osTicket 1.12.1 Released!

A new stable version of osTicket has just been released version 1.12.1. It also introduces some really useful new features including editing task threads, adding and removing Collaborators with out a page refresh.  Update: the new version does not have any database format changes, so the upgrader will not run [since it is not needed].

Here is an overview of all the new features and bug fixes included:


  • issue: Queue Sort Title No Validation Error (029b0f2)
  • Issue: Tickets Visibility (60aa7b8)
  • task: Implement edit of task thread (394ddee)
  • Reformat Incorrect Reply-To Headers (e9dda94)
  • DatetimeField: Add jquery-ui-timepicker-addon (dbff3b2)
  • Add/Remove Collaborators Without Refresh (5a5044a)


  • issue: API Unexpected Data Warnings (4f68eb9)
  • Double semicolon removed (bacd836)
  • Empty extra in list_items (1309a6c)
  • Issue: Ticket Alerts vs Dept Recipients (581f1f9)
  • issue: iFrame Single Quotes (4b59b4f)
  • issue: PDF Squares Instead Of Text (69c5095)
  • issue: Class Format Disposition Misspelling (1d3f1a3)

Performance and Security

  • Remove File Type Override (539d343)
  • Validate integrity of uploads (eba6fb9)
  • issue: Rogue Closing div Breaks HTML Thread Tree (3bb4c0a)
  • xss: Install Form (c3ba5b7)
  • security: CSV Formula Injection (9981848)
  • security: HTML File Browser Execution (Windows: Firefox/IE) (33ed106)

As always the new stable can be downloaded from osticket.com/download.

But wait there is more! They also released a maintenance release for the 1.10 series v1.10.7.

The release notes for this are here:


osTicket support

So you’re running osTicket version 1.11.x or 1.11-rc1 and you don’t want to upgrade it to current (1.12). Well if that is you then I have news and it is probably news that you are not going to like.  Due to the security issues in the 1.11 branch support for it has been discontinued effective yesterday 4/24/2019.

So what does this mean?  It means that support for that branch no longer exists.  However, there is some good news, as this means the support for 1.10.x has been extended until the next major release.  That means you can expect more maintenance releases for the 1.10 branch until support for it drops off (with the next major release).

Here is the breakdown:
1.12: support active
1.11: support ended on April 24, 2019
1.10: support active
 1.9: support ended on Feb 06, 2019
 1.8: support ended on Nov 1, 2016

osTicket 1.12.0 Released!

A new stable version of osTicket has just been released version 1.12.0. It also introduces some really useful new features including ACL (Access Control List) and iFrame support.  Update: the new version does not have any database format changes, so the upgrader will not run [since it is not needed].

Here is an overview of all the new features and bug fixes included:


  • issue: Upgrader Wrong Guide Link (#4739)
  • iframe: Allow Multiple iFrame Domains (#4781)
  • variable: Complete Thread ASC or DESC (#4737)
  • issue: Strip Emoticons (#4523)
  • feature: ACL (Access Control List) (#4841)


