undergoing changes

Good afternoon all,

I’ve just completed migrating my site from Drupal to WordPress. and it seems that resulted in a loss of all images, and some of the posts and fonts didnt transfer well either.  While I plan to go back through and remove bad formatting I doubt that I will take the time to re-cover the images, but chances are most of them were really old and no longer needed.  New posts going forward will of course have new images. 🙂

Installing osTicket 1.10.4: Troubleshooting MySQL8 and PHP older than 7.1.16

MySQL 8 was released recently (to this writing) and of course that means people are going to start using it.  Since I have seen a couple posts on the forums with people using MySQL 8 I decided to fire up a new VM and install the following:

  • OS: Windows 2012 R2
  • Webserver: IIS 8
  • MySQL 8.0.12
  • PHP 5.6.31

note: PHP 5.6 is still the recommended version of PHP for osTicket until 1.11 is released.  You should not have this problem if you are running PHP 7.1.16+ or PHP 7.2.4+ but since osTicket does not support those versions yet.

After checking to make sure that: IIS was serving pages and PHP was working in IIS it was time to download and install osTicket.  The new website downloader is neat and allows you to download a languages and plugins together which can be a time saver. As a reminder always install osTicket with out any language packs and then add your desired language packs.

Running the installer resulted in the following error:

Database Connection information `Unabled to connect to MySQL Server: Server sent charset unknown to the client.`  Please report to the devs

To fix this you will need to locate and edit your MySQL configuration file (my.cnf or my.ini). Since this is a new MySQL 8 installation under windows it is at: C:\ProgramData\MySQL\MySQL Server 8.0\my.ini.  Once you located the file locate # character-set-server=.  Directly after it add the line:character-set-server=utf8

Next you will need to restart MySQL.  You might be able to do this with MySQL WorkBench or services.msc.  My server had some patches that installed so I just restarted the server for the patches to finish.

Running the installer again of course resulted in another error message:

Database connection information `Unable to connect to MySQL Server: The server requested authentication method unknown to the client`

Starting with MySQL 8.0.4, the default authentication plugin for MySQL server was changed from mysql_native_password to caching_sha2_password. There are two things that you need to do in MySQL to fix this. First: if you are running an older version of PHP (pre 7.1.16) you will need to set default_authentication_plugin=mysql_native_password in my.cnf. Restart the server.

Next you will need to edit the user account. I could not do this in the most recent version of MySQL WorkBench using the ui. You can do this one of two ways:
1. delete and recreate the user. Make sure authentication is set to ‘Standard’. Make sure you give the same permissions back that the user had.
2. run the following SQL Query (edit this for your user)
alter user 'username'@'localhost' identified with mysql_native_password by 'password';

After doing this the installer ran fine.

osticket Forum updated

This past Wednesday the devs over at the osTicket forums updated their forum software.

The new forum software is pretty similar to the old but there are no more categories.  The site uses tags to determine how posts are organized.  You can add tags to your post when you create it. 

Unfortunately they could not transfer your passwords.  Please use the lost password link to get the site to send you a password reset link to get in. 


Updating osTicket 1.10.x to 1.10.4

I have just upgraded a clone of one of my production sites and there is no database update beween 1.10.x when upgrading to 1.10.4.  You should be able to follow any of my previous upgrade guides and do not expect the database upgrader to run.  This means that upgrading is as easy as dropping the new files over the old ones.   Please keep in mind that you should really back up the site and your database first just in case.

osTicket 1.9.x reaches end of life

There were two very important pieces of information in yesterdays Blog post over on above and beyond the normal "Hey these new versions have been released".  If you haven't read the Blog post yet it is here:

First and foremost is that the 1.9 tree has reached it's end of life and is no longer being supported or maintained.  The devs highly recomnend that you upgrade immediately.  Historically osTicket has only supported two versions at a time so this tells me they expect 1.11 to be made stable quite quickly.

Secondly the tired and old wiki has been retired and been replaced with a brand new re-written Documentation Site.  You can get to the new site by clicking Docs on the osTicket site, or go there directly at:

The release schedule slowed down for a while there, but things seem to have finally gotten back on track.  I'm really looking forward to some of the things that I have heard about in the pipeline and will share them as soon as I can!

osTicket v1.10.4 Security Update and 1.11-rc1 Released!

There is a new version of the 1.10 series, specifically the stable 1.10.4 Security Update. You can get this version via github or at It features some improvements/bug fixes, and an important security update.

This includes the not previously available for download bug fix versions on Here is a list of the changes:



  • issue: Auto-Assignment Log (#4316)
  • issue: Language Pack Locale Mismatch (#4326)
  • issue: CLI Deploy Missing Bootstrap (#4332)
  • issue: User Import No Email (#4330)
  • issue: Ticket Lock On Disable (#4335)

Performance and Security

  • security: Fix Multiple XSS Vulnerabilities (#4331)
  • department: Error Feedback (#4331)



  • issue: Org. User Account Status (#4219)
  • upgrader: Flush Cache On Upgrade (#4227)
  • issue: Outlook _MailEndCompose (#4206)
  • issue: Files – deleteOrphans() (#4253)
  • issue: Fix imap_open Disable Authenticator (#4195)
  • Check permissions before displaying Close Task (#4177)

Performance and Security

  • issue: Information Page Performance (#4275)
  • issue: Prevent Click Jacking (#4266)
  • orm: queryset: Fix circular reference error (#4247)


Performance and Security

  • Prevent Account Takeover (be0133b)
  • Prevent Agent Directory XSS (36651b9)
  • Httponly Cookies (5b2dfce)
  • File Upload Bypass (3eb1614)
  • Only allow image attachments to be opened in the browser window (4c79ff8)
  • Fix randNumber() (5b8b95a)
  • CSRF in URL (285a292)
  • AJAX Reflected XSS (e919d8a)
The long awaited Release Candidate for 1.11 has also been released.  1.11rc-1 is available for download on the site.  This is not a Stable Release and should not be run in a production environment!
The Official Blog post about this is here:
Notice: osTicket 1.9 series has reached end of life, it's no longer being maintained. Users are highly encouraged to upgrade to the latest release of 1.10 series.

