| Server IP : 170.10.162.208 / Your IP : 216.73.216.181 Web Server : LiteSpeed System : Linux altar19.supremepanel19.com 4.18.0-553.69.1.lve.el8.x86_64 #1 SMP Wed Aug 13 19:53:59 UTC 2025 x86_64 User : deltahospital ( 1806) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /tmp/ |
Upload File : |
var/softaculous/conc85/changelog.txt����������������������������������������������������������������0000644�����������������00000010142�15051431043�0013464 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������8.5.21 Release Notes
Behavioral Improvements
When importing stacks we first check to see if a stack path exists on the stack node, and fallback to stack name if it does not (thanks mlocati)
Block Types: allow exporting NULL, don't "abstract" zeroes on import/export (thanks mlocati)
Backported log handling tweaks (thanks SashaMcr)
Bug Fixes
Fix exporting aliases of deleted blocks (thanks mlocati)
Fixed Copying a Express Entry List gives - Call to a member function getAreaHandle() (already included in version 9, backported)
Security Updates
Fixed CVE-2025-8571 Reflected XSS in Conversation Messages Dashboard Page by adding more sanitization to the Url::setVariable method with commit 12643 for version 9 and commit 12646 for version 8. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. Thanks Fortbridge for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.
8.5.20 Release Notes
New Features
Significant improvements to content import/export: added support for multilingual page mapping, additional page paths, external links and more (thanks mlocati)
Disabled searching marketplace since marketplace supports 9+ (thanks mlocati)
Bug Fixes
Fix exporting area layout column when area is null (thanks mlocati)
Fixed some small errors when importing stack content (thanks mlocati)
Fix exporting page fields when page can't be found (thanks mlocati)
Security Updates
Safer storage of API keys on Windows (not necessary for Concrete CMS v9+, see more information here https://github.com/concretecms/concretecms/pull/11859) (thanks mlocati)
Fixed unsanitized address custom attribute when rendering addresses unattached to a particular country.
Developer Updates
Page::getByPath can now except a as well as a site tree and return all pages in all multilingual site trees therein (thanks mlocati)
When importing pages at paths that don’t exist, we now throw a specific exception that can be handled differently in different cases (thanks mlocati)
8.5.19 Release Notes
Security Updates
Fixed CVE-2024-8291 Stored XSS in Image Editor Background Color by sanitizing output of "Save Background Image Colour" in file thumbnail dashboard single page with commit dbce253166f6b10ff3e0c09e50fd395370b8b065 for version 8 and commit 12183 for version 9. The Concrete CMS Security Team gave this a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Prior to the fix a rogue admin could add malicious code to the Thumbnails/Add Type. Thanks Alexey Solovyev for reporting HackerOne 921527.
Fixed CVE-2024-7398 Stored XSS Vulnerability in Calendar Event Addition Feature with commit 7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5 for version 8 and commits 12183 and 12184 for version 9. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 1.8 with vector VSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Prior to the fix, the calendar event name was not sanitized on output. Users or groups with permission to create event calendars could embed scripts and users or groups with permission to modify event calendars could execute scripts. Thank you Yusuke Uchida for reporting HackerOne 2400810.
Fixed CVE-2024-8661 Stored XSS in the "Next&Previous Nav" block with commit 12204 for version 9 and with commit ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4 for version 8. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Prior to the fix, a rogue admin could add a malicious payload. Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks Chu Quoc Khanh for reporting HackerOne 2610205������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������var/softaculous/myadmin49/changelog.txt�������������������������������������������������������������0000644�����������������00000002570�15051731076�0014217 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������phpMyAdmin - ChangeLog
======================
4.9.11 (2023-02-07)
- issue [security] Fix an XSS attack through the drag-and-drop upload feature
4.9.10 (2022-02-10)
- issue #17308 Fix broken pagination links in the navigation sidebar
4.9.9 (2022-01-22)
- issue #17305 Fix syntax error for PHP 5
- issue #17307 Fix hide_connection_errors being undefined when a controluser is set
4.9.8 (2022-01-20)
- issue #14321 Display a correct error page when "$cfg['Servers'][$i]['SignonURL']" is empty for auth_type=signon
- issue #14321 [security] Remove leaked HTML on signon page redirect before login for auth_type=signon
- issue [security] Add configuration directive $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding host names and other error details when login fails
- issue [security] Add configuration directive $cfg['URLQueryEncryption'] to allow encrypting senstive information in the URL
- issue [security] Fix a scenario where an authenticated user can disable two factor authentication
4.9.7 (2020-10-15)
- issue #16397 Fix compatibility problems with older PHP versions (also issue #16399)
- issue #16396 Fix broken two-factor authentication
4.9.6 (2020-10-09)
- issue [security] Fix XSS vulnerability with the transformation feature (PMASA-2020-5)
- issue [security] Fix SQL injection vulnerability with search feature (PMASA-2020-6)
����������������������������������������������������������������������������������������������������������������������������������������var/softaculous/elgg33/changelog.txt����������������������������������������������������������������0000644�����������������00000001110�15052151046�0013447 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������3.3.25 (2022-10-07)
Contributors
Jerôme Bakker (2)
3.3.24 (2021-12-23)
Contributors
Jerôme Bakker (1)
Bug Fixes
reported_content: sanitize report URLs (c30b17bf)
3.3.23 (2021-12-03)
Contributors
Jerôme Bakker (1)
Bug Fixes
ajax: forms in the admin namespace are protected (572d210e)
3.3.22 (2021-11-19)
Contributors
Jerôme Bakker (3)
Bug Fixes
groups: prevent misuse of group membership actions (d9fcad76)
3.3.21 (2021-08-03)
Contributors
Jeroen Dalsem (1)
Bug Fixes
http: always disable cache if cookie is being set (30c17f06)��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������var/softaculous/s9y/changelog.txt�������������������������������������������������������������������0000644�����������������00000012510�15052201556�0013117 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Version 2.5.0 (13.02.2024)
------------------------------------------------------------------------
* Restore compatibility with PHP 7.4
* Remove bundled composer.phar (thanks to hboeck)
* Update composer dependencies (mostly for PHP 8.3 compatibility):
katzgrau/klogger (1.0.0 => 1.2.2)
pear/http_request2 (v2.5.1 => v2.6.0)
pear/net_dns2 (v1.5.3 => v1.5.4)
psr/log (1.0.0 => 1.1.4)
smarty/smarty (v4.3.2 => v4.3.5)
* Fix a PHP notice in User management ("isEditable") (garvinhicking)
* Fix a bug when the p parameter given was set to 0 (@hannob)
* Fix an incompatibility with MySQL 5.7 or later (@mariohommel)
Version 2.4.0 (November 20th, 2022)
------------------------------------------------------------------------
* Fix: Avoid bad number of arguments to sprintf and fix logic error
in spamblock plugin.
