SECURITY ADVISORY
- VERÖFFENTLICHUNGSDATUM:
- RELEASE-TYP:
- KRITIKALITÄT:
- BETROFFENE VERSIONEN:
- October 9, 2024
- Security Patch Release
- LOW
- OTOBO 10.1
Description
Enhancements
- [Security] Automatically end active sessions for (customer) users upon password change, to enable proactive termination of sessions e.g. on other machines. [#3440]
- [Security]: Removed a possibility for ReDos attacks by removing special handling of some MS classes in articles. Thanks to Emin Yazi (Efflux) [#3853]
- [Security]: Prevention of some js injection possibilities for the OTOBO admin. Thanks to Tim Puettmanns (maxence) [#3764]
- [Enhancement] If possible add a notice to the log when undefined elements are used in stats to support debugging [#3792]
- [Enhancement] Added a possibility to migrate from OTRS 7 to OTOBO 10.1 [#3360]
- [Enhancement] Enhance Dev::Tools::Database::RandomDataInsert to insert attachments [#3772]
- [Enhancement] Added translations to: Japanese, Arabic (Saudi Arabia), German, Spanish (Mexico), Ukrainian – thanks to all contributors.
- [Change] Stricter protection against the logging of plain text passwords. [#3737]
Next steps
Update to OTOBO 10.1.11
We recommend that you fix the vulnerabilities and benefit from the latest improvements. Please update your system.
Bug Fixes
- [Bugfix] AgentTicketMove will correctly adhere to ACLs restricted to this action. [#3644]
- [Bugfix] AgentTicketQuickClose does not lock a ticket. [#3559]
- [Bugfix] WebMaxFileUpload will now consistently check the accumulated size in Frontend and Backend. [#3602]
- [Bugfix] Correction of a spelling mistake in the description of the password criteria. [#2977]
- [Bugfix] Fix for unintentional recovery of outdated Sysconfig settings. [#3381]
- [Bugfix] Enable localization for the string “sum” in statistics [#2944]
- Various minor fixes and improvements
We’d be happy to clarify your questions. Contact us.
As a support customer, you require assistance with the security patch. Please contact us through your access in the support portal.
Downloads
Company
OTOBO | Empower Service Excellence to Make People Smile.
The Source Code Owner and Maintainer of OTOBO.
Software
Service Management Platform
OTOBO Demo
OTOBO Download
OTOBO Documentation
Report a security issues:
security@otobo.org
