OTOBO Release note
OTOBO 10.0.12 – Security Patch
21 August 2021
- Files from the directories stated in the SysConfig options SMIME::PrivatePath and SMIME::CertPath are no longer included in the Support bundle if they are within the OTOBO directory (CVE-2021-21440).
- Authenticated agents can no longer list emails of ticket recipients or appointments from calendards they are not entitled to access (CVE-2021-36091, CVE-2021-21443).
- Updates for outdated packages in the docker base image (Perl, Elasticsearch, MariaDB und Redis)
- When „DisableCustomerCompanyTickets“ is active, tickets are no longer shown in Elasticsearch quick search
Criticality: Low to middle.
- New in OTOBO 10.0.12 is the possibility to define complex settings for Elasticsearch: They can be adapted via Kernel/Config.pm (see Elasticsearch::IndexTemplate in Defaults.pm). Please use ElasticSearch::IndexSettings### instead of ArticleIndexCreationSettings for more complex settings.
- GNU Screen was added to Docker images
- Lets Encrypt Certbot was added to Docker images
- Default maximum number of dynamic fields shown per page set to a higher value
- Migration enhancements (check for invalid NULL values in the source database, shortening columns when migrating from PostgreSQL to MariaDB, issues with DirectBlob feature resolved, call ResetAutoIncrementField)
- Various bug fixes (Agent email can be equal to username now, Customer Frontend state selector no longer jumps when ACL is active, CustomerUser changes can be used to trigger ACLs now, and more ...)
- New translations
Please update as soon as possible.