You are browsing the documentation for iTop 3.1 which is not the current version.

Consider browsing to iTop 3.2 documentation

iTop Professional - Change Log

3.1.1

  • Using Global requests management, then upgrade to version 1.4.1 before or after upgrading to iTop 3.1.1.

Product specific

  • N°6725 - Customizing Request Template no more generates presentation error messages in Designer during MTP
  • N°6556 - Authentication with OpenID: Add possibility to customize display of login buttons
  • N°6499 - Calendar view: Display Attribute Date (without time) and add last day in time span.

Mail to ticket automation

  • N°6372 - Reconcile email in conversation, so a reply to the initial email, ends in the same ticket
  • N°5934 - email with a “message”_id too long causes an avalanche of tickets
  • N°5613 - PHP 8.1 : Fix mailbox password in clear with PHP warning
  • N°4081 - Fix date and “uploaded by” for Attachment uploaded by mail to ticket
  • N°6735 - Restoring notifications in case of received mail can't be transformed in a ticket

- Unexpected OVH filtering of mails with attachment “.eml” and MimeType “text/plain” -

Approval process automation

  • N°6578 - Update czech translations (thanks to @Stetinac!)
  • N°6827 - Fix regression with expiration date not working correctly on Approval Rules

iTop standard

  • 3.1.1-1 : Fix regression from 3.0.0 in CAS authentication: class ServiceBaseUrl missing
For users
  • N°938 - Improve print of portal object page and portal dashboard page
  • N°6555 - Add class description in tooltip of Dashlet badge
  • N°6861 - Display warning when creating/editing a mandatory blob in modal
  • N°5145 - Object-copier : Fix attachments missing in new ticket when clone from an old ticket with object copier
  • N°5786 - Restore color on bold text in logs and description (HTML fields)
  • N°3767 - Impact analysis: Display filtering box on CIs list and groups
  • N°3715 - Export above 1000 entries takes into account obsolete data user preference
  • N°6557 - Fix adding a contact to ticket on ticket creation in portal with PHP 8.1
  • N°5136 - Fix object selection ignoring “show obsolete data” user parameter
  • N°6903 - Fix crash when emptying file attribute (eg. picture of a contact)
  • N°7005 - Fix portal stylesheets not being re-compiled when outdated
  • N°6766 - Fix dependent fields not updated while editing an object
  • N°6734 - Fix “Unable to render this dashlet.” when adding a new dashlet on a dashboard
  • N°6733 - Restore prompting of mandatory AttributeDateTime in transition
  • N°6421 - [iTop 3.0.3] Flag mandatory and read_only is prompted
  • N°6651 - Fix bulk modify of objects with an n:n displayed as property (3.1.0)
  • N°6452 - Improve Personal Token to avoid auto-lock
  • N°6451 - Improve Personal Token creation to align to iTop standards
  • N°6450 - Fix useless message when moving outside of “My account” page
  • N°6152 - Fix criteria & object list loaded twice in object search
  • N°5948 - Fix dashlet list crashing when User set a “number of objects per page” which is not a number
  • N°4494 - Fix auto-locking when combining a log save and a transition (Firefox?)
  • N°3441 - Portal: Fix failure to open an object containing a link to an archived object
  • N°6905 - Typo on EN User deletion feedback
  • N°6706 - Wrong dictionary entry for FR - Lnk Provider Contract / Service
  • N°6646 - Wrong dictionary entry for FR - Lnk Contact / Contrat
  • N°6598 - Improve ZH-CN translations
  • N°5491 - Fix inconsistent dictionary entries regarding arguments to pass to Dict::Format
For administrators
  • N°6531 - Trigger on Update on LinkedSet attributes, activated as soon as a remote object is added, updated or removed
  • N°6133 - Allow to add extra files to backup and restore
  • N°6436 - Add performance Audit probes and reports download capability
  • N°6901 - Monitoring: Enable tracking of iTop active sessions
  • N°6831 - Prevent links modification when locked by a synchro data source
  • N°6874 - Fix encoding issue in out-going emails
