SECURITY ADVISORY
- PUBLISHED:
- RELEASE TYPE:
- CRITICALITY:
- AFFECTED VERSIONS:
- October 9, 2024
- Security Patch Release
- LOW
- OTOBO 10.0
Description
Enhancements
- [Security] Automatically end active sessions for (customer) users upon password change, to enable proactive termination of sessions e.g. on other machines. [#3440]
- [Security]: Removed a possibility for ReDos attacks by removing special handling of some MS classes in articles. Thanks to Emin Yazi (Efflux) [#3853]
- [Security]: Prevention of some js injection possibilities for the OTOBO admin. Thanks to Tim Puettmanns (maxence) [#3764]
- [Change] Stricter protection against the logging of plain text passwords. [#3737]
Next steps
Update to OTOBO 10.0.22
We recommend that you fix the vulnerabilities and benefit from the latest improvements. Please update your system.
Bug Fixes
- [Bugfix] AgentTicketMove will correctly adhere to ACLs restricted to this action. [#3644]
- [Bugfix] AgentTicketQuickClose does not lock a ticket. [#3559]
- [Bugfix] WebMaxFileUpload will now consistently check the accumulated size in Frontend and Backend. [#3602]
- [Bugfix] Fix for unintentional recovery of outdated Sysconfig settings. [#3381]
- [Bugfix] Enable localization for the string “sum” in statistics [#2944]
- Various minor fixes and improvements
We are happy to answer your questions. Please contact us.
You are a support customer and need assistance with the security patch. Please contact us using the support portal.
Downloads
Company
OTOBO | Empower Service Excellence to Make People Smile.
The Source Code Owner and Maintainer of OTOBO.
Software
Service Management Platform
OTOBO Demo
OTOBO Download
OTOBO Documentation
Report a security issues:
security@otobo.org
