((OTRS)) Community Edition News

((OTRS)) Community Edition Version 6.0.36 Released

We have just released ((OTRS)) Community Edition version 6.0.36.

This release brings much more than the small increase in version number might suggest. Most importantly, it includes the refreshed agent interface that we have been working on for some time, and which is the first step towards making OTRS CE more modern, flexible, and user-friendly.

New login screen

How to Enable the Modern Agent Interface

The new interface can be enabled on a per-user basis using agent preferences. Upon logging in, click the user's avatar in the top left corner, and go to "Personal preferences". Choose "Miscellaneous", make sure the "Default" skin is selected, and check the "Use modern variant" option:

Skin options

Save the setting, reload the page, and enjoy the new look!

If you want to use the refreshed interface by default, without enabling it for specific agents, you can go to the administration screen and set the system configuration option "Loader::Agent::DefaultSkin::UseModern".

Note: Please keep in mind that at this moment the new agent interface is still considered experimental and some of its parts aren't complete. If you use the system in a time-critical business environment, or with additional packages such as OTRS::ITSM, we suggest you keep using the standard version until the new one becomes mature.

Other Changes in Version 6.0.36

Apart from the refreshed interface, one new feature of the new version is the ability to change the default ticket priority colors:

Priority colors

Other changes that have been introducted in this version aren't as significant from the user's perspective, but there have been numerous fixes in the system update process, as well as improvements with respect to compatibility with other versions of help desk software based on the original ((OTRS)) Community Edition.

RPM Packages Now Available

Up until this version, the recommended way to install ((OTRS)) Community Edition was to use the shell installer. This version is the first one that is also available as RPM packages for Red Hat-based Linux systems.

The list of supported distributions includes:

  • Red Hat Enterprise Linux 7.9, 8.6, and 9.0
  • CentOS 7
  • CentOS Stream 8 and 9
  • Rocky Linux 8.4, 8.5, 8.6, and 9.0
  • Fedora 35 and 36

More distributions, as well as DEB packages for Debian-based systems, are coming soon.

Video Announcement

We have created a short promotional video for the new version of the system — you can watch it below or on YouTube.

Try It Out!

The new version of ((OTRS)) Community Edition is available in the Downloads section.

We are looking forward to your feedback! Please contact us at info@otrscommunityedition.com.

((OTRS)) Community Edition Version 6.0.35 Released

The latest release of ((OTRS)) Community Edition 6.0.35 is now out.

This version introduces many minor changes and bug fixes that have recently been made in the Znuny LTS fork of ((OTRS)) Community Edition. With these changes, the version maintained and developed by us becomes fully compatible with Znuny LTS and can be therefore be used as a migration path for both users of the legacy ((OTRS)) Community Edition and of the Znuny LTS system.

This release also brings a few updates to the Shell Installer utility, including added support for the most recent version of Rocky Linux (8.6).

You can get the new version by going to the Downloads section, and selecting the Shell Installer package, or one of the compressed source archive files.

((OTRS)) Community Edition Version 6.0.34 Released

((OTRS)) Community Edition version 6.0.34 has been released.

This is a security release which fixes several vulnerabilities that have been discovered in other forks of the original OTRS codebase:

  • A vulnerability that in certain system configurations allowed authenticated users to execute system shell commands
  • A problem with support bundle generation that could result in inclusion of sensitive files in generated support bundles
  • Cross-Site Scripting (XSS) vulnerabilities in the handling of dynamic fields configuration and in package installation
  • Privilege escalation vulnerability in the processing of HTML templates

Version 6.0.34 is available for download in the Downloads section as a Shell Installer package, and as compressed source archives.

Let's Encrypt SSL Certificates for ((OTRS)) CE

Web applications that store and transmit any kind of sensitive or personal data should only allow secure, encrypted traffic. Yet, the traditional method of installing ((OTRS)) Community Edition didn't really cover this part, leaving it as an exercise for the administrator. And while configuring SSL on a server isn't too difficult, it does require additional work and might take quite a bit of time if things don't go smoothly right away.

Let's Encrypt

We strive to make ((OTRS)) Community Edition more secure and easier to use, not only for end users, but administrators as well, so we thought it's time to address this matter. The new version of our automated Shell Installer utility allows you to easily install a free SSL certificate provided by the non-profit Let's Encrypt project. All you need is to have a domain name pointing to the server on which the system is being installed, and to provide an e-mail address for administrative notifications.

This is how the configuration looks during installation:

SSL certificate configuration

The installed certificate will be automatically renewed, as it is usually the case with Let's Encrypt certificates. The system will also be configured to enforce encrypted connections if a browser tries to connect using plain HTTP.

The updated shell installation tool is now available in the Downloads section and we welcome you to try it out. It is still considered experimental, but will soon be ready for prime time.

((OTRS)) Community Edition Version 6.0.33 Released

Version 6.0.33 of ((OTRS)) Community Edition is now available.

This version comes with several security fixes, including a denial of service vulnerability that potentially allowed an attacker to cause a performance drop or even a complete crash of the system by sending a specially crafted e-mail message. This vulnerability has been discovered by Alberto Molina and reported by OTRS AG in security advisory OSA-2021-16.