* Improve w3c compatibility be encode square brackets of comment
mode links (thanks @hannob)
* Fix: Previewing comments warning threw a warning on PHP 8, when
debug mode on (thanks @hannob)
* Fix: Editor autosave cached was not deleted when saving entry
* Fix: Editor autosave was not on by default, despite the setting
being active by default
* Fix: admin/entries.tpl: fix undefined variable iso2br
* Fix: The calendar plugin threw a warning about $cond['join'] not
existing in some setups
* Fix: Avoid one more situation where responsive image upscaled
a small thumbnail
* Bugfix: Entryproperites plugin no longer insert empty records
for multiple authors (garvinhicking)
* Improve permalink generation performance and enable more unicode
replacements (thanks to mbirth!)
Version 2.3.5 (April 25th, 2020)
------------------------------------------------------------------------
* Fix: CSS: Restrict block display of summary to trackbacks. (#703)
* Fix: Don't strip HTML from comments body in serendipity_plugin_comments
before serendipity_event_unstrip_tags can convert the HTML tags
(being called via frontend_display hook). (#702)
* Fix: [CKE] Don't remove <details> and <summary> elements from
WYSIWYG editor.
* Fix: Don't delete extend properties from the entryproperties
plugin when publishing from dashboard (or sending
delayed trackbacks). (#695)
* Fix: SQL error in serendipity_plugin_history present since we
"don't allow requesting an archive page that doesn't exist"
(2.3.3). (#694)
* Fix: Entry title in backend list of entries was double escaped.
* Fix: Don't drop upgraded_version from local plugin cache.
* Fix: Regular expression in functions_routing.inc.php
* Fix: Truncate extension of media items to 5 chars (which ist the
max length of the corresponding database field). (#609)
Thanks to @mmitch!
Version 2.3.4-beta1 (March 25th, 2020)
------------------------------------------------------------------------
* Security: Fix RCE on Windows.
Thanks to Junyu Zhang <rgdz.eye@gmail.com>!
* Fix: ML: Fixed filename generation when renaming and added
some error messages on rename failures.
* Display source of plugins (Spartacus, bundled or locally installed).
Version 2.3.3 (March 22nd, 2020)
------------------------------------------------------------------------
* #651: When using checkboxes to insert multiple media files, if only
one asset has been selected, do not use the gallery mode,
but instead single-asset view. Also improves to click the title
of an asset to select its checkbox, and hides the 'Insert all'
button when no assets are selected. (garvinhicking)
* Use the video tag for videos in the Medialibrary, also when
inserting such a video into an entry
* media_choose.tpl: Fixes bad usage of
{serendipity_hookPlugin eventData=...} to {serendipity_hookPlugin eventData=}
and allow plugins to skip HTML block insertion to use their own
markup
* Updates mailer event plugin to support force sending mails on
published blog entries and ability to prepend a mail body.
Also fixes missing "keep strip tags" configuration option
* Fix serendipity_killPath().
Thanks to @surrim!
* Don't allow requesting an archive page that doesn't exist.
Thanks to @lotharsm!
* Fix: Set action to empty in functions_routing.php when serving JS;
otherisw the default page has been generated at every call.
* Fix: Add valid HTTP referrer when trying to delete a
trackback from the frontend.
* Fix: Wordwrap at word boundaries only in bundled plugin
serendipity_plugin_comments.
* Fix: Force empty limit to "" in serendipity_fetchEntries().
* Fix: Escape version string in update notifier to avoid XSS.
* Fix: Prevent renaming a ML object into an existing file,
resulting in deletion of both from disk and database.
* Fix: Items in Medialibrary that are not images now get
the correct link
* Fix: Remember where you stored images last (#652)
* Fix: [bbcode] Get roman numerals working in bbcode plugin.
Thanks to Fabien Chabreuil!
* Fix: Force positive limits for number of entries shown on
title page and in RSS feed. s9y doesn't work with 0 or
negative numbers, so force our default (15) in this case,����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������var/softaculous/mw28/changelog.txt������������������������������������������������������������������0000644�����������������00000003327�15053451173�0013201 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������== MediaWiki 1.31.16 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
This is intended to be the final release of the MediaWiki 1.31 branch,
and as such, 1.31 is now considered End of Life.
=== Changes since MediaWiki 1.31.15 ===
* (T283273) Make postgres IRC channel point to libera.chat.
* (T289108) ExtensionProcessor: Remove loaderScripts from
extension.json schemas.
* (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in
Special:Search.
* (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
table scan.
* (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
Special:Contributions.
== MediaWiki 1.31.15 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.14 ===
* (T270988) Fixup issues in SpecialChangeContentModel.php.
* (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
* (T276945) Define a batch size in maintenance/manageJobs.php.
* (T276945) Implement JobQueueDB::getAllAbandonedJobs.
* (T281549) WebInstaller: Don't show the announce-l subscribe
checkbox temporarily.
* (T283247) Freenode -> Libera per wikimedia moving from
freenode to libera.
* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from
purging pages.
== MediaWiki 1.31.14 ==
This is a maintenance release of the MediaWiki 1.31 branch.
== MediaWiki 1.31.12 ==
This is a maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.11 ===
* Fixed issues relating to User::isRegistered() not existing in 1.31.
== MediaWiki 1.31.10 ==
This is a maintenance release of the MediaWiki 1.31 branch.
== MediaWiki 1.31.8 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������var/softaculous/mw35/changelog.txt������������������������������������������������������������������0000644�����������������00000021567�15053452011�0013175 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������== MediaWiki 1.35.14 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.13 ===
* Localisation updates.
* (T344912) mail: Encode period (ascii 46) if it appears in encoded email
header.
* (T347726, CVE-2023-PENDING) SECURITY: logging: Fix non-escaped messages
used in rights log.
== MediaWiki 1.35.13 ==
This is a maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.12 ===
* Tarball release to fix backport issues with patch for T341529.
== MediaWiki 1.35.12 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.11 ===
* Localisation updates.
* (T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for
self-redirects with variants conversion.
* (T341434) WikiImporter: Improve error message output.
* (T341737) ApiBase: Cast $id to string in filterIDs.
* (T342632) ApiComparePages: Add help url.
* (T347227) ImportReporter: Make callback functions public.
* doc: Improve description of type in extension.schema.v1.json.
