SECURITY ADVISORY
- PUBLISHED:
- RELEASE TYPE:
- CRITICALITY:
- AFFECTED VERSIONS:
- February 26, 2025
- Security Patch Release
- MEDIUM | LOW
- OTOBO 10.0
Description
- [Security | medium] Preventing the use of an insecure hash algorithm in the password history prevents individuals with Admin rights or access to the database’s password table from reading passwords [#4181]
- [Security | low] Fixing a vulnerability that allowed authenticated OTOBO agents to launch potential DOS attacks [#4046]
- [Security | low] Using a cryptographically secure method to generate the ‘Shared Secret’ for two-factor authentication prevents it from being intercepted during transmission [#4181]
- [Security | low] Allowing the inclusion of a SysConfig option enables verification of the host key during email processing [#4181]
Enhancements
- [Change] Allow 0 as valid time unit input in AgentTicketProcess [#3870]
Next steps
Update to OTOBO 10.0.23
We recommend that you fix the vulnerabilities and benefit from the latest improvements. Please update your system.
Bug Fixes
- [Bug Fix] When merging two already connected tickets, it ensures that connections are carried over to the merged ticket and the merged tickets are also linked together [#4114]
- [Bugfix] Adding a new activity in the process canvas AdminProcessManagement is working correctly again [#4100]
- [Bugfix] Update Elasticsearch to image version 7.17.27 [#4035]
- More…
We are happy to answer your questions. Please contact us.
You are a support customer and need assistance with the security patch. Please contact us using the support portal.
Downloads
Company
OTOBO | Simplify work and create exceptional service experiences.
The Source Code Owner and Maintainer of OTOBO.
Software
Service Management Platform
OTOBO Demo
OTOBO Download
OTOBO Documentation
Report a security issues:
security@otobo.org
