((OTRS)) Community Edition News

OAuth2 Authentication for Email Accounts in OTRS CE

The latest release of ((OTRS)) Community Edition comes with support for OAuth2 authentication for email accounts used to receive email tickets and send messages. There are built-in configuration templates for two most popular email service providers: Gmail and Microsoft 365.

This feature might be especially important if you are using OTRS CE with a Microsoft 365 email account, because Microsoft is disabling basic (password-based) authentication in January 2023. If your email accounts are still configured to make use of passwords, you should switch to OAuth2 soon.

The new documentation for OTRS CE that we started working on now includes step-by-step instructions on OAuth2 configuration for Microsoft 365 and Gmail users. Today we have also published an instructional video that shows the configuration process for Microsoft 365 accounts — see it below or on YouTube.

OTRS CE Version 6.0.37 Released with Easy System Updates

((OTRS)) Community Edition version 6.0.37 has been released today.

One of our primary goals for the development of OTRS CE is making the system more friendly and easier to use, for both end users and for administrators. We have already simplified the installation with the introduction of the Shell Installer, and the next objective was to make the system just as easy to update when a new version is available.

Version 6.0.37 is a major step towards that, because it brings a new method of performing system updates that utilizes the OTRS CE Console program. All you need to do to update your system is download the new version and run a single command which then takes care of everything.

The animation below shows a sample run from our tests:

As with many of the new features that we're working on, please keep in mind that the new update mechanism is under active development and at this moment its use is limited to basic configurations of the system. You should not use it yet if your system has additional packages or custom modifications. Nonetheless, we keep working on it and plan to add support for systems with extra packages in the next release.

The long-term goal with respect to system updates is to implement automatic checks for new releases, and to allow initiating updates from the browser, in the administrator interface.

As always, you will find the new version in the Downloads section.

((OTRS)) Community Edition Version 6.0.36 Released

We have just released ((OTRS)) Community Edition version 6.0.36.

This release brings much more than the small increase in version number might suggest. Most importantly, it includes the refreshed agent interface that we have been working on for some time, and which is the first step towards making OTRS CE more modern, flexible, and user-friendly.

New login screen

How to Enable the Modern Agent Interface

The new interface can be enabled on a per-user basis using agent preferences. Upon logging in, click the user's avatar in the top left corner, and go to "Personal preferences". Choose "Miscellaneous", make sure the "Default" skin is selected, and check the "Use modern variant" option:

Skin options

Save the setting, reload the page, and enjoy the new look!

If you want to use the refreshed interface by default, without enabling it for specific agents, you can go to the administration screen and set the system configuration option "Loader::Agent::DefaultSkin::UseModern".

Note: Please keep in mind that at this moment the new agent interface is still considered experimental and some of its parts aren't complete. If you use the system in a time-critical business environment, or with additional packages such as OTRS::ITSM, we suggest you keep using the standard version until the new one becomes mature.

Other Changes in Version 6.0.36

Apart from the refreshed interface, one new feature of the new version is the ability to change the default ticket priority colors:

Priority colors

Other changes that have been introducted in this version aren't as significant from the user's perspective, but there have been numerous fixes in the system update process, as well as improvements with respect to compatibility with other versions of help desk software based on the original ((OTRS)) Community Edition.

RPM Packages Now Available

Up until this version, the recommended way to install ((OTRS)) Community Edition was to use the shell installer. This version is the first one that is also available as RPM packages for Red Hat-based Linux systems.

The list of supported distributions includes:

  • Red Hat Enterprise Linux 7.9, 8.6, and 9.0
  • CentOS 7
  • CentOS Stream 8 and 9
  • Rocky Linux 8.4, 8.5, 8.6, and 9.0
  • Fedora 35 and 36

More distributions, as well as DEB packages for Debian-based systems, are coming soon.

Video Announcement

We have created a short promotional video for the new version of the system — you can watch it below or on YouTube.

Try It Out!

The new version of ((OTRS)) Community Edition is available in the Downloads section.

We are looking forward to your feedback! Please contact us at info@otrscommunityedition.com.

((OTRS)) Community Edition Version 6.0.35 Released

The latest release of ((OTRS)) Community Edition 6.0.35 is now out.

This version introduces many minor changes and bug fixes that have recently been made in the Znuny LTS fork of ((OTRS)) Community Edition. With these changes, the version maintained and developed by us becomes fully compatible with Znuny LTS and can be therefore be used as a migration path for both users of the legacy ((OTRS)) Community Edition and of the Znuny LTS system.

This release also brings a few updates to the Shell Installer utility, including added support for the most recent version of Rocky Linux (8.6).

You can get the new version by going to the Downloads section, and selecting the Shell Installer package, or one of the compressed source archive files.

((OTRS)) Community Edition Version 6.0.34 Released

((OTRS)) Community Edition version 6.0.34 has been released.

