osTicket v1.9.16

Maintenance release for osTicket 1.9

=== Performance and Security
* XSS: Encode html entities of cached form data (#3960, bcd58e8)
* ORM: Addresses an SQL injection vulnerability in ORM lookup function
    (#3959, 1eaa6910)

v1.10

Stable release for 1.10

=== Enhancements
 * Support Passive Email Threading (#3276)
 * Account for agents name format setting when sorting agents (#3274, 5c548c7)
 * Ticket Filters: Support Lookup By Name (#3274, ef9b743)
 * Enable preloaded canned responses by default (#3274, 7267531)

=== Improvements
 * Task: Missing Description on create (#3274, 865db9)
 * Save task due date on create (#3438)
 * Show overlay on forms submit (#3426, #3391)
 * upgrader: Fix crash on SequenceLoader (#3421)
 * upgrader: Fix undefined js function when upgrading due to stale JS file (#3424)
 * Use help topic as the subject line when issue summary is disabled (#3274, 74bdc02)
 * PEAR: Turn off peer name verification by default (SMTP) (#3274, 4f68aeb)
 * Cast orm objects to string when doing db_real_escape (#3274, e63ba58)
 * Save department on __create (#3274, c664c93)
 * Limit records to be indexed per cron run to 500 (#3274, 9174bab)

=== Performance and Security
 * Fix memory leak when applying 'Use Reply-To Email' ticket filter action (#3437, 84f085d)
 * XSS: Sanitize and validate HTTP_X_FORWARDED_FOR header (#3439, b794c599)
 * XSS: Encode html chars on help desk title/name (#3439, a57de770)

osTicket v1.9.15

Maintenance release for osTicket v1.9

=== Enhancements
 * Introduce the concept of Trusted Proxies and Local Networks (8ca6bc30)

=== Performance and Security
 * Fix memory leak when applying `Use Reply-To Email` ticket filter
 * action (8ca6bc30)
 * XSS: Sanitize and validate HTTP_X_FORWARDED_FOR header (#3439,
        * b794c599)
 * XSS: Encode html chars on help desk title/name (#3439, a57de770)

osTicket-1.10-rc.3

Third release candidate for osTicket v1.10

=== Enhancements
  * Compatibility with PHP7 (#2828)
  * Share tickets among organization members (#2405)
  * Add lock semantics compatible with v1.9 (lock on view) (f826189)
  * Staff login backdrop is customizable (#2468)
  * Add advanced search for closed date, thread last message, thread last
    response (#2444)
  * Disable auto-claim by department (#2591)
  * Properly flag SYSTEM thread postings (#2702)
  * Add option to use dept/agent name on replies (#2700)
  * Add a preference option to set the sort order of the thread entries in DESC
    or ASC order (#2700)
  * Thread dates can be shown as relative or absolute timestamps (#2700)
  * Make Avatars optional on thread view (#2701)
  * Make Authentication Tokens Optional (auto-login links in emails) (#2714)
  * Use icons for ticket and task actions (#2760)
  * role: Add option to use primary role on assignment (#2832)

