FAQ Package Security Fix Released

On March 22, OTRS AG have published security advisory OSA-2021-08 concerning a vulnerabililty in the popular FAQ package. According to the brief description in the advisory, the security flaw exposed FAQ articles to agents who shouldn't be allowed to access them:

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category).

Our security specialists have analysed the source code of the package and have identified the likely cause of the vulnerability.

We have released a fixed version of the package as FAQ 6.0.29. It is available for download in the OPM format in the Downloads section.