The third release of Znuny LTS contains the first pull requests / improvements from the community.
Included is also a security fix, which resolves a possible DOS vulnerability when processing URLs in mail texts, which can lead to a high CPU load.
With this release, the Survey package has also been updated, to fix an XSS vulnerability.
The current version is 6.0.21. Details can be found at LINK.
Please update this package using the package manager.
Note for users of the ITSM package:
After the update, the ITSM package can still be used in version 6.0.30.
Updates for this package(s) will follow in later versions.
Release type: Security
- 2021-02-24 Moved ‘AdminSupportDataCollector’ to ‘Administration’ in Admin.
- 2021-02-22 Fixed article limit in generic interface operation TicketGet. Thanks to Renée Bäcker (@reneeb).
- 2021-02-15 Leading and trailing white space in names of uploaded files will now be removed. This prevents non-working – attachment download links.
- 2021-02-12 Fixed output of customer (user) dynamic field labels and values in PDF.
- 2021-02-11 Removed unused SysConfig options Ticket::Frontend::AgentTicketStatusView###ViewableTicketsPage and – Ticket::Frontend::AgentTicketEscalationView###ViewableTicketsPage. Thanks to Bernhard Schmalhofer (@bschmalhofer).
- 2020-02-11 Enabled automatic utilization of CSS::Minifier::XS if available.
- 2020-02-11 Fixed return value format of user search. Thanks to Nicola Cordioli (@niccord).
- 2020-02-10 Fixed bug in _UserCacheClear in Kernel::System::User. Thanks to Yuri Myasoedov (@ymyasoedov) See https://github.com/znuny/Znuny/pull/1
- Fixed denial of service (DOS) vulnerability when parsing URLs in E-Mail messages