HESK® PHP Help Desk Software

HESK 3 CHANGELOG

Changes in 3.4.6 - 11th August 2024
- security: fixed a reflected XSS, reported by TETS (www)
- fix: invalid value in tickets sub-pages links

Changes in 3.4.5 - 9th March 2024
- fix: required custom field errors from category-specific fields when editing a ticket
- fix: file attachments not working on PHP 8.3+ when Debug mode is ON

Changes in 3.4.4 - 3rd March 2024
- added "status-" selectors to the list of tickets table to make customization by status easier
- fix: list of tickets should have links HTML formatted in HTML emails
- fix: when changing a ticket category, category-specific custom fields should not be cleared of data
- fix: when printing a ticket, print also the sequential ID if enabled
- fix: possible duplicate custom field ID generated
- fix: use rename instead of copy to move temporary attachments
- fix: don't load the users page without the edit or view users permission
- fix: Uncaught TypeError when submitting a note with disabled attachments
- fix: allow Dynamic Properties in secimg class to avoid PHP 8.2/PHP 9 depreciation errors
- fix: private KB sub-category shows no articles if only private articles are inside
- fix: when parsing emails, check if attachments have attachments
- fix: when detecting first name, valid short first names are ignored
- fix: undefined $hesklang in an OAuth function
- fix: allow blob images in TinyMCE
- fix: reply drafts not deleted on slower requests
- fix: in grouped ticket lists, apply select all check marks on the selected grouping only
- fix: wrong status displayed of a resolved ticket to staff who cannot resolve tickets
- fix: time worked not updated when submitting notes in some cases
- fix: IMAP not respecting custom port setting
- updated third-party libraries

Changes in 3.4.3 - 8th April 2023
- updates for PHP 8.2 depreciated functionality
- ticket reply messages will now auto-save as draft a few seconds after you stop typing
- new email tag %%ATTACHMENTS%% that lists links to attachments to a ticket/reply
- list of attachments will now show directly below %%MESSAGE%% (unless %%ATTACHMENTS%% is used)
- the "Find a ticket" form now allows searching for empty (null) values in fields that allow it
- fix: IMAP fetching using the wrong noval_cert setting
- fix: POP3 fetching will now calculate a reasonable execution time limit
- fix: generated links to attachments in HTML emails are not clickable
- fix: re-sent email notifications include ticket attachments instead of reply attachments
- fix: SQL error in escalate module with overdue tickets and non-standard date format
- fix: if $hesklang['EMAIL_HR'] is defined in custom-text.php, use that one
- fix: some email templates display unsupported tags
- fix: the close button on custom date field hides all the date values
- fix: some custom field input types not marked in red on error
- updated PHPMailer to 6.8.0

Changes in 3.4.2 - 3rd December 2022
- fix: tickets raised by email piping don't have a due date
- fix: in canned responses replace URL-encoded special tags
- fix: email utf-8 conversion may cause missing characters
- fix: remove unwanted chars from email-generated ticket subjects
- updated TinyMCE to 5.10.6
- updated PHPMailer to 6.6.5

Changes in 3.4.1 - 29th September 2022
- added OAuth support for POP3 fetching
- fix: missing function error when viewing a resolved ticket
- fix: do not mark an OAuth Provider as verified on errors
- fix: unassigned email sending not working correctly on multi-language staff
- fix: detect and ignore non-3.4.x language files
- updated HTMLPurifier to 4.15.0

Changes in 3.4.0 - 17th September 2022
- added OAuth support for email sending and IMAP fetching
- new permission: Can set due date
- updates for PHP 8.2 depreciated functionality
- fix: custom date fields can display the wrong date when editing a ticket
- fix: wrong current month date range in reporting
- fix: sending emails does not work with unauthenticated SMTP
- fix: silent fail if unable to move attachments to the /attachments/temp folder
- fix: in the "Previous tickets" list only show tickets the user has access to
- fix: attachments with no file extension will be renamed to *.unknown-file-type instead of fatal error
- fix: increase some too small display margins
- fix: SMTP error log should not be echoed directly
- fix: email to ticket attachment removal notices not visible

Changes in 3.3.2 - 2nd August 2022
- added option to not validate SSL certificates for SMTP connections
- fix: minimum requirement set to PHP 5.6 due to Composer compatibility
- fix: SMTP host name stored with ssl:// prefix when SSL encryption is selected
- fix: ticket reminder form not working with Invisible ReCaptcha enabled
- fix: wrong %%MESSAGE%% value in HTML emails when re-sending email notification for replies

Changes in 3.3.1 - 15th July 2022
- fix: password reset link issues in HTML emails
- fix: error when elevator duration is set to hours
- fix: automatically submitting MFA forms could cause double submissions in Chrome
- fix: survey email template is not needed in the self-hosted version, removed it
- fix: "Add a note" form misbehaving when "Newest reply at top" is active
- fix: in admin panel the due date calendar may require horizontal scroll
- fix: a few date fields not working properly

