OTOBO Release Notes

OTOBO 10.0.14 – Patch Level Release

15 December 2021

That's new:

• Even though OTOBO generally does not seem to be affected by the Log4j Zero Day Vulnerability (read our summarised findings in this article), we updated to the latest Elasticsearch version, "which contains the JVM property by default and remove certain components of Log4j out of an abundance of caution" (source: Elastic)
• Tickets that have been in an unlocked state when closed are no longer automatically locked to root@localhost upon follow-up
• Invokers are enabled to set custom headers now
• StartTLS support for LDAP authentication
• Enhanced Kerberos SSO
• Some bug fixes in AdminPerfomanceLog and additional smaller bugfixes

If you want to be on the safe side about the Log4j Zero Day Exploit, please update your system or get in touch with us to schedule your update.