====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN499
_____________________________________________________________________

DATE                : 08/09/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running osTicket versions prior to 1.14.3.

=====================================================================
https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html
https://github.com/osTicket/osTicket/releases
_____________________________________________________________________

osTicket v1.14.3 Available!
KevinTheJedi

osTicket v1.14.3 is here!


Release Highlights

This release addresses several security vulnerabilities that have been
reported as well as many bug fixes and improvements to the functionality
of the software.

For a complete list of improvements, fixes, and changes please check our
release notes.


Documentation

To learn everything you need to know about using our latest features,
check out our YouTube channel for video tutorials. You can get
additional help on our documentation site.


Upgrading Your Installation

If you are using an older version of osTicket, we highly recommend that
you upgrade to the latest version – please refer to the upgrade guide
for complete instructions. If you are installing osTicket for the first
time, then simply download osTicket v1.14.3 and follow the installation
guide.

Please be sure to upgrade your plugins as well as any language packs you
have installed.

If maintaining your osTicket installation is becoming daunting, we would
encourage you to consider osTicket as a hosted service – we’ll even
import data from your current installation, free of charge. With
SupportSystem’s turnkey infrastructure, you get osTicket at its best,
leaving you free to focus on your customers without the burden of making
sure the application is stable, maintained, and secure.


Maintenance Releases for 1.12 Series

For osTicket users who are unable or unwilling to upgrade, we highly
recommend upgrading to the 1.12.6 maintenance release, v1.12.6. These
new maintenance releases address security vulnerabilities affecting
prior releases. These fixes have also been integrated into v1.14.3.


Need help? – Contact us for professional support.

Cheers,

The osTicket Team.

______________________________________________________________________


osTicket v1.14.3


Enhancements

    select2: Update To 4.0.13 (b67c75b)
    jquery: Update To 3.5.1 (121ab41)
    redactor: Upgrade to version 3.4.2 (384fe27)
    Issue: Template Variables in Ticket Filter (8ef505d, 8a82d1e)
    issue: Get Team Members For Alerts (d88e384)
    Issue: Topic Help Tip (66fc808)
    Create SECURITY.md (165cf18, 0ecfceb)
    redactor: Upgrade to version 3.4.1 (8f08a09)
    inline: RichText Fields View First (d8ff946, a97ddba)
    print: Update Icons and Add Titles (be18e46)
    issue: Update Print Options Icons/Text/Title (b4cd46a)
    refactor: Help Topic Status Refresh (2dee16b)
    Adding translation to the dashboard plot labels. (ebfd68b)
    Issue: Language Verification (a1e9342)

Improvements

    oops: Local Inline Images (f6cd8c4)
    Issue: Ticket Edit Save (3281e74)
    Revert Topic Saving Fixes (0ff87f3)
    issue: NOTLS For IMAP/POP Without SSL (7506937)
    Update dynamic-field-config.tmpl.php (e847ddb)
    Ticket Merge Translation Improvement (ba389a6)
    oops: Task Missing Parentheses (b7684ad)
    Issue: Create Task File Upload (87f5006)
    issue: Delete Users With Tickets (9d2e1da)
    DynamicField Update (c21452b)
    issue: Form Field Help Text Not Null (e295c52)
    export: Duplicate Results (b415baf)
    issue: Email Template Internal Notes (8d6b9aa)
    oops: Change lastupdate To updated For Tasks (03bedc5)
    i18n: Redactor Files Not Included (f91308a)
    Issue: Ticket Task Print (7b6ba94)
    Issue: Topic Fields on Ticket Edit (f79a28a)
    issue: Activity Notice getLastRespondent() (07024fc)
    Issue: Create Team With Members (6f50e91)
    i18n: Don't Store Files Under Branch Name (31dfc6e)
    template: Add Ticket ID To Var Scope (351f8ec)
    Issue: Topic and Department Columns (36778cc)
    sla: Force Intval For Scientific Floats (9ea2e4d)
    oops: JS Method Typo (58e559d)
    issue: Signature Box No Longer Expands (5d68847)
    install: Add Mark As Answered To All Access (0765571)
    print: Client Print Not Respecting Identity Masking (5db5a72)
    templates: %{ticket.thread.complete} Not Respecting Identity Masking
      (faec1a7)
    issue: Filter Action Add Button (adc46ae)
    install: Embedded Domain Whitelist (e0b5d81)
    install: Schedule, SLA, and Help Tip Updates (88dd0aa, e589c1b,
      1860db4)
    Issue: Ticket Number Search (61443ef)
    issue: PHP 7.4 Warnings (1aafa42, d93379e, 90f5985)
    issue: Flush Model Cache (db5eb07)
    Issue: PHP Warning (4997780)
    issue: MySQL 8.0 {min,max} Value Error (bb54dea)
    issue: Mass Delete Help Topics Warning (52fd884)
    issue: Org Added Collabs (0ee25b8)
    issue: Attachment Upload Configuration (2540350)

Performance and Security

    security: Reported Vulns July-August 2020 (fb57082, d2491c1,
                         d98c2d0, 518de22)
    xss: FAQ Category On Errors (292e7dd)



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================