Release announcements, helpful tips, and community discussion


Cerb (6.2) is a feature upgrade released on December 17, 2012. It contains over 123 new features and improvements from community feedback.

To check if you qualify for this release as a free update, view Setup » Configure » License. If your software updates expire on or after November 26, 2012 then you can upgrade without renewing your license.

Important Release Notes

  • Make a backup before upgrading.

  • Authentication may be set up per worker in 6.2+. By default, worker logins will be set to ‘password’. If you were using the OpenID or LDAP plugins then you should navigate to Setup->Workers and modify each worker.



  • Improved the mouseover tooltips for dashboard charts. They used to be printed directly on the chart, which meant they didn’t handle long values well, and they also partially obscured the upper bounds of the data. Now the tooltips are handled by jQuery and CSS, so they could float or be stylized however we want.
  • Improved the usability of configuring charts on dashboards. You no longer have to click into multiple tabs to set the type of chart and pick a data source.
  • Bar charts on dashboards are now capable of displaying a mix of positive and negative values. This is especially useful when plotting changes (i.e. deltas) in some metric over time.
  • Line charts on dashboards can now be used to plot negative values. This is especially useful on time series charts where the y-axis value may be a positive or negative change (i.e. delta) in value.
  • Bar charts on dashboards now display a line through zero on the y-axis. For regular bar charts with all positive values this improves readability when some bars may represent a zero values (and appear to have gaps). For charts with positive and negative values the origin line draws a clear distinction between them.
  • Each series on a dashboard chart widget may now specify its own datasource. This makes it possible to plot data from multiple sources on a single chart. Previously charts were limited to just worklist data, but additional sources may be now implemented through plugins. Existing charts will be migrated automatically to the new format.


  • Counter widgets on dashboards can now pull in data using datasource plugins.
  • Some friendly instructions are now provided on gauge and counter widgets when they have no data source configured. This helps disambiguate true values of zero in those widgets from a non-configured widget.
  • Improved the usability when setting up a new counter on a dashboards. You no longer have to click into multiple tabs to configure its style and data source.
  • When setting up a counter, the data format for ‘seconds’ has been renamed to ‘time elapsed’ to make its purpose more intuitive.
  • Dashboard counters and gauges may now display their values in ‘bytes’, which will display human readable units of storage space (e.g. 50KB, 270MB, 4.7GB).

Custom HTML

  • Added a new ‘Custom HTML’ widget to dashboards. This provides a block of user-defined HTML/CSS/Javascript. There are countless uses for this: displaying external images, rendering charts from the Google Charts API, sharing announcements, posting todo lists, displaying widgets from Twitter/GitHub/Facebook, etc. Previously these things would need to be implemented as widget plugins.


  • When setting up a gauge on a dashboard you can now always override the data format (e.g. number, decimal, percentage, time elapsed), or prepend and append text to the label. Previously these options were only available when using the ‘manual’ data source. This improves the flexibility of other data sources (especially arbitrary ones like ‘URL’).
  • Gauge widgets on dashboards can now pull in data using datasource plugins.

Pie Charts

  • A new pie chart widget has been added to dashboards. This can be used to visualize distributions for external datasources. The subtotals widget is still the easiest way to render a pie chart from a worklist.
  • The legend on pie charts can be set visible or hidden. When hidden, only the label and value of the currently focused wedge will be displayed. This is useful when there are many wedges and displaying the values all the time would clutter the dashboard.

  • The value for pie chart wedges can be given a specific type (e.g. seconds elapsed, bytes, number, percentage, decimal) as well as a prefix and/or suffix. This makes it easier to discern units and whether you’re looking at frequencies, averages, or sums.


  • Scatterplots on dashboards are now their own widget. Previously they were a rendering option on charts, but their usage is different and it was confusing to many people that some line or bar charts couldn’t display as a scatterplot without modification. It’s now possible for datasource extensions to treat scatterplots specially; they’re designed to visualize non-linear clusters of data. Existing scatterplots will be automatically migrated to the new format and shouldn’t require any modification.
  • Scatterplots will now scale their axes based on the given data. Previously, all scatterplots had (0,0) in the bottom left and if data was significantly larger (or negative) then most of the chart was wasted whitespace. Now you can use dates and timestamps on an axis and the chart will be scaled to the time between the min/max date, rather than showing ‘all time’.
  • Scatterplots can now display negative values. This is useful when plotting deltas where a trend may be decreasing.
  • Multiple series on a dashboard scatterplot widget can now be plotted on independent or shared axes. Independent axes are useful when you want to look for relative trends between series on different scales. Shared axes compares each series on the same scale.
  • Scatterplots now make a clearer distinction between plots from different series by using as a different symbol (e.g. o, +, x, *) as well as color.


