freescout

v1.8.220 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 17d Communication & Email

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

customer-support help-desk helpdesk helpdesk-ticketing helpscout laravel

+8 more

osticket-alternative php shared-mailboxes support ticketing ticketing-system zendesk zendesk-alternative

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 9d

Replies to previously received email notifications will no longer be sent to customers.

Why it matters: Affects email notification replies; update workflows before upgrade to version 1.8.220.

Summary

AI summary

Replies to previously received email notifications are no longer sent to customers.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Check hash in replies to user email notifications (Security: GHSA-6r38-6mcf-2ww3). Check hash in replies to user email notifications (Security: GHSA-6r38-6mcf-2ww3). Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Breaking	Medium	Replies to previously received email notifications will not be sent to customers. Replies to previously received email notifications will not be sent to customers. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Feature	Medium	Add configurable threshold to suppress transient fetch errors in Logs Monitoring. Add configurable threshold to suppress transient fetch errors in Logs Monitoring. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixed checking trusted hosts during installation. Fixed checking trusted hosts during installation. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Refactor	Medium	Clear JS and CSS builds when clearing cache. Clear JS and CSS builds when clearing cache. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Refactor	Medium	Activate the module right after activating the license. Activate the module right after activating the license. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—

Full changelog

After installing this releases replies sent by agents to the previously received email notifications will not be sent to customers. Only replies to the newly received email notifications will be sent. This is a breaking change.

Added

Add configurable threshold to suppress transient fetch errors in Logs Monitoring (#5399)
Clear JS and CSS builds when clearing cache.

Fixed

Check hash in replies to user email notifications (Security: GHSA-6r38-6mcf-2ww3)
Fixed checking trusted hosts during installation.

Changed

Activate the module right after activating the license.

Breaking Changes

Replies sent by agents to previously received email notifications will not be forwarded to customers; only replies to newly received notifications are delivered.

Security Fixes

GHSA-6r38-6mcf-2ww3 — Fixed hash check in replies to user email notifications, preventing unauthorized reply injection.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track freescout

Get notified when new releases ship.

About freescout

FreeScout — Free self-hosted help desk & shared mailbox (Zendesk / Help Scout alternative)

All releases →

Related context

Related tools

Earlier breaking changes

v1.8.221 Links to attachments uploaded before 2020-03-06 will become unavailable.