  • N°6340 - Fix permission refused when sending an email and renewing Auth token in synchronous mode
  • N°6677 - Fix notification in test status send only to test recipient and no more all mail addresses
  • N°6824 - Fix notification with current_contact placeholder trigger hundred of email sent
  • N°3465 - Fix attachment file name hardcoded to “uploaded-file” when imported from CSV import
  • N°6123 - Add warning when launching a backup on MariaDB > v10.6.1 with localhost
  • N°6963 - Setup: Add warning: “PHP min 8.1 required for iTop version 3.2.0”
  • N°6887 - Fix excessive OQL requests to display user's grant matrix
For iTop designers
  • N°3506 - Creation in pop-up from external key widget, allowed to users with write access and no more bulk write.
  • N°6546 - XML filter is taken into account by n:n displayed as property (tagset widget)
  • N°6385 - Allow to disable LinkedSet (1:n & n:n) edition by XML
  • N°6228 - Prevent 1:n and n:n edition on host constrains (eg. Prevent removal of last User Profile,…)
  • N°6547 - Prevent n-n link edition if read-only in a lifecycle state
  • N°6228 - Allow easy LinkedSet computation (count, sum,…) on the fly, as soon as a remote object is added, modified or removed
  • N°6667 - Trigger Apply stimulus filter is executed on resulting object after update
  • N°6849 - Setup: improved message in case of unmet module dependencies
  • N°6815 - DataModel: change attribute type of SLA.customercontracts_list
  • N°6814 - Datamodel: remove lnkConnectableCIToNetworkDevice uniqueness rule
  • N°6747 - Fix presentation error in Designer during MTP after UserLDAP customization
  • N°6682 - Allow delegation of Audit Domain, Category and Rule classes access
  • N°6695 - Support multi-lines dictionary entries in portal tooltips
  • N°6810 - Cautious: semantic attributes are visible by design to anyone, as friendlyname on relations.
  • N°6774 - Fix display n:n relations in portal when no remote object fields is requested
  • N°6866 - Fix display issue when defining fields with apostrophe in their label
  • N°2909 - Fix search on Enum, Date, TagSet,… with index
  • N°6795 - Fix GetOriginal API broken from 3.0.0 to 3.1.0 when used in AfterUpdate / OnDBUpdate
  • N°6647 - Fix JSON validation only accepting arrays as result + replace params done after validation
  • N°6767 - Fix ajax request error when there's dict to load and no onready scripts
  • N°6976 - Restore log of \DeprecatedCallsLog::ENUM_CHANNEL_PHP_LIBMETHOD
  • N°6967 - Deprecates \cmdbAbstractObject::DBDeleteTracked_Internal
  • N°6966 - Deprecates cmdbAbstractObject::DBCloneTracked_Internal
Security
  • N°6989 - CVE-2023-48710 Restrict pages/exec.php to PHP files
  • N°6951 - CVE-2023-48709 Fix CSV injection in Excel from an iTop CSV export file
  • N°6948 - CVE-2023-46734 Fix potential XSS vulnerabilities in TWIG CodeExtension filters
  • N°6917 - CVE-2023-47123 Fix XSS vulnerability in n:n relations “tagset” widget
  • N°6908 - CVE-2023-47622 Fix XSS vulnerabilities in ajax operations
  • N°6801 - Fix access to backup file without authentication
  • N°6800 - CVE-2023-47626 Fix XSS vulnerabilities in authent token
  • N°6778 - Fix XSS vulnerability in shortcut creation
  • N°6777 - Fix XSS vulnerability in dashboard title
  • N°6618 - Fix crash due to router's cache containing an integer instead of an array
  • N°6614 - XML ENTITY EXPANSION - Deny of Service attack not exploitable
  • N°6606 - CVE-2023-44396 Fix XSS vulnerabilities in dashlet ajax operations
  • N°6600 - Portal attachment download : remove SQL query display on non existing attachment id error
  • N°6581 - Dashboard: Use relative path when editing to avoid full path disclosure vulnerability
  • N°6560 - CVE-2023-43790 Fix XSS vulnerabilities in friendlyname in object details
  • N°6552 - CVE-2023-38511 Fix dashboard allowing to load multiple files and urls
  • N°6548 - Hide DBHost and DBUser in log
  • N°6458 - CVE-2023-45808 Fix object creation in non allowed org by forging http query in both Console and Portal
  • N°6457 - Fix possibility for attackers to upload files to any organization