This is a security release which fixes several vulnerabilities that have been discovered in other forks of the original OTRS codebase:

  • A vulnerability that in certain system configurations allowed authenticated users to execute system shell commands
  • A problem with support bundle generation that could result in inclusion of sensitive files in generated support bundles
  • Cross-Site Scripting (XSS) vulnerabilities in the handling of dynamic fields configuration and in package installation
  • Privilege escalation vulnerability in the processing of HTML templates

Version 6.0.34 is available for download in the Downloads section as a Shell Installer package, and as compressed source archives.

Let's Encrypt SSL Certificates for ((OTRS)) CE

Web applications that store and transmit any kind of sensitive or personal data should only allow secure, encrypted traffic. Yet, the traditional method of installing ((OTRS)) Community Edition didn't really cover this part, leaving it as an exercise for the administrator. And while configuring SSL on a server isn't too difficult, it does require additional work and might take quite a bit of time if things don't go smoothly right away.

Let's Encrypt

We strive to make ((OTRS)) Community Edition more secure and easier to use, not only for end users, but administrators as well, so we thought it's time to address this matter. The new version of our automated Shell Installer utility allows you to easily install a free SSL certificate provided by the non-profit Let's Encrypt project. All you need is to have a domain name pointing to the server on which the system is being installed, and to provide an e-mail address for administrative notifications.

This is how the configuration looks during installation:

SSL certificate configuration

The installed certificate will be automatically renewed, as it is usually the case with Let's Encrypt certificates. The system will also be configured to enforce encrypted connections if a browser tries to connect using plain HTTP.

The updated shell installation tool is now available in the Downloads section and we welcome you to try it out. It is still considered experimental, but will soon be ready for prime time.

((OTRS)) Community Edition Version 6.0.33 Released

Version 6.0.33 of ((OTRS)) Community Edition is now available.

This version comes with several security fixes, including a denial of service vulnerability that potentially allowed an attacker to cause a performance drop or even a complete crash of the system by sending a specially crafted e-mail message. This vulnerability has been discovered by Alberto Molina and reported by OTRS AG in security advisory OSA-2021-16.

In addition to that, this release comes with numerous updates to JavaScript libraries, fixing a number of vulnerabilities discovered in previously distributed versions:

  • CKEditor updated from version 4.16.0 to version 4.17.1
    (fixed several XSS vulnerabilities -- release information: CKEditor 4.17)
  • jQuery UI updated from version 1.12.1 to version 1.13.0
    (fixed several XSS vulnerabilities -- security advisories: GHSA-gpqq-952q-5327, GHSA-j7qv-pgf6-hvh4, GHSA-9gj3-hwp5-pmwc)
  • Moment.js updated from version 2.18.1 to version 2.29.1
    (fixed a ReDoS vulnerability -- release information: moment 2.19.3 changelog)
  • Nunjucks updated from version 3.0.1 to version 3.2.3
    (fixed a prototype pollution vulnerability -- issue description: #1331)

The new version is available for download in the Downloads section as a Shell Installer package, and as compressed source archives.

New Agent User Interface Demo

As our refreshed version of the ((OTRS)) Community Edition agent interface is getting closer and closer to release, we have made it available for testing on our demo server. If you would like to take a peek at how the new interface looks and feels, you are welcome to go to new.demo.otrsce.com and try it out!

You will find a switch at the bottom of the page which toggles between the old and new interface style, making it easy to compare the original look and the refreshed one.

User interface switch

Please keep in mind that this version is not ready for prime time yet, there is still a lot of (mostly) small fixes that need to be made, and we're working on it -- watch this space for updates.

A Demo Says a Thousand Words

When looking for the next help desk system for your company, nothing beats being able to take it for a spin. Our website now allows you to easily try out ((OTRS)) Community Edition by launching your own test instance that you can use for up to 7 days. You can also share a link to the demo if you want to test the system with your workmates.

Enjoy testing the system! And as always, if you need help or have any questions, just let us know.

Delays (but Also Pictures)

If there's one thing that all software projects have in common, it's delays. Our fork of ((OTRS)) Community Edition is no different, it's taking us longer than expected to reach the next planned milestones, so we decided to update our roadmap again and move the release of the refreshed agent interface, as well as the report from our security audit, into early September.

The main reason is that we simply have way more work than we expected building solutions around OTRS CE for our business clients. While this has the positive outcome of growing the user base of the fork, it also means we have less time for the day-to-day development of the core application. To address that, we're working on expanding our team, so hopefully things will improve in the next couple of weeks.

Of course, this doesn't mean we have made no progress on the items on our roadmap. As a teaser, here's a few screenshots showing how the agent interface will look after the refresh (click to enlarge).

Agent dashboard:

Agent dashboard

New phone ticket screen:

New ticket form

Customer users administration screen:

Customer users administration screen

These are still work-in-progress and subject to change, but you get the picture (literally).

And to tease a bit more, we are also working on a few features not included in the roadmap, but ones that we believe will be useful to the users. Watch this space for more information in the next week or two.