ServiceDesk Plus 9424 Released
Dear Users,
SDP 9424 has been released and can be downloaded from the URL below,
Behavior Change in 9424
SD-71761 : Earlier, while creating a request/ticket, the client machine's host name was stored in the request's history. Henceforth, only the client machine's IP address will be stored since the property 'enabledLookups' will be set to 'false' in 'server.xml' file by default.
You can revert to the old behavior by setting the property 'enabledLookups' to 'true' in the 'server.xml' file
Note: This requires a restart and might result in performance problems since resolving the client host name depends on a call to the DNS server.
Issues Fixed in 9424
Vulnerability
SD-22200 : Privilege escalation vulnerability of a technician being able to view all changes.
SD-22231 : Privilege escalation vulnerability of a technician being able to send announcements.
SD-22246 : Privilege escalation vulnerability of a technician being able to add reminders.
SD-22255 : Privilege escalation vulnerability of a technician being able to view add remainder page.
SD-22267 : Privilege escalation vulnerability of a technician being able to view change related reminders.
SD-69231 : Privilege escalation vulnerability of a user being able to view task template details.
SD-70610 : XSS Vulnerability located in the Request form (for the Insert Image option of Description).
SD-71464 : Input value is not encoded in log files resulting in a XSS vulnerability
SD-71473 : Vulnerability found in file extraction during the restore process.
SD-72074 : Vulnerability present in the attachment path.
SD-72572 : Fixed CRC related issue in restore process.
SD-73217 : Information disclosure vulnerability present in home page.
Home
SD-69831 : Able to view project tasks in Home tab's tasks list view after downgrading the license from trail version to standard/professional.
SD-71972 : Under Home >> Tasks >> Show All Tasks, the 'Owner' field doesn't populate the Project members for the tasks created under a Project.
Dashboard
SD-71090: OOM Error occurs while processing 'Unassigned and Open Requests' Dashboard widget if there are many Open requests.
Request
SD-71095 : In Service Template workflow, sending of approval emails fails for requesters who do not have 'Service Request Approver' permission but are Department Heads.
SD-71458 : Unable to translate request list view columns in non-English languages.
SD-73323 : 9418 Breakage: The issue fix for 'When more than one approver has same e-mail id, error message shown for actual approver while taking approval action' is broken.
SD-73417 : The set field action of FAFR does not work for radio button field.
Project
SD-70802 : Task bars are blank in PDFs exported from Projects Gantt view.
SD-70919 : While navigating from a project to the next project by clicking the right arrow in project details page, same project loads repeatedly.
SD-72812 : @PROJECT_OWNER variable fetches milestone owner in milestone comments.
SD-73169 : Project Dashboard is present for technician without project module permission.
Solution
SD-73852, SD-73859 : 9422 Breakage: Requesters are not able to view solutions.
Admin
SD-69169 : Technician and Support Group are not saved in task templates when the application runs in Internet Explorer 11.
SD-69664 : Server link in the Account Lockout email notification is not opened.
SD-70368 : While creating a copy of a site, the sender name and sender email of the default site's support group is copied
SD-73678 : Field and form rules binding does not work for resources in grid view.
SD-71882 : Security settings >> Security response headers: After updating the latest service pack, custom security response headers are lost.
Reports
SD-72306 : Default report: Time spent by technician on projects is not working in MSSQL.
Mobile
SD-73572 : SDP mobile app: When trying to reply to a conversation, the 'To' field is not auto-populated in mobile app version 4.7.1.
Others
SD-69465 : Option to download digitally signed service packs
SD-70502 : Secondary installation configured for Fail Over Service (FOS) does not start if the application runs in the HTTPS mode.
SD-70646 : Files uploaded on to the application through UI are not replicated in the secondary installation configured for Fail Over Service (FOS).
SD-70739 : No proper authentication error message is shown for incorrect non-login URLs.
SD-70751 : Tasks added by changing the task template are not shown for technicians in calendar view(Home -> scheduler) in foreign language setups
SD-70947 : A grammatically wrong message is displayed while accessing a deleted task ID.
SD-71005 : Update manager heap size is set to 512M even after migrating to BIN setup
SD-71721 : Group is removed while editing a task using the 'Edit icon in task details page' from the comments tab.
SD-72857 : For instances enabled with Active Directory authentication along with dynamic user addition, user login fails if the username is in upper case
SD-73041 : Out Of Memory error occurs during the backup of directories with large number of files. If you adjust the memory size and complete the backup, Restore will still not be possible.
SD-73154 : Backup restore fails without the fileattachment zip in it. The issue occurs only if the previous backup has been manually terminated.
SD-73506 : Unable to change port number while installing ServiceDesk Plus in Windows machine.
SD-73562 : Incomplete backup files will have the .partial extension to distinguish from the complete backup files with the .data extension. Please note that the incomplete backup files cannot be restored.
Please refer to the below link for the steps to install the patch.
Regards,
Edwin Vasantha Kumar
Servicedesk Plus Team