osTicket support

So you’re running osTicket version 1.11.x or 1.11-rc1 and you don’t want to upgrade it to current (1.12). Well if that is you then I have news and it is probably news that you are not going to like.  Due to the security issues in the 1.11 branch support for it has been discontinued effective yesterday 4/24/2019.

So what does this mean?  It means that support for that branch no longer exists.  However, there is some good news, as this means the support for 1.10.x has been extended until the next major release.  That means you can expect more maintenance releases for the 1.10 branch until support for it drops off (with the next major release).

Here is the breakdown:
1.12: support active
1.11: support ended on April 24, 2019
1.10: support active
 1.9: support ended on Feb 06, 2019
 1.8: support ended on Nov 1, 2016

osTicket 1.12.0 Released!

A new stable version of osTicket has just been released version 1.12.0. It also introduces some really useful new features including ACL (Access Control List) and iFrame support.  Update: the new version does not have any database format changes, so the upgrader will not run [since it is not needed].

Here is an overview of all the new features and bug fixes included:

Enhancements

  • issue: Upgrader Wrong Guide Link (#4739)
  • iframe: Allow Multiple iFrame Domains (#4781)
  • variable: Complete Thread ASC or DESC (#4737)
  • issue: Strip Emoticons (#4523)
  • feature: ACL (Access Control List) (#4841)

Improvements

  • issue: Maxfilesize Comma Crash (#4340)
  • issue: System Ban List (#4706)
  • queues: Fix compatibility issues with newer jQuery (#4698)
  • filedrop: Fix file drag and drop (#4719)
  • issue: PHP 7.2 Plugin Delete (#4722)
  • issue: Local Avatar Annotation (#4721)
  • Selected Navigation Item (#4724)
  • Issue: Attachments on Information Fields (#4730)
  • issue: No Save Button On Quicknotes (#4706)
  • Issue: Duplicate Tickets in Closed Queue (#4736)
  • issue: APC CLI (#4731)
  • users: Fix seaching of users (#4741)
  • issue: Custom Column Org Link (#4755)
  • issue: Internal Note Ignored (#4745)
  • issue: PHP 7.2 Ticket Status (#4758)
  • issue: Canned Response Variables (#4759)
  • issue: FAQ Search Results (#4771)
  • issue: FAQ Return Errors (#4772)
  • Queue Columns (#4785)
  • issue: Duplicate Form Titles (#4788)
  • Issue: Exporting Tickets (#4790)
  • issue: Organizations Users Sort (#4806)
  • issue: Multilingual FAQ Category w/ Parent (#4812)
  • issue: Task Print PDF (#4814)
  • Issue: MPDF Export PHP < 7.0 (#4815)
  • Quick Filter Fixes: (#4728)
  • Assignment Restriction Issue (#4744)
  • Issue: Saving Checkbox Values (#4798)
  • Issue: Choosing Fields to Export (#4797)
  • oops: Thread Variable Fatal Error (#4820)
  • oops: Emojis Strip Korean (#4823)
  • issue: iFrame On Install (#4824)
  • Issue: Ticket Export Headers (#4796)
  • issue: Organization Ticket Export No Filename (#4825)
  • MPDF Issues (#4827)
  • issue: sendAccessLink On NULL (#4828)
  • issue: sendAccessLink On NULL v1.11 (#4829)
  • Update README.md (eccc57ae5f4180)
  • issue: iFrame Single Quotes (#4844)
  • issue: Choice Validation Accept Punctuation (#4847)
  • issue: ACL Move To Inc Files (#4848)
  • Issues since v1.11 release (#4850)
  • PJAX: Increase default timeout (#4855)
  • Mime Decode – Encoded char (#4851)
  • MPDF Tasks (#4856)
  • issue: .eml/.msg Attachments (#4857)
  • issue: Task EstDueDate (#4862)
  • Bug fixes and enhancements for v1.11 (#4863)
  • Mailer: Allow for ability to pass -f option as from_address (#4864)
  • Ticket Link: Always return a link (#4865)
  • Minor Fixes (e628373)

Performance and Security

  • xss: XSS To LFI Vulnerability (#4869)
  • jquery: Update Again (#4858)

As always the new stable can be downloaded from osticket.com/download.

