server upgraded

You may have noticed that the site is serving a lot faster recently. On Jan 23rd 2015 I migrated the site from my old server to my new server. The old server was an old HP Proliant ML350 with two (2) Intel (R) XEON(TM) 3.4Ghz processors with 2 cores each (2mb cache), 2 GB of DDR2 400mhz ram. The new machine is a virtual which has five (5) Intel(R) Xeon(R) 2.67Ghz processor cores (20mb cache) and 8 GB of DDR3 1333mhz.

Initially I threw more processors and less RAM at it, but after playing around with it for the last few days I've lowered the processors and upped the RAM. So far I'm quite happy with how its worked out. 

osTicket v1.9.5.1 Released!

There is a new version of the 1.9 series, specifically the stable 1.9.5.1  You can get this version via github or at http://osticket.com/download.  It features some improvements/bug fixes, and an important security update.  Here is a list of the changes:

Improvements

  • Fix file.php to serve files added to system before osTicket v1.9.1 (e02ab9a)
  • Fix file.php to serve files if client panel or system is offline (6bb7843)
  • Fix popover download of inline images (8d3a130)
  • Avoid de-duplicating zero-length files (98caa70)
  • Send new message alert to team members if not assigned to an agent (b7e75b1)
  • Fix import of users to organization not setting the organization (1220238)
  • Fix redactor toolbar showing over the date picker (#1450, thanks @Chefkeks)

Performance and Security

  • Fix XSS vulnerability in client language selection (b38b3ca)

 

You can read more about it at the github repository.  The XSS vulnerability was disvocered by forum user erickroco and reported in this thread: osTicket 1.9.5 – XSS vulnerabilities reported by OWASP ZAP. It is recommended that you upgrade immediately.

osTicket v1.9.5 Released!

The folks over at osticket.com have released a new version of the 1.9 series, specifically the stable 1.9.5.  You can get this version via github or at http://osticket.com/download.  It features a slew of enhancements, bug fixes, and security updates.  Here is a list of them:

Enhancements

  • Add support for organization vars in templates (%{ticket.user.organization…}) (#1561)
  • Canned responses feature can now be disabled (#1562)
  • Drop link redirection through l.php (#1640)
  • Use unified file download script (#1641). Links can now be shared with external users and accessed without authenticating.
  • Ticket filters support matching and banning based on the Reply-To user information (#1645)

Improvements

  • Remove custom data when users are deleted (#1492)
  • Fix matching of ticket number in subject (regression in v1.9.4) (#1486)
  • Several minor translatable strings (#1441, #1489, #1560), thanks @Chefkeks
  • Fix invalid UTF-8 chars PDF error for empty thread title (regression in v1.9.4) (#1512)
  • Consider auto response checkbox and department setting for new ticket by staff (#1509)
  • Fix PHP crash if finfo extension is missing (#1437)
  • Fix export of choice field items (#1436)
  • Properly handle alert and auto response flags from API (#1435), thanks @stevepacker
  • Fix current value of choice fields if set to boolean false (#1466)
  • Do not reopen tickets for automated responses (#1529)
  • Properly handle uppercase file extensions in file field configuration (#1549)
  • Fix release of ticket lock when navigating away from ticket view (#1552)
  • Display FAQ article consistently on client portal (#1553)
  • Avoid wrapping password reset URLs on text emails (#1558)
  • Fix field requirement for clients when only required for agents (#1559)
  • Fix language selection for new email template group (#1563)
  • Fix incorrect status of new ticket if opened as closed and assigning to an agent (#1565)
  • Forbid disabling the only active administrator (#1569)
  • Searching for tickets searches to midnight of the end date (#1572), thanks @grintor
  • Fix rejection of tickets by filter, even if a previous matching filter would stop on match (#1644)
  • Fix matching of User / Email Address in ticket filters (#1644)
  • Properly HTML escape thread bodies when quoting (#1637)
  • Use department email for agent alerts (#1555)
  • Skip team assignment alert on new ticket if assigned to an agent (fddb3c7)
  • Use custom form name as the page title when editing (#1646)
  • Fix failed ticket number match in email subject line (2e01010)

Performance and Security

  • Fix possible XSS vulnerability in sortable table view pages (#1639)

 

You can read more about it at the github repository.  They made maintance releases for the 1.7 and 1.8 series which should fix some of the issues in those.  

Lastly they made an important notice regarding the 1.7 tree on their blog: 
"Notice: osTicket 1.7 series is reaching end of life.  As of March 31st, 2015, we'll no longer maintain 1.7 series. Users are highly encouraged to make plans to upgrade to the latest release or 1.8 series in the coming months."
source: 
http://www.osticket.com/blog/115