  • issue: Maxfilesize Comma Crash (#4340)
  • issue: System Ban List (#4706)
  • queues: Fix compatibility issues with newer jQuery (#4698)
  • filedrop: Fix file drag and drop (#4719)
  • issue: PHP 7.2 Plugin Delete (#4722)
  • issue: Local Avatar Annotation (#4721)
  • Selected Navigation Item (#4724)
  • Issue: Attachments on Information Fields (#4730)
  • issue: No Save Button On Quicknotes (#4706)
  • Issue: Duplicate Tickets in Closed Queue (#4736)
  • issue: APC CLI (#4731)
  • users: Fix seaching of users (#4741)
  • issue: Custom Column Org Link (#4755)
  • issue: Internal Note Ignored (#4745)
  • issue: PHP 7.2 Ticket Status (#4758)
  • issue: Canned Response Variables (#4759)
  • issue: FAQ Search Results (#4771)
  • issue: FAQ Return Errors (#4772)
  • Queue Columns (#4785)
  • issue: Duplicate Form Titles (#4788)
  • Issue: Exporting Tickets (#4790)
  • issue: Organizations Users Sort (#4806)
  • issue: Multilingual FAQ Category w/ Parent (#4812)
  • issue: Task Print PDF (#4814)
  • Issue: MPDF Export PHP < 7.0 (#4815)
  • Quick Filter Fixes: (#4728)
  • Assignment Restriction Issue (#4744)
  • Issue: Saving Checkbox Values (#4798)
  • Issue: Choosing Fields to Export (#4797)
  • oops: Thread Variable Fatal Error (#4820)
  • oops: Emojis Strip Korean (#4823)
  • issue: iFrame On Install (#4824)
  • Issue: Ticket Export Headers (#4796)
  • issue: Organization Ticket Export No Filename (#4825)
  • MPDF Issues (#4827)
  • issue: sendAccessLink On NULL (#4828)
  • issue: sendAccessLink On NULL v1.11 (#4829)
  • Update README.md (eccc57ae5f4180)
  • issue: iFrame Single Quotes (#4844)
  • issue: Choice Validation Accept Punctuation (#4847)
  • issue: ACL Move To Inc Files (#4848)
  • Issues since v1.11 release (#4850)
  • PJAX: Increase default timeout (#4855)
  • Mime Decode – Encoded char (#4851)
  • MPDF Tasks (#4856)
  • issue: .eml/.msg Attachments (#4857)
  • issue: Task EstDueDate (#4862)
  • Bug fixes and enhancements for v1.11 (#4863)
  • Mailer: Allow for ability to pass -f option as from_address (#4864)
  • Ticket Link: Always return a link (#4865)
  • Minor Fixes (e628373)

Performance and Security

  • xss: XSS To LFI Vulnerability (#4869)
  • jquery: Update Again (#4858)

As always the new stable can be downloaded from osticket.com/download.

But wait there is more! They also released a maintenance release for the 1.10 series v1.10.6. The release notes for this are here:



Upgrading osTicket 1.10.x to current 1.11.0

So you’re running osTicket version 1.10.x and you want to upgrade it to current which as of this writing is 1.11.0, and you need a little help. Well, you’ve come to the right place.  One very important thing to note: contrary to what the osTicket FAQ at https://osticket.com/faq says, you need a newer version of PHP than 5.3.  I would recommend any version from 5.6 to 7.2.  So if you have 5.3 go upgrade first.  This version introduces support for 5.6 to 7.2.  As of this writing I am running 7.2.15 in production on multiple sites.

If you have ever upgraded osTicket in the past your experience this time will not be much different than it was previously.

Before you start it is important to mention that if you have installed any mods or performed any custom coding (including changing graphics, translations, etc.) that upgrading will not be as simple as it sounds in this article and you will lose all the modifications that you have made. You could very well break your site or at the very least lose some of the functionality that you currently enjoy.

1. Put the site into offline mode.

To do this log into your site and navigate to Admin panel -> Settings -> Helpdesk Status and toggle the radial to “Offline (Disabled)”, scroll down and click “Save Changes”.

note: I personally leave the site open, but navigated back to the Client panel.

2. Make a backup of your database.

There are various ways to do this and I am not going to cover all of them. My preferred way is to use command line. You can do this by simply issuing a command similar to:

mysqldump -u userName -p databaseName > fileName.sql

note: change userName to your DB username, databaseName to the name of your DB, and fileName to what ever you want to call the backup file.

One other easy way to do backups (on windows) is to use MySQL Admin (deprecated) or MySQL WorkBench.

3. Make a backup of your site.

Once again there are various ways to achieve this. I trust that you know how you want to do it, just make sure that you do it.

NOTE: You should never rely on your ISPs automatic backups,
always make your own backups before upgrading!!!