Changes in 3.3.0 - 5th July 2022
- [CLOUD ONLY] Satisfaction module: send a third party survey after resolving tickets
- Ocean Blue is now the default Hesk style. For other styles, visit Hesk Styles
- dropped support for PHP 5.3 and 5.4, Hesk now requires PHP 5.5+
- categories can auto-assign tickets to specific users
- categories can have a default due date set
- added support for multi-factor authentication
- improved display options for date and time
- improved attachments process (async upload, drag and drop, preserve on errors)
- Hesk now uses PHPMailer to construct and send emails
- added support for HTML emails (both HTML and plain text templates are available)
- email fetching shows the reason why an email was ignored if Debug mode is on
- more control over what emails are ignored in the email to ticket functionality
- tracking ID is no longer required in email subject for email to ticket functionality
- if captcha is enabled, it will also show in the "Forgot ticket ID" form
- update "Time worked" when staff submits a note to a ticket
- use the "Show Tickets" form to find tickets by due date
- new staff permission: can view all users, but not manage them
- updates for PHP 8.1 depreciated functionality
- security: improved password storage algorithm and length requirements
- staff can now select ticket status when submitting a ticket in the customer's name
- a new email template is now used when staff submits a ticket in the customer's name
- you can now set the ticket language when editing a ticket in multi-language installations
- when viewing a ticket in the admin panel a list of previous tickets is shown
- changed several Javascript confirm boxes to HTML modals
- when deleting a category, you can now select what category to move the tickets to
- when deleting a user, only open tickets will be set to unassigned
- fix: no need to regenerate session ID on every page load
- fix: changing language when viewing a ticket shows the "View ticket" form
- fix: non-YMD date format caused an error when sending overdue notifications
- fix: custom date fields could display wrong date on the edit ticket page
- fix: custom field name hidden when editing it, if it was created in a deleted language
- fix: wrong default submit action in staff New ticket page
- fix: unable to set negative relative dates in custom fields
- updated TinyMCE to 5.10.5

Changes in 3.2.5 - 6th January 2022
- updates for PHP 8.1 depreciated functionality
- fix: long URL addresses stretch the ticket window
- fix: status selection in ticket export form not working under certain conditions
- fix: missing array key 'time_worked' in email to ticket function reply notification
- fix: user setting for overdue ticket notifications not always respected
- fix: using "Submit as Resolved" doesn't update "closed at" date
- fix: forgot ticket ID modal close button not working on small screens
- updated HTMLPurifier to 4.14.0
- updated TinyMCE to 5.10.2

Changes in 3.2.4 - 2nd October 2021
- added "Due date" tag for canned responses
- security: error message not appropriately sanitized, reported by msry1
- fix: insert canned responses tags at pointer focus
- fix: inconsistent storage of plain text message version in RTF mode
- fix: due date not formatted for staff with view-only access
- fix: avatar uppercase letter shows ? in multi-byte names
- fix: cannot uncheck "Assigned to others" on ticket export page
- updated TinyMCE to 5.9.2
- minor styling and usability changes

Changes in 3.2.3 - 11th August 2021
- automatically link URLs in TinyMCE by default
- removed the db_vrsn setting, it is not needed anymore
- all ticket list pages now show the "Auto reload page" widget
- fix: forgot ticket ID email list does not include tickets with a custom status
- fix: the "reply below this line" tag not added in IMAP fetching
- fix: add an extra empty space after ticket tracking URL to make them clickable in Outlook
- fix: overdue cron notifications not working if date format is not YYYY-MM-DD
- fix: installation script doesn't accept UTF-8 chars for admin username
- fix: priority pre-select via URL parameter doesn't work in the public side
- fix: unable to sort ticket columns after setting a default view
- fix: Hesk doesn't accept database username with &
- updated TinyMCE to 5.8.2

Changes in 3.2.2 - 13th March 2021
- fix: replies via email not showing content when Rich Text (HTML) formatting is turned on
- fix: reset ticket session data if any variable is sent to the Create new ticket form
- due date and ticket language parameters can now be passed to the Create new ticket form

Changes in 3.2.1 - 11th March 2021
- fix: merged tickets not showing replies with Rich Text (HTML) formatting turned on
- fix: SMTP class does not support TLS 1.2 in PHP >= 5.6.7 and < PHP 7.2
- fix: admin panel modals hidden on small screens
- updated TinyMCE to 5.7.0

Changes in 3.2.0 - 28th February 2021
- [CLOUD ONLY] Escalate module: create rules to escalate tickets automatically
- tickets can now have a due date set
- added support for HTML-formatted ticket messages/replies (staff only)
- added links to filter tickets by assignment/due soon/overdue quickly
- do not update "lastchange" timestamp on Resolved tickets when deleting a user or category
- support for %%SITE_TITLE%% in email subjects
- improved button text display on non-English versions
- added an easy way to load an extra custom CSS file to Hesk admin
- staff can now change ticket category when submitting a ticket
- staff can now set ticket (customer) language when submitting a ticket
- cron files can now have an access key set to authorize web access
- security: fixed persistent XSS, reported by Charley Celice of Quorum Cyber (www)
- fix: make sure ticket list always has clickable links in mobile view
- fix: ticket list mismatch after deleting a custom field
- fix: check if JSON is enabled when installing/updating Hesk
- fix: bulk ticket actions select vertical scroll bar off-screen on some mobile devices
- fix: set cookie SameSite attribute to "None" if Hesk is allowed to be displayed in frames
- fix: message encoding issue when previewing service messages
- fix: properly escape edge-case HTML special characters and backslashes
- fix: "Can unban ips" permission should also enable "Can ban ips"
- fix: email notification setting when someone adds a note not respected
- fix: respect custom field position when editing a ticket
- fix: properly encode CDATA closing tag
- minor styling and usability changes

Changes in 3.1.2 - 18th August 2020
- the "Submit as" control in staff reply form now supports all statuses
- don't change the "last updated" value of tickets when deleting a custom field
- prevent a corrupted hesk_kb_categories table causing an infinite loop
- show ticket subject and notes at the top with "Newest reply at top" setting selected
- when submitting a ticket from the admin panel Hesk will now pre-select default category priority
- implemented SameSite cookie attribute support
- fix: the top "Re-send email notification" should send new ticket notification, not new reply
- fix: language string with a single quote breaks calendar translation
- fix: use quoting mechanism for special interpretation characters in mail from header
- fix: on Profile page cannot select "Show the ticket I just replied to"
- fix: contact details hidden in languages with a long title translation
- fix: cannot select a language for service messages
- fix: parsing of a non-utf8 email fails if Iconv functions are not available
- fix: only list users whom the ticket can be assigned to when submitting a new ticket
- updated third party libraries to the latest version
- minor styling and usability changes

Changes in 3.1.1 - 3rd May 2020
- knowledgebase now shows full category structure in breadcrumbs
- added custom favicon for better display on different devices
- fix: saving general settings resets sending emails to PHP mail()
- fix: sub-categories with no articles are hidden in customer side
- fix: in customer side knowledgebase votes show views
- fix: knowledgebase sub-category preview shows 1 article too many
- fix: knowledgebase views show 1 less than actual when viewing an article
- fix: non-default time format may show staff replies as "50 years ago" in customer-side
- fix: custom header and footer are outside of the main wapper
- minor styling and usability changes

Changes in 3.1.0 - 7th April 2020
- [CLOUD ONLY] Statistics module: insight into help desk usage and staff performance
- choose the desired ticket reply hiding logic
- added tooltips to action icons without a label
- descriptive timestamps in ticket details (e.g., 5 hours ago)
- improved ticket content readability, including adjustable max-width
- improved formatting of WYSIWYG-generated content
- improved customer-side display in Internet Explorer 9
- security: fixed a reflected XSS, reported by Mostafa Gamal & Ahmed Sherif
- fix: hide the link to Export tickets page if the user has no export permission
- fix: HTML header code printed twice on the knowledgebase results page
- fix: properly strip slashes and encode HTML in service messages
- fix: custom text and hidden fields don't display a default value in admin panel > New ticket
- fix: custom text field maxlength not working in customer side
- fix: ticket replies not hidden correctly with "Newest reply at top"
- fix: if a settings label is long it doesn't align nicely
- fix: some hard-coded text cannot be translated
- fix: show full custom field names in customer submit a ticket form
- fix: when multiple languages are allowed, cannot add a custom status
- fix: when multiple languages are allowed, editing a custom field shows empty field names
- fix: IMAP "Keep a copy" checkbox not saving
- fix: cannot allow single char attachment extensions
- minor styling and usability changes

Changes in 3.0.3 - 8th March 2020
- fix: customer ticket reminder form not working in 3.0.2

Changes in 3.0.2 - 3rd March 2020
- fix: settings for POP3 fetching not saving
- fix: the style of subject and message inputs changes when selecting a ticket template
- fix: issues with selecting drop-down select box values
- fix: cannot change ticket status to "New"
- fix: unable to append or select canned responses in some situations
- fix: Javascript not escaping converted HTML code properly
- fix: duplicate "Assign this ticket to myself" in the reply form
- fix: ticket details not responsive in Edge
- fix: Undefined offset notice in ticket history
- tickets with status "Critical" now have a distinctive background color in ticket list
- minor styling and usability changes

Changes in 3.0.1 - 27th February 2020
- fix: suppress browser errors when multiple email addresses are allowed
- fix: properly escape variables when saving settings
- fix: confirm email always returns an error
- fix: hesk_error() function should exit not return for end-users
- fix: unable to append or select canned responses in some situations
- minor styling and usability changes

Changes in 3.0.0 - 17th February 2020
- a brand new mobile-friendly user interface
- built-in theme support for the public (customer) interface
- fix: SQL error when trying to ban an invalid IP

HESK 2 CHANGELOG

Changes in 2.8.10 - 2nd October 2021
- security: error message not appropriately sanitized, reported by msry1

Changes in 2.8.9 - 11th August 2021
- fix: forgot ticket ID email list does not include tickets with a custom status
- fix: the "reply below this line" tag not added in IMAP fetching
- fix: add an extra empty space after ticket tracking URL to make them clickable in Outlook
- fix: installation script doesn't accept UTF-8 chars for admin username
- fix: Hesk doesn't accept database username with &

Changes in 2.8.8 - 28th February 2021
- security: fixed persistent XSS, reported by Charley Celice of Quorum Cyber (www)
- fix: "Can unban ips" permission should also enable "Can ban ips"
- fix: email notification setting when someone adds a note not respected
- fix: properly encode CDATA closing tag

Changes in 2.8.7 - 18th August 2020
- don't change the "last updated" value of tickets when deleting a custom field
- fix: use quoting mechanism for special interpretation characters in mail from header
- updated third party libraries to the latest version

Changes in 2.8.6 - 7th April 2020
- security: fixed a reflected XSS, reported by Mostafa Gamal & Ahmed Sherif
- fix: SQL error when trying to ban an invalid IP
- fix: properly strip slashes and encode HTML in service messages
- fix: cannot allow single char attachment extensions

Changes in 2.8.5 - 6th January 2020
- PHP 7.4 compatibility
- MySQL 8.0.13 compatibility
- users with no can_reply_tickets permission can now create ticket notes
- updated third party libraries to the latest version
- fix: respect article order in Knowledgebase
- fix: save email attachments sent as message content type
- fix: better handle can_resolve and can_reply_tickets permissions

Changes in 2.8.4 - 17th August 2019
- fix: modified the HTMLPurifier library to be compatible with PHP 5.3

Changes in 2.8.3 - 16th August 2019
- fix: break long words when bulk printing tickets
- fix: HTML-encoded chars can cause MySQL truncate error
- fix: parse links with single quotes in HTML email to ticket
- fix: wrong option for staff re-send notification of an assigned ticket
- fix: in email to ticket inline attachments with no message are not imported correctly
- fix: descriptive error message when post_max_size is exceeded for customer interface
- fix: link to embedded image tags rather than deleting them
- fix: no image in service messages list for style "None"
- fix: pagination does not work when searching for tickets by owner
- fix: workaround for a Microsoft DKIM verification bug

Changes in 2.8.2 - 5th July 2018
- service messages can be set to display for a specific language only
- fix: use div instead of span in print template for better browser compatibility
- fix: double escaping in hesk_dbLike function may cause failed lookups
- fix: some queries don't work in MySQL ONLY_FULL_GROUP_BY mode
- fix: POP3 fetching EOF detection unreliable in newer PHP versions
- fix: Message-ID header missing host name over CLI
- fix: force hesk_mb_strtolower function to use UTF-8

Changes in 2.8.1 - 18th May 2018
- fix: update assignedby column when doing bulk assignments
- fix: add a unique Message-ID header to outgoing emails

Changes in 2.8.0 - 14th May 2018
- removed PHP 7.2 depreciated functions
- minimum required PHP version increased to 5.3
- bulk assign tickets form the ticket list
- bulk print tickets form the ticket list
- added tools for anonymizing tickets
- find tickets by customer IP address
- added support for Invisible reCAPTCHA
- removed reCAPTCHA V1 (discontinued by Google)
- staff can re-send email notifications for tickets
- dropped time difference calculation, using timezones
- new staff permission: can view tickets he/she assigned others
- export to Excel now works for individual and selected tickets
- fix: IMAP fetching ticket history log shows POP3 fetching
- fix: IMAP connection test fails if the password contains a backslash
- disable IMAP fetching if PHP was compiled without IMAP support
- warn if a user's email address matches the POP3/IMAP fetching address
- notice if "From:" email doesn't match SMTP sever email address
- new "First name" tag for email templates and canned responses
- minor UI improvements (ticket action buttons)

Changes in 2.7.6 - 1st March 2018
- improved handling of multiple emails in a ticket
- changed a setting field name to avoid a mod_security false positive
- fix: when editing a ticket, empty values should not be replaced with defaults
- fix: URL in a custom text field breaks HTML on the edit ticket page
- fix: removing duplicate recipients creates an issue in SMTP library
- fix: knowledgebase category shouldn't have its child set as parent
- fix: use multibyte functions for checking and limiting string length
- fix: (strict mode) only variables should be passed by reference
- fix: a non well formed numeric value notice in settings
- updated third party libraries to the latest version

Changes in 2.7.5 - 25th November 2017
- fix: old name and subject length limits in "Edit ticket"

Changes in 2.7.4 - 21st November 2017
- new email tag %%TIME_WORKED%% shows time staff worked on a ticket
- new email tag %%LAST_REPLY_BY%% shows name of the person who posted last ticket message
- increased maxlength attribute for ticket name and subject to max supported in database (50 and 70)
- improved few default email messages to avoid some spam filters marking them as "linkbait"
- fix: move category not working correctly for users with no global submit permission
- fix: if iconv is not available, attempt to use utf8_encode instead in email to ticket
- fix: don't encode email headers if ascii only, it triggers some spam filters
- fix: backslash not escaped properly in several functions
- fix: remove duplicate recipients in hesk_mail() function
- fix: missing name error message in profile
- fix: don't allow newlines in email headers
- fix: duplicate language string, IP WHOIS case
- fix: use multibyte strtolower for strings where needed
- fix: possible wrong previous month name in reports/exports
- updated several third party libraries to the latest version

Changes in 2.7.3 - 10th April 2017
- added meta robots "noindex, nofollow" tag to admin pages
- hide KB functionality from customer side if no public articles
- upload additional attachments when editing a ticket (up to allowed limit)
- modified client IP detection to enable detecting proxy connections
- improved display logic for top and latest public KB articles
- improved handling of PHP/MySQL timezone difference
- added new pages to allowed admin panel redirects
- updated HTML Purifier and allowed URI Schemes
- delete some cached files when saving settings
- fix: missing collations in MySQL prior to 5.6
- fix: missing statuses in ticket ID reminder email
- fix: issues with emails that contain a single quote
- fix: wrong custom date field value saved in some timezones
- fix: extra line when using a hidden custom field after message
- fix: session expired issue in very old PHP versions with register_globals on

Changes in 2.7.2 - 2nd January 2017
- fix: suppress warnings when check for update without cURL fails
- fix: MySQL strict mode issue when upgrading an old Hesk version
- fix: Content-Security-Policy flags setTimeout string as unsafe-eval
- fix: searching tickets disabled status New in show tickets form
- fix: do not overwrite the text/javascript header in tcal.php
- detect additional "noreply" addresses
- respect category order in ticket list group/order by category
- don't list KB articles under "latest" if they are already listed under "top"
- moved help desk title/URL under general settings to avoid confusion
- modified some default settings (does not affect updates)

Changes in 2.7.1 - 19th November 2016
- fix: don't modify ticket "Last updated" when updating HESK to 2.7.x

Changes in 2.7.0 - 19th November 2016
- custom fields have been improved significantly:
   » translate title
   » change display order
   » tie them to specific categories
   » private (staff only) custom fields supported
   » mark as required for everyone or just for customers
   » checkboxes now require only a single option (before: two)
   » increased number of available custom fields to 50
   » improved interface and moved under "Tools"
   » do not show double punctuation in forms
   » new types: date, email, hidden
- you can now create custom ticket statuses
- improved language loading (fallback if not found, custom text)
- automatically reload pages with list of tickets every X seconds/minutes
- require tickets to be assigned before staff is able to reply to them (option)
- implemented IMAP fetching (import emails to tickets from an IMAP email server)
- email templates can now be modified from the Admin panel (Tools > Email templates)
- removed LIMIT 1 from SQL UPDATE/DELETE statements to avoid replication warnings
- in "Tickets per user" report show how many tickets a user has submitted
- in admin panel show a link to the public knowledgebase article location
- added head.txt for custom code to be included before </head> tag
- delete knowledgebase articles from the "Edit article" page
- moved temporary files out of attachments folder
- new staff permissions:
   » can resolve tickets
   » can submit tickets to any category
   » can move tickets to any category
- ticket message can be set to not required
- ticket subject can be set to not required
- ticket email can be set to not required
- HESK can now force SSL connections
- fix: JS function argument default values are not available before ES6
- fix: wrong order of ticket list column titles when a required column is missing
- fix: return back to the previous page after editing KB articles from List private/draft articles
- fix: remember opened ticket when changing display language in customer ticket view

Changes in 2.6.8 - 10th August 2016
- fix: wrong form title when editing service messages
- fix: removed some missing and/or mismatched HTML tags
- fix: modify SQL database table structure to work with strict mode
- security: fixed an issue, reported by Sven Morgenroth from Netsparker (www)
- security: various security improvements, reported by Mohammed Abdulqader Abobaker Al-saggaf (www)
- misc: updated few third party libraries

Changes in 2.6.7 - 18th April 2016
- changed email piping and pop3 fetching files line endings to Unix format for compatibility
- security: removed private info from query string, reported by Alec Broughton (www)
- security: require email to view tickets setting is now enabled by default
- fix: pagination in private staff messages not working
- fix: wrong links to index and KB page in help files
- in customer side emails are now shown as a link

Changes in 2.6.6 - 2nd February 2016
- improved reCaptcha library to work with cURL
- verify MySQL privileges before installing/upgrading
- fix: respect attachments settings in KB form (minimum 3 if enabled)
- fix: always checking for maintenance mode when downloading attachments
- fix: missing <tr> tag in Reports

Changes in 2.6.5 - 28th August 2015
- HESK now supports Zend OPcache enabled
- modified PHP7 depreciated class constructors
- improved handling of values/options when changing custom field type
- simple anti-SPAM image now uses PNG or GIF support if JPEG is not enabled
- trim "Help Desk URL" trailing slash when saving settings
- fix: send customer notification of a new staff reply in the correct language
- fix: merging tickets could hide old replies until a new reply is posted
- fix: preserve table prefix in installation script on connection error
- fix: session expired error when trying to reset password
- fix: don't send out content-type headers for CLI scripts

Changes in 2.6.4 - 22nd June 2015
- fix: session expired error if username case doesn't match exactly the one in database

Changes in 2.6.3 - 20th June 2015
- update unknown IP address to the IP address of the first ticket visitor from customer interface
- "last modified" value will now be preserved during hesk_tickets table update
- staff private messages can now have signatures attached
- added three new special tags to canned responses
- improved status assignment logic when customer reopens a closed ticket
- removed execution time limit in installation script to handle large database updates
- updated inline URL regex to not process emails in URLs containing not encoded emails
- fix: existing sessions should expire after changing credentials, reported by Indrajith.AN (www)
- fix: missing a day in the DateArray() function when passing daylight saving time adjustments
- fix: force content type header charset to utf-8 (override PHP 5.6+ default_charset)
- fix: status change not logged in ticket history when staff inserting customer reply
- fix: email to ticket: accept email if no message required but attachment exists
- fix: email confirmation not working properly when multiple emails are allowed
- fix: non-default MySQL ports ignored during upgrade using mysqli library
- fix: "Small box" setting disables knowledgebase search in admin panel
- fix: null attachment name length after removing non-ascii chars
- fix: grammar error in English language file

Changes in 2.6.2 - 18th March 2015
- fix: \0 converted to null byte in XML export
- fix: closedby column in hesk_tickets table must accept signed values