  • Subtotal widgets on dashboards can now be configured to display their values as a pie chart instead of a frequency table. There are default wedge colors for up to 20 values, and they’ve been selected for clean visual separation as well as aesthetics. While following a rainbow pattern, the colors begin at green rather than red, ensuring the largest wedges are one of the green-blue-violet spectrum subdued colors instead of an alarming large red block on a dashboard. A list of subtotal values is displayed below the chart. The pie charts also have mouse interaction. Hovering over a wedge will render a slightly transparent bumper at the edge, and it will display a highlighter style on the appropriate subtotal; making it very easy to identify which value is associated with the selected pie wedge.
  • Subtotal widgets can now limit their results to the top 3-20 subtotal categories. This is useful when you want to build a ‘Top 10’ list, even though there may be extra results.


  • [CHD-3081] The ‘add record’ popup is now available from worklist widgets on dashboards. When you hover over a worklist the (+) icon will appear. This allows new records of any type to be created from dashboards without having to navigate to the search page.
  • The ‘peek’ button will no longer wrap to the next line and leave gaps in worklist widget rows on dashboards.

  • Worklist widgets on dashboards will no longer underline record links unless they’re hovered over. This reduces visual clutter, as too many links on the screen can be overwhelming.

Datasource Plugins

  • Plugins can contribute new datasources for dashboard widgets.

  • Implemented dashboard widget datasource extensions for worklist, url, and manual entry. These behave comparably to the earlier built-in options; however, they can now be reused in new types of widgets (even in third-party plugins). A datasource extension can specify in its manifest which widgets it knows how to provide data for.

  • The ‘manual’ datasource on dashboard counters and gauges will now properly format numbers when they contain commas as thousands separators.


Activity Log

  • Activity Log worklists may now be added to dashboards and workspaces.
  • Activity Log worklists may be filtered by actor or target contexts. The available options are now displayed in a multiple selection list. For example, a worklist may be created that displays all the activity that happened to task records, or activities that were performed by workers (rather than groups or the system). This is especially useful when activity log worklists are added to dashboards.

  • Activity Log worklists can now be subtotaled by ‘Actor’ or ‘Target’ using the two-step filtering process from context links. First a record type is selected (e.g. worker, task, ticket), then a specific record of that type may be selected. This replaces the ‘Actor Context’ and ‘Target Context’ subtotal fields because they’re redundant with the first part of this new process.

  • Activity Log worklists may now be filtered to specific actors or targets. For example, this can create a list of all the activity performed by a specific worker. Alternatively, you may create a list of all the activities that happened to a worker (e.g. assignments). This is especially useful when activity log worklists are added to dashboards.
  • The Activity Log will now record worker login and logout activity. Both logins and logouts record the IP address in use at the time. The login event also records the user-agent (platform, browser, version). This is especially useful when combined with workspace dashboards to perform security oversight.
  • The Activity Log now records worker impersonation by administrators. The entry links to the administrator as the ‘actor’ with the worker they’re impersonating as the ‘target’. This provides accountability for impersonation events.
  • [CHD-2756] [CHD-2915] The Activity Log now records when a ticket is moved between groups or buckets. This is useful for SLAs and accountability.
  • Activity Log worklists may be filtered by activity. The available options are now displayed in a multiple selection list. Previously, the person setting up the worklist had to know the internal IDs for the various events (which is unlikely). This change makes it easy to create a worklist of a specific kind of activity; for example, a list of comments posted on any record over the past week.
  • [CHD-3097] The Activity Log now records status changes on Time Tracking entries (e.g open/closed). This is useful for change management.

Registered Contacts

  • [CHD-2819] Registered Contacts can now be added from worklists. These records control who can log in to the Support Center.

