Bugfixes
General
- Fixed broken date ranges criteria in Advanced Search
- Added missing “State” field to Registrar contacts configuration
- Added field validation and format documentation for phone numbers when using OpenSRS (Domain Management)
- Fixed “Content Type” headers for JavaScript files to avoid errors on some versions of Chrome and Firefox
- Optimized
event_trigger_prune.php
cron script for pruning very large event tables - Fixed a security issue with the DUO 2FA implementation when using DUO’s “trusted networks” which could allow privilege escalation for admins
- Updated embedded PHPMailer version to 5.2.21 to address vulnerabilities CVE-2016-10033 and CVE-2016-10045
Client Manager
- Fixed a bug where 100% discounted services were not being properly pre-billed
- Fixed multiple select box default values not being saved properly for service plan custom fields defaults
- Fixed removing a service’s assigned location
- Fixed a bug with E-xact payment gateway where in some cases a transaction might be submitted more than once
- Improved error logging for invoice.php cron script when failing to renew a domain
- Improved stability of invoice.php cron script by being more flexible on maximum allows execution time to address “Function not currently available” errors
- Fixed a bug with services silently failing renewal when no notes are present for the service and a service module tries to generate a new note
- Improved error logging for
invoice.php
cron script for many miscellaneous errors
Support Manager
- Fixed a Cross Site Scripting (XSS) Vulnerability in a ticket’s Time Spent tab
Device Manager
- Fixed an issue in the Bandwidth Monitoring aggregate graphs causing “Cannot parse vname” errors
- Fixed a bug which could trigger a “too many tables” DB error when creating connections with more than 6 interfaces
- Fixed a bug where adding a device module to a Device Type or Device Type Group would not correctly add the related custom fields
- Fixed a bug with ACLs which could occur after upgrading from 2.3.x where device lists might show a mismatch between “Found devices” count and the actual list (the former being correct)
Order Manager
- Use order queue’s “From Email” address field for “Open Ticket” order module as the “From Address” for the email generated, instead of the client email when source is set to Admin
Sales Manager
- Fixed the “All” filter for quote statuses on a client’s List Quotes page to include cancelled quotes
API
- Improved documentation for
support.ticket_submit
,support.ticket_post_staff_response
,support.ticket_submit_outgoing
andsupport.ticket_post_client_
response API methods - Stop performing sanitization of input for API calls