Blog

Release announcements, helpful tips, and community discussion

7.0.6

Cerb (7.0.6) is a maintenance update released on October 14, 2015; it contains 10 improvements from community feedback covering the 7.0 update. You can follow these instructions to upgrade.

  • [Web-API] Fixed an issue with the workspaces/pages/list.json API request. This was filtering out too many pages, when it should have been returning workspace pages and discarding everything else.

  • [Mail/HTML] Fixed an issue when displaying HTML messages and the underlying storage object is missing. Now the plaintext is displayed as a seamless fallback. Previously, these messages were appearing blank, or with a cryptic XML header.

  • [Security/Snippets] Fixed a potential XSS vulnerability in the snippets chooser. The name of a snippet was being evaluated as HTML (including script tags) when converted from a link to normal text. These labels are now properly escaped. This was a very unlikely attack vector since snippets are managed by workers and don’t contain any user-provided content.

  • [Code Cleanup] Added a default entry for the DEVELOPMENT_ARCHIVE_PARSER_MSGSOURCE option in the framework.defaults.php file.

  • [CHD-4219] [Search/Messages] Fixed an issue where message worklists could become stuck using stale group membership information for the current worker, making it impossible to locate some messages. The 7.0.6 upgrade script will automatically fix any worklists with this issue.

  • [Search/Messages] Implemented an ‘In Groups of Worker’ filter on message worklists. This filters based on the group memberships of the given worker.

  • [Mail/HTML] Fixed another issue with Microsoft Office formatted HTML messages where the ‘Timeline’ never displayed any content.

  • [Mail/HTML] If an HTML message source is greater than 1MB, then the plaintext part is now automatically displayed in ticket timelines. The original content can still be viewed from the original_message.html attachment. This resolves some ‘out of memory’ issues in the HTML sanitization code.

  • [Translations] Fixed an issue with translations not working when MySQL was in strict mode. When this occurred, only the translation keys were displayed, like “common.login”.

  • [CHD-4186] [Workspaces/Dashboards] Fixed an issue where placeholders in dashboard widgets were converted to static filters (e.g. current_worker_id -> 1).