ArcticDesk v1.2.6 addresses some important security issues outlined below, thus we urge you to update as soon as possible. For the release we have also addressed an issue with the operator edit message functionality under certain environments. The full changelog can be found at the end of this announcement.
Security Fixes
Case: AD-760, AD-774, AD-775
Type: Local file inclusion
Severity: High
Credit: Patrick at Rack911.net
Description: By following a carefully crafted URL, it is possible to access local files on the server and view sensitive information.
Case: AD-777
Type: Local file inclusion
Severity: High
Credit: Internal ArcticDesk Team
Description: By following a carefully crafted URL, it is possible to access local files on the server and view sensitive information.
Changelog
Bug Fixes
(AD-760, AD-774, AD-775, AD-777) - Fixed local file inclusion on certain actions
(AD-768) - Fixed issue where operator was unable to edit ticket messages