OTOBO Release Notes

OTOBO 10.1.10 Security Patch

18 April 2024

Security-related:

  • Fixed a security issue with uploaded files that could be used for remote code execution (CVE-2024-32491)[#3309]

Thanks to Tim Püttmann (maxence) for reporting this issue.

Criticality: low 

Also new in OTOBO 10.1.9

  • [Security Enhancement] Update to CKEditor version 4.22.1
  • [Security Enhancement] JavaScript tags are now filtered out of links
  • [Bugfix] We fixed a bug that caused incorrect ticket attributes to be used in ACLs in some cases after ticket creation
  • [Bugfix] A bug was fixed that caused the default values in dynamic fields to be displayed incorrectly in many masks
  • Translations to German, Norwegian, Arabian and Spanish
  • and more (Changes)

Please update your system.