  • Registered Contacts can now be deleted from their peek popup.


  • [CHD-1117] [CHD-2775] You can now add ‘fill-in’ placeholders to snippets which will prompt the current worker for more information before the text is inserted. These are values that aren’t derived from records or custom fields; for example: order numbers, tracking numbers, product names, ETAs, etc. There are three types of fill-in placeholders: a single line of text with a descriptive label (e.g. “paste tracking number here”), a single line of text with a default value (that can be modified by the worker if needed), and multiple lines of text (e.g. “paste receipt here”). These can be inserted from the menu when editing snippets. Fill-in placeholders are required, so a snippet can’t be accidentally sent with markers like “(paste order number here)” left in place. If there are placeholders that haven’t been filled in, clicking the ‘insert’ button will automatically focus the first incomplete field. The form elements for fill-in placeholders will automatically resize as text is added or removed.
  • [CHD-2772] Snippet worklists and choosers now show a preview of each snippet’s content. This makes it easier for workers to find the right template compared to just being able to see titles. When using a chooser, the previews will execute the snippet logic and automatically replace placeholders with the appropriate values from the target record. This lets workers see the exact text that will be inserted if that snippet is selected. In the preview, placeholders that have been replaced with their corresponding values have a special style to provide a visual distinction between normal and dynamic text. Placeholders are also highlighted in the snippet previews on worklists.
  • [CHD-3182] [CHD-3057] The green (+) add button is now available at the top of all snippet worklists. This consistency improvement enables the quick creation of snippets from arbitrary workspaces.
  • Snippet worklists can now be quickly filtered using owner subtotals. This uses a two-step subtotal process where the first step selects the owner type (e.g. worker, group, role) and the second step can optionally pick a specific owner of that type. This is more flexible than the ‘owner’ filter, which doesn’t currently provide the option to find any worker-owned snippets.
  • [CHD-3070] Fixed an issue in snippets where placeholders using the |default filter would always return default values instead of field values. For example, the snippet Hi {{sender_first_name|default('there')!}} always returned “Hi there!” instead of “Hi Bob!”. This is because the underlying template engine (Twig) wasn’t designed with Cerb’s dynamic placeholders in mind and their “placeholder exists” checks are too simplistic.


  • [CHD-3143] Ticket worklists can now be search filtered by sticky note content.
  • When merging tickets from a worklist, a confirmation popup is now displayed to verify the action. Previously, the merge action took place immediately. This should help prevent accidental merges from workers clicking on the wrong button.

Virtual Attendants

Activity Log

  • Virtual Attendants can now manage worklists and behavior variables using Activity Log data. For example, a VA can send a daily report about worker login activity to a manager’s email address. This could also be used to build a list of comments (e.g. comments by a particular worker, any comments about tickets, etc).

Custom Fields

  • Virtual Attendants can now set custom fields on the ‘Create ticket’ action. The custom field values can use any of the placeholders from the current event.

  • [CHD-3058] Virtual Attendants can now set custom fields on the ‘Create task’ action. The custom field values can use any of the placeholders from the current event.

  • Virtual Attendants can now set dynamic links on any related records, custom fields, or behavior variables. Previously, each event only had a few actions like ‘set ticket links’, and the records to link had to be selected ahead of time with a chooser. Now, there is an ‘On:’ option for selecting the target record (which could be a ticket’s sender’s organization), and links can be set using placeholders and behavior variables, as well as choosers. For example, a VA behavior can read new ticket subjects looking for a domain to be mentioned, and it can automatically link that domain to the ticket. There could be thousands of possible domains and they don’t have to be specified in the VA behavior ahead of time. This enables much more sophisticated workflow automation. Existing ‘set links’ actions will be automatically converted to the new format.
  • [CHD-2699] Virtual Attendants can now remove links and watchers from any record. The links to be removed can be placeholders (e.g. fields, watchers, custom fields), selected from choosers, or behavior variables (e.g. dynamic worklists). The ‘Set Links’ action has a new mode toggle for choosing between adding or removing.
  • The Virtual Attendant simulator will now display output for all ‘Set links’ actions.