But wait there is more! They also released a maintenance release for the 1.10 series v1.10.6. The release notes for this are here:

https://github.com/osTicket/osTicket/releases/tag/v1.10.6

 

Installing osTicket 1.10.4: Troubleshooting MySQL8 and PHP older than 7.1.16

MySQL 8 was released recently (to this writing) and of course that means people are going to start using it.  Since I have seen a couple posts on the forums with people using MySQL 8 I decided to fire up a new VM and install the following:

  • OS: Windows 2012 R2
  • Webserver: IIS 8
  • MySQL 8.0.12
  • PHP 5.6.31

note: PHP 5.6 is still the recommended version of PHP for osTicket until 1.11 is released.  You should not have this problem if you are running PHP 7.1.16+ or PHP 7.2.4+ but since osTicket does not support those versions yet.

After checking to make sure that: IIS was serving pages and PHP was working in IIS it was time to download and install osTicket.  The new website downloader is neat and allows you to download a languages and plugins together which can be a time saver. As a reminder always install osTicket with out any language packs and then add your desired language packs.

Running the installer resulted in the following error:

Database Connection information `Unabled to connect to MySQL Server: Server sent charset unknown to the client.`  Please report to the devs

To fix this you will need to locate and edit your MySQL configuration file (my.cnf or my.ini). Since this is a new MySQL 8 installation under windows it is at: C:\ProgramData\MySQL\MySQL Server 8.0\my.ini.  Once you located the file locate # character-set-server=.  Directly after it add the line:character-set-server=utf8

Next you will need to restart MySQL.  You might be able to do this with MySQL WorkBench or services.msc.  My server had some patches that installed so I just restarted the server for the patches to finish.

Running the installer again of course resulted in another error message:

Database connection information `Unable to connect to MySQL Server: The server requested authentication method unknown to the client`

Starting with MySQL 8.0.4, the default authentication plugin for MySQL server was changed from mysql_native_password to caching_sha2_password. There are two things that you need to do in MySQL to fix this. First: if you are running an older version of PHP (pre 7.1.16) you will need to set default_authentication_plugin=mysql_native_password in my.cnf. Restart the server.

Next you will need to edit the user account. I could not do this in the most recent version of MySQL WorkBench using the ui. You can do this one of two ways:
1. delete and recreate the user. Make sure authentication is set to ‘Standard’. Make sure you give the same permissions back that the user had.
2. run the following SQL Query (edit this for your user)
alter user 'username'@'localhost' identified with mysql_native_password by 'password';

After doing this the installer ran fine.

Updating osTicket 1.10.x to 1.10.4

I have just upgraded a clone of one of my production sites and there is no database update beween 1.10.x when upgrading to 1.10.4.  You should be able to follow any of my previous upgrade guides and do not expect the database upgrader to run.  This means that upgrading is as easy as dropping the new files over the old ones.   Please keep in mind that you should really back up the site and your database first just in case.

osTicket v1.10.4 Security Update and 1.11-rc1 Released!

There is a new version of the 1.10 series, specifically the stable 1.10.4 Security Update. You can get this version via github or at https://osticket.com/download. It features some improvements/bug fixes, and an important security update.

This includes the not previously available for download bug fix versions on osticket.com. Here is a list of the changes:

v1.10.4

Enhancements

  • issue: Auto-Assignment Log (#4316)
  • issue: Language Pack Locale Mismatch (#4326)
  • issue: CLI Deploy Missing Bootstrap (#4332)
  • issue: User Import No Email (#4330)
  • issue: Ticket Lock On Disable (#4335)

Performance and Security

  • security: Fix Multiple XSS Vulnerabilities (#4331)
  • department: Error Feedback (#4331)

v1.10.3

Enhancements

  • issue: Org. User Account Status (#4219)
  • upgrader: Flush Cache On Upgrade (#4227)
  • issue: Outlook _MailEndCompose (#4206)
  • issue: Files – deleteOrphans() (#4253)
  • issue: Fix imap_open Disable Authenticator (#4195)
  • Check permissions before displaying Close Task (#4177)

Performance and Security

  • issue: Information Page Performance (#4275)
  • issue: Prevent Click Jacking (#4266)
  • orm: queryset: Fix circular reference error (#4247)

v1.10.2

Performance and Security

  • Prevent Account Takeover (be0133b)
  • Prevent Agent Directory XSS (36651b9)
  • Httponly Cookies (5b2dfce)
  • File Upload Bypass (3eb1614)
  • Only allow image attachments to be opened in the browser window (4c79ff8)
  • Fix randNumber() (5b8b95a)
  • CSRF in users.inc.php URL (285a292)
  • AJAX Reflected XSS (e919d8a)
 
The long awaited Release Candidate for 1.11 has also been released.  1.11rc-1 is available for download on the osticket.com site.  This is not a Stable Release and should not be run in a production environment!
 