Resources for osTicket

This list was last updated on 1/17/2020.

Official Resources

  • GitHub repo – Main repository.
  • Main Website – Main website.
  • Core Plugins – Plugins written by core developers.
  • Forum – Support Forums hosted by osTicket.
  • Documentation – Online Documentation hosted by osTicket.
  • Blog – Official osTicket Blog with helpful Tutorial videos and announcements

Download/Install files

Download into /include/il8n folder.


Install into /include/plugins folder.

Core Plugins
Developed by osTicket core developers.

Beta Plugins by osTicket core developers

Community Plugins
Modifies how the software works, without changing it.

  • Activity Stream – Activity Stream plugin
  • adSync – Paid Active Directory Synchronization, is a plugin for osTicket 1.10+ which allows the system to synchronize your Active Directory users into osTicket.
  • Archiver – Archives tickets before delete, and allows for auto-pruning of old tickets.
  • Attachment Preview – Allows files attached to tickets to be embedded in the thread.
  • Autocloser – Automatically closes open tickets.
  • Fetch Note – Automatically fetch additional note content on ticket creation.
  • Field Radio Buttons – Enables the use of HTML form element Radio Buttons.
  • Mentioner – Finds Staff mentions in a thread and add’s them as collaborators to the ticket.
  • Multi LDAP Auth – Plugin for multiple LDAP servers authentication and LDAP Sync.
  • notifyReject – notifies un-registered users that their email has been rejected and they need to register
  • Prevent Autoscroll – Stops the agent view from scrolling down to the last message in the thread.
  • Real Dynamic Lists – Paid plugin that populates lists with with items from a database.
  • Rejection Notifier – Paid plugin that notifies un-registered users that their email has been rejected and they need to register.
  • Reporting – Paid plugin for extensive reporting.
  • Rewriter – An osTicket plugin to rewrite incoming emails.

Third Party Integration Plugins

Require modifications to osTicket core.



Development Resources

Professional Services



This list was blatantly stolen and then updated from the fantastic curated list by clonemeagain over at: Thank you clonemeagain! (@grizly) I also posted it here:

Add a client side open ticket list to osTicket 1.10+

Since I released my old article on how to add a client side open ticket list I've been meaning to rewrite the mod. The article that your reading now an updated and re-written version for 1.10 and 1.10.1 releases.

One of the features that I would love to see integrated into osTicket is an open ticket listing for clients. While I would like to see this added to code it would really need some more coding to make it viable as a PR. Being able to make this a plugin would be great, but I dont think that this is viable with out editing core files at this time.  

I feel that this simple mod gives users the ability to see what tickets are already open. This should cut down on duplicate tickets, and give the user a better idea of how many tickets are ahead of them when placing a request. This mod was originally written for osTicket 1.6ST and re-released for 1.7, 1.8, 1.9 and 1.10. This rewritten version utilizes the osTicket db access functions.  While this mod is here for everyone to be able to use, it would be great if the people who use it donated .

In the past I have included two ways to install (the mod). However with this release I am only including one way to install this (chiefly due to the fact that no one has ever donated a dime for this mod).

1. Save the display_open_topics.php into your base osTicket folder. Open it and edit the lines 18 through 24 to match your setup.

2. open osticketDirectory\assets\default\css\theme.css with your favorite text editor and scroll all the way to the bottom and add the following:

#openticks {
  -moz-border-radius: 5px;
  border-radius: 5px;
  -moz-box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);
  -webkit-box-shadow: 3px 3px rgba(0, 0, 0, 0.4);
  box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);

#openticks-a {
  border-right-style: solid;
  border-right-width: 1px;
  border-right-color: #BFBFBF;

#openticks-b {

3.  open and edit \index.php scroll down and replace line 79-82


<?php require(CLIENTINC_DIR.''); ?>

change to:

<p style="text-align:center">Be sure to browse both our <a href="kb/index.php">Featured Questions (FAQs)</a>, and the open tickets below before opening a ticket.  Thank you.
  <div id="openticks"><?php include('display_open_topics.php'); ?></div>

<?php require(CLIENTINC_DIR.''); ?>

The file archive for this mod can be downloaded here.

Running 1.9? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.9 or 1.10rc2

Running 1.8? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.8

osTicket v1.10.1 Security Update Released!

There is a new version of the 1.10 series, specifically the stable 1.10.1 Security Update. You can get this version via github or at It features some improvements/bug fixes, and an important security update. Here is a list of the changes:


  • Users: Support search by phone number
  • i18n: Fix getPrimaryLanguage() on non-object (#3799)
  • Add TimezoneField (#3786)
  • Chunk long text body (#37577b68c99)
  • Spyc: convert hex strings to INTs under PHP 7 (#3621)
  • forms: Proper Field Deletion
  • Move orphaned tasks on department deletion to the default department (42e2c55)
  • List: Save List Item Abbreviation (8513f13)

Performance and Security

  • XSS: Encode html entities of advanced search title (#3919)
  • XSS: Encode html entities of cached form data (#3960bcd58e8)
  • ORM: Addresses an SQL injection vulnerability in ORM lookup function (#39591eaa691)


Those still using the 1.9 series will be happy to see that there is also a new 1.9.16 release also.