OTOBO Release note

OTOBO 10.0.11 – Security Patch

29 June 2021


  • OTOBO 10.0.11 fixes a vulnerability which made it possible for an attacker to use JavaSript injection via a manipulated link or CSRF to create tickets on behalf of a CustomerUser interacting with the manipulated resource, or change their preferences (except the password).
    Thanks to hypnguyen1209 for sharing the issue.
    Criticality: Low.

Also new:

  • Mailaccount OAuth2 has been released on 16 June. It is available in your OTOBO Package Manager, and enables e. g. Microsoft365 users to switch from standard authentication to modern authentication with POP3 and IMAP.
    Mailaccount OAuth2 is available as a separate package via OTOBO Package Manager.

  • New translations in Spanish (Mexico), French, Russian, Polish, German, Portuguese (Brazil), Lithuanian.
  • Bugfix: Fixed long names being shortened in the article list in CusutomerTicketZoom.
  • Various smaller fixes.

Please update your system.