Overview
This article provides details on Kayako 4.73.3 security and bug fixes.
Information
Update: 13th April 2016
Fixes
-
SWIFT-4951 The staff control panel quick search is not working after a fresh database installation.
- SWIFT-4926 Improved email deliverability when using Kayako as your email server.
Changed files between 4.73.2 and 4.73.3
If you are currently using Kayako 4.73.2, a patch update is possible by updating only the files below:
-
__apps/livechat/admin/class.Controller_TagGenerator.php
- __apps/livechat/config/templates.xml
- __apps/livechat/visitor/class.Controller_Chat.php
- __apps/tickets/config/class.SWIFT_SetupDatabase_tickets.php
- __swift/apps/base/config/language.xml
- __swift/apps/base/config/language-de.xml
- __swift/apps/base/config/language-en-gb.xml
- __swift/apps/base/config/language-es.xml
- __swift/apps/base/config/language-fr.xml
- __swift/apps/base/config/language-it.xml
- __swift/apps/base/config/language-nl.xml
- __swift/apps/base/config/language-pt.xml
- __swift/apps/base/config/language-ru.xml
- __swift/apps/base/library/UserInterface/class.SWIFT_UserInterfaceControlPanel.php
- __swift/apps/core/config/class.SWIFT_SetupDatabase_core.php
- __swift/library/Mail/class.SWIFT_Mail.php
- __swift/config/config.php
- __swift/library/Setup/class.SWIFT_SetupDatabase.php
- __swift/library/TemplateEngine/class.SWIFT_TemplateEngine.php
- __swift/locale/de/dashboard.php
- __swift/locale/en-gb/dashboard.php
- __swift/locale/en-us/dashboard.php
- __swift/locale/es/dashboard.php
- __swift/locale/fr/dashboard.php
- __swift/locale/it/dashboard.php
- __swift/locale/nl/dashboard.php
- __swift/locale/pt/dashboard.php
- __swift/locale/ru/dashboard.php
- __swift/themes/__cp/templates/recpheader.tpl
Update: 11th March 2016
We have released Kayako 4.73.2 which resolves a reported issue with 4.73.1 which prevented viewing ticket histories. You can see all the changes below:
Fixes
-
SWIFT-4925 - Undefined index __executesegment and __staffemail at Staff control panel on ticket loading from the history tab.
Changed files between 4.73.1 and 4.73.2
If you are currently using Kayako 4.73.1, a patch update is possible by updating only the files below:
-
__swift/apps/base/library/UserInterface/class.SWIFT_UserInterfaceControlPanel.php
-
__swift/apps/base/staff/class.Controller_Home.php
-
__swift/apps/base/admin/class.Controller_Home.php
Original post: 10th March 2016
Kayako 4.73.1 is now available; this update includes an important security fix and many other fixes and improvements.
We recommend all customers upgrade to 4.73.1. An issue was found which in rare circumstances could result in the leakage of an SMTP server username and password in an error message (if you are using an SMTP server). There is no known exploit of this problem in the wild, and it is being fixed as a preventative measure. To make it easier to protect yourself, we have included patches for the recent three releases.
Highlights
-
Includes security fix for SMTP details leakage.
- Improved Support Center searching which now includes ticket subject.
-
Improved cookie security to help prevent session hijacking attacks.
-
Top level domain names above six characters are now accepted for help desk URLs.
-
Improvements to inline image rendering in staff notification emails when being viewed from Microsoft Outlook clients.
This release also includes over 30 other bug fixes and improvements. You can find a full changelog for 4.73 and 4.73.1 below.
Kayako Download customers can find the updated product files by logging into my.kayako.com, under My Orders.
4.73.1 Fixes
-
SWIFT-4914 config.php setting to disable Segment code.
-
SWIFT-4915 Change engine type of 'swsearchindex' table from MyISAM to InnoDB.
- SWIFT-4922 Security Issue (medium).
Changed files between 4.73.0 and 4.73.1
If you are currently using Kayako 4.73.0, a patch update is possible by updating only the files below:
-
__swift/apps/base/admin/class.Controller_Home.php
- __swift/apps/base/staff/class.Controller_Home.php
- __swift/apps/base/config/class.SWIFT_SetupDatabase_base.php
- __swift/config/config.php
- __swift/includes/functions.php
- __swift/library/Exception/class.SWIFT_Exception.php
- __swift/themes/__cp/images/exception.png
- __swift/themes/__cp/templates/recpheader.tpl
- __swift/themes/__global/templates/exception.tpl
- __swift/themes/client/images/exception.png
4.73 Features and Improvements
- SWIFT-4884 Add the readme_first text file in the root of the product directory.
- SWIFT-4808 Responsive layout for live chat.
- SWIFT-3825 Images cannot be pasted directly into Knowledgebase articles.
- SWIFT-2814 Support center searching improvements.
- SWIFT-768 Better knowledgebase breadcrumbs.
4.73 Fixes and other changes
- SWIFT-4865 "Set tickets to this status on user reply" to 'Do Not Change' option is not behaving as expected.
- SWIFT-4860 Repetitive Join condition on the same table in a single query.
- SWIFT-4852 Private Staff replies are sent in emails as well as visible at Client Panel when a ticket is duplicated.
- SWIFT-4828 HTML is not preserved in staff reply emails, and the content is displayed without break-line.
- SWIFT-4823 Knowledgebase article author and edit date fields don't update.
- SWIFT-4821 Ticket reply formatting is lost in user Inbox when staff replies to notification email via Outlook.
- SWIFT-4790 Cookies should use secure attributes with the HttpOnly flag to prevent session hijacking attacks.
- SWIFT-4753 Helpdesk should not allow to insert staff account more than Staff User count.
- SWIFT-4725 'Strip HTML tags' option results in adding extra spaces when an HTML email is sent from MS Outlook.
- SWIFT-4697 Buttons on Client Support center freeze when using firefox browser.
- SWIFT-4604 The attachments do not get attached if the ticket is created via Staff API.
- SWIFT-4548 Survey email is always dispatched in English, even if another language is linked to template group being used.
- SWIFT-4501 Custom Fields are not duplicated on splitting or duplicating a ticket.
- SWIFT-4475 Incorrect Reply and Resolution due deadline applied on tickets.
- SWIFT-4447 Knowledgebase search returns no results if the search query includes 'stop word in it.
- SWIFT-4430 Disabled SLA plan can be implemented over a ticket manually from 'Edit' tab.
- SWIFT-4390 Email parser rule with criteria "sender email address">does contain> is not working as it should.
- SWIFT-4379 Top Level Domain above six characters is not accepted in the help desk.
- SWIFT-4377 Incorrect reply due time on ticket created from email parser in case of different time zone selection.
- SWIFT-4205 Incorrect results with numeric string under the ‘Quick Search’ option in the staff portal.
- SWIFT-4191 Inline images do not render in staff notification emails, in MS Outlook client.
- SWIFT-4181 Attachment size greater than not working in parser rule.
- SWIFT-3826 Unable to generate the report for Audit logs action 'Moved to trash.'
- SWIFT-3039 Disabled staff is shown under the 'Owner' field in tickets if the department is changed from the drop-down.
- SWIFT-3022 'Allow Staff to reply by Email' is not taking effect in some cases.
- SWIFT-2931 Linked select values are lost from the ticket after updating the Custom Field in Admin CP.
- SWIFT-2649 Option 'Automatically Convert Encoding Of Incoming Emails' under mail parser settings is not working.
- SWIFT-2506 Redundant data in values for linked select custom fields.