* (T340221, CVE-2023-PENDING) SECURITY: XSS via
'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
* (T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser
("X intermediate revisions by the same user not shown") ignores username
suppression.
* (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
file to Special:Upload (non-standard configuration).
== MediaWiki 1.35.11 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.10 ===
* Localisation updates.
* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
(1.9.0 => 1.9.1).
* (T269636) Add Access-Control-Max-Age to $wgAllowedCorsHeaders.
* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
* (T297917) objectcache: avoid use of ctype_digit() in
WANObjectCache::adaptiveTTL().
* (T330464) Work around argument corruption bug in XMLReader::open.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
== MediaWiki 1.35.10 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.9 ===
* Localisation updates.
* (T324895) MWCallbackStream: Add explicit $stream property.
* Remove /images .htaccess rules that are no longer relevent.
* Disable php in .htaccess of images directory as a hardening measure.
* (T322583) Include missing message parameter in message.
* Fix phan error when Excimer is enabled.
* (T274966) tests: Make pass on php8.0.
* (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
* (T326021) Add matrix: to $wgUrlProtocols.
* api/en.json: api-help-datatype-expiry add missing 'may'.
* (T225218) Wait until the recent changes are updated.
* (T328222) Pass empty string to strlen() if schema is null for
PostgresDatabase.
* (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
* (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
* (T155582, T328503) Fix XML dumps for content types with non-string
getNativeData().
* (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
* (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
* (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
* (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text'
tag.
* (T329484) API: Fix query+allimages user parameter description.
* (T330529) SpecialEditTags: Set default of '' for wpReason.
* (T330526) htmlform: Handle null from HTMLFormField::getDefault in
multiselects.
* (T285159, CVE-2023-PENDING) SECURITY: Do not apply autoblocks to untrusted
XFF headers.
== MediaWiki 1.35.9 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.8 ===
* Localisation updates.
* (T319000) WebInstaller: Don't try and run trim() on null.
* (T320864) When calling mail(), use an array for headers.
* (T311567) In ManualLogEntry, cast the comment to string.
* (T323082) Upgrading wikimedia/xmp-reader (0.7.0 => 0.8.5).
* Language: Handle ronna and quetta.
* (T304515) LCStoreStaticArray: atomically replace the cache file.
* (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
* (T322637) SECURITY: sqlite should not create DB file world-readable.
== MediaWiki 1.35.8 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.7 ===
* Localisation updates.
* (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
* (T311559) SpecialListFiles: user parameter isn't always present.
* (T311561) ImageListPager: Don't call htmlspecialchars() on null.
* (T311920) SpecialBlockList: Prevent passing null to trim().
* (T311921) SpecialUserrights: Don't pass null to str_replace.
* (T311570) SpecialWithoutInterwiki: Don't pass null through to
Title::capitalize().
* (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
* (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
* (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
* (T312302) SpecialRedirect: Don't pass null to explode.
* RemoveInvalidEmails: Fix quoting for postgres.
* (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
strlen().
* (T312300) SpecialDiff: Don't pass null to explode().
* (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
* (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
* (T289926) Ensure that strlen() does not get passed a (valid) null.
* (T312301) SpecialDiff: Don't pass null to trim().
* Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
* (T289926) Ensure we don't pass null to mb_strlen.
* (T312305, T311572, T311571, T311578) HtmlForm: Null coalescence in trim()
calls.
* (T289926) site: Consistently return null from Site::getDomain().
* (T307304, T289879) filebackend,jobqueue: Add signature for
FilterIterator::accept().
* (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
* Add application/vnd.ms-opentype to MIME list.
* Allow composer/installers plugin in composer.json.
* (T313663) Make HandlerTestTrait compatible with php8.1.
* (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
* Change type hints for BatchRowIterator and NotRecursiveIterator for
compatibility with PHP 8.1.
* (T313663) [php8] Don't use strlen on potentially null string.
* (T313663) [php8.1] Suppress test warning about providing null.
* (T313663) Parser will use current timestamp instead of null if passed a
RevisionRecord that does not have a timestamp.
* (T313663) Add explicit null check for $sha in FileBackend [php8.1].
* (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
* (T289879, T289926) Get rid of warnings on PHP 8.1.
* rdbms: fix some PHP 8 warnings in Database/LoadBalancer/LBFactory.
* (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
* Fix a couple deprecation warnings in the installer under PHP 8.1.
* (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
* (T314096) Migrate use of ${var}-style string interpolation.
* (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
'' not null.
* (T314225) SpecialCategories: Null coalescene $par.
* (T314099) User: Allow dynamic properties on PHP 8.2.
* (T314404) SpecialGoToInterwiki: Null coalescene $par.
* (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
* (T314099) phpunit: Fix trivial dynamic property usages in tests.
* (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
* (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
* (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
* api: Add rel=nofollow to help examples.
* (T314824) tests: Update parser test after i18n change.
* (T263927) Add autocomplete HTML attribute to common auth form fields.
* (T307613) Validate length of user email on Special:ChangeEmail/
Special:CreateAccount.
* (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
wpNamespaceRestrictions.
* (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
* (T315892) composer.json: Pin phpunit to 8.5.28.
* (T229092) MigrateActors.php: ignore duplicate creations of actors.
* (T313049) Bump wikimedia/parsoid to v0.12.3.
* (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
change.
* (T318460) SpecialChangeEmail: Set default for returntoquery.
* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions.
* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.�����������������������������������������������������������������������������������������������������������������������������������������var/softaculous/ostic17/changelog.txt���������������������������������������������������������������0000644�����������������00000012275�15053562546�0013706 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������osTicket v1.17.6
Improvements
Fix PR #6283: DB column value of "local backend" is 'client' and not 'local' (7805cd94)
i18n: Tasks Department ID Missing (00bc6b1b)
issue: Checkbox Template Variable (09de9587)
Fixed mailfetch error message (cd4717a1)
issue: fix square characters being printed when printing tickets that's using languages like Thai (872a6492, 25844034)
issue: Position Styling.. Again (7f03a64b, b843fb15)
mysqli: Multi-Host Failure (0a8475fb)
issue: Task Last Respondent (5277c7ab)
i18n: Schedules getDays() (f2facda3)
issue: Referred Closed Tickets (a7b0711d)
php: Update Prerequisites (d331a44c)
i18n: Lang URL Param (fece6ff7)
mysql: Update Minimum Version (317ab967)
Fix ajax path for AddRemoteCollaborator (6df6cd98)
Fix staff mobile field class (f8455c82)
patches: Latest 05/28/2024 (2d65cb77, 36b4c94f, 854cf47c, d9fe3ada)
upgrade: Laminas-Mail (2.25.1) (c0a74162, 939a278c, f658268d)
hotfix: Fix getRawEmail() (c26d840c, 1eb71197)
issue: Linked Icon annotation (6c096cce)
fix(email): fix case sensitivity in "Action" header retrieval (07843598)
Upgrade mimeDecode.php from v1.48 to v1.5.6 2016-08-28 (cbd78ac8)
mailer: sendmail() Failure (14e2057b)
php: 8.3 Support (a3931f46, b38db372, fea5e1e0, 387a1c04, 136d372e)
issue: Ticket Relations (9426b2dd)
issue: Basic Search Selector (74b8bd0e)
mail: Reapply Memory Optimization (eaaa64d9, ab76ffe8)
php: iconv Recommendation (33ecc3a0)
Ignore VS Code Workspace Files (0da2e0e0)
issue: Email Remote Backend Name (b54dd584)
issue: Safari Response Content Disposition (64a5df68)
api: DueDate and Other Errors (14814ae2)
issue: Multiselect List Export (f3bf8553)
issue: Image Annotation (aeeb2850)
user: List Import (fec70c4a)
issue: Latest SQL Warnings (9bdfde5a)
fields: Variable Name Validation (0724d1ad)
issue: Transfer Empty Comments Var (ed87b257)
update: Composer symfony/process (59f25918)
issue: Client ACL Staff File Download (8255b2e7)
update: PHP Deprecations & Warnings (84c14ace)
issue: User Lookup Umlaut (504b0bfb)
issue: Department Field User Import (5c2b6a5d)
Fix force-https auto-enabling on settings page (3805bbfd)
queue: getTotal Incorrect Counts (4f137dc2)
issue: Referred Tickets Incorrect Queue Counts (b42cad6f)
php: 8.4 Support (a4c0f674, b4938b99, 5e5a9ff5, fb9a39ba)
issue: Canned Response Access (b930a68b)
issue: Excessive Fetching Errors (c546a167)
issue: Plain-text Base64 (216ded32)
i18n: Crowdin API v2 (0ec6670d)
issue: iFrame Logins (3a5da66b)
issue: mimeDecode .eml Attachments (7fc3d8c2)
patches: Latest 11/18/2024 (416b548b, 245e7554)
Revert part of 0784359 commit (ec76a203)
Security
security: Latest Vulns 01/2025 (193f5fe0, ab6672fa)
osTicket v1.17.5
Improvements
update: README.md PHP & Laminas (4baf9dc8, 555c4a74, 88294e2d, 30a4a6e9)
issue: putenv() Disabled (3c0d5f47)
i18n: Update Signing (98706274, 776c0f27)
i18n: Flags Position & Codes (3ee11112, 45f5b5b4)
mailer: Undefined SmtpAccount::getName() (560a4f1d)
issue: SystemSessionHandler (7e17daa6)
issue: Status List Overflow (1deee342)
faq: Category Notes Images (ccca0f59)
patches: Latest 10/03/2023 (65e12297, 48e8501d, a8d42a9d, 4475e03e, bd034712, 64b8c81d, 070eefcb, 1775ce75)
mail: NoValidateCert (d3c140ce)
issue: Choice/Selection Field Searches (00e22fad)
stubs: Add stubs to pass lint test (895c7236)
issue: Canned Response Inline Images (a503c160)
format: Viewable Images Bug (2a412883)
Security
issue: CSP Headers (6228f640)
security: Latest Vulns 09/2023 (04f4e611, 88a87a33, c4ad48de, 37cf8350)
issue: User Account Creation (777e6f0b)
osTicket v1.17.4
Improvements
issue: Thread Entry Actions z-index (215a0ce2)
oauth2: Strict Matching Bug (e014ffd2)
Make string translatable (1105cde7)
issue: Inline-Images Canned Responses (4493b126)
issue: Remove Old Login Code (e17ad463)
issue: i18n Audit Exports (45dd7c4f)
Bug: Custom File Upload Field Config (6371269a, 7283ac81, 902b5d35)
issue: Duplicate User Copy/Paste Import (b304cdb)
issue: Relocate Typeahead JS/CSS Files (62cd406)
issue: strftime() Deprecation (3fe132c4)
jquery: Update To 3.7.0 (ffa23da)
issue: glob() Empty Array (c64a2611)
issue: Email Only Attachment (9e45f3fa)
installer: Change Email (a11aee29)
Security
security: Latest Vulns 06/2023 (86c2ba02, 69244175, 73b997a, ae37925, e4bfb00)
osTicket v1.17.3
Enhancements
oauth2: Strict Matching (7275d67b, b7718be4, ca913ba2, cb3625e8, f531718a, c0cd8b16)
OAuth2 Resource Owner (5c239adb)
Improvements
session: Regenerate Session Id (d5853245)
fetcher: Mail Fetcher / Parser Error Handling (d4d9c424, 0a4498b2)
mysql: Support Sidecar Database Proxies (246aaa4d)
Misc. Fixes (e6beeb9b, 24fd5075, eac9960a, 10af29a5)
fetcher: Default Department (f410d4ec)
issue: LDAP Multi-Instance Fatal Error (f6486044)
issue: TicketDenied errno (6de7cf4c)
session: User Logged Out (00d409d3)
Uncaught Error: Call to a member function getId() on bool (af83896d)
Mailer: Inline Images (7efbdfd2, 8815d087, 64a8abf3)�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������var/softaculous/whmcs83/changelog.txt���������������������������������������������������������������0000644�����������������00000013063�15053563313�0013676 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Version 8.3.2 Release Notes
Maintenance
CORE-17239 - Check for deleted affiliates during Process Credit Card Charges task
CORE-17294 - Prevent incorrect deletion of pending affiliate commissions on upgrade
CORE-17299 - Ensure that the Client-Side Top Bar displays whilst visiting affiliates.php
Version 8.3.1 Release Notes
Maintenance
CORE-17166 - Disregard non-grouped products when generating friendly URLs on upgrade to 8.3
CORE-17167 - Ensure credit card fields are show on new card input for existing customers without prior pay methods
CORE-17168 - Improve format and messaging of admin Dispute page when no support gateways are active
CORE-17173 - Add index to improve performance of Ticket Mail Import Log
CORE-17177 - Client Profile Modified activity log entry text mistakenly uses "User ID" to refer to the client ID
CORE-17178 - Prevent circular dereference when loading list of client services with same domain value
CORE-17179 - Correctly render 'Out of Stock' message
Also known as: CORE-17203
CORE-17185 - Improve backwards compatibility for ticket import statuses
