/MIME functionality: Icons mark encrypted/signed mails. Performance boost by decryption directly at receipt. Option to change the S/MIME Cipher used.
Agent interface: new Dashboard element „My Last changed tickets“, change email addresses between To/Cc/Bcc with a klick, paste multiple email addresses, reporting feature, etc.
Customer interface: new category types (labels), footer links for Privacy Policy and About text (Impressum), Service Catalogue package, Tool Tips for dynamic fields, extended ACL functionality etc.
Third party repo with Rocket.Chat integration, OTOpar package repository directly available via OTOBO package manager
OTOBO 10.0.16 and 10.1.3 – these are Security Patches!
Please update your system as soon as possible and please read the notes at the bottom of the relevant Release Notes before doing so.
Dear all,
OTOBO has been further improved.
OTOBO 10.1.3 – is a security patch
That’s new in OTOBO 10.1.3
Security:
OTOBO admins or attackers impersonating an OTOBO admin could use certain OTOBO features to obtain permissions on the server. Those features are only available after an explicit opt-in by the system administrator in future (details on the vulnerability and how we deal with it in OTOBO)
Criticality: High
Fixed an XSS vulnerability in package manager GUI (CVE-2022-0475).
Criticality: Medium
Also new:
Update to Elasticsearch Version 7.17.3
Adapted S/MIME functionality to newer OpenSSL versions
Updated JavaScript libraries
Enhanced CustomerTicketCategories
Added Type, Service and State to TicketZoom and TicketList, added an option to maintain translations in the frontend, templates and links.
Support for CustomerIDRaw in GenericInterface TicketSearch
Read more in the OTOBO 10.1.3 Release Notes: English | Deutsch
OTOBO 10.1.4 – a mini patch
OTOBO 10.1.4 is a Mini Patch resolving a regression regarding LDAP user Roles synchronisation
OTOBO admins or attackers impersonating an OTOBO admin could use certain OTOBO features to obtain permissions on the server. Those features are only available after an explicit opt-in by the system administrator in future (details on the vulnerability and how we deal with it in OTOBO)
Criticality: High
Fixed an XSS vulnerability in package manager GUI (CVE-2022-0475).
Criticality: Medium
Also new:
Update to Elasticsearch Version 7.17.3
Adapted S/MIME functionality to newer OpenSSL versions
Updated JavaScript libraries
Duplicate slashes are now merged in called url (PSGI)
Removed DashboardBackend###0000-ProductNotify
[Bugfix] CustomerTicketZoom: Corrected display for dynamic fields of type ‚Title‘ with long text
[Bugfix] CustomerTicketZoom: Corrected a bug which caused an Enter in text fields (e.g. subject) to cancel replies.
Update of default texts in CustomerDashboard.
Highlight focused buttons in the customer interface (aditionally to hovered ones).
[Bugfix] Corrected a bug which caused an error message upon Database Fields reinitialization.
Read more in the OTOBO 10.0.16 Release Notes: English | Deutsch
Please update your system as soon as possible and please read the notes at the bottom of the relevant Release Notes before doing so.
Thanks to the Community for helping to improve OTOBO!
Our website uses cookies. Cookies are tiny text files which are saved in your web browser or by your web browser on your device when you access websites. They contain a characteristic character sequence allowing to clearly identify your browser upon your next visit to the website.
You can prevent the setting of cookies at any time by making the appropriate setting in your internet browser. Cookies that have already been set can be deleted manually or automatically at any time. This is possible in all common internet browsers. If the setting of cookies is deactivated in the browser, not all functions of the website may be fully usable.
We deliberately use very little cookies.
Detailed information can be found in section 4 of our Privacy Policy.
Necessary cookies
Essential Cookies are necessary to deliver this website and some of its features correctly.
For this reason, we do not provide any opportunity here to disable them.
Notwithstanding this, you can deactivate all Cookies in your Browser Settings at any time. Please be aware, however, that this might have an impact on the functionality of this website.
More information about the cookies to be set and how long they will be stored can be found in section 4 of our Privacy Poliy: Privacy Policy.
Google Analytics' Cookies
When you visit this website, Google Analytics sets cookies on your system. This will help us analyse how you use our website ans tailor it to the needs of our visitors. Your IP address will be automatically anonymised (IP anonymisation and deactivation of your User ID). Therefore, we cannot trace which data a certain user is accessing. The data are not saved together with any other personal user data.
You can deactivate tracking in your browser if you do not want us to be able to track your visit on our website.
Privacy Policy
Detailed information on the usage of cookies as well as our Privacy Policy can be found here: