Important Notice
Please note that the XMLRPC API endpoint have been deprecated. The 4.0.x releases will maintain support for it, but it will be entirely removed from the 4.1 release.
If you are currently using the XMLRPC API endpoint, it is highly recommended that you start transitioning to the v2 REST API as soon as possible.
Enhancements
General
- Improved handling of square logos on Login page
- Updated embedded PHPMailer version to 5.2.21 to address vulnerabilities CVE-2016-10033 and CVE-2016-10045
Support Manager
- Email gateway will now output a loggable error code when it refuses to open a ticket
Bugfixes
General
- Fixed broken date ranges criteria in Advanced Search
- Added missing “State” field to Registrar contacts configuration
- Added field validation and format documentation for phone numbers when using OpenSRS (Domain Management)
- Optimized
event_trigger_prune.php
cron script for pruning very large event tables - Fixed a security issue with the DUO 2FA implementation when using DUO’s “trusted networks” which could allow privilege escalation for admins
- Fixed default logo on Login page being hard to see on white background
- Fixed long company names getting cut off on Login page
Client Manager
- Fixed a bug where 100% discounted services were not being properly pre-billed
- Fixed multiple select box default values not being saved properly for service plan custom fields defaults
- Improved error logging for
invoice.php
cron script for many miscellaneous errors - Fixed a bug causing the Discount column to not show up correctly on invoices containing discounted services
- Fixed a bug with E-xact payment gateway where in some cases a transaction might be submitted more than once
- Improved error logging for invoice.php cron script when failing to renew a domain
- Improved stability of
invoice.php
cron script by being more flexible on maximum allows execution time to address “Function not currently available” errors - Fixed new lines not being properly converted to tags in overdue notices when using ##html##
- Fixed a bug with services silently failing renewal when no notes are present for the service and a service module tries to generate a new note
Support Manager
- Fixed a Cross Site Scripting (XSS) Vulnerability in a ticket’s Time Spent tab
Device Manager
- Fixed a bug which could trigger a “too many tables” DB error when creating connections with more than 6 interfaces
- Improved error logging for Switch Management module when re-enabling ports after payment is made
- Fixed a bug where adding a device module to a Device Type or Device Type Group would not correctly add the related custom fields
- Fixed a bug with ACLs which could occur after upgrading from 2.3.x where device lists might show a mismatch between “Found devices” count and the actual list (the former being correct)
- Enabling/disabling monitors for all devices of a facility will no longer execute the action on devices of all other facilities
Order Manager
- Use order queue’s “From Email” address field for “Open Ticket” order module as the “From Address” for the email generated, instead of the client email when source is set to Admin
Sales Manager
- Fixed the “All” filter for quote statuses on a client’s List Quotes page to include cancelled quotes
API
- Fixed a bug with
client.list
API method which caused field level default values for custom fields not to be correctly returned - Improved documentation for
support.ticket_submit
,support.ticket_post_staff_response
,support.ticket_submit_outgoing
andsupport.ticket_post_client_response
API methods - Stop performing sanitization of input for API calls
Client Portal
- Fixed an issue where the client portal would make AJAX requests to scripts located in the admin portal