Changes in 2.6.1 - 26th February 2015
- fix: POP3 fetching task timeout can be disabled
- fix: security issue reported by MichaƂ Bentkowski (www)

Changes in 2.6.0 - 22nd February 2015
- HESK is now compatible with PHP 5.6
- minimum MySQL server version is 5.0.7
- select which columns to display in ticket list
- staff can now manage notifications and preferences for other users
- option to disable email notifications to customer when they submit a new support ticket
- notify customer when a ticket is marked Resolved (by staff without replying or automatically)
- track what knowledgebase articles were suggested to the customer when submitting a new ticket
- remind customer to check SPAM box for confirmation emails after submitting ticket
- existing staff responses will be marked as read when customer replies over email
- ticket templates for faster submitting of common tickets from admin interface
- additional buttons to easily submit responses with different ticket statuses
- improved handling of the goto parameter in admin panel (Lisandro Ubiedo)
- require access control when testing connections (Lisandro Ubiedo)
- don't start a new POP3 fetching task if the previous is still running
- fix: fieldset legend element not aligned properly in most browsers
- fix: set correct MIME type for servers sending nosniff header
- fix: adjust MySQL time in legacy hesk_formatDate() function
- fix: remove all non-ascii chars from attachment names
- fix: custom checkbox fields not staying selected
- staff can indicate a reply as a reply from the customer
- use HESK knowledgebase only (no help desk)
- allow staff to reset forgotten passwords
- HESK can be put in maintenance mode
- ability to find tickets by Owner
- added support for reCAPTCHA API v2
- the "Time worked" feature can be disabled
- HESK width increased of 960 pixel by default
- show service messages on help desk homepage
- option to prevent customers from resolving tickets
- link customer IP addresses to an IP whois service
- new email tag %%ID%% prints sequential ticket ID
- save ticket response message for later without replying
- set default customer notification box selection in Profile
- ticket notes now allow attachments and can be modified
- staff members are now ordered by name for easier selection
- customers can select email reminder to list all or open tickets
- three time formats available for the "Updated" column in ticket list
- "Submit a ticket" form fields can now be populated using GET and POST
- when saving settings don't test SMTP and POP3 connection if no changes
- optionally show "Click to select" for ticket category, priority and custom fields
- skip customer notification of new ticket if a SPAM tag is in email subject
- customer email and staff signature field length increased to 1000 chars
- accept or reject emails with no message (email piping/POP3 fetching)
- on Categories page added links to list all tickets in each category
- when listing knowledgebase articles verify the category exists
- show related knowledgebase articles when viewing an article
- when creating tickets from emails respect the Reply-To: tag
- change ticket priority for selected tickets in ticket list
- set default priority for ticket categories
- minor changes to the interface
- ban email addresses
- ban IP addresses

Changes in 2.5.5 - 5th August 2014
- fix: correct TinyMCE update to 3.5.11 from version 2.5.4

Changes in 2.5.4 - 4th August 2014
- fix: MySQL test ignoring new database name when verifying tables
- fix: adjust time if MySQL and PHP use different time zone setting
- fix: single quotes not escaped properly in Javascript (Lisandro Ubiedo)
- updated TinyMCE to 3.5.11

Changes in 2.5.3 - 16th March 2014
- Firefox built-in spell check is now enabled when creating/editing knowledgebase articles
- rephrased few commands in the interface for better understanding and consistency
- fix: some Javascript not working if translated command contains a single quote
- fix: line separator chars causing Javascript syntax errors in canned responses
- fix: Hotmail breaks ticket tracking ID in email reply subject by adding spaces
- fix: define dt and lastchange variables for emails when adding a ticket note
- fix: email date should be in RFC2822 format (no manual time adjustment)
- fix: allow upgrading from 2.5.x series without patch files
- updated pop3.php to avoid a strict standards warning
- improved and simplified installation/update script
- added .header a:visited to hesk_style.css
- user password length is no longer limited
- updated TinyMCE to 3.5.10

Changes in 2.5.2 - 13th October 2013
- reports now include "Time worked" summary
- modified sorting by "Last Replier" field. Staff will be sorted first (by ID), then customers by name
- fix: toggling limit of categories and features for users should be controlled by selected admin value
- fix: checking if temporary file exists may cause problems with open_basedir in effect
- fix: disabled attachments in version 2.5.x don't load all required functions
- fix: knowledgebase categories have problems with % char in their name
- fix: anti-SPAM question doesn't accept 0 as a valid answer
- updated TinyMCE to 3.5.9

Changes in 2.5.1 - 8th August 2013
- added "Updated" value to the export of tickets to Excel
- added support for exporting tickets in Zip without Zip library enabled
- added two new email template tags: %%CREATED%% and %%UPDATED%%
- reduced memory usage in knowledgebase article suggestion, search and display
- set last replier name to the email sender name with email piping/POP3 fetching
- show "Open" and "Resolved" ticket count in reports by user and by category
- fixed HTML quoted printable chars causing problems in non UTF-8 emails
- fixed Javascript encoding of UTF-8 URL query parts
- fixed behavior of hesk_isEmailLoop() function
- remove invalid UTF-8 bytes from submitted text
- improved parsing of incoming email messages
- delete temporary email files on errors