CORE-17197 - Prevent viewing error of invoices associated with a deleted affiliate client account
CORE-17205 - Prevent error during Delayed Affiliate Commissions when affiliate client account has been deleted
CORE-17206 - Do not display list of client's services on Client Summary if admin does not have the 'List Services' permission
CORE-17207 - Improve error rendering for non-existent product requests to cart
Modules
MODULE-7133 - Provide multiple variants of address indices when using existing contact with Nominet
MODULE-7701 - Correct record and display of Stripe fees for decimal currencies
Also known as: CORE-17212, CORE-17189
CORE-17194 - Prevent error when saving settings for WordPress hosting with Plesk
Version 8.3.0 Release Notes
Maintenance
CORE-16706 - Add indices for pricing table
Also known as: CORE-16939
CORE-16894 - Use translated service merge field when available
CORE-16914 - Improve resilience of duplicate recipient check for system emails
CORE-17053 - Log user account deletion
CORE-17067 - Prevent transliteration of original dataset provided to registrar function SaveContactDetails
CORE-17083 - Correct support department connection test
CORE-17099 - Prevent manual transaction entry for invalid invoice ID
CORE-17115 - Correct syntax error in Service Renewal Failed email template
CORE-17123 - Prevent erroneous failure when saving general settings
CORE-17126 - Add FileInfo extension to recommended environment health check
Languages
CORE-17015 - Update Hebrew translations
CORE-17039 - Update Farsi translations
Version 8.2.1 Release Notes
Maintenance
CORE-16394 - Correct display format used for client name in ticket list
CORE-16460 - Prevent unnecessary authentication request for appropriately permissioned admin when viewing quote
CORE-16486 - Ensure ClientAreaPageContacts hook fires when managing contacts
CORE-16495 - Correct use of form data for mail import connection test
Also known as: CORE-16799
CORE-16668 - Correct labeling of 'Default' pay method when merging clients
CORE-16689 - Correct error in mandateAcceptance language string of French translation
CORE-16724 - Ensure display of correct currency in Billing > Transactions List
Also known as: CORE-16845
CORE-16765 - Correct handling of nested API input for Plesk services
CORE-16803 - Ensure Ticket Merge Field [Firstname] is populated for contacts
CORE-16812 - Ensure client IP is passed to the Plesk module when clicking "login to control panel" in the client area
CORE-16836 - Ensure tax rate is notated on invoices with zero amount
CORE-16841 - Ensure Resend Welcome Email for addon uses correct email template
CORE-16844 - Ensure recurring product with zero price can be added to cart
CORE-16846 - Correct random value maxiumum for 32-bit systems
CORE-16869 - Correct import of tickets when requested to ignore error and import
Modules
MODULE-7071 - Ensure existing customer is used for Stripe
MODULE-7630 - Correct sixty-day-lock-optout parameter used in ResellerClub
MODULE-7646 - Ensure friendly error messaging displayed during falied Validation.com signup
Languages
CORE-16764 - Update Dutch Translations
Version 8.2.0 Release Notes
Implemented
FEATURE-2623 - Provide landing page for WordPress Toolkit with Smart Updates for Plesk Add-on Feature
FEATURE-2621 - Update SiteBuilder landing page's template section with dozens of examples and links to live demos
Maintenance
CORE-16174 - Correct Addon Recalculate on Save with multiple quantities
CORE-16228 - Correct alphabetical sort of promotion codes in service overview dropdown
CORE-16641 - Correct display of metric usage for custom daily period
CORE-16665 - Improve styling of MarketConnect addons on product details page
Also known as: CORE-16696
CORE-16707 - Prevent erroneous creation of paymethod reference for 3D Secure with Stripe
CORE-16720 - Correct template inherence for support department custom fields
CORE-16733 - Correct missing Markdown Guide template in child themes
CORE-16797 - Correct CSS for Twenty-One sidebar width on mobile view
Modules
MODULE-7498 - Update additional domain fields structure for .app and .bio with Enom
MODULE-7592 - Correct additional domain field data for .es with LogicBoxes
MODULE-7622 - Correct transfer parameters for .fr to ResellerClub
MODULE-7624 - Add TNC additional domain field for transferring .nz domains with ResellerClub
MODULE-7626 - Ensure IDN language is provided for domain registration orders as part of hosting orders
MODULE-7632 - Correct PayPal unlink account command for non-English UIsVersion 8.1.3 Release Notes
Security
CORE-16334 - REDACTED�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������var/softaculous/whmcs89/changelog.txt���������������������������������������������������������������0000644�����������������00000012657�15053563642�0013721 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Version 8.9.0 Release Notes
Implemented
FEATURE-3461 - Integrate PayPal Commerce + Vault: bugfixes and UX improvements
Maintenance
CORE-18908 - Update wording in On-Demand Renewals Panel
CORE-19064 - Update .re whois server
CORE-19086 - Correct invoice aggregation deficiency provided in 8.9.0 RC
CORE-19090 - Improve PHP health check evaluation and messaging
Modules
MODULE-8031 - Update SagePay API URLs to direct to Opayo
Version 8.8.0 Maintenance
CORE-18726 - Improve resolution for 360 Monitoring icons
CORE-18755 - Prevent error in PHP 8.1 when reimporting ticket
CORE-18770 - Correct saving of Microsoft Oauth Refresh token
Also known as: MODULE-7970
CORE-18800 - Prevent error during manual update while authenticated
CORE-18825 - Ensure value for translation string "service.confirmcommand"
CORE-18827 - Correct additional field structure for .vote TLD
CORE-18848 - Prevent error on domain transfer when using INTL polyfill
Also known as: CORE-18856
Modules
MODULE-6365 - Add support for .nyc TLD
MODULE-7974 - Improve domain and nameserver IDN support with CNR
MODULE-7975 - Improve domain and nameserver IDN support with Hexonet
MODULE-7989 - Improve invoice handling for failed SEPA Stripe payment
MODULE-7993 - Prevent error in PHP 8.1 when updating nameservers at 101Domain
MODULE-8005 - Prevent error in PHP 8.1 when cPanel API credentials lacking permissions
Version 8.7.3 Release Notes
Security
CORE-18682 - REDACTED - XSS
Maintenance
CORE-18667 - REDACTED - Payment Assertion
Version 8.7.2 Release Notes
Implemented
FEATURE-3223 - Visual refinements for 360 Monitoring MarketConnect admin pages
FEATURE-3234 - Improve CSS on 360 Monitoring landing page
FEATURE-3238 - Correct phrasing from "monitors" to "websites" in 360 Monitor plan descriptions
