OTOBO Release note
OTOBO 10.0.13 – Security Patch
08 October 2021
Security-related:
- Open Redirect in external URL jump.
If activated, ExternalURLJump provided an open redirect, which could be used in phishing attacks to mask a link to a malicious website to an unsuspecting person. - Possible js injection in dynamic field error messages.
The OTOBO admin had the possibility to inject js code into dynamic field error messages.
Criticality: Low to middle.
Also new:
- Reactivate Support Data Collector plugin OS::DiskSpace.
- Several improvements to the OTRS->OTOBO migration and bugfixes.
Please update your system.