Changes in 2.5.0 - 2nd July 2013
- HESK is now fully compatible with PHP 5.5
- export tickets into Excel (XML spreadsheet)
- knowledgebase categories can now be ordered
- show number of private and draft articles in the Knowledgebase categories list
- new SPAM prevention option built-in: ReCaptcha
- new special tag for use in email templates: %%EMAIL%%
- support for %%MESSAGE%% tag in private messages
- in email piping/pop3 fetching show notice what attachments were removed and why
- if email contains message add direct links to any attachments at the bottom
- add the "Reply above this line" tag only if email contains message
- in emails make sure all fields have HTML special chars properly formatted
- pop3 fetching now has an option to keep copy of emails on the server
- pop3 fetching change verify sender name encoding
- use mysqli extension instead of mysql if available
- if customer reopens ticket change status to waiting reply from customer and remind customer to add a reply
- it's now easy to change the name of admin and attachments folders
- disallow uploads of some file types: .php, .phtml, .php3, .php4, .php5, .phps, .pl, .cgi, .shtm, .shtml
- optimized several SQL statements for better performance
- staff can now only run reports for categories they have access to and (by user) only for themselves.
- option to give staff permission to run full reports
- removed duplicates from text.php
- when grouping tickets by owner show current user's on top
- improved URL parsing to detect all schemes (http, https, ftp, sftp, file, ...)
- when replying as staff give an option to not send email notification
- in options.php urldecode $query
- On Hold and In Progress statuses not cleared from the "Change status to" box
- empty category value in submit ticket form if no public categories
- work-around for a bug in older versions of Internet Explorer not allowing https downloads
- long URLs in messages can be automatically shortened
- session names shouldn't collide with multiple copies installed
- email piping limit length of name and subject
- detect if an attachment file has been deleted
- show replier first name when printing tickets
- do not allow rating replies of third party tickets
- wrong status in email if status changes when replying
- make "Add to the bottom" default selection for adding canned responses
- "last changed" sometimes not updating correctly
- remove the need for server path setting
- forms need to allow longer emails (now 255 chars)
- if a customer replies to a ticket with status "New" don't change status
- "Show newest on top" setting now affects notes as well
- custom fields need to be converted into plain text before sending in emails
- hesk_makeURL should detect localhost addresses
- decode XHTML reserved entities to UTF-8 in emails
- prevent & in "Site title" setting from becoming &amp; in emails
- modified knowledgebase search form to make it clearer what the form does (search help)
- detect if someone tries to post more data than what the server allows (PHP post_max_size limit)
- expired sessions in admin panel may cause an "Invalid Request" error
- reloading the page after submitting a KB article creates a new (duplicate) article
- fix category name and email problems due to MySQL wildcard match
- for customers, auto-focus first required field when "Submit a ticket" form loads
- prevent caching of session pages by sending session_cache_limiter nocache
- private and draft article list showing only 1 draft per category
- limiting failed login attempts can now be disabled in settings
- modified the simple anti-spam image a bit
- count views of private articles
- when deleting knowledgebase category also delete/move subcategories and attachments
- fixed an error that can occur when merging tickets in strict MySQL mode
- if one attachment fails delete others as well
- fixed problems with \ " < > & in pop3/smtp passwords
- removed support email variable (not used anymore)
- removed Connection and Content-length HTTP headers from AJAX posts
- cache check for updates to 1 per hour
- updated TinyMCE to 3.5.8
- updated mime_parser class to 1.85
- few minor user interface changes

Changes in 2.4.2 - 30th December 2012
- verify that a valid version of HESK has been installed

Changes in 2.4.1 - 18th August 2012
- fixed comment URL parsing issues when replying to a ticket as staff
- fixed Knowledgebase file uploads not working on some installations of 2.4
- with auto-login set to OFF and Debug mode set to ON, notices were shown after staff login
- knowledgebase attachments on private and draft articles cannot be downloaded
- lastchange not updated when deleting ticket posts without status change
- some servers add slashes to file_get_contents(), detect and remove them
- some servers may report maximum file size in lowercase letters
- column hits in table hesk_pipe_loops didn't have a default value
- merge tickets option not showing on some installations of 2.4
- if a POP3 stream wrapper is already registered remove it
- improved detection of returned emails

Changes in 2.4 - 9th August 2012
- encoding changed to UTF-8 for all languages
- time spent on ticket
- POP3 fetching (connect to an email account and convert emails into tickets)
- customers may reply to tickets by replying to notification emails
- detect and correct mistyped email addresses
- detect email piping loops
- enable/disable autoassign per category
- private ticket categories (for use by staff only)
- merge several tickets into one
- sticky knowledgebase articles
- keywords for knowledgebase articles
- hide date and views from knowledgebase articles
- set email "From:" name in HESK settings
- fixed bug: when moving ticket category an autoassign email wasn't sent
- fixed bug: reopen link still showed to customer when it should be disabled
- fixed bug: misplaced quote in users online list HTML code
- fixed bug: close ticket selection missing in new statuses
- fixed bug: staff should not be able to create new accounts with more features
- fixed broken Javascript code if language file uses single quotes
- fixed typos in some variable names
- fixed email date issues
- fixed email notifications should be sent in preferred language
- improved permission checking for access to attachments and tickets
- updated calendar to latest version
- updated WYSIWYG text editor to latest version
- updated mime_decode to latest version
- filter ticket ID for ugly words
- delete individual attachments from tickets
- new special tag for email templates: %%STATUS%%
- search ticket notes
- forgot ticket ID lists open and most recent tickets first
- forgot ticket ID can list open tickets only
- limit maximum open tickets per client (web form only)
- new replies can now be shown on top of the page
- reply box can be moved to the top of the page
- when showing next ticket that needs attention don't show tickets assigned to someone else
- searching tickets by message now also searches replies
- email when note is added to ticket assigned to me
- email subjects changed to include ticket subject and tracking ID
- improved email syntax validation
- moved less common functions from common.inc.php
- modified admin header to show nicely in non-English versions
- mark replies read by customer
- automatically check for updates
- a number of other minor changes and fixes.