Maintenance
CORE-13323 - Correct display of domain expiry date format in domain sync report and My Domains page
CORE-17826 - Correct inspection of premium domains from Enom availability results
CORE-18297 - Improve handling of punycode domains that use RTL languages
CORE-18390 - Correct storage of host field for Google OAuth2
Also known as: CORE-18352
CORE-18413 - Ensure ticket status in the admin area uses the admin language
CORE-18429 - Improve admin login autofill hint for Safari
CORE-18458 - Prevent erroneous CSRF block when creating billable items
CORE-18496 - Improve PHP Compatibility Scan with a large number of files
CORE-18511 - Ensure Test Connection works on simple server configuration page when using hostname starting with numeral
CORE-18533 - Improve price display in 360 Monitoring landing page
CORE-18539 - Prevent update error related to missing addon records
CORE-18540 - Update WHOIS listing for .yt
CORE-18542 - Minor style and UI tweaks for 360 Monitoring landing page
CORE-18543 - Remove obsolete template files related to licensing provisioning module if present
CORE-18548 - Improve robustness of early runtime error management
CORE-18550 - Correct reference link in activity log entries about client notes
CORE-18553 - Ensure Subscription ID is recorded when saving New Addon for service
CORE-18556 - Correct application of currency selection from footer
CORE-18559 - Prevent error in PHP 8.1 when saving General Settings without affiliate related field values
CORE-18560 - Restore missing 360 Monitoring translation key "tagLine"
CORE-18562 - Correct erroneous hard block of currency deletion
CORE-18569 - Add missing Manage Emails language string
CORE-18570 - Improve visibility of CC recipients when opening new ticket from Admin Area with Chrome on Windows
CORE-18573 - Prevent fatal viewing SSL certificate in Admin Area
CORE-18576 - Prevent error in PHP 8.1 when restricting SSO permissions for a server
CORE-18592 - Allow quote quantities to accept a decimal value
CORE-18595 - Correct translation keys for billing cycle names on NordVPN landing page
Modules
MODULE-7454 - Improve robustness and logging of PayPal Checkout based subscriptions
MODULE-7744 - Prevent error when sending only plain-text emails with SendGrid
MODULE-7761 - Improve log entries during the migration of expired cards to Stripe
MODULE-7796 - Improve handling of domains in unknown status with eNom and GoDaddy
MODULE-7822 - Correct usage of System URL for 3DS notification URL in Sagepay Repeats
MODULE-7826 - Prevent erroneous error with polling empty servers for stats with Plesk
MODULE-7827 - Prevent fatal error on configgateways.php where Gocardless API is unreachable
MODULE-7906 - Ensure .eu domains do not force a client company name to be set with OpenSRS
MODULE-7918 - Prevent error in PHP 8.1 when configuring SSL certificate with Enom SSL
Also known as: CORE-18443
MODULE-7921 - Correction for PHP 8.1 compatibility in legacy Linkpoint
MODULE-7934 - Prevent error in PHP 8.1 when collecting usage from DirectAdmin
MODULE-7935 - Reset client cart workflow following fraud failure with Stripe
MODULE-7937 - Improve transaction detail parsing for custom accounts with Stripe
MODULE-7938 - Prevent error in PHP 8.1 when saving DNS changes in client area with ResellerClub
MODULE-7939 - Improve PHP 8.1 compatibility for 101 Domain
MODULE-7941 - Improve PHP 8.1 compatibility for 2Checkout
MODULE-7943 - Update X-AU-DOMAIN-RELATIONTYPE .au Additional Domain Fields for CentralNIC
Version 8.7.1 Release Notes
Maintenance
CORE-18533 - Improve price display in 360 Monitoring landing page
CORE-18539 - Prevent update error related to missing addon records
CORE-18543 - Remove obsolete template files related to licensing provisioning module if present���������������������������������������������������������������������������������var/softaculous/whmcs82/changelog.txt���������������������������������������������������������������0000644�����������������00000032353�15053564332�0013702 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Version 8.2.1 Release Notes
Maintenance
CORE-16394 - Correct display format used for client name in ticket list
CORE-16460 - Prevent unnecessary authentication request for appropriately permissioned admin when viewing quote
CORE-16486 - Ensure ClientAreaPageContacts hook fires when managing contacts
CORE-16495 - Correct use of form data for mail import connection test
Also known as: CORE-16799
CORE-16668 - Correct labeling of 'Default' pay method when merging clients
CORE-16689 - Correct error in mandateAcceptance language string of French translation
CORE-16724 - Ensure display of correct currency in Billing > Transactions List
Also known as: CORE-16845
CORE-16765 - Correct handling of nested API input for Plesk services
CORE-16803 - Ensure Ticket Merge Field [Firstname] is populated for contacts
CORE-16812 - Ensure client IP is passed to the Plesk module when clicking "login to control panel" in the client area
CORE-16836 - Ensure tax rate is notated on invoices with zero amount
CORE-16841 - Ensure Resend Welcome Email for addon uses correct email template
CORE-16844 - Ensure recurring product with zero price can be added to cart
CORE-16846 - Correct random value maxiumum for 32-bit systems
CORE-16869 - Correct import of tickets when requested to ignore error and import
Modules
MODULE-7071 - Ensure existing customer is used for Stripe
MODULE-7630 - Correct sixty-day-lock-optout parameter used in ResellerClub
MODULE-7646 - Ensure friendly error messaging displayed during falied Validation.com signup
Languages
CORE-16764 - Update Dutch Translations
Version 8.2.0 Release Notes
Implemented
FEATURE-2623 - Provide landing page for WordPress Toolkit with Smart Updates for Plesk Add-on Feature
FEATURE-2621 - Update SiteBuilder landing page's template section with dozens of examples and links to live demos
Maintenance
CORE-16174 - Correct Addon Recalculate on Save with multiple quantities
CORE-16228 - Correct alphabetical sort of promotion codes in service overview dropdown
CORE-16641 - Correct display of metric usage for custom daily period
CORE-16665 - Improve styling of MarketConnect addons on product details page
Also known as: CORE-16696
CORE-16707 - Prevent erroneous creation of paymethod reference for 3D Secure with Stripe
CORE-16720 - Correct template inherence for support department custom fields
CORE-16733 - Correct missing Markdown Guide template in child themes
CORE-16797 - Correct CSS for Twenty-One sidebar width on mobile view
Modules
MODULE-7498 - Update additional domain fields structure for .app and .bio with Enom
