freescout

v1.8.219 Security

This release patches 1 CVE for security teams tracking exposure across their dependency inventory.

Published 26d Communication & Email

1 patched CVE

This release patches 1 known CVE CVE-2018-15133 EPSS 84%

1 CVEs patched

Topics

customer-support help-desk helpdesk helpdesk-ticketing helpscout laravel

+8 more

osticket-alternative php shared-mailboxes support ticketing ticketing-system zendesk zendesk-alternative

Summary

AI summary

Throttle added to Forgot Password form to prevent abuse (GHSA-jvmv-2qcp-7855).

Full changelog

Added

Added Catalan tranlation (#5376)
Show warning message in the interface when browser does not support Content Security Policy (CSP).

Fixed

Fixed an error on PHP 7.1 (#5377)
Added table prefix to raw DB queries (#5385)
Added hash to open tracking URL (Security: GHSA-qjr9-6v9q-3r72)
Added throttle to the Forgot Password form and return identical response regardless of whether the email exists (Security: GHSA-jvmv-2qcp-7855)
Fixed error tracking on creating user profile from invite link (#5390)

dep: GHSA-qjr9-6v9q-3r72 — hash added to open tracking URL
GHSA-jvmv-2qcp-7855 — Forgot Password form now throttled and returns identical response regardless of email existence

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track freescout

Get notified when new releases ship.

About freescout

FreeScout — Free self-hosted help desk & shared mailbox (Zendesk / Help Scout alternative)

v1.8.221 Links to attachments uploaded before 2020-03-06 will become unavailable.
v1.8.220 Replies to previously received email notifications will not be sent to customers.