=== Improvements
  * All improvements cited in v1.9.12 and v1.9.13
  * Fix deleting of custom logos (#2433)
  * Fix assignment setting on new tasks (#2452)
  * Fix subject display of non-short-answer fields on ticket view and ticket
    queue (#2463)
  * Fix advanced search of ticket source (#2479)
  * Forbid adding deleted forms via "Manage Forms" (#2483)
  * Use horizontal tabs for translatable article content rather than the left
    tabs in a table (#2484)
  * Fix lock expiration time if PHP and database have different time zones
    (#2533)
  * Fix user class and ID matching from email headers (#2549)
  * Fix emission of `Content-Language` header in client portal for multiple
    system languages, thanks @t-oster (#2555)
  * Fix deployment of fresh git repo or download on PHP 5.6 (#2571)
  * Fix handling of abbreviated database timezones like `CDT` (#2570)
  * Fix incorrect height display of avatars (#2580, #2609)
  * Sort help topic names case insensitively, thanks @jdelhome3578 (#2530)
  * Fix detection of looped emails (f2cac64)
  * Fix crash in ticket preview (popout) if ticket has no thread (bd9e9c5)
  * Fix javascript crash adding new ticket filter (d2af0eb)
  * Fix crash if the `name` field of a user is a drop-down (ec0b2c5)
  * Fix incorrect SQL query removing departments (cf6cd81)
  * Properly fallback to database file storage if system is misconfigured (1580136)
  * Fix crash handling fields with `__` in the name in the VisibilityConstraint
    class (b3d09b6)
  * Remove staff-dept records when removing an agent (ecf6931)
  * Avoid crashing processing ORM records with NULL select_related models (#2589)
  * Fix several full-text search related issues (#2588, #2603)
  * Fix crash sending registration link for a guest user (#2552)
  * Avoid showing lock icon for expired locks on ticket listing (#2617)
  * Fix incorrect redirect from SSO authentication, thanks @kevinoconnor7
    (#2641)
  * Fix vertical overflow of uploaded image preview (#2616)
  * Fix unnecessary dropping of CDATA table on MySQL 5.6 (#2638)
  * Fix several issues on user directory ticket listing (#2626)
  * Fix encoding of attachment filenames in emails (#2586)
  * Fix warning rendering advanced search dialog, thanks @t-oster (#2594)
  * Fix bounce message loop for message alert to a bad agent email address
    (#2639)
  * Make fulltext search optional on user lookup (#2657)
  * Add the [claim] feature again (#2681)
  * Fix agent's Signature & Timezone dropped on update (#2720)
  * Fix crash in user CSV import (#2708)
  * Fix crash in user ajax lookup (#2600)
  * Send Reference and In-Reply-To headers only for thread items pertinent to
    the receiving user (#2723)
  * Properly clean HTML custom fields (#2736)
  * Fix changing/saving properties on internal ticket statuses, with the
    exception of the state (#2767)
  * Fix CSV list import (#2738)
  * Fix late redirect header for single ticket typeahead result (#2830)
  * Add sortable column headers in the ticket and task queues (#2761)
  * Fix several issues with the file CLI app (#2808)
  * Fix config crash on install (#2827, #2844)
  * Set due date based on user's timezone (#2812, #2981)
  * Fix crash rendering some email addresses to string (#2844)
  * Fix crash rendering thread with invalid timestamps (#2844)
  * Log assignment note (comments), if any, when staff created ticket is
    assigned (#2944)
  * Change transient SLA, on transfer,  if target department has a valid SLA
    (#2944)
  * Fix typo on task transfer modal dialog (#2944)
  * Fix ticket source on ticket edit (#2944)
  * Convert user time to database time when querying stats (#2944)
  * Fix date picker clearing input on invalid date format (#2944)
  * Show topic-specific thank-you page (#2915)
  * Department manager can be excluded from the new ticket alert (#2974)
  * Do not scrub iframe `@src` attribute (#2940)

  * Use full-text search for quick-search typeahead boxes (#2479)
  * Speed up a few slow and noisy queries (5c68eb3, 340fee7, 208fcc3)
  * Lower memory requirements processing attachments (#2491, #2492)
  * Ensure agent still has access when reopening a ticket (#2768)
  * Always perform validation server-side for ajax uploads (#2844)
  * Protect access to files shown in the FileUpload field (#2618)
  * Decode entities prior to HTML scrubbing (#2940)

=== Known Issues
  * Uploading multiple files simultaneous (via drag and drop) will cause some
    files to be dropped

osTicket v1.9.14

Maintenance release for osTicket 1.9

=== Enhancements
  * alerts: Do not include the manager with the members (#2974)

