ServiceDesk Plus 10005 Released
Dear Users,
SDP 10005 has been released and can be downloaded from the URL below,
Issues Fixed:
Vulnerability:
SD-73855 : Improper server/client side validation vulnerability in an asset list view URL.
SD-73965 : Privilege escalation vulnerability in contracts.
SD-73966 : CSRF Vulnerability in POST operation of a certain URL in Reports.
SD-74036 : Remote code execution vulnerability in imported XLS under reports.
SD-73858 : Improper server/client side validation vulnerability in OrgRoles.
SD-74561 : CSRF Vulnerability while performing ADD/UPDATE and DELETE operations in solutions module.
Purchase:
SD-73552 : Space between words are rendered as '%20' in purchase request's approval comments.
SD-73590 : Unable to receive the items in a purchase order if the ordered quantity is extremely high.
SD-73953 : Unauthorized error message is shown while downloading attachments from Purchase Request via requester login. Issue occurs for requesters with non-login access.
Admin:
SD-74064 : Unable to delete the values for 'pick list' type CI attributes.
SD-74077 : Support groups with the same name but different letter cases can be created.
SD-73566 : Incorrect browser header and tooltip are displayed when you access Admin » Support Groups.
Report:
SD-74655 : Reports exported as PDF files do not display the content in Thai language.
SD-70450 : When a report is generated or exported, temporary files are getting stored under root directory.
Other:
SD-73926 : During application restore, "\t" is restored as empty space.
SD-74369 : Duplicate entries under system fields in the form customizer table.
Please refer to the below link for the steps to install the patch.
Note :
The upcoming service pack, which is slated for this weekend, carries the following features:
- Expiry and Review Date in Solutions
- EWS Support
Regards,
Edwin Vasantha Kumar
Servicedesk Plus Team