MODULE-7592 - Correct additional domain field data for .es with LogicBoxes
MODULE-7622 - Correct transfer parameters for .fr to ResellerClub
MODULE-7624 - Add TNC additional domain field for transferring .nz domains with ResellerClub
MODULE-7626 - Ensure IDN language is provided for domain registration orders as part of hosting orders
MODULE-7632 - Correct PayPal unlink account command for non-English UIsVersion 8.1.3 Release Notes
Security
CORE-16334 - REDACTED
Version 8.1.2 Release Notes
Maintenance
CORE-16265 - Correct import of replies to tickets not associated with a client
CORE-16266 - Ensure empty optional custom fields are provided to provisioning module functions
CORE-16300 - Improve environment support for custom field key comparison
Modules
MODULE-7559 - Correct API value of package for DirectAdmin
MODULE-7591 - Prevent erroneous validation error for manual invoice payment
Version 8.1.1 Release Notes
Maintenance
ADDON-6136 - Ensure Google Analytics outputs script to page
CORE-15519 - Ensure ticket replies from associated users are accepted
CORE-15694 - Prevent erroneous field being displayed after failed domain contact change
CORE-16005 - Correct rendering for sequential error related to failed 2FA disablement
CORE-16014 - WHOIS update for .sa TLD
CORE-16016 - WHOIS update for .ie TLD
CORE-16017 - Improve description of mail import command
CORE-16022 - Prevent duplicate alert for invalid login on Twenty-One
CORE-16025 - Provide or utilize translation strings for various text in Twenty-One
Also known as: CORE-16055, CORE-16194
CORE-16026 - Correct theme inheritance for pagination property
CORE-16029 - Correct alignment of date picker element for Prune Ticket Attachments
CORE-16031 - Improve responsiveness for domain checker
CORE-16033 - Provide integration to HMRC for GB VAT number validation
Also known as: CORE-16220
CORE-16038 - Correct erroneous alert of oustanding invoice in upgrade/downgrade modal
CORE-16040 - Improve description of invite function
CORE-16041 - Provide password type custom field values decrypted to provisioning functions
CORE-16046 - Correct link for OX Manage Email Accounts
CORE-16048 - Prevent indefinite retry of failed email campaign
CORE-16049 - Correct display of module log response
CORE-16050 - Correct sidebar collapse/expansion for cart with Twenty-One
CORE-16051 - Improve handling of invalid parent property of theme
CORE-16058 - Update clients only ticket department description
CORE-16070 - Correct CSS inclusion for viewquote template
CORE-16071 - Correct error on unique email requirement for authenticated user client creation via cart
CORE-16074 - Improve design of admin edit button for knowledgebase articles and categories in Twenty-One
CORE-16081 - Correct path for view cart icon of Twenty-One
CORE-16084 - Prevent erroneous ajax request on automation page
CORE-16086 - Remove legacy smarty variables & increase performance of client area
CORE-16092 - Improve cPanel template for Bootstrap 3 and 4 compatibility
CORE-16093 - Generate order invoices respective to user's language
CORE-16094 - Update template path comparison for non-standard file environments
CORE-16098 - Optimise Additional Domain Fields display in mobile view
CORE-16104 - Improve CSRF error rending for admin login
CORE-16105 - Improve Twenty-One styling for hyperlinks
CORE-16106 - Improve formatting of intelligent search results when a company name is present
CORE-16107 - Prevent missing function error in DeleteClient API
CORE-16108 - Improve Plesk account reindexing upgrade routine
CORE-16109 - Improve Twenty-One styling for block quotes
CORE-16111 - Correct inclusion in Twenty-One related to certificate reissuance
CORE-16114 - Improving handling for deleted orderform
CORE-16118 - Restore aggregation of default Currency considering legay schema
CORE-16119 - Correct add payment address action for Twenty-One
CORE-16124 - Add missing translation string for 'copy'
CORE-16125 - Correct inspection of 'admin' parameter for OpenTicket API
CORE-16128 - Utilize translation strings for announcements in Twenty-One
CORE-16131 - Correct display of CC recipients for guest tickets
CORE-16132 - Correct date picker attribute for Override Auto-Suspend option
CORE-16138 - Correct display of error message on invoice payment in Twenty-One
CORE-16147 - Ensure correct reply-to is used for all mail providers
CORE-16161 - Improve display of ticket information in Twenty-One
CORE-16164 - Improve ticket data aggregation for environments without native type handling
CORE-16165 - Improve render of Manage Domains for Twenty-One
CORE-16169 - Correct input handling for registration form
CORE-16170 - Correct link for close ticket in Twenty-One
CORE-16172 - Correct link for network alerts in cart with Twenty-One
CORE-16187 - Utilize translation string for Contact Us in Twenty-One
CORE-16193 - Correct button for Registrar Lock in Twenty-One
CORE-16200 - Ensure admin notification for ticket change uses correct respondent name
CORE-16203 - Prevent erroneous warning regarding template change when configuring Stripe
CORE-16208 - Prevent error when updating while hooks debug is enabled
CORE-16215 - Provide better error message when prematurely accessing application during installation
CORE-16219 - Correct display of 'amount' on order summary for domain renewal with previous price override
CORE-16233 - Correct checkout button for domain suggestion results
CORE-16238 - Correct field requirement assertion for new client creation in cart checkout
Modules
MODULE-7550 - Ensure failure is logged for CreateFileWithinRoot in Plesk
MODULE-7558 - Redirect to clientarea if session is invalidated during PayPal Checkout subscription setup
MODULE-7566 - Ensure card billing address is not reset upon invoice payment with Stripe
MODULE-7568 - Ensure consistent metadata values are sent to Stripe
MODULE-7569 - Correct reCAPTCHA error with Stripe
MODULE-7570 - Correct display of payment buttons on invoice for 2Checkout
MODULE-7571 - Correct language selection for 2Checkout
MODULE-7573 - Ensure fees are in client's currency with Stripe
MODULE-7576 - Provide CIRA agreement for .ca TLDs
MODULE-7578 - Redirect to clientarea if session is invalidated during PayPal Checkout one-time payment
Also known as: CORE-16192
API
CORE-15959 - Correct inspection of email address for client associate when clientid is not provided to OpentTicket
CORE-16076 - Implement listing active registrars with API GetRegistrars
CORE-16101 - Correct order of operations for invoice update in InvoiceUnpaid API
Languages
CORE-15964 - Correct orderform translation string for German