In addition to that, this release comes with numerous updates to JavaScript libraries, fixing a number of vulnerabilities discovered in previously distributed versions:

  • CKEditor updated from version 4.16.0 to version 4.17.1
    (fixed several XSS vulnerabilities -- release information: CKEditor 4.17)
  • jQuery UI updated from version 1.12.1 to version 1.13.0
    (fixed several XSS vulnerabilities -- security advisories: GHSA-gpqq-952q-5327, GHSA-j7qv-pgf6-hvh4, GHSA-9gj3-hwp5-pmwc)
  • Moment.js updated from version 2.18.1 to version 2.29.1
    (fixed a ReDoS vulnerability -- release information: moment 2.19.3 changelog)
  • Nunjucks updated from version 3.0.1 to version 3.2.3
    (fixed a prototype pollution vulnerability -- issue description: #1331)

The new version is available for download in the Downloads section as a Shell Installer package, and as compressed source archives.

New Agent User Interface Demo

As our refreshed version of the ((OTRS)) Community Edition agent interface is getting closer and closer to release, we have made it available for testing on our demo server. If you would like to take a peek at how the new interface looks and feels, you are welcome to go to new.demo.otrsce.com and try it out!

You will find a switch at the bottom of the page which toggles between the old and new interface style, making it easy to compare the original look and the refreshed one.

User interface switch

Please keep in mind that this version is not ready for prime time yet, there is still a lot of (mostly) small fixes that need to be made, and we're working on it -- watch this space for updates.

A Demo Says a Thousand Words

When looking for the next help desk system for your company, nothing beats being able to take it for a spin. Our website now allows you to easily try out ((OTRS)) Community Edition by launching your own test instance that you can use for up to 7 days. You can also share a link to the demo if you want to test the system with your workmates.

Enjoy testing the system! And as always, if you need help or have any questions, just let us know.

Delays (but Also Pictures)

If there's one thing that all software projects have in common, it's delays. Our fork of ((OTRS)) Community Edition is no different, it's taking us longer than expected to reach the next planned milestones, so we decided to update our roadmap again and move the release of the refreshed agent interface, as well as the report from our security audit, into early September.

The main reason is that we simply have way more work than we expected building solutions around OTRS CE for our business clients. While this has the positive outcome of growing the user base of the fork, it also means we have less time for the day-to-day development of the core application. To address that, we're working on expanding our team, so hopefully things will improve in the next couple of weeks.

Of course, this doesn't mean we have made no progress on the items on our roadmap. As a teaser, here's a few screenshots showing how the agent interface will look after the refresh (click to enlarge).

Agent dashboard:

Agent dashboard

New phone ticket screen:

New ticket form

Customer users administration screen:

Customer users administration screen

These are still work-in-progress and subject to change, but you get the picture (literally).

And to tease a bit more, we are also working on a few features not included in the roadmap, but ones that we believe will be useful to the users. Watch this space for more information in the next week or two.

Installing OTRS CE with Flying Colors

One of the nuisances of the classic version of ((OTRS)) Community Edition is that when installing the system from source (rather than system software repositories, using e.g. yum or apt), the installation process is a bit tedious. It requires the user to go through a series of configuration tasks, choosing the right variant for their operating system. Why do that manually though when you have a machine that's perfectly capable of following strict instructions?

This lead to the idea of making an installation utility to automate most of this process and make it easier, faster, and less error-prone. Most importantly, we wanted to make the installer user-friendly, so even though it's a command-line application, we decided to use colorful, well-formatted output to clearly communicate what's happening during the installation and to present the user with straightforward, simple choices.

And, in the spirit of classic terminal-based software, we even added an ANSI-art splash screen:

((OTRS)) CE installation welcome screen

At this point the installer is able to perform a full installation of ((OTRS)) Community Edition version 6.0.32 on CentOS 8, and Ubuntu Server support is in the works. Before the first release, we plan to add support for a few more configurations.

Watch the short video below to get a sneak peek at how the tool works and see the complete installation process on a plain CentOS 8 machine:

Our plans for further development of the installer include:

  • Support for more distributions and configurations
  • Support for different databases
  • Support for external database servers
  • Unattended installation mode

With the first release, we will also open source the tool so that the community can participate in its development.

Updates to Development Roadmap

Our 2021 development roadmap has just been updated to reflect some changes to the original timeline that we decided to make.

Most importantly, we have taken more time to work on fixing the security issues both in the base ((OTRS)) Community Edition system, as well as its popular add-ons (namely, new versions of the FAQ and ITSM Configuration Management packages).

The initial idea was to finish the security audit and then release a new version of the software. However, with a number of security issues discovered during the audit, as well as found in other forked versions, we decided it's more important to roll out the security fixes to users as soon as possible rather than wait until the audit is concluded. The result was the recent 6.0.32 release, which saw the light of day last week.

This doesn't mean we made no progress on the items in the roadmap -- here's a few updates on the items planned for the nearest future:

  • Refreshed agent interface - We are making steady progress on subsequent screens and UI elements of the refreshed interface. The first version to make it into a release is planned for the end of June.
  • Easier installation and update process - This has been split into separate items and so far most of our focus was on the new installation part, putting updates aside for later. We plan to have a working solution that we can show to the community around mid-June. Expect some more information next week!
  • Internal security audit - With most of the research work completed, we are in the process of collecting the findings and putting together a report. Our goal is to publish it in the second half of June.

As always, we are open to any comments and suggestions about our plans.