((OTRS)) Community Edition Version 6.0.32 Released

We have just released version 6.0.32 of ((OTRS)) Community Edition.

This is a security release which fixes numerous vulnerabilities discovered during our ongoing security audit, as well as reported in other forked versions of ((OTRS)) Community Edition based on the original project.

We advise all users of previous versions of the software to update to this release to improve the security of their systems and data.

The following security issues are fixed in this release:

  • A serious Cross-Site Scripting (XSS) vulnerability in ticket overview (identified by Znuny GmbH and Nina Knipprath)
  • A regular expression-related denial of service (DoS) vulnerability (identified by Znuny GmbH)
  • Unauthorized listing of ticket recipients via AJAX call (discovered during internal security audit)
  • Unauthorized access to calendar appointment data (discovered during internal security audit)
  • Possible agent and customer user account enumeration through password recovery feature (discovered during internal security audit)
  • Possible agent user account enumeration through public calendar URL (discovered during internal security audit)
  • A minor reflected XSS issue in appointment edit popup (discovered during internal security audit)

Additionally, a few bundled Perl modules have been updated in this release due to security issues in previously distributed versions:

  • LWP updated from version 6.26 to 6.54
  • XML::Simple updated from version 2.24 to 2.25
  • YAML updated from version 1.23 to 1.30

Visit the Downloads section to download this release.