While you are here, you may want to also make a separate copy of your /include/ost-config.php file. This file contains the database connection information.

4. Download the latest version of OSTicket. osticket.com/download.

Note: If you are running any plugins (especially any of the auth plugins), you should also download the new versions of those.

5. Extract it to your OSTicket directory. Yes, you can and should have it over write existing files.

Note: If you also downloaded upgrade to your plugins make sure that you put there in /include/plugins at this point.

6. re load your web page. When the page loads you should be looking at the image below. Since this is an upgrade you should be looking at the upgrader. This is important to note since the Upgrader looks different from the Installer.

fig 1 – upgrader
click image to enlarge



At this point you should be able to click the “Start Upgrade Now” button. The next screen should look like this:

fig 2 – upgrader, page 2
click image to enlarge



Unless you have a reason not to, go ahead and click the “Do It Now!” button. This should result in a small rectangle popping up in the middle of your screen like this:

fig 3 – upgrader upgrading



Once it has completed you should be looking at the following page:

fig 4 – upgrader, upgrade completed
click image to enlarge



Now, if you click on the Settings tab you should be looking at the following:

fig 5 – admin panel, version
click image to enlarge



While you are here, if you had previously put the site into Offline mode, you should put it back in Online mode (don’t forget to click Save Changes at the bottom of the page).

Congratulations! You’ve upgraded from 1.10.x to 1.11.0, however you are not quite finished yet.

7. Time for post install clean up.

Go into your OSTicket directory and delete [or rename] the setup folder. It is not needed for a live or production site and should never be left on a publicly accessible server. I recommend that you delete it, but some people like renaming it to keep the files around should they need it again. For the record you should not need it again, and if you did you can always just re-download the distribution archive. This will also get rid of the annoying nag screen at the top of the site.

Next go to your /include folder and make the ost-config.php read only. How to do this varies by OS.

That’s it for the “hard” stuff. I recommend that you take another backup of your site (both database and files) since you just made major changes to the site.


ntozier / tmib


p.s. the instructions for installing and configuring the LDAP/AD plugin really haven’t changed.

Installing osTicket 1.10.4: Troubleshooting MySQL8 and PHP older than 7.1.16

MySQL 8 was released recently (to this writing) and of course that means people are going to start using it.  Since I have seen a couple posts on the forums with people using MySQL 8 I decided to fire up a new VM and install the following:

  • OS: Windows 2012 R2
  • Webserver: IIS 8
  • MySQL 8.0.12
  • PHP 5.6.31

note: PHP 5.6 is still the recommended version of PHP for osTicket until 1.11 is released.  You should not have this problem if you are running PHP 7.1.16+ or PHP 7.2.4+ but since osTicket does not support those versions yet.

After checking to make sure that: IIS was serving pages and PHP was working in IIS it was time to download and install osTicket.  The new website downloader is neat and allows you to download a languages and plugins together which can be a time saver. As a reminder always install osTicket with out any language packs and then add your desired language packs.

Running the installer resulted in the following error:

Database Connection information `Unabled to connect to MySQL Server: Server sent charset unknown to the client.`  Please report to the devs

To fix this you will need to locate and edit your MySQL configuration file (my.cnf or my.ini). Since this is a new MySQL 8 installation under windows it is at: C:\ProgramData\MySQL\MySQL Server 8.0\my.ini.  Once you located the file locate # character-set-server=.  Directly after it add the line:character-set-server=utf8

Next you will need to restart MySQL.  You might be able to do this with MySQL WorkBench or services.msc.  My server had some patches that installed so I just restarted the server for the patches to finish.

Running the installer again of course resulted in another error message:

Database connection information `Unable to connect to MySQL Server: The server requested authentication method unknown to the client`

Starting with MySQL 8.0.4, the default authentication plugin for MySQL server was changed from mysql_native_password to caching_sha2_password. There are two things that you need to do in MySQL to fix this. First: if you are running an older version of PHP (pre 7.1.16) you will need to set default_authentication_plugin=mysql_native_password in my.cnf. Restart the server.

