OTRS 7 Patch Level 33

March 21, 2022 — OTRS Group, the world’s leading provider of the OTRS service management suite, including the fully managed OTRS solution and the ITIL^® 4-compliant IT service management software OTRS::ITSM, today announces the first release of the OTRS 7 patch level 33.

Important for Upgrading

This release contains a security improvement and the old behaviour has been changed. Please read the related chapter in our documentation: Allow Program Safe to Run.

Enhancements

• Updated translations, thanks to all translators.
• Fixed npm audit issues.
• Included linked time zones as valid time zones.
• Added new console command Maint::VirtualFS::Delete to remove entries in the VirtualFS database tables as well as in the file system.

Bug Fixes

• Settings in the system configuration are not checked for vulnerable commands.
• High amount of not used data is sent to ticket detail view in the external frontend.
• Authentication modules with PreAuth flag are not working anymore.
• Not possible to send mail without email security option if default sign key is set for queue.
• OTRS web server runs into timeout during migration.
• Category is displayed twice in service catalogue.
• Layout problems with language chooser and side menu in the service catalogue.
• Title and text of image teasers is overlapping each other.
• Links in knowledge base articles are not styled correctly.
• Text in subject and message field is shown in lower contrast when the field is focused.
• Cancel button to delete a draft disappeared by using the high contrast skin.
• Images for knowledge base articles are all displayed in the same size in the external interface.
• Link for tabs is getting invisible if using high contrast skin.
• Message field is missing the border and is hardly recognizable.
• Missing index in search profiles causes slow queries.
• GenericAgent management screen is not loading and consumes whole physical memory if a lot of dynamic fields exists.
• Translations for services not working as expected.
• High amount of S/MIME certificates has significant impact on decrypt performance.
• Merging tickets with themselves is possible.
• Robots.txt allows wrong path and can not be retrieved via browser.
• Accounted time for articles is always shown because ExternalFrontend::TicketDetailView###AccountedTimeDisplay setting is not used.
• Modal dialog to delete a knowledge base articles is shown out of range and is therefore not usable.
• Dynamic Field of type Textarea is limited to 3.800 characters in GUI.
• Improved generic notification and custom ticket module handling.
• RPC operation could not be used if assignments of users to groups is done via roles.
• Improved Sendmail binary handling.
• Possible XSS attack via translation.
• Dismiss selected notifications clickable even if nothing is selected.
• User details containing special characters (i.e. umlauts) are not shown properly when fetched from LDAP.
• Dynamic field of type Textarea adds HTML tags to the process body text.

Browser Support

• JavaScript is required to use OTRS.

These browsers are not supported:

• Microsoft Internet Explorer before version 11
• Firefox before version 31
• Safari before version 6

We recommend to use the latest version of your browser, because it has the best JavaScript and rendering performance. Dramatical performance varieties between the used browsers can occur with big data or big systems. We are happy to consult you on that matter.

Note:

• OTRS 9 will not support Internet Explorer anymore.
• OTRS 9 will not support Oracle as application database anymore.

OTRS Group managed customers who are using product versions that are reaching end of maintenance and support must be updated by our Customer Solution Team by scheduling an individual maintenance appointment in order to continue receiving necessary releases and support. OTRS On-Premise customers must obtain a newer product version by ordering our migration services.