osTicket support

So you’re running osTicket version 1.11.x or 1.11-rc1 and you don’t want to upgrade it to current (1.12). Well if that is you then I have news and it is probably news that you are not going to like.  Due to the security issues in the 1.11 branch support for it has been discontinued effective yesterday 4/24/2019.

So what does this mean?  It means that support for that branch no longer exists.  However, there is some good news, as this means the support for 1.10.x has been extended until the next major release.  That means you can expect more maintenance releases for the 1.10 branch until support for it drops off (with the next major release).

Here is the breakdown:
1.12: support active
1.11: support ended on April 24, 2019
1.10: support active
 1.9: support ended on Feb 06, 2019
 1.8: support ended on Nov 1, 2016

osTicket v1.10.4 Security Update and 1.11-rc1 Released!

There is a new version of the 1.10 series, specifically the stable 1.10.4 Security Update. You can get this version via github or at https://osticket.com/download. It features some improvements/bug fixes, and an important security update.

This includes the not previously available for download bug fix versions on osticket.com. Here is a list of the changes:



  • issue: Auto-Assignment Log (#4316)
  • issue: Language Pack Locale Mismatch (#4326)
  • issue: CLI Deploy Missing Bootstrap (#4332)
  • issue: User Import No Email (#4330)
  • issue: Ticket Lock On Disable (#4335)

Performance and Security

  • security: Fix Multiple XSS Vulnerabilities (#4331)
  • department: Error Feedback (#4331)



  • issue: Org. User Account Status (#4219)
  • upgrader: Flush Cache On Upgrade (#4227)
  • issue: Outlook _MailEndCompose (#4206)
  • issue: Files – deleteOrphans() (#4253)
  • issue: Fix imap_open Disable Authenticator (#4195)
  • Check permissions before displaying Close Task (#4177)

Performance and Security

  • issue: Information Page Performance (#4275)
  • issue: Prevent Click Jacking (#4266)
  • orm: queryset: Fix circular reference error (#4247)


Performance and Security

  • Prevent Account Takeover (be0133b)
  • Prevent Agent Directory XSS (36651b9)
  • Httponly Cookies (5b2dfce)
  • File Upload Bypass (3eb1614)
  • Only allow image attachments to be opened in the browser window (4c79ff8)
  • Fix randNumber() (5b8b95a)
  • CSRF in users.inc.php URL (285a292)
  • AJAX Reflected XSS (e919d8a)
The long awaited Release Candidate for 1.11 has also been released.  1.11rc-1 is available for download on the osticket.com site.  This is not a Stable Release and should not be run in a production environment!
The Official Blog post about this is here: https://www.osticket.com/blog/126
Notice: osTicket 1.9 series has reached end of life, it's no longer being maintained. Users are highly encouraged to upgrade to the latest release of 1.10 series.

Add a client side open ticket list to osTicket 1.10+

Since I released my old article on how to add a client side open ticket list I've been meaning to rewrite the mod. The article that your reading now an updated and re-written version for 1.10 and 1.10.1 releases.

One of the features that I would love to see integrated into osTicket is an open ticket listing for clients. While I would like to see this added to code it would really need some more coding to make it viable as a PR. Being able to make this a plugin would be great, but I dont think that this is viable with out editing core files at this time.  

I feel that this simple mod gives users the ability to see what tickets are already open. This should cut down on duplicate tickets, and give the user a better idea of how many tickets are ahead of them when placing a request. This mod was originally written for osTicket 1.6ST and re-released for 1.7, 1.8, 1.9 and 1.10. This rewritten version utilizes the osTicket db access functions.  While this mod is here for everyone to be able to use, it would be great if the people who use it donated .

In the past I have included two ways to install (the mod). However with this release I am only including one way to install this (chiefly due to the fact that no one has ever donated a dime for this mod).

1. Save the display_open_topics.php into your base osTicket folder. Open it and edit the lines 18 through 24 to match your setup.

2. open osticketDirectory\assets\default\css\theme.css with your favorite text editor and scroll all the way to the bottom and add the following:

#openticks {
  -moz-border-radius: 5px;
  border-radius: 5px;
  -moz-box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);
  -webkit-box-shadow: 3px 3px rgba(0, 0, 0, 0.4);
  box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);

#openticks-a {
  border-right-style: solid;
  border-right-width: 1px;
  border-right-color: #BFBFBF;

#openticks-b {

3.  open and edit \index.php scroll down and replace line 79-82


<?php require(CLIENTINC_DIR.'footer.inc.php'); ?>

change to:

<p style="text-align:center">Be sure to browse both our <a href="kb/index.php">Featured Questions (FAQs)</a>, and the open tickets below before opening a ticket.  Thank you.
  <div id="openticks"><?php include('display_open_topics.php'); ?></div>

<?php require(CLIENTINC_DIR.'footer.inc.php'); ?>

The file archive for this mod can be downloaded here.

Running 1.9? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.9 or 1.10rc2

Running 1.8? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.8