=== Improvements
  * Only change SLA if target department has an SLA
  * Unify ticket source and preserve original (e.g Web) source on ticket
    edit
  * filedrop: Use jQuery to remove filenode
  * pjax: Do not assume href attribute is set
  * Default to system default, if staff does not have page limit set, thanks
    @antriver (#2951)
  * plugins: Assume plugins might not have configuration
  * oops: Make sure __toString returns a string
  * autoresponse: Do not send out new message auto-response to ticket owner
    as well as collaborators on new ticket (#2639)
  * auth: Consider the destination clicked prior to SSO authentication,
    thanks @jdelhome3578 (#2916)
  * config: Add error message and default for max_open_tickets setting (#2914)
  * auth: This issue only impacts SSO auth plugins, @thanks kevinoconnor7
    (#2641)
  * i18n: Support language pack compilation with new support for parallel
    releases with v1.10.x

v1.9.13

Maintenance release for osTicket 1.9.x branch

=== Enhancements
  * Help topic can be specified by the ID number in the URL for client new
    ticket page (#2735)

=== Improvements
  * Fix crash requesting registration email as a guest, thanks @bailey86
    (#2552)
  * Fix attachment filename encoding (#2586)
  * Fix bounce message loop for message alert to a bad agent email address
    (#2639)
  * Sort help topic names case insensitively (#2350)
  * Fix redactor toolbar appearing over the overlay (#2697)
  * Add help tip for primary role, thanks @colonelpopcorn (#2680)
  * Add icons to assigned-to column, thanks @antriver (#2695)
  * Upgrade to htmLawed 1.20 (#2935)
  * Fix stripping of `src` attribute in `iframe` elements (#2940)

=== Performance and Security
  * Reduce memory usage processing attachments, thanks @ericLemanissier
    (#2491,#2492)
  * Protect access to files shown in the FileUpload field (#2618)
  * Always perform validation server-side for ajax uploads (e3c9e0f)
  * Decode html entities before scrubbing (#2940)

v1.9.12

Maintenance release for the osTicket v1.9 series

=== Improvements
* Fix missing search box adding user to organization (#2431)
* Fix incorrect update time on FAQ view in staff portal (194f890)
* Fix incorrect parsing of some multi-part MIME messages (fe62226)
* Fix auto-claim for new ticket by staff if a filter added a canned response (eca531f)
* Fix malformed results on remote user search when adding users (#2335)
* Fix search by ticket number on client portal (#2294)
* Fix association of user email without a domain to an organization without an email domain setting (#2293)

=== Performance and Security
* Revert poor performing ticket stats query (#2318)

v1.10-rc.2

Second release candidate for the v1.10 series of osTicket

=== Enhancements
* Lazy locking system for ticket locking (#2325, #2351, 37cdf25, de92ec5, 37a0676)
* Add settings for avatars and local "Oscar's A-Team" avatars (#2334)
* Several UI tweaks (7436195, #2426)
* Add transfer and assign mass actions to tickets (#2375)
* Import agents from the command line (#2323)
* User select dialog can be opened after closing in new ticket by staff (605c313)
* Deadband new message alert and autoresponse to once per five minutes per user per thread (598dedc)
* [Add Rule] button to add many new rules at one to a ticket filter (c03279d)