The Official Blog post about this is here: https://www.osticket.com/blog/126
 
Notice: osTicket 1.9 series has reached end of life, it's no longer being maintained. Users are highly encouraged to upgrade to the latest release of 1.10 series.

Add a client side open ticket list to osTicket 1.10+

Since I released my old article on how to add a client side open ticket list I've been meaning to rewrite the mod. The article that your reading now an updated and re-written version for 1.10 and 1.10.1 releases.

One of the features that I would love to see integrated into osTicket is an open ticket listing for clients. While I would like to see this added to code it would really need some more coding to make it viable as a PR. Being able to make this a plugin would be great, but I dont think that this is viable with out editing core files at this time.  

I feel that this simple mod gives users the ability to see what tickets are already open. This should cut down on duplicate tickets, and give the user a better idea of how many tickets are ahead of them when placing a request. This mod was originally written for osTicket 1.6ST and re-released for 1.7, 1.8, 1.9 and 1.10. This rewritten version utilizes the osTicket db access functions.  While this mod is here for everyone to be able to use, it would be great if the people who use it donated .

In the past I have included two ways to install (the mod). However with this release I am only including one way to install this (chiefly due to the fact that no one has ever donated a dime for this mod).

1. Save the display_open_topics.php into your base osTicket folder. Open it and edit the lines 18 through 24 to match your setup.

2. open osticketDirectory\assets\default\css\theme.css with your favorite text editor and scroll all the way to the bottom and add the following:

#openticks {
  padding:5px;
  background:#BFBFBF;
  -moz-border-radius: 5px;
  border-radius: 5px;
  -moz-box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);
  -webkit-box-shadow: 3px 3px rgba(0, 0, 0, 0.4);
  box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);
}

#openticks-a {
  border-right-style: solid;
  border-right-width: 1px;
  border-right-color: #BFBFBF;
  text-align:center;
  vertical-align:middle;
  padding-bottom:4px;
}

#openticks-b {
  text-align:center;
  vertical-align:middle;
  padding-bottom:4px;
}

3.  open and edit \index.php scroll down and replace line 79-82

</div>
</div>

<?php require(CLIENTINC_DIR.'footer.inc.php'); ?>

change to:

</div>
<p style="text-align:center">Be sure to browse both our <a href="kb/index.php">Featured Questions (FAQs)</a>, and the open tickets below before opening a ticket.  Thank you.
  <div id="openticks"><?php include('display_open_topics.php'); ?></div>
</p>
</div>

<?php require(CLIENTINC_DIR.'footer.inc.php'); ?>

The file archive for this mod can be downloaded here.

Running 1.9? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.9 or 1.10rc2

Running 1.8? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.8

osTicket v1.10.1 Security Update Released!

There is a new version of the 1.10 series, specifically the stable 1.10.1 Security Update. You can get this version via github or at https://osticket.com/download. It features some improvements/bug fixes, and an important security update. Here is a list of the changes:

Enhancements

  • Users: Support search by phone number
  • i18n: Fix getPrimaryLanguage() on non-object (#3799)
  • Add TimezoneField (#3786)
  • Chunk long text body (#37577b68c99)
  • Spyc: convert hex strings to INTs under PHP 7 (#3621)
  • forms: Proper Field Deletion
  • Move orphaned tasks on department deletion to the default department (42e2c55)
  • List: Save List Item Abbreviation (8513f13)

Performance and Security

  • XSS: Encode html entities of advanced search title (#3919)
  • XSS: Encode html entities of cached form data (#3960bcd58e8)
  • ORM: Addresses an SQL injection vulnerability in ORM lookup function (#39591eaa691)

 

Those still using the 1.9 series will be happy to see that there is also a new 1.9.16 release also.

osTicket v1.10.x Frequently Asked Questions (FAQ)

This article was updated on 08 Mar 2017

Generally speaking many of the previous FAQ answers [for former versions of osTicket] some times still apply to the current version. The line numbers will be wrong, but the information is usually still good. If you do not see an answer to your question please check out the older versions of this FAQ and/or post on the osTicket forums.

osTicket version 1.9.x FAQ
osTicket version 1.8.x FAQ
osTicket version 1.7.x FAQ

Frequently many of the questions on the osTicket forums are duplicated. As much as I wish people would use the search feature it seems that most people would rather ask their question than actively look for the answer. So I've tried to compile a small list of things that people have either frequently asked, or I think they simply might want to do.