Mail Filtering

  • [CHD-3187] Virtual Attendants can now remove attachments on incoming messages from Mail Filtering behavior. Attachments can be matched with exact filenames, wildcard patterns, or regular expressions.
  • [CHD-3100] Mail filtering behavior can now use the ‘Create notification’ action. For example, you can send a notification to admins when bouncing or rejecting an inbound message.


  • Virtual Attendants may now create notifications without a linked object or URL. Clicking one of these will link back to the worker’s notifications list.


  • In Setup->Configure->Virtual Attendants, the menu will no longer open multiple instances of the same tab.



  • The login system has been renovated to support different authentication methods per worker. Previously, a worker had to know to switch between password, LDAP, OpenID, etc. Now, admins assign a specific method to a worker. The login form has two steps: in the first the worker provides their email address, and then they are routed to the appropriate login method for their account. This makes it much easier to standardize authentication on something like LDAP and hide normal Cerb password logins entirely.
  • When a new worker is invited to Cerb, or a worker’s authentication method changes, they will be given the opportunity to set up their account’s credentials on the next login. Previously an admin had to establish the initial password for new workers, and it was sent in plaintext through email – and was possibly communicated in other ways between the admin and worker (SMS, email, chat room, etc). This process was a weak link in security. Now the worker can verify their identity through a one-time code, and they can set up a secure password right from their browser. This process also works for the advanced authentication methods like OpenID or Password+GoogleAuth.
  • When an invalid worker email address is typed into the login form, the password form will always be shown to make it more difficult for an attacker to discover valid logins. If the login form specified “Invalid worker” then an attacker could guess valid email addresses by using known worker names. They may still be able to guess worker email addresses, but the system will not confirm if they are valid or not.

  • Invalid email addresses or failed authentication (i.e. bad password) will now cause Cerb to pause for two seconds before reporting an error. This slows down brute force attempts (at least on a single connection). In a near future update this delay could become longer with each successive failure, and lock the account.

  • When a login authentication method other than ‘password’ is in use, workers will not be shown the ‘change password’ option. Additionally, if the OpenID plugin is installed but not activated for a given worker, they will not be shown the OpenID options in their preferences. This should reduce confusion.

  • The login form now provides a “remember me” option which saves the current worker’s email address in a cookie for one month. When enabled, subsequent requests to /login will automatically be redirected to the appropriate login form for the worker with the email address pre-filled. This streamlines the two-step login process on trusted computers.

Account Recovery

  • Each worker may now configure up to three ‘secret questions’ that are used to verify their identity when recovering their account’s login information. In the past, all a worker needed to do to reset their login information was receive a code to their email address. The secret questions add an extra layer of security, because even if the code is intercepted (e.g. man-in-the-middle attack, packet sniffer, key logger) the attacker would need to know secret information about the worker to assume their identity. The page for setting up these questions makes recommendations about secure questions, but they should be open-ended non-quantitative questions like “What is your favorite sentence in your favorite book?”. Answers to such questions are incredibly difficult to research or guess compared to “How old were you when…” or “What is your father’s middle name?”. Secret questions shouldn’t have answers that can be found with a Google search or through social media. The wording of the answer must be exact, with all punctuation; although answers are case insensitive. An optional hint may be provided for each question and answer pair.
  • A new centralized system for recovering an a worker account has been implemented. This saves plugin developers from having to implement redundant or inconsistent recovery methods. When a worker starts the account recovery process they are sent a one-time code through email and they are asked their secret questions (if configured). Once identified, their login method is instructed to reset their credentials and their next login will run through the set up process again.


  • In Setup->Security admins may now determine when session cookies should expire in worker browsers. Previously these cookies were always removed when the browser was closed, but on mobile devices this distinction isn’t always dependable. This resulted in session cookies that could expire many times per day on a mobile device despite never logging out or closing the mobile browser tab. Session cookies may now also be set to expire after 1 day, 1 week, 2 weeks, or 1 month.
  • Signing out will now destroy the current session’s cookie.

Google Authenticator

  • [CHD-3099] Implemented a new worker login plugin for two-factor authentication using ‘Password + Google Authenticator’. This plugin requires workers to provide both their password and a time-based one-time password from the Google Auth mobile app (available for iOS, Android, and Blackberry). Cerb supports configuring Google Authenticator with a QR code that is displayed on the screen during a worker’s first login. This significantly improves security by requiring both “something you know” (the password) and “something you have” (the physical mobile phone) in order to log in; and it’s unlikely an attacker will have both. Each worker’s mobile device is configured (via QR code) with a different random 16-character secret.

