((OTRS)) Community Edition Version 6.0.33 Released

Version 6.0.33 of ((OTRS)) Community Edition is now available.

This version comes with several security fixes, including a denial of service vulnerability that potentially allowed an attacker to cause a performance drop or even a complete crash of the system by sending a specially crafted e-mail message. This vulnerability has been discovered by Alberto Molina and reported by OTRS AG in security advisory OSA-2021-16.

In addition to that, this release comes with numerous updates to JavaScript libraries, fixing a number of vulnerabilities discovered in previously distributed versions:

  • CKEditor updated from version 4.16.0 to version 4.17.1
    (fixed several XSS vulnerabilities -- release information: CKEditor 4.17)
  • jQuery UI updated from version 1.12.1 to version 1.13.0
    (fixed several XSS vulnerabilities -- security advisories: GHSA-gpqq-952q-5327, GHSA-j7qv-pgf6-hvh4, GHSA-9gj3-hwp5-pmwc)
  • Moment.js updated from version 2.18.1 to version 2.29.1
    (fixed a ReDoS vulnerability -- release information: moment 2.19.3 changelog)
  • Nunjucks updated from version 3.0.1 to version 3.2.3
    (fixed a prototype pollution vulnerability -- issue description: #1331)

The new version is available for download in the Downloads section as a Shell Installer package, and as compressed source archives.