CORE-16030 - French language improvements
CORE-16235 - Utilize translation string for Digicert feature comparison in Twenty-One
Version 8.1.0 Release Notes
Maintenance
CORE-10886 - Do not send "Invoice Created" email when Order does not have invoice
CORE-12227 - Add search and UI improvements for module log
CORE-14738 - Provide Health Check for known MySQL variable issues
CORE-14777 - Correct unpaid invoice total calculations on "My Invoices" sidebar
CORE-15210 - Improving logging of admin actions related to affliate operations
CORE-15211 - Include negative tax rates in invoice email
CORE-15586 - Prevent error when transferring domain whose associated service's server does not define nameservers
CORE-15595 - Correct language selection for Admin New Order notification
CORE-15677 - Ensure Load Saved Message options reflect selected email type
CORE-15709 - Display Generic Feedback on Ticket Feedback Comments report
CORE-15711 - Improve support department POP setup UI
CORE-15739 - Only render Mass Payment button when enabled and client has unpaid invoices
CORE-15751 - Optimise downloads routine when no service provided
CORE-15774 - Improve resilience of domain SSL status sync
CORE-15795 - Prevent superfluous empty option for CC Recipients when viewing ticket as admin
CORE-15804 - Correct filtering behavior of client custom fields for Email Campaigns
CORE-15820 - Correct typo in "Available Merge Fields" section on email templates
CORE-15869 - Ensure client currency is used if available in admin order process
CORE-15878 - Prevent quantity factor of recurring amount when creating a line item of a multiple quantity service
CORE-15879 - Correct One Time promo calculation for multiple quantity service
CORE-15881 - Ensure time input is used when provided for AddInvoicePayment API
CORE-15882 - Ensure all distributed mail provider support the Reply-To header
CORE-15890 - Add Facebook Sign-in Feedback Error String to Language File
CORE-15897 - Correct display of country on save of Contact in Client area
CORE-15898 - Correct generation of UUIDs required for API actions
CORE-15899 - Remove reference to obsolete client_password merge field
CORE-15905 - Retain invites for 7 days following expiry
CORE-15907 - Correct saving of input for Mail Provider details
CORE-15910 - Improve small port view for password reset in Twenty-One
CORE-15913 - Implement automatic pruning of Module Log
CORE-15914 - Update WHOIS server for .NU
CORE-15922 - Improve display of navigation bar with many items for Twenty-One
CORE-15923 - Correct template inheritance for Marketconnect Upsells
CORE-15932 - Update EV upsell messaging
CORE-15940 - Correct display of Allow Multiple Quantities in Products/Services
CORE-15942 - Prevent partial render on invalid ticket request
CORE-15944 - Ensure correct expiry date is set for multi-year registrarion
CORE-15950 - Include pid if available when redirecting to product group
CORE-15952 - Update EV icon
CORE-15953 - Ensure registrant contact fields are visible when bulk editing domain contact information
CORE-15955 - Implement GetUsers API
CORE-15958 - Improve remote bank + remote gateway migration
CORE-15960 - Correct inheritance for invoicepdf.tpl
CORE-15966 - Ensure OX App Suite upgrade utilises quantities
CORE-15978 - Ensure Security Questions in use cannot be deleted
Also known as: CORE-15981
CORE-15994 - Correct internal type related to display of domain registration pricing
CORE-16013 - Prevent error when providing invalid domain search term in Admin WHOIS lookup
Modules
MODULE-7537 - Ensure credits apply to accounts with addons
MODULE-7541 - Transliterate Statement Descriptor Suffix for Stripe
MODULE-7545 - Correct server sync API request for DirectAdmin
CORE-15928 - Improve resilience of mod_pleskaccounts update routine
Addons
ADDON-6132 - Improve styling of Licensing addon for use in theme Twenty-One
Project Management Addon
PMA-188 - Correct display of associated projects when using custom ticket mask
PMA-189 - Improve compatibility with Twenty-One
Also known as: PMA-190
API
CORE-16008 - Rectify distributed example for OrderProductPricingOverride hook
Languages
CORE-15888 - Update Azerbaijani translations
CORE-15921 - Update Hungarian translations
CORE-15925 - Improvements for Admin Hebrew translation
CORE-15927 - Improvements for Client Hebrew translation�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������var/softaculous/ostic14/changelog.txt���������������������������������������������������������������0000644�����������������00000004236�15053564406�0013676 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������osTicket v1.14.8
Improvements
issue: Auto-Assign Comments Var (c3171c3)
issue: List Item Properties On Mouseover (a6a7192)
issue: def_assn_role (6ad568f)
search: Child Thread Relation (08785f9)
Security
security: PwReset Username and Username Discoverability (e282910, 86165c2)
security: SSRF External Images (1c6f98e)
xss: Stored XSS/Domain Whitelist Bypass (4b4da5b)
security: Recipient Injection via User's Name (7c5c584)
xss: Advanced Search (4a8d3c8)
xss: Tasks (b01c6a2)
osTicket v1.14.7
Enhancements
redactor: Upgrade to version 3.5.1 (2617f53)
Improvements
issue: Setup Admin Password Heltip Verbiage (7866a72)
issue: getDBVersion() SQL Errors (43210e3)
issue: Missing Thread On Referral Check (1359d91)
readme: Update PHP Version (a1cf24f)
typo: Default Sorting (89c322b)
issue: Choices Field Sanitization (07526af)
issue: "New Task Alert" email template typo (8178b4d)
issue: Edit Entry Dropped Attachments (a9a64ed)
issue: EmailTest Draft (27259e1)
issue: Release Notes Links (e9a2155)
Role: Handle null perms (4211952)
Issue: Missing null check in Staff->updatePerms() (f9626f8)
Banlist sorting by Updated (15ccc71)
issue: ticket.dept.sla Variable sla_id (bf15d6f)
Security
xss: SVG Image (68dcaa2)
security: open.php Refresh (b8603c7)
xss: Client-Side i18n (fd560df)
session: Verify UserAgent String (f71c954)
osTicket v1.14.6
Enhancements
redactor: Upgrade to version 3.4.9 (ab40f97)
Improvements
issue: markAs Popup Manager (No Access) (8d1d623)
issue: Task last_update Var (08cd762)
issue: SCP Login Redirect (9b12a54)
issue: Client-Side Reply Draft Saving (996cd9e)
osTicket v1.14.5
Enhancements
typo: Change User Confirmation Popup (79e6513)
redactor: Upgrade to version 3.4.6 (5c77b0d)
Improvements
issue: MailFetch Inline Disposition (fbf0c7d)
issue: Editor Spacing (a6cbc5c)
Issue: Collaborator Adding New Collabs (a4ab6b6)
mail: Reply to Ticket Owner Only (a4bb20a)
dept: Dept Deletion Bug (7cba73d)
issue: Task From Ticket (4b48456)
Security
security: Parent Ticket Access (Client) (5972fe8)