Worker Relay

  • [CHD-3200] Fixed an issue where the relay auth header could be spoofed in order to have arbitrary messages appended to existing tickets. This is a low severity issue since it’s no different than someone spoofing an email address with a known ticket mask from someone else. Cerb won’t automatically add these new senders to the conversation, and the risk for social engineering is low. However, because the relay auth header uses internal IDs instead of masks, it makes it easier for someone with malicious intent to hit a large range of IDs. It would be more tedious to clean up these junk messages than if they created new tickets.



  • The snippet autocomplete box is now available on the compose popup. This allows workers to efficiently find and insert a snippet without the extra steps required to use the chooser.
  • [CHD-3039] The compose popup will now automatically save the current draft every 30 seconds.

  • Added the Ctrl+Shift+I shortcut to the compose popup for focusing the snippet options.

  • Added the Ctrl+Shift+G shortcut to the compose popup for inserting the current worker’s signature at the cursor.

  • Fixed a bug on the compose popup where resuming a draft wouldn’t properly restore the status (e.g. open, waiting, closed).


  • [CHD-2780] Added a new permission that allows workers to delete each other’s mail drafts.


  • When composing or replying to mail, the textbox will now automatically grow to accommodate the full height of the message. Previously the textbox was a fixed height and workers had to constantly scroll around in a smaller reply window.

  • [CHD-2700] When replying to mail, the current draft will be saved a final time before attempting to send the message. If the mail server has problems then the draft will be the latest version of the message for later resumption. Previously, the failure to send a message would only save a draft if none existed already, and drafts are only deleted after a successful send. This meant that changes to the message since the last save (i.e. within up to 30 seconds) could be lost.

  • When replying to messages, the quoted content will now automatically wrap at 76 characters. Previously, a right angle bracket (>) was prepended to the beginning of each line from the original message. Quotes with long lines were difficult to read because they wrapped without the quote character in front of them. The new functionality rewrites the quoted message to improve readability.

  • Added two new shortcuts to the Mail Reply text box. Ctrl+Shift+J jumps to the first blank line in a quoted message. Ctrl+Shift+Q wraps quotes to 76 characters. The wrapping happens automatically for the first quoted message, but the keyboard shortcut is useful when copying and pasting quoted content from elsewhere.

  • The snippet search box on the mail reply screen now shows a hint of “(Ctrl+Shift+I)” as the placeholder. This lets workers know that a keyboard shortcut is available.


  • The peek popup for tickets now displays the Messages and Properties content on the same screen. Previously you had to switch between tabs to either preview the conversation or make changes to its properties. This removes extra clicks from one of the most frequently used interface elements.
  • The ‘Recipient History’ tab on ticket profiles now shows a count of the total number of rows in the worklist. The count reflects the scope (recipients, org, domain) and any active worklist filters. For example, to see the open ticket count on the history tab when viewing tickets you just need to filter the history worklist to status=open. The count will then automatically reflect open tickets on all subsequent pages. This should speed up workflows where multiple open tickets from the same sender are reviewed and potentially merged. Previously, workers always had to click into the history tab to see if anything needed their attention.
  • [CHD-3210] Removed the hidden feature where a worker can double click on the email text in the peek popup to close it. This constantly interferes with the ability to highlight text for copy/paste. The shortcut is a remnant from before the ESC key closed the popup window.

Community Portals


  • Moved the visitor cookie handling into the Community Portals functionality. It was originally in the deployed index.php per portal, but this made it difficult to replace the PHP reverse proxy with other proxy software. It’s now trivial to forego the index.php file and deploy Community Portals with more capable proxies like Apache mod_proxy or Nginx instead. The index.php deployment is no longer recommended, but it will remain available because it’s the easiest option that is supported in nearly all environments (including shared hosting).


  • Added keyboard shortcuts to calendar event profiles pages. The edit popup can be opened with ‘e’, the ‘m’ key opens the VA macros popup, and the 1-9 keys change the selected tab.


  • [CHD-2821] When broadcasting to an opportunity worklist, each opportunity will be automatically linked to the new ticket that it opens.


