freescout

Communication & Email

FreeScout is a lightweight, open‑source help desk and shared inbox that serves as an alternative to Zendesk and Help Scout.

PHP Latest 1.8.223 · 4d ago Security brief →

Features

1 CVE

CVE	Severity	Disclosed	Patched (this tool)	vs Ecosystem Median
CVE-2018-15133 KEV	high CVSS 8.1	2024-01-16	2026-01-05	2y / median 2y

View all 23 releases →

Upgrade now

1.8.223 Security relevant 4d

Breaking upgrade RCE / SSRF

Security fixes

Open

No immediate action

1.8.222 Bug fix 9d

Signature mailbox fix + auto‑reply routing

Open

Security behavior changed

1.8.221 Breaking risk 11d

Auth RBAC Breaking upgrade

Attachment link unavailability

Open

Security behavior changed

1.8.220 Breaking risk 17d

Auth

Email reply suppression

Open

1.8.219 Mixed patches CVE-2018-15133 26d

Security fixes

dep: GHSA-qjr9-6v9q-3r72 — hash added to open tracking URL
GHSA-jvmv-2qcp-7855 — Forgot Password form now throttled and returns identical response regardless of email existence

Notable features

Full changelog

Added

Added Catalan tranlation (#5376)
Show warning message in the interface when browser does not support Content Security Policy (CSP).

Fixed

Fixed an error on PHP 7.1 (#5377)
Added table prefix to raw DB queries (#5385)
Added hash to open tracking URL (Security: GHSA-qjr9-6v9q-3r72)
Added throttle to the Forgot Password form and return identical response regardless of whether the email exists (Security: GHSA-jvmv-2qcp-7855)
Fixed error tracking on creating user profile from invite link (#5390)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.