Release Znuny LTS 6.0.34

Source: https://www.znuny.org/en/releases/znuny-6-0-34

This is the fourth release of Znuny LTS, mainly fixing a critical security issue:
It is possible to collect data by using a mnaipulated e-mail.

In addition to this, several changes provided by the Community are part of this release.

The FAQ package has also been updated, as there is also a vulnerability.
With the appropriate configuration in teh System Configuration it is possible
to linked FAQ content without having the required permission.

The new version of the FAQ is 6.0.29 and is available via the package manager and our download server
More details are available in the advisory.

Note for user of the ITSM package(s):
After updating, the current version 6.0.30 of the ITSM package can still be used.
Updates for ITSM will follow in later versions.

Release type: Security

Changes

Please see the Changes.md on Github

  • Fixed a critical XSS issue in ticket overviews
  • Updated jQuery validate to the latest version
  • Changed configuration for the FAQ link table

Release Znuny LTS 6.0.33

Source: https://www.znuny.org/en/releases/znuny-6-0-33

The third release of Znuny LTS contains the first pull requests / improvements from the community.
Included is also a security fix, which resolves a possible DOS vulnerability when processing URLs in mail texts, which can lead to a high CPU load. 

With this release, the Survey package has also been updated, to fix an XSS vulnerability.
The current version is 6.0.21. Details can be found at LINK.
Please update this package using the package manager.

Note for users of the ITSM package:
After the update, the ITSM package can still be used in version 6.0.30.
Updates for this package(s) will follow in later versions.

Release type: Security

Changes

  • 2021-02-24 Moved ‘AdminSupportDataCollector’ to ‘Administration’ in Admin.
  • 2021-02-22 Fixed article limit in generic interface operation TicketGet. Thanks to Renée Bäcker (@reneeb).
  • 2021-02-15 Leading and trailing white space in names of uploaded files will now be removed. This prevents non-working – attachment download links.
  • 2021-02-12 Fixed output of customer (user) dynamic field labels and values in PDF.
  • 2021-02-11 Removed unused SysConfig options Ticket::Frontend::AgentTicketStatusView###ViewableTicketsPage and – Ticket::Frontend::AgentTicketEscalationView###ViewableTicketsPage. Thanks to Bernhard Schmalhofer (@bschmalhofer).
  • 2021-02-11 Updated to JavaScript::Minifier 1.15. Enabled automatic utilization of JavaScript::Minifier::XS if available. – Thanks to Fedor A. Fetisov (@faf), @zoffixznet and Yuri Myasoedov (@ymyasoedov). See https://github.com/znuny/Znuny/– issues/6.
  • 2020-02-11 Enabled automatic utilization of CSS::Minifier::XS if available.
  • 2020-02-11 Fixed return value format of user search. Thanks to Nicola Cordioli (@niccord).
  • 2020-02-10 Fixed bug in _UserCacheClear in Kernel::System::User. Thanks to Yuri Myasoedov (@ymyasoedov) See https://github.com/znuny/Znuny/pull/1
  • Fixed denial of service (DOS) vulnerability when parsing URLs in E-Mail messages

Eerste Patch versie Znuny LTS verschenen.

Op 29-1-2021 Znuny LTS 6.0.32 (security release verschenen).

Info van https://www.znuny.org/releases/znuny-6-0-32

This is the second release of Znuny LTS. This release is unfortunately necessary at short notice because the integrated CKEditor received a critical update on the day of the Znuny LTS 6.0.31 release.

Note for users of the ITSM package:
After the update, the ITSM package can still be used in version 6.0.30. Updates for ITSM will follow in later versions.

Release type: Security

Changes

Security:

Update of CKEditor from version 4.15.1 to version 4.16.0.
This fixes two vulnerabilities that could cause a regular expression denial of service (ReDoS) using specially crafted strings. An update is strongly recommended by the vendor.
Link: CKEditor – Release 4.16.0

General

Bugfix: An activated JavaScript loader corrupted the generated combined JavaScript which caused the JavaScript in Znuny LTS not be executed anymore.
Link: github.com/znuny/Znuny/issues/6

 

OTRS Community is nu: Znuny – The OTRS Community Edition Fork

OTRS Community is nu: Znuny – The OTRS Community Edition Fork

In december 2020 heeft OTRS AG onverwacht aangekondigd dat de ondersteuning van de ((OTRS)) Community editie door OTRS AG zal worden beeindigd. OTRS AG zal geen updates, patches en security fixes meer uitbrengen.

Znuny GMBH zal vanaf heden het onderhoud van de software voor haar rekening nemen en heeft een Fork van de OTRS Community Edition uitgebracht onder de naam: Znuny LTS (long term support). Znuny LTS is volledig gebaseerd op de source code van de OTRS Community Edition en 100% compatible. Hierdoor is de voortzetting van de software gewaarborgd. Znuny is en blijft open source software.

Znuny GmbH is een belangrijke speler in de OTRS Community en wordt geleid door een van de oorspronkelijke oprichters van OTRS.

Lees hier meer over het besluit van Znuny om het onderhouden van de OTRS Community applicatie over te nemen.

OTRS Support zal voor haar klanten geen OTRS Community Edition meer gebruiken aangezien hier geen updates meer voor zullen uitgebracht maar vanaf heden Znuny LTS.

Basic Authentication Office 365.

Microsoft zal midden 2021 stoppen met support op basic authentication voor Exchange Online. Dit betekent dat e-mail niet op de huidige manier kan worden opgehaald en zal stoppen met werken.

OTRS SUPPORT heeft een plugin beschikbaar die MS Graph authenticatie ondersteunt zodat uw installatie probleemloos blijft werken.

Neem contact met ons op voor meer informatie.