OTOBO Release Notes

OTOBO 10.0.20 Security Patch

18 April 2024


  • Fixed a security issue with uploaded files that could be used for remote code execution (CVE-2024-32491)[#3309]

Thanks to Tim Püttmann (maxence) for reporting this issue.

Criticality: low


Also new in OTOBO 10.0.20

  • [Security Enhancement] Update to CKEditor version 4.22.1
  • [Security Enhancement] JavaScript tags are now filtered out of links
  • [Bugfix] We fixed a bug that caused incorrect ticket attributes to be used in ACLs in some cases after ticket creation
  • [Bugfix] A bug was fixed that caused the default values in dynamic fields to be displayed incorrectly in many masks
  • and more (Changes)


Please update your system.