Table of Contents:
Q: How do I change the copyright at the bottom of the page?
Q: How do I turn on error displaying for osTicket?
Q: How do I change the Forgot My Password page?
Q: How do I add custom text fields to my tickets?
Q: How to add a link so that clients can log right into the ticket?
Q: How to add a link so that Agents can log right into the ticket?
Q: How do I prevent clients from reopening a ticket?
Q: I was using a great mod with 1.6ST, 1.7, 1.8, or 1.9 will it work with 1.10?
Q: Where can I get the old install files like 1.6ST or 1.7ST?
Q: How do I change the theme colors?
Q: How do I configure the LDAP Authentication and Lookup plugin?
Q: How do I rid of the XXXXXX from the thank you page?
Q: How do I get email language templates with out reinstalling?
Q: How do I use shared mailboxes in Office365 for tickets?
Q: How do I change the pdf print font size?
Q: How do I add a new Column to the open ticket Agent View?

 

Q: How do I change the copyright at the bottom of the page?

A: edit \include\clientfooter.inc.php and change line 4.

Q: How do I turn on error displaying for osTicket?

A: Generally speaking you shouldn't need to, because you should be able to consult your PHP error logs. However some web hosts do not give people access to their PHP error logs or to edit their PHP.ini. In cases like this you can utilize osTicket itself to display the error messages. edit \bootstrap.php find these lines on or about line 32-33:

    ini_set('display_errors', 0);
    ini_set('display_startup_errors', 0);

change them to:

    ini_set('display_errors', 1);
    ini_set('display_startup_errors', 1);

Make sure that you change them back when you are done.

Q: How do I change the Forgot My Password page?

A: You would think that you could go to Admin panel -> Manage -> Pages -> and edit the page there, but right now you cannot. You have to actually manually edit include/client/pwreset.sent.php. This should be addressed in a future version.

Q: How do I add custom fields to my tickets?

A: The directions for 1.6 through 1.7.3 are deprecated and should no longer be followed! Adding custom fields, drop downs, etc. just got a whole lot easier! You can add custom fields in the UI by going to Admin panel -> Manage -> Forms. You can either add your own form or edit any of the three built in forms. Generally if its not contact or company information you should put it in Ticket Details, or add your own. Currently additional forms can only be added via Help Topic so make sure that you enable the additional form to display by going to Admin panel -> Manage -> Help Topics. Click on the help topic that you want to display the additional form information and select your new form in "Custom Forms" drop down.

Q: How to add a link so that clients can log right into the ticket

A: Edit your email templates at Admin panel -> Emails -> Templates and include something like this:

Click <a href="%{recipient.ticket_link}"> here</a> to access this ticket online.

Q: How to add a link so that Agents can log right into the ticket

A: Edit your email templates at Admin panel -> Emails -> Templates and include something like this:

Click <a href="%{ticket.staff_link}"> here</a> to access this ticket online.

You will likely get a warning saying "Some variables may not be a valid for this context. Please check for spelling errors and correct usage for this template. %{ticket.staff_link}" but it appears to work fine.

Q: How do I prevent clients from reopening a ticket?

A: Check out this forum post, which also covers version 1,7, 1.8, and 1.9!
https://osticket.com/forum/discussion/75304/preventing-clients-from-reopening-a-ticket
Starting in 1.9.4 you can do this with editing the source by going to: Admin panel -> Manage -> Lists -> Ticket Statuses. Click on Closed. Click Item Property tab. Also as a side note: this will result in a new ticket being opened instead of the old ticket being re-opened.

Q: I was using a great mod with 1.6 or 1.7.x will it work with 1.8?

A: Not with out tweaking. As a general rule all available Mods are available in the Mods and Customizations section of the forum for each version. Trying to install a mod for the wrong version will likely result in a headache and a non-functional osTicket installation. The mods that are available for 1.10 are available at osTicket Forums. I recommend that you use plugins which can be updated independantly from the core source files.

Q: Where can I get the old install files like 1.6ST or 1.7ST?

A: Many people have asked where they can get older versions of osTicket.
1.6ST is available here: https://tmib.net/files/OST_1.6.zip

1.7ST is available here: https://tmib.net/files/osTicket-1.7.0.zip

Q: How do I change the theme colors?

A: You can edit the css in the /assets/default/css/themes.css file.

Q: How do I configure the LDAP Authentication and Lookup plugin?