Next you will need to edit the user account. I could not do this in the most recent version of MySQL WorkBench using the ui. You can do this one of two ways:
1. delete and recreate the user. Make sure authentication is set to ‘Standard’. Make sure you give the same permissions back that the user had.
2. run the following SQL Query (edit this for your user)
alter user 'username'@'localhost' identified with mysql_native_password by 'password';

After doing this the installer ran fine.

Updating osTicket 1.10.x to 1.10.4

I have just upgraded a clone of one of my production sites and there is no database update beween 1.10.x when upgrading to 1.10.4.  You should be able to follow any of my previous upgrade guides and do not expect the database upgrader to run.  This means that upgrading is as easy as dropping the new files over the old ones.   Please keep in mind that you should really back up the site and your database first just in case.

osTicket 1.9.x reaches end of life

There were two very important pieces of information in yesterdays Blog post over on osticket.com above and beyond the normal "Hey these new versions have been released".  If you haven't read the Blog post yet it is here: https://www.osticket.com/blog/126

First and foremost is that the 1.9 tree has reached it's end of life and is no longer being supported or maintained.  The devs highly recomnend that you upgrade immediately.  Historically osTicket has only supported two versions at a time so this tells me they expect 1.11 to be made stable quite quickly.

Secondly the tired and old wiki has been retired and been replaced with a brand new re-written Documentation Site.  You can get to the new site by clicking Docs on the osTicket site, or go there directly at: https://docs.osticket.com/

The release schedule slowed down for a while there, but things seem to have finally gotten back on track.  I'm really looking forward to some of the things that I have heard about in the pipeline and will share them as soon as I can!

osTicket v1.10.4 Security Update and 1.11-rc1 Released!

There is a new version of the 1.10 series, specifically the stable 1.10.4 Security Update. You can get this version via github or at https://osticket.com/download. It features some improvements/bug fixes, and an important security update.

This includes the not previously available for download bug fix versions on osticket.com. Here is a list of the changes:



  • issue: Auto-Assignment Log (#4316)
  • issue: Language Pack Locale Mismatch (#4326)
  • issue: CLI Deploy Missing Bootstrap (#4332)
  • issue: User Import No Email (#4330)
  • issue: Ticket Lock On Disable (#4335)

Performance and Security

  • security: Fix Multiple XSS Vulnerabilities (#4331)
  • department: Error Feedback (#4331)



  • issue: Org. User Account Status (#4219)
  • upgrader: Flush Cache On Upgrade (#4227)
  • issue: Outlook _MailEndCompose (#4206)
  • issue: Files – deleteOrphans() (#4253)
  • issue: Fix imap_open Disable Authenticator (#4195)
  • Check permissions before displaying Close Task (#4177)

Performance and Security

  • issue: Information Page Performance (#4275)
  • issue: Prevent Click Jacking (#4266)
  • orm: queryset: Fix circular reference error (#4247)


Performance and Security

  • Prevent Account Takeover (be0133b)
  • Prevent Agent Directory XSS (36651b9)
  • Httponly Cookies (5b2dfce)
  • File Upload Bypass (3eb1614)
  • Only allow image attachments to be opened in the browser window (4c79ff8)
  • Fix randNumber() (5b8b95a)
  • CSRF in users.inc.php URL (285a292)
  • AJAX Reflected XSS (e919d8a)
The long awaited Release Candidate for 1.11 has also been released.  1.11rc-1 is available for download on the osticket.com site.  This is not a Stable Release and should not be run in a production environment!
The Official Blog post about this is here: https://www.osticket.com/blog/126
Notice: osTicket 1.9 series has reached end of life, it's no longer being maintained. Users are highly encouraged to upgrade to the latest release of 1.10 series.

Resources for osTicket

This list was last updated on 9/27/2019.

Official Resources

Download/Install files

Download into /include/il8n folder.