Changes in 2.3 - 15th September 2011
- a "What You See is What You Get" (WYSIWYG) editor for Knowledgebase articles
- import tickets into Knowledgebase articles
- automatically assign tickets to appropriate staff
- staff can change status of tickets
- two new ticket status options: On Hold, In Progress
- staff can set ticket priority to "Critical"
- view what staff is currently online
- create tickets from email (email piping)
- support for sending emails using a SMTP server rather than PHP mail()
- improved ticket sorting algorithm and new sorting options.
- change default ticket display and sorting in the admin homepage
- find tickets by email and sequential ticket ID
- brute force protection for both ticket view and staff login
- Hesk is now IPv6 ready
- fixed bug where required custom fields with value 0 would return an error
- fixed bug where emails were sometimes not sent to all staff when changing ticket category
- fixed bug where knowledgebase article count wasn't updated properly
- fixed a potential security issue on servers with PHP register_globals enabled
- renamed "Close ticket" to "Mark as Resolved" for clarity
- renamed "Archived" to "Tagged" for clarity
- you can require customers to enter both ticket ID and email to view a ticket
- modified ticket ID format so it is easier to read and repeat
- limit view of unassigned tickets to staff
- a number of error-handling and interface changes to make Hesk even more user friendly
- a number of minor changes and fixes.

Changes in 2.2 - 9th June 2010
- assign owners to tickets (assign tickets to individual staff members)
- admin panel shows last repliers' name
- more information can be entered into e-mails (category, message, ticket owner, custom fields)
- staff can now submit tickets
- added reporting features
- added staff private messages
- check for duplicate tracking ID
- improved ticket searching
- fixed bug where edit_post rewrites session variables when register_globals is enabled
- fixed bug where e-mails and URLs don't show correctly when editing ticket
- fixed bug where last replier didn't show correctly after deleting a post
- lock/unlock individual tickets
- new way of suggesting KB articles
- ticket history log (who closed, opened, locked or unlocked a ticket)
- more user-friendly error and success message handling
- added checks to fight CSRF-type attacks
- generate URLs that will pre-load category selection when submitting new tickets
- settings will now accept localhost URLs
- purge attachments when the ticket is deleted
- disable customer setting ticket priority level
- a number of minor changes and fixes.

Changes in 2.1 - 7th August 2009
- Full support for multiple languages
- Knowledgebase articles can now have attachments
- Increased custom fields number to 20
- Checkboxes now supported as custom fields
- Autologin feature
- Staff can edit all ticket details
- New redirect options after replying to a ticket (settable in Profile)
- Canned responses can be appended to the message instead of replacing it
- A read-only access to private knowledgebase by all staff
- Fixed numerous small bugs and issues thanks to large code testing and screening
- Improved security
- HESK moved to www.hesk.com Web site, links within the script updated accordingly

Changes in 2.0 - 24th January 2009
- Updated user interface
- Fully featured knowledge base (categories, articles (counting views, able to rate), search, ...)
- Display of latest and top articles
- Before a ticket is submitted HESK will suggest matching Knowledgebase articles
- You can add notes to tickets (hidden from customer, viewable by staff)
- Limit features for staff (not just Administrator/Staff, now you can enable/disable individual features for individual users)
- Rating of staff replies (Helpful/Not helpful)
- Up to 10 custom field now
- Custom fields can be text, textarea, select or radio button
- Disable list users in admin
- Remember staff username
- Default ticket listing by status (new, waiting reply first) then priority
- Staff passwords encrypted - not simple SHA1, but multiple times
- Admin files moved to "admin" folder
- Added prefix to database names
- Autoclose tickets after X days
- Adjust server time to match your local time
- Updated anti-SPAM features
- And many other changes

Changes in 0.94.1 - 25th April 2007
- Fixed an XSS vulnerability on some servers (reported by Nemanja Avramovic)
- Changed the way file uploads are handled

Changes in 0.94 - 23rd April 2007
- Added support for custom fields (up to 5)
- Added file attachments
- Added anti-SPAM security image
- Added canned responses
- Settings are now edited from the admin panel
- New ticket statuses (New, Replied, Waiting Reply, Resolved)
- Ticket ID reminder
- And many other changes (too many to list here)

Changes in 0.93.1 - 17th September 2005
- Fixed a security issue reported by OS2A team

Version 0.93 - 3rd July 2005

Version 0.92 - 28th May 2005

Version 0.91 - 4th May 2005

Initial release 0.90 - 23rd April 2005

 

© Copyright HESK.COM 2005-2024. All rights reserved.
® HESK is a registered trademark of Klemen Stirn.