  • [CHD-2822] Chooser popups opened from other choosers will now behave properly. For example, you can filter tickets by watchers using a chooser, and from there you can filter the worker list by a group chooser. Previously, the nested choosers would replace the first popup, making it impossible to complete the desired action.

  • [CHD-3197] Fixed an issue in choosers where the last-used quick search filter wasn’t automatically selected the next time the form displayed.


  • [CHD-3153] Knowledgebase articles can now be filtered by ‘topic_id’ through the Web-API search feature. This returns articles that share the same top-level category. Each matched article is returned only once, even if it appears in multiple subcategories on the topic.

  • [CHD-3170] Added an ‘updated’ field to address records to make it easier to synchronize the data with other systems. This timestamp is automatically updated when an address record changes through the GUI or API.

  • The Web-API now supports the ‘between’ operator for filtering date fields by range. The ‘value[]’ parameter should be a JSON-encoded array with two elements for ‘from’ and ‘to’ as Unix timestamps.


  • Prior to version 6.2, viewing the Plugins page in Setup would automatically scan the filesystem for new plugins or updates. This had a considerable performance impact because it reloaded every feature and plugin, including some expensive database operations (ACL, translations, etc). The process because generally unnecessary due to the introduction of the Plugin Library in version 5.7. Given those factors, this functionality has now been optimized in two ways: (1) Cerb will only scan for new plugins and changes in the storage/plugins/ directory when visiting the plugin page; (2) only plugins with a new version number in their plugin.xml will be re-synchronized. For most visits to the plugins page there should be a dramatic reduction in the amount of REPLACE queries run against the database. During development, the DEVELOPMENT_MODE flag circumvents this behavior to make it more convenient to edit code and view the results without constantly running the /update page.


  • Removed the unnecessary semi-colon from the ‘Content-Type:’ header in the resource proxy. Certain webservers (e.g. Nginx) have trouble compressing this content when using a terminator with no additional parameters (e.g. encoding).

Plugin Development

  • Fixed a bug in the DevblocksPlatform::sortObjects() method that forced all numbers to be compared as integers, thus rendering it incapable of properly sorting decimals (e.g. 0.5 and 0.3 were both rounded to zero). Numbers are now properly compared as floating point values.

  • Added a ‘TB’ (terabytes) grouping to the ‘bytes’ format options and DevblocksPlatform::strPrettyBytes().

  • Added DevblocksPlatform::strBase32Encode() and ::strBase32Decode() helper functions. This is an uncommon encoding, but it’s used for integration with Google Authenticator and there aren’t built-in functions to base32 encode/decode (RFC-4648) in PHP5.

  • Broadcast functionality can now automatically link the newly created tickets with the involved records. To do so, include the ‘context_links’ parameter in the draft with an array of context+id pairs.

  • Upgraded to jQuery UI 1.9 from 1.8.18

  • Added a new ‘dao.address.update’ event for plugin listeners to react to Address record changes.

  • Added a new ‘dao.calendar_event.update’ event for plugin listeners to react to Calendar Event record changes.

  • Added a new ‘dao.contact_org.update’ event for plugin listeners to react to Organization record changes.

  • Added a new ‘dao.contact_person.update’ event for plugin listeners to react to Contact Person record changes.

  • Added a new ‘’ event for plugin listeners to react to Group record changes.

  • Added a new ‘dao.notification.update’ event for plugin listeners to react to Notification record changes.

  • Added a new ‘dao.snippet.update’ event for plugin listeners to react to Snippet record changes.

  • Added a new ‘dao.worker.update’ event for plugin listeners to react to Worker record changes.

  • Added a new ‘dao.role.update’ event for plugin listeners to react to Worker Role record changes.

  • Added a new ‘dao.workspace_widget.update’ event for plugin listeners to react to Workspace Widget record changes.

  • Added a new ‘dao.feedback_entry.update’ event for plugin listeners to react to Feedback record changes.

  • Added a new ‘dao.kb_article.update’ event for plugin listeners to react to Knowledgebase Article record changes.

Maintenance Updates


Cerb (6.2.1) is a maintenance update released on January 3, 2013; it contains 8 minor fixes and usability enhancements from community feedback covering the recent 6.2 update. You can follow these instructions to upgrade.

