Znuny LTS 6.5.12

Znuny LTS 6.5.12#

Release Information:

Release Date

12-FEB-2025

Release Type

Patchlevel with security fixes

Download

https://download.znuny.org/releases/znuny-6.5.12.tar.gz

GitHub

znuny/Znuny

Security Vulnerabilities Fixed#

  • No logging of decrypted content of S/MIME emails in the communication log.

  • Fixed access control when updating the ticket state via the Generic Interface.

  • Restricted the excution of the backup.pl and restore.pl scripts to the application user to prevent privilege escalation.

  • Added and changed HTTP headers after some finding during a penetration test.

  • Fixed the missing HttpOnly flag for a cookie that was not set in certain situations.

Changes#

  • Updated bundled libraries jstree, nunjuckjs and MIME::Decoder::QuotedPrint.

  • Increased the size of the columns profile_key and profile_value of database table search_profile.

Important

Verify if you perform the update with the bundled backup.pl script. Starting with this version, it has to be executed by the application user, typically otrs. The same restriction now applies to the restore.pl script.

Fixed Issues#

  • The check modules command now lists the require Perl Module Hash::Merge as mandatory.

  • Fixed time zone handling for cron events to honor daylight saving time.

  • The system configuration option SendmailEncodingForce is now a selection instead of a text field.

  • Fixed multiple ticket notifications being sent for empty process tickets for the event NotificationNewTicket.

  • Fixed user cache being cleared for all users whenever a user logs in/out.

  • ProcessManagament: fixed the error handling in activity dialogues for owner fields. Thanks to Daylton Rodrigues (@dayltonr) for reporting. Issue #627

  • Ticket state in the PDF search results for agents and customer users are now translated. Thanks to @BuilderNSV for reporting the issue. Issue #615

  • Fixed ‘Use of uninitialized value’ warning when building custom package and there is no permission to write to the target directory. Thanks to @BuilderNSV for reporting the issue. Issue #610

  • Fixed uninitialized value in AdminSelectBox. Thanks to Sector Nord AG (@jsinagowitz). Pull request #611

Read about all changes in the CHANGES.md. See the commits on GitHub for a list of all changes.