osTicket v18.104.22.168 Released!
There is a new version of the 1.9 series, specifically the stable 22.214.171.124 You can get this version via github or at http://osticket.com/download. It features some improvements/bug fixes, and an important security update. Here is a list of the changes:
- Fix file.php to serve files added to system before osTicket v1.9.1 (e02ab9a)
- Fix file.php to serve files if client panel or system is offline (6bb7843)
- Fix popover download of inline images (8d3a130)
- Avoid de-duplicating zero-length files (98caa70)
- Send new message alert to team members if not assigned to an agent (b7e75b1)
- Fix import of users to organization not setting the organization (1220238)
- Fix redactor toolbar showing over the date picker (#1450, thanks @Chefkeks)
Performance and Security
- Fix XSS vulnerability in client language selection (b38b3ca)
You can read more about it at the github repository. The XSS vulnerability was disvocered by forum user erickroco and reported in this thread: osTicket 1.9.5 - XSS vulnerabilities reported by OWASP ZAP. It is recommended that you upgrade immediately.