A: I wrote an article about it!  Its available here: osTicket 1.8.1 – How to configure the LDAP Authentication and Lookup plugin.

Q: How do I rid of the XXXXXX from the thank you page?

A: There are two options that you can choose from that will get rid of the XXXXXX from the thank you page.

Option – 1
First and simplest is to go to Admin panel -> Manage -> Pages -> Thank you and remove the following from the page body:

#%{ticket.number}

This will suppress the display of the fake ticket number.

Option – 2
If you actually want the osTicket to display the ticket number you can edit the source. Option 2 is NOT as secure as it should be. This explicitly changed by the devs to not display the ticket number because it is insecure to display it in most current use cases. If your osTicket installation is behind some sort of authentication wall it may be okay for you to do this. Once osTicket finishes implementing First Class Users the ticket number will be safe to display again.

Edit /open.php circa line 76 change:

array_fill(0, 3, 'XXXXXX'),

to:

array_fill(0, 3, $ticket->getExtID()),

 

I fully plan on updating this list from time to time, but have not setup a specific time to do so. If you see something that you think should be added to the list please feel free to PM me on the osticket forums.

Q: How do I get email language templates with out reinstalling?

A: To get the templates without re-installing do the following:

  1. Download the translation files from this page: http://i18n.osticket.com/ Or use the direct download link here: http://i18n.osticket.com/download/project/osticket-official.zip
  2. Extract the zip file and look at this folder: "de \ templates \ email"
  3. There are 13 files inside the folder. Every file contains one of the 13 german email templates. To open the german email template files and get the templates itself, just use a text editor (e.g. notepad++)
  4. In osTicket you should now create your own template
  5. Open every file, copy the message (body & subject) from the file to the corresponding osTicket email template into the html editor view <> inside osTicket and save the template.
  6. Voila you have now the officially translated german email templates in your osTicket installation.

This response was supplied by Forum Moderator Chefkeks.
source:
https://osticket.com/forum/discussion/80331/german-mail-template

Q: How do I use shared mailboxes in Office365 for tickets?

A: Instead of using smtp.office365.com as Microsoft suggests for email settings use outlook.office365.com instead. So your settings would look something like this: user@contoso.com <– user account
sharedmb@contoso.com <–shared mailbox
IMAP settings: address: sharedmb@contoso.com username: user@contoso.com/sharedmb password: <user's password> IMAP server: outlook.office365.com security type: SSL port: 993 SMTP settings: SMTP server: outlook.office365.com security type: TLS port: 587 smtp UN: user@contoso.com smtp PW: <user's password>

source:
https://osticket.com/forum/discussion/89832/using-shared-mailboxes-in-office365-for-tickets

Q: How do I change the pdf print font size?

A: edit \include\staff\ticket-print.tmpl.php and add a font size to the CSS at the top.

Q: How do I add a new Column to the open ticket Agent View?

A: This is probably the most asked question in the last year. Luckily this should become trivial once 1.11 is released as it is supposed to introduce the Custom Queues feature. Until then you have to do it manually by editing the code. Here is a thread that handles most versions of osTicket from 1.7+: A better ticket list!. Warning since this thread covers multiple versions you will have to read through it to find the section of the thread that correlates to your version.

If you are looking for just adding a ticket status to 1.10 then I would refer you to this forum thread:
https://osticket.com/forum/discussion/89382/status-column-in-agent-view

 

Upgrading osTicket 1.9.x to current (1.10)

So you're running osTicket version 1.9.x and you want to upgrade it to current which as of this writing is 1.10, and you need a little help. Well, you've come to the right place.  One very important thing to note: contrary to what the osTicket FAQ at https://osticket.com/faq says, you need a newer version of PHP than 5.3.  I would recommend PHP 5.5 or 5.6 over any other versions at this time.  So if you have 5.3 go upgrade to 5.5 of 5.6.  This version introduces support for PHP 7.0, but there have been reports on the forums that newer versions of 7.0 and 7.1 have issues.

If you have ever upgraded osTicket in the past your experience this time will not be much different than it was previously.

Before you start it is important to mention that if you have installed any mods or performed any custom coding (including changing graphics, translations, etc.) that upgrading will not be as simple as it sounds in this article and you will lose all the modifications that you have made. You could very well break your site or at the very least lose some of the functionality that you currently enjoy.