Install into /include/plugins folder.

Core Plugins
Developed by osTicket core developers.

Beta Plugins by osTicket core developers

Community Plugins
Modifies how the software works, without changing it.

  • Activity Stream – Paid Activity Stream plugin
  • adSync – Paid Active Directory Synchronization, is a plugin for osTicket 1.10+ which allows the system to synchronize your Active Directory users into osTicket.
  • Archiver – Archives tickets before delete, and allows for auto-pruning of old tickets.
  • Attachment Preview – Allows files attached to tickets to be embedded in the thread.
  • Autocloser – Automatically closes open tickets.
  • Fetch Note – Automatically fetch additional note content on ticket creation.
  • Field Radio Buttons – Enables the use of HTML form element Radio Buttons.
  • Mentioner – Finds Staff mentions in a thread and add’s them as collaborators to the ticket.
  • Multi LDAP Auth – Plugin for multiple LDAP servers authentication and LDAP Sync.
  • notifyReject – notifies un-registered users that their email has been rejected and they need to register
  • Prevent Autoscroll – Stops the agent view from scrolling down to the last message in the thread.
  • Reporting – Paid plugin for extensive reporting.
  • Rewriter – An osTicket plugin to rewrite incoming emails.

Third Party Integration Plugins

Require modifications to osTicket core.



Development Resources

Professional Services



This list was blatantly stolen and then updated from the fantastic curated list by clonemeagain over at: https://github.com/clonemeagain/awesome-osticket. Thank you clonemeagain! (@grizly) I also posted it here: http://osticket.com/forum/discussion/92286/resources-for-osticket

Add a client side open ticket list to osTicket 1.10+

Since I released my old article on how to add a client side open ticket list I've been meaning to rewrite the mod. The article that your reading now an updated and re-written version for 1.10 and 1.10.1 releases.

One of the features that I would love to see integrated into osTicket is an open ticket listing for clients. While I would like to see this added to code it would really need some more coding to make it viable as a PR. Being able to make this a plugin would be great, but I dont think that this is viable with out editing core files at this time.  

I feel that this simple mod gives users the ability to see what tickets are already open. This should cut down on duplicate tickets, and give the user a better idea of how many tickets are ahead of them when placing a request. This mod was originally written for osTicket 1.6ST and re-released for 1.7, 1.8, 1.9 and 1.10. This rewritten version utilizes the osTicket db access functions.  While this mod is here for everyone to be able to use, it would be great if the people who use it donated .

In the past I have included two ways to install (the mod). However with this release I am only including one way to install this (chiefly due to the fact that no one has ever donated a dime for this mod).

1. Save the display_open_topics.php into your base osTicket folder. Open it and edit the lines 18 through 24 to match your setup.

2. open osticketDirectory\assets\default\css\theme.css with your favorite text editor and scroll all the way to the bottom and add the following:

#openticks {
  -moz-border-radius: 5px;
  border-radius: 5px;
  -moz-box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);
  -webkit-box-shadow: 3px 3px rgba(0, 0, 0, 0.4);
  box-shadow: 3px 3px 3px rgba(0, 0, 0, 0.4);

#openticks-a {
  border-right-style: solid;
  border-right-width: 1px;
  border-right-color: #BFBFBF;

#openticks-b {

3.  open and edit \index.php scroll down and replace line 79-82


<?php require(CLIENTINC_DIR.'footer.inc.php'); ?>

change to:

<p style="text-align:center">Be sure to browse both our <a href="kb/index.php">Featured Questions (FAQs)</a>, and the open tickets below before opening a ticket.  Thank you.
  <div id="openticks"><?php include('display_open_topics.php'); ?></div>

<?php require(CLIENTINC_DIR.'footer.inc.php'); ?>

The file archive for this mod can be downloaded here.

Running 1.9? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.9 or 1.10rc2

Running 1.8? Please see this article instead for that version: Add a client side open ticket list to osTicket 1.8