Skip to main content

Version 4.0.9

By May 17, 2017October 26th, 2020No Comments

Important Notice

Please note that the XMLRPC API endpoint have been deprecated. The 4.0.x releases will maintain support for it, but it will be entirely removed from the 4.1 release.
If you are currently using the XMLRPC API endpoint, it is highly recommended that you start transitioning to the v2 REST API as soon as possible.



  • Improved handling of square logos on Login page
  • Updated embedded PHPMailer version to 5.2.21 to address vulnerabilities CVE-2016-10033 and CVE-2016-10045

Support Manager

  • Email gateway will now output a loggable error code when it refuses to open a ticket



  • Fixed broken date ranges criteria in Advanced Search
  • Added missing “State” field to Registrar contacts configuration
  • Added field validation and format documentation for phone numbers when using OpenSRS (Domain Management)
  • Optimized event_trigger_prune.php cron script for pruning very large event tables
  • Fixed a security issue with the DUO 2FA implementation when using DUO’s “trusted networks” which could allow privilege escalation for admins
  • Fixed default logo on Login page being hard to see on white background
  • Fixed long company names getting cut off on Login page

Client Manager

  • Fixed a bug where 100% discounted services were not being properly pre-billed
  • Fixed multiple select box default values not being saved properly for service plan custom fields defaults
  • Improved error logging for invoice.php cron script for many miscellaneous errors
  • Fixed a bug causing the Discount column to not show up correctly on invoices containing discounted services
  • Fixed a bug with E-xact payment gateway where in some cases a transaction might be submitted more than once
  • Improved error logging for invoice.php cron script when failing to renew a domain
  • Improved stability of invoice.php cron script by being more flexible on maximum allows execution time to address “Function not currently available” errors
  • Fixed new lines not being properly converted to tags in overdue notices when using ##html##
  • Fixed a bug with services silently failing renewal when no notes are present for the service and a service module tries to generate a new note

Support Manager

  • Fixed a Cross Site Scripting (XSS) Vulnerability in a ticket’s Time Spent tab

Device Manager

  • Fixed a bug which could trigger a “too many tables” DB error when creating connections with more than 6 interfaces
  • Improved error logging for Switch Management module when re-enabling ports after payment is made
  • Fixed a bug where adding a device module to a Device Type or Device Type Group would not correctly add the related custom fields
  • Fixed a bug with ACLs which could occur after upgrading from 2.3.x where device lists might show a mismatch between “Found devices” count and the actual list (the former being correct)
  • Enabling/disabling monitors for all devices of a facility will no longer execute the action on devices of all other facilities

Order Manager

  • Use order queue’s “From Email” address field for “Open Ticket” order module as the “From Address” for the email generated, instead of the client email when source is set to Admin

Sales Manager

  • Fixed the “All” filter for quote statuses on a client’s List Quotes page to include cancelled quotes


  • Fixed a bug with client.list API method which caused field level default values for custom fields not to be correctly returned
  • Improved documentation for support.ticket_submit, support.ticket_post_staff_response, support.ticket_submit_outgoing and support.ticket_post_client_response API methods
  • Stop performing sanitization of input for API calls

Client Portal

  • Fixed an issue where the client portal would make AJAX requests to scripts located in the admin portal