=== Improvements
* Fix several install and upgrade-related issues (fc10dcb, e1ca975, b709139, abc8619, #2411, 832ea94, abb9a08, e3bb6c2, 8e373d4)
* Fix database timezone detection on Windows (#2297)
* Fix several tasks related issues (#2311, #2344, #2376, #2400, #2421, c3d48a9)
* Fix hiding of department-specific canned responses (#2315)
* Fix add and edit of ticket status list items (#2314)
* Fix incorrect definition of some ORM tables (#2324, 69839af)
* Fix crash rendering a closed ticket (#2328)
* Fix case-insensitive sorting of help topics (#2357)
* Fix several advanced search related issues (#2317, 3d4313f, ce3ceae, b5e6d4e, 5a935ca)
* Fix incorrect SQL deleting a department (#2359)
* Fix incorrect array usage of department members for alerts (#2356)
* Add missing perm for view all agents' stats (#2358)
* Fix missing thread inline images from redactor image manager (be77da4)
* Fix updating configuration for file upload fields (2f4f9c1)
* Fix crash creating tickets with canned attachments (a156bba)
* Fix missing inline images in mailouts (84c9b54)
* Prefer submitted text over last-saved draft (46ab79b)
* Fix incorrect FAQ link in front-page sidebar (ea9dd5f)
* Fix missing assignee selection on new ticket by staff (7865eee)
* Fix issue details showing up on ticket edit (a183a98, 7fbd0f6)
* Fix inability to change SLA on some tickets (#2392)
* Fix auto-claim on new ticket by staff if a filter added a canned reply (c2ce2e9)
* Fix Dept::getMembersForAlerts() missing primary members (abc93efd)
* Fix inability to create tickets if missing the ASSIGN permission on all depts (0c49e62)
* Fix inability as staff to reset a user's password (0006dd8)
* Render fields marked !visible and !editable, but required on the client portal (7f55a0b)
* Fix sorting of help topics (a7cc49f, 08a32a4)
* Fix new message alert to a random staff member (d3685a9)
* Fix saving abbreviations on new list items (538087b)
* Fix parsing of some multi-part MIME messages (c57c22a)
* Fix numerous crashes

=== Performance and Security
* Improve performance loading the ticket view (6bba226, 4b12d54)
* Improve performance loading queue statistics (0a89510, 6b76402)
* Dramatically improve full-text search performance (167287d)

v1.10-rc.1

First release candidate for osTicket v1.10

v1.8.12

Maintenance release for the osTicket v1.8 series

=== Improvements
  * Out-of-office notification does not clear closing agent (#2181)
  * Fix signal data pass by reference (#2195)
  * Fix incorrect message body when fetching TNEF emails (ef1d7df)
  * Fix layout of some tables in PDF export (aabe4aa)

=== Performance and Security
  * Fix XSS issue on choices field type (#2271)

v1.9.11

Maintenance release for osTicket v1.9 series

We skipped v1.9.10 to avoid confusion with v1.10 (the major release coming out
at the same time)

=== Enhancements
* Log to syslog on php mail() error (#2128)
* Full path of help topics shown in filter management (3d98dff)
* Auto rebuild the search index if %_search table is dropped (#2250)
* New version available message in system information (c1b5a33)

=== Improvements
* Fix appearance of ` <div>` in user names (*regression in v1.9.9*) (be2f138)
* Out-of-office notification does not clear closing agent (#2181)
* Fix check for departments limiting assignees to members only (#2143)
* Fix signal data pass by reference (#2195)
* Fix template variables not rendering in href attributes (#2223)
* Fix missing custom data for new users (#2203)
* Fix incorrect cli option expansion (#2199)
* Properly encode `To` header for php mail() sends (857dd22)
* Fix incorrect message body when fetching TNEF emails (0ec7cf6)
* Fix layout of some tables in PDF export (cef3dd3)

=== Performance and Security
* Fix XSS issue on choices field type (#2271)

v1.9.9

Maintenance release for the osTicket v1.9.x series

=== Enhancements
  * Properly balance stripped and invalid HTML (#2145)
  * Add MANIFEST file to deployment process and retire duplicate code for packaging (#2052)

=== Improvements
  * Fix inability to configure LDAP and S3 plugins (*regression*) (59337b3)
  * Fix incorrect whitespace in search indexed HTML content (#2111)
  * Add support for invalid `multipart/relative` content type (aaf1b74)
  * Force line breaks for very long HTML lines (56cc709)

=== Performance and Security
  * Fix slow query for ticket counts for large datasets (c4ace2d)
  * Fix slow thread load query (thanks @torohill) (7b7e855)

v1.8.11

Maintenance release for osTicket 1.8.x series

=== Improvements
  * Add support for invalid `multipart/relative` content type (aaf1b74)
  * Force line breaks for very long HTML lines (56cc709)