  • [CHD-3219] [Compose/Usability] The ‘Insert Signature’ button on the Compose popup doesn’t automatically grow the message text box.

  • [CHD-3221] [Login] When logging in from a disabled worker account, a friendly error message is now properly displayed.

  • [CHD-3225] [Broadcast] Broadcast will no longer send messages to known defunct addresses, regardless of the worklist filters.

  • [CHD-3226] [Plugin Library/Devblocks] Updating a plugin from the Plugin Library will now clear the global template cache. This ensures that any UI changes are immediately available.

  • [Time Tracking/Subtotals] Time Tracking worklists can now be subtotaled by worker.

  • [CHD-3228] [Login] FIXED: The “remember me” option on the login form isn’t setting the cookie in some browsers.

  • [CHD-3231] [UI/Usability] Fixed an issue with the ‘elastic’ jQuery plugin where leaving a textarea that had resized from new content could shift the rest of the content on the page by a small amount. This often required an extraneous click on form elements like buttons (i.e. one to focus, one to activate). This was observed in the mail reply form, and in several Virtual Attendant actions that allow placeholder entry.

  • [CHD-3234] [Logins/Activity Log] Fixed an issue with the Activity Log entries for login/logout events when MySQL’s strict mode was enabled.


Cerb (6.2.2) is a maintenance update released on January 21, 2013; it contains 18 minor fixes and usability enhancements from community feedback covering the recent 6.2 update. You can follow these instructions to upgrade.

  • [CHD-3249] [Mail/Reply/Usability] Fixed an issue with Chrome for Windows where the Ctrl+Shift+I shortcut didn’t focus the snippets chooser when replying to mail. The browser caught the keyboard shortcut and opened the Developer Tools instead.

  • [CHD-3241] [Mail/Compose] The Ctrl+Shift+Q shortcut for reformatting quoted paragraphs is now available on the compose popup.

  • [CHD-3227] [Links/Usability] On ‘Links’ tabs, the ‘unlink’ button will now only show up for worklists with at least one row selected.

  • [CHD-3248] [Mail/Reply] Fixed an issue where quoted text didn’t appear in the reply box when certain multibyte characters were present in the original message.

  • [CHD-3245] [Setup/Workers/Auth] The worker authentication method may be set with bulk update from worklists.

  • [CHD-3240] [Snippets/Worklists/Usability] Snippet worklists can now be sorted by the ‘Owner’ column. This will group snippets by owner, but it doesn’t alphabetize the records yet.

  • [Dashboards/Worklists] Fixed an error that was displayed when configuring a dashboard worklist widget if its parent plugin was disabled.

  • [CHD-3218] [Dashboards/Worklists] When configuring a dashboard widget, the ‘worklist’ chooser button will now highlight the context drop down if no selection was made. Previously, this opened a blank popup, which wasn’t very helpful.

  • [CHD-3251] [Mail/Relay/Parser] FIXED: Inbound messages should not be considered by the worker relay if they’re from inactive workers.

  • [CHD-3186] [Mail/Parser/Relay] The mail parser will no longer attempt to relay incoming messages from worker email addresses if they do not contain an authentication header. Previously, these messages were being silently discarded, making it impossible for workers to act like normal recipients on a ticket.

  • [CHD-2947] [Orgs/Peek] It is now possible to bulk update the ‘People’ worklist on the organization peek popup.

  • [CHD-2934] [Reports/Workspaces] An ‘Edit Tab’ button will no longer be displayed on report pages.

  • [CHD-2933] [Calendar/Links] Calendar events may be added from the ‘Create & Link’ menu on the Links tab.

  • [Calendar/Worklists] Calendar events may now be added from worklists.

  • [CHD-3246] [Mail/Merge] Fixed in issue where merging two linked tickets resulted in a ticket that links to itself.

  • [CHD-3250] [Login] Fixed a bug in the login form where the ‘use a different email’ link didn’t work in some browsers. This was due to the path (e.g. /login/reset) not matching the original cookie (/login).

  • [CHD-3253] [Scheduler/POP3] The POP3 scheduler job now provides a debug log entry when finished if there are no POP3 accounts. Previously, the log output showed “Starting…” and nothing else, which looks like the process stalled.

