We are pleased to announce the stable release of ArcticDesk v1.2.4. This latest update brings some much requested features, including support for merge fields in email templates and additional custom field options. The release also fixes a number of bugs and addresses an important security issue as outlined below. The full changelog can be found at the end of this announcement.
Security Issue Resolved
This update resolves an important security issue, which can allow a malicious user to perform an SQL injection attack. The issue was privately disclosed to us, and is only exploitable under certain situations. We do recommend that if you are running an older version of ArcticDesk, you upgrade as soon as possible.
We would like to thank Patrick at Rack911.com for reporting the issue.
Merge Fields Support, Updated Email Templates
This version introduces support for merge fields, which allows for the use of common ticket, user and general fields in your email templates. Merge fields give you the ability to create email templates that are automatically filled in with the correct values when the email is sent. For example, “Dear {$user_full_name}” would become, “Dear John Smith”.
Furthermore, the email template engine now runs on
SMARTY, which allows you to use additional features such as conditionals and looping through arrays, allowing for much greater customization in email creation.
We have updated the wording on all of our existing email templates and made use of the new merge fields feature. Please note that updating your installation will
overwrite any changes you may have made to the default templates. Make sure to back up your changes and then apply them again after upgrading.
Updated REST API, now with Versioning
A new version of our REST API – v2 – has been released which has been expanded to include additional functionality, namely more comment methods, a method to get related knowledgebase articles, and custom fields methods for tickets and users. Another change in the new version is the formatting of the output when fetching, adding or updating a single item. An example (in PHP) would be that calling the ticket ID after fetching a single ticket would require you to use $result[0]['ticket_id'] in v1, whereas now you would just use $result['ticket_id'].
Please note that you will not need to make any immediate changes to keep the API working with your own code. We do however recommend that you begin using v2 soon as any further development will continue on that branch only. Switching to the new API version is as simple as appending “v2/” to the end of your API URL, though care must be taken to ensure your code works with the new output formatting.
Our documentation has been fully updated to reflect these changes, please use the below links to view the full documentation.
REST API v2 documentation:
http://www.arcticdesk.com/docs/REST_API
REST API v1 documentation:
http://www.arcticdesk.com/docs/REST_API_v1
Additional Custom Field Options
We have added five new custom fields options, for both users and tickets, in this version. They are ‘checkbox’, ‘multiple select’, ‘radio’, ‘password’ and ‘textarea’. These, with the previous options, were each carefully chosen to provide the maximum benefit in terms of flexibility and meeting your data collection needs.
Kayako v3 Migration Script
There have been a number of requests for a Kayako v3 migration script. It is currently under development, and we expect to see its formal release in about a week. We are getting to a point where we need to see how it performs for our users, which will allow us iron out any bugs and address any remaining issues. As such, we are looking for anyone that would be willing to give it a try for us! Please let us know if you would to test the script out before it is formally released.
Changelog
New Features
(AD-419) - Added merge fields support to email templates
(AD-452) - Added support for development licenses to allow a copy of AD to be ran on RCF1918 addresses for development purposes free of charge
(AD-559) - Added ability to validate email credentials to the email download option
(AD-633) - Added additional custom field types: checkbox, multiple select, radio, password and textarea
(AD-679) - Added ability to force run individual scheduled tasks in the operator panel
Enhancements
(AD-434) - Added custom field values to the ticket opened operator email
(AD-457) - Recheck license status when refreshing the invalid license page in admin area
(AD-592) - Option to remove the department name from ticket related emails
(AD-595) - Added a preview of the last ticket reply to the ticket grid
(AD-604) - Added option for 'hidden' custom fields that do not appear to end users
(AD-605) - Allow operators to add & edit custom field values on a ticket
(AD-607) - Ticket attachments are now sent by email to the end user and operators
(AD-608) - Added TLS support for SMTP
(AD-625) - Added many new API functions and parameters and fixed several bugs
(AD-626) - Replying to a closed ticket makes the default status 'Open' in the status dropdown
(AD-637) - Facebook SDK updated to latest version
(AD-638) - Added an option to not expunge read email from an IMAP inbox when importing tickets
(AD-646) - Added the ability to lock a custom field value so it can't be edited by the end user once set
(AD-648) - Added operator signature to the open ticket section in the operator panel
(AD-674) - Deleting an announcement, article or download also deletes all associated comments
(AD-681) - Now using the language file for operator panel widget titles
Bug Fixes
(AD-594) - Solved UI issues with adding/editing departments
(AD-596) - Fixed validate SMTP details not accounting for an existing saved password
(AD-601) - Ticket reply uploader now permits .tpl files
(AD-603) - Ticket viewed notification on ticket grid is now reset correctly in all circumstances
(AD-609) - Fixed API issue with outputting the correct department hierarchy
(AD-619) - Operator live ticket replies are now correctly decoded to other operators
(AD-621) - Fixed multiple file uploads failing for user submitted tickets
(AD-622) - Fixed cases when installer incorrectly changes the application base path
(AD-630) - Ticket attachments now use ticket ID as well as ticket message ID when saving to the DB
(AD-631) - After updating a ticket department in the sidebar the list of operators now updates
(AD-632) - Fixed issue where user avatars were not showing in tickets under some situations
(AD-634) - Fixed UTF-8 support for outbound emails
(AD-636) - Fixed admin dynamic ticket reply ignoring the user avatar settings
(AD-639) - Fixed PHP error thrown when a department has no operators assigned and has childen
(AD-640) - Fixed case where moving the uploads folder outside of webroot causes avatars to break
(AD-641) - Stopped email loop occurring if an inbound email comes from a department email address
(AD-644) - Fixed PHP error generated from email pipe when no operator is assigned to a department
(AD-645) - Fixed internal messages giving a blank page under certain situations
(AD-649) - Fixed formatting issues with internal messages
(AD-650) - Fixed cases where default operator not properly assigned for ticket submitted via email
(AD-651) - Fixed UI issues when adding user custom fields
(AD-652) - Fixed PHP error with KCFinder image uploder when used
(AD-657) - Fixed cases where ticket labels show as NULL
(AD-658) - Stopped SLA overdue email being sent regardless of email notification settings
(AD-659) - Fixed cases where using '&' results in '&' being displayed
(AD-661) - Fixed various character encoding problems in outbound emails
(AD-662) - Fixed issue where not selecting any departments for a custom field results in it showing to all departments
(AD-665) - Stopped the user's IP address being added on API ticket replies
(AD-666) - Fixed issue where tickets opened by an admin on behalf of a user had a due date
(AD-669) - Fixed case where custom email templates were ignored when opening a ticket from the operator panel
(AD-671) - Fixed issue where admin search shows no results when pressing 'see all results'
(AD-672) - Fixed missing category name for latest articles and downloads
(AD-677) - Fixed issue where statuses were repeated several times in sidebar when running certain operations
(AD-678) - Fixed bug that caused preg_match to error when a / was used in a department name
(AD-680) - Fixed an issue that could allow a malicious user to perform an SQL injection attack from the frontend (Reported by Rack911.com)