=== Performance and Security
  * Fix slow query for ticket counts for large datasets (c4ace2d)
  * Fix slow thread load query (thanks @torohill) (7b7e855)

v1.9.8.1

Hotfix release for osTicket v1.9 series

=== Enhancements
  * Add option to disable email address verification

=== Improvements
  * Fix crash upgrading from osTicket v1.6

v1.10-dpr

First preview of the major release of osTicket v1.10

(see release notes on GitHub)

v1.9.8

Maintenance release for the osTicket 1.9 series

=== Enhancements
  * Update user information for existing users when importing CSV (#1993)
  * Agent names are consistently formatted and sorted throughout the system (#1972)
  * Memcache session backend support. (See `include/ost-sampleconfig.php`) (#2031)
  * Email domain validation includes DNS record verification (#2042)
  * Make ticket queue selection sticky (aa2dc85)

=== Improvements
  * Fix incorrect mapping of ISO charsets to ISO-8859-1, thanks @nerull7
  * Fix unnecessary drop of ticket CDATA table because of update to deleted
    field (#1932)
  * Fix inability to create or update organization custom data (#1942)
  * Fix inability to update some fields of user custom data (#1942)
  * Fix filtering user custom data for email tickets (#1943)
  * Fix missing email headers resulting in incorrectly threaded emails when
    delivered (#1947)
  * Cleanup file data when removing custom file uploads (#1942)
  * Fix crash when exporting PDF and PHAR extension is not enabled
  * Fix crash processing some TNEF documents (89f3ed7, #1956)
  * Fix handling of GBK charset when gb2312 is advertised (#2000)
  * Fix link to client ticket listing when logged in, thanks @neewy (#1952)
  * Disambiguate staff and collaborators when processing a some emails (#1983)
  * Fix several i18n phrase and layout issues (#1958, #1962, #2039)
  * Improve detection of some bounce notices with alternative content (#1994)
  * Fix image URL rewrite when pasting existing images, from a KB article for
    instance (#1960)
  * Preserve internal note formatting on new ticket by staff if HTML is
    disabled (#2001)
  * Touch organization `updated` timestamp on custom data update (#2007)
  * Fix deployment on Windows® platforms, thanks @yadimon (#2033)
  * Fix upgrade crash if retrying an old, failed upgrade from v1.6 (#1995)
  * Fix corruption of some html content (9ae01bf)

v1.8.10

Maintenance release for the osTicket 1.8 series

=== Improvements
  * Fix crash processing some TNEF documents (85053e8)
  * Fix incorrect mapping of ISO charsets to ISO-8859-1, thanks @nerull7
  * Fix handling of GBK charset when gb2312 is advertised (#2000)
  * Disambiguate staff and collaborators when processing a some emails (#1983)
  * Improve detection of some bounce notices with alternative content (#1994)
  * Fix upgrade crash if retrying an old, failed upgrade from v1.6 (#1995)
  * Preserve internal note formatting on new ticket by staff if HTML is
    disabled (#2001)
  * Fix deployment on Windows® platforms, thanks @yadimon (#2033)
  * Fix corruption of some html content (0072c46)

v1.9.7

Maintenance release for osTicket 1.9.x series

Enhancements
  * Remote IP is logged for staff replies (#1846)
  * Add option to require client login to view knowledge base (#1851)
  * Internal activity alert, replacing the internal note alert, includes alerts
    of responses made by other agents (#1865)
  * Email system now uses LF instead of CRLF as the default (#1909)
  * Mass actions for user directory (#1924)
  * Unassign tickets on transfer if current assignee is not a member of the new
    department and the department has "Restrict assignment to members" enabled
    (#1923)