  1. Put the site into offline mode.

To do this log into your site and navigate to Admin panel -> Settings -> Helpdesk Status and toggle the radial to "Offline (Disabled)", scroll down and click "Save Changes".

note: I personally leave the site open, but navigated back to the Client panel.

  2. Make a backup of your database.

There are various ways to do this and I am not going to cover all of them. My preferred way is to use command line. You can do this by simply issuing a command similar to:

mysqldump -u userName -p databaseName > fileName.sql

note: change userName to your DB username, databaseName to the name of your DB, and fileName to what ever you want to call the backup file.

One other easy way to do backups (on windows) is to use MySQL Admin (deprecated) or MySQL WorkBench.

  3. Make a backup of your site.

Once again there are various ways to achieve this. I trust that you know how you want to do it, just make sure that you do it.

NOTE: You should never rely on your ISPs automatic backups,
always make your own backups before upgrading!!!

While you are here, you may want to also make a separate copy of your /include/ost-config.php file. This file contains the database connection information.

  4. Download the latest version of OSTicket. osticket.com/download.

Note: If you are running any plugins (especially any of the auth plugins), you should also download the new versions of those.

  5. Extract it to your OSTicket directory. Yes, you can and should have it over write existing files.

Note: If you also downloaded upgrade to your plugins make sure that you put there in /include/plugins at this point.

  6. re load your web page. When the page loads you should be looking at the image below. Since this is an upgrade you should be looking at the upgrader. This is important to note since the Upgrader looks different from the Installer.

fig 1 – upgrader
click image to enlarge

 

At this point you should be able to click the "Start Upgrade Now" button. The next screen should look like this:

fig 2 – upgrader, page 2
click image to enlarge

 

Unless you have a reason not to, go ahead and click the "Do It Now!" button. This should result in a small rectangle popping up in the middle of your screen like this:

fig 3 – upgrader upgrading

 

Once it has completed you should be looking at the following page:

fig 4 – upgrader, upgrade completed
click image to enlarge

 

Now, if you click on the Settings tab you should be looking at the following:

fig 5 – admin panel, version
click image to enlarge

 

While you are here, if you had previously put the site into Offline mode, you should put it back in Online mode (don't forget to click Save Changes at the bottom of the page).

Congratulations! You've upgraded from 1.9.x to 1.10, however you are not quite finished yet.

  7. Time for post install clean up.

Go into your OSTicket directory and delete [or rename] the setup folder. It is not needed for a live or production site and should never be left on a publicly accessible server. I recommend that you delete it, but some people like renaming it to keep the files around should they need it again. For the record you should not need it again, and if you did you can always just re-download the distribution archive. This will also get rid of the annoying nag screen at the top of the site.

Next go to your /include folder and make the ost-config.php read only. How to do this varies by OS.

That's it for the "hard" stuff. I recommend that you take another backup of your site (both database and files) since you just made major changes to the site.

Enjoy!

N

tmib

 

p.s. the instructions for installing and configuring the LDAP/AD plugin really haven't changed.

osTicket v1.10 Released!

After a long time and many release candidates have released osTicket the 1.10 stable. You can get this version via github or preferably at https://osticket.com/download.  It features a bunch of new enhancements and some improvements/bug fixes, and an several security/performance updates.  Here is a list of the changes:

Enhancements

  • Support Passive Email Threading (#3276)
  • Introduce the concept of Trusted Proxies and Local Networks (4396f91)
  • Account for agents' name format setting when sorting agents (#32745c548c7)
  • Ticket Filters: Support Lookup By Name (#3274ef9b743)
  • Enable preloaded canned responses by default (#32747267531)

Improvements

  • Task: Missing Description on create (#3274, 865db9)
  • Save task due date on create (#3438)
  • Show overlay on forms submit (#3426#3391)
  • upgrader: Fix crash on SequenceLoader (#3421)
  • upgrader: Fix undefined js function when upgrading due to stale JS file (#3424)
  • Use help topic as the subject line when issue summary is disabled (#327474bdc02)
  • PEAR: Turn off peer name verification by default (SMTP) (#32744f68aeb)
  • Cast orm objects to string when doing db_real_escape (#3274e63ba58)
  • Save department on __create (#3274c664c93)
  • Limit records to be indexed per cron run to 500 (#32749174bab)

Performance and Security

  • Fix memory leak when applying 'Use Reply-To Email' ticket filter action (#343784f085d)
  • XSS: Sanitize and validate HTTP_X_FORWARDED_FOR header (#34394396f91)
  • XSS: Encode html chars on help desk title/name (#34392fb47bd)