  • [CHD-3256] [Mail/Relay] The snippet placeholder menu and ‘Test’ button are now available for the ‘Subject:’ field on the ‘Relay to external email’ action in Virtual Attendant ticket behaviors.


Cerb (6.2.3) is a maintenance update released on January 30, 2013; it contains 5 minor fixes and usability enhancements from community feedback covering the recent 6.2 update. You can follow these instructions to upgrade.

  • [CHD-3257] [Mail/Parser] Mail with a subject line comprised entirely of whitespace will have the subject rewritten as ‘(no subject)’. This makes it easier to click and modify the tickets in worklists.

  • [CHD-3217] [Usability] Fixed an issue with the auto-grow text boxes where OS-level keyboard shortcuts no longer worked if they involved PgUp, PgDown, Home, End, or the arrow keys.

  • [CHD-3217] [Mail/Preferences] Added an option to worker preferences to control the initial size of the reply text box. The auto-grow functionality of the text box can also be disabled as a preference.

  • [Virtual Attendants/Mail] The generic ‘Send Email’ action in Virtual Attendants may now specify a ‘From:’ address. Previously, this action always used the default reply-to address.

  • [CHD-3216] [Virtual Attendants/Mail] The ‘Send Email’ Virtual Attendant action is now capable of using placeholders to determine the proper ‘From:’ address. For instance, on ticket behaviors it can use the current ticket’s group and bucket to determine which address to use.


Cerb (6.2.4) is a maintenance update released on February 19, 2013; it contains 5 minor fixes and usability enhancements from community feedback covering the recent 6.2 update. You can follow these instructions to upgrade.

  • [Activity Log/Code Cleanup] Fixed the default labels for Activity Log entries when used in Virtual Attendant behavior.

  • [Translations/Localization] Updated the Portuguese translation (Thanks to!)

  • [Virtual Attendants/Code Cleanup] Fixed a bug in the ‘abstract list’ condition in Virtual Attendant behaviors. It’s unlikely that this affected anything in production, but new functionality uses this template to present arbitrary lists to the user for making multiple selections in VA outcomes.

  • [Virtual Attendants/Code Cleanup] Fixed a bug in the ‘Send Mail’ action of Virtual Attendant behaviors that prevented the ‘From:’ address from being set properly in some cases.

  • [CHD-3277] [Dashboards/Worklists] The placeholder for ‘Current Worker’ may now be used when filtering dashboard widgets; including worklists, gauges, charts, and counters.


Cerb (6.2.5) is a maintenance update released on February 28, 2013; it contains 7 minor fixes and usability enhancements from community feedback covering the recent 6.2 update. You can follow these instructions to upgrade.

  • [Code Cleanup/Session] Fixed a bug where all sessions were prematurely logged out if a worker reset their credentials from Settings->Security.

  • [CHD-3282] [Mail/Usability] When merging tickets from a worklist, the merge confirmation popup will now auto-focus the ‘OK’ button. This doesn’t interrupt keyboard shortcut workflows.

  • [Virtual Attendants/Custom Fields/Code Cleanup] Fixed an issue where custom field changes weren’t being cached properly in VA behaviors. This didn’t affect the actual records in the database, it just affected subsequent conditions and actions that used the newly set values.

  • [CHD-3286] [Security/Login] The ‘Remember me’ cookie for the login process now uses the ‘httponly’ option. This prevents the cookie’s contents (i.e. a valid worker email address) from being read in Javascript, which could potentially disclose some information to a malicious script in the browser.

  • [CHD-3285] [Security/Attachments] Mail attachments with HTML content are now filtered through the HTMLPurifier library. This strips Javascript code that would otherwise execute when the attachment is displayed in the browser. Most email clients do not permit Javascript in HTML email, and Cerb shouldn’t behave any differently.

  • [CHD-3283] [Login/Google Auth/IE] When using Internet Explorer 8 and setting up two-factor Cerb logins using Google Authenticator, the QR code should now display properly. If the <canvas> element isn’t available, then the code will instruct the jQuery QR Code plugin to fall back to <table> rendering.

  • [Security/Community Portals] The session cookie in Community Portals now uses the ‘httponly’ option to help protect against malicious browser scripts.