Improvements
  * Clear overdue flag when a ticket is closed, thanks @A-Lawrence (#1739)
  * Clear attached file listing on client post (regression) (#1845)
  * Delete ticket custom data on delete (#1840)
  * Trim whitespace from filter match data on update (#1844)
  * Fix dropping of custom data on API post (#1839)
  * Fix advanced search on create date (#1848)
  * Fix initial load and pagination of dashboard page (#1856)
  * Fix incorrect internal/public category setting in drop down for new FAQ
    (#1867)
  * Add UTF-8 BOM to CSV export for correct Unicode detection (#1869)
  * Fix not considering the setting for alert assigned on new message (#1850)
  * Skip new activity notice if collaborator(s) included in email To or Cc
    header (#1871)
  * Fix inability to uncheck a custom data checkbox (#1866)
  * Fix advanced search for unassigned tickets (#1857)
  * Fix navigation warning if not using the lock feature (#1898)
  * Fix detection of message of some bounce notices (#1914)
  * Fix SQL alert with multiple Message-ID headers (#1920)
  * Add a warning if attempting to configure archiving for POP accounts (#1921)
  * Fix missing UTF-8 output encoding header for staff control panel (#1918)
  * Fix z-index issue between popup previews and modal dialogs (#1919)
  * Record imported file backend when importing files (f1e31ba)

Performance and Security
  * Fix XSS vulnerability in sequence management (88bedbd)
  * Defer loading of thread email header information when loading ticket thread
    (#1900)

v1.8.9

Maintenance release for osTicket 1.8.x series

Enhancements
  * Remote IP is logged for staff replies (#1846)
  * Email system now uses LF instead of CRLF as the default (#1909)

Improvements
  * Delete ticket custom data on delete (#1840)
  * Trim whitespace from filter match data on update (#1844)
  * Fix not considering the setting for alert assigned on new message (#1850)
  * Fix advanced search for unassigned tickets (#1857)
  * Fix incorrect internal/public category setting in drop down for new FAQ
    (#1867)
  * Fix navigation warning if not using the lock feature (#1898)
  * Fix SQL alert with multiple Message-ID headers (#1920)
  * Fix missing UTF-8 output encoding header for staff control panel (#1918)

Performance and Security
  * Defer loading of thread email header information when loading ticket thread
    (#1900)

v1.9.6

Maintenance release for the osTicket 1.9 series

Enhancements
  * New Message-Id system allowing for better threading in mail clients (#1549, #1730)
  * Fix forced session expiration after 24 hours (#1677)
  * Staff panel logo is customizable (#1718)
  * Priority fields have a selectable default (instead of system default) (#1732)
  * Import/Export support for file contents via cli (#1661)

Improvements
  * Fix broken links in documentation, thanks @Chefkeks (#1675)
  * Fix handling of some Redmond-specific character set encoding names (#1698)
  * Include the user's name in the "To" field of outbound email (#1549)
  * Delete collaborators when deleting tickets (#1709)
  * Fix regression preventing auto-responses for staff new tickets (#1712)
  * Fix empty export if ticket details form has multiple priority fields (#1732)
  * Fix filtering by list item properties in ticket filters (#1741)
  * Fix missing icon for "add new filter", thanks @Chefkeks (#1735)
  * Support Firefox v6 - v12 on the file drop widget (#1776)
  * Show update errors on access templates (#1778)
  * Allow empty staff login banner on update (#1778)
  * Fix corruption of text thread bodies for third-party collaborator email posts (#1794)
  * Add some hidden template variables to pop out content (#1781)
  * Fix missing validation for user name and email address (#1816, eb8858e)
  * Turn off search indexing when complete, disable incorrectly implemented work breaking, squelch error 1062 email from search backend (afa9692)
  * Fix possible out of memory crash in custom forms (#1707, 0440111)

Performance and Security
  * Fix generation of random data on Windows® platforms (#1672)
  * Fix possible DoS and brute force on login pages (#1727)
  * Fix possible redirect away from HTTPS on client login page, thanks @ldrumm (#1782)