3.1.0

Product specific

  • N°1150 - Write request template data though the REST/JSON API
  • N°3482 - Email approval request : Set sender (from and reply to) display name / label in action email
  • N°6180 - Improve Approval Notification display with fieldset and tooltips
  • N°6233 - Communication: Add search criteria, changed labels and add tooltips
  • N°6004 - Add out-of-the box examples of hyperlinks
  • N°6221 - Attachments not added when emails from thunderbird
  • N°5403 - Fix notifications not working if “email-reply” not enabled by default
  • N°5488 - Improve error message for invalid DM class in auto-dispatch rules
  • N°5428 - Request template: fix autocomplete field so it can also be a master field
  • N°2144 - Embedded libs (POP3) not supported anymore and can't be deployed natively on some distribution
  • N°2638 - Fix processing of mail attachments without Content
  • N°4170 - Fix encoding issue (long mail subject and MIME UTF8 encoded data on multiple lines)
  • N°3422 - Show attachments metadata when choosing the one to send by email
  • N°6386 - Add rank 50 on dispatch value of Incident and UserRequest in dispatch extensions

iTop standard

  • 3.1.0-3 : N°6710 - 6716 - Performance issue and high memory consumption on operation on Persons and Ticket classes (ex data synchronisation)
  • 3.1.0-2 : N°6618 - Fix crash due to router's cache containing an integer instead of an array
  • 3.1.0-1 : official release number, 3.1.0 was never published.
For users
  • N°3200 - New “Filter list…” icon on datatables widgets
  • N°6147 - Filter list : tooltip and new action
  • N°3190 - Edit n:n LinkedSetIndirect in object details using a tagset-like widget
  • N°1212 - Bulk actions on links attributes of an n:n relation
  • N°803 - Allow display & edition of attributes on n:n relations on Portal
  • N°6398 - Portal: Allow linkset visible attributes to be limited to attributes defined in a zlist
  • N°5972 - Allow User creation in Pop-up from details of a Person
  • N°6347 - 1:n Add nice french dico entry on standard 1:n relationship
  • N°6339 - n:n Add nice french dico entry on standard lnk
  • N°6223 - 1:n & n:n - Pop-up creation/edit: set key to host in read-only
  • N°6219 - 1:n Read: tooltip, modal title and message on Add-Edit-Remove-Delete
  • N°6212 - Report Target class info on Trigger, so it can be displayed in complementary_name
  • N°6154 - n:n Read - tooltip, confirmation title and message on Add-Edit-Remove
  • N°6153 - n:n - Polish edition in Tagset
  • N°5976 - Add modal creation for linksets displayed with tagset-like widget
  • N°6148 - Add icon on Ticket class standard datamodel and other classes
  • N°5920 - Add linkset's description as corresponding tab's tooltip in object details
  • N°3213 - Order transition attributes as in the “details”
  • N°6200 - Harmonize menu entries
  • N°5042 - “Problem” tickets display is inconsistent with other types of tickets
  • N°6392 - New icon for adding a search criteria
  • N°6203 - Improve standard DM to use overcard and complementary name
  • N°6159 - Improve Mail Notification display (columns, status, fieldset, tooltips)
  • N°5908 - Add a description on “known error” tab on UserRequest and Incident
  • N°6357 - Prevent entering same password on change user password
  • N°4838 - Redirect to login page automatically on logoff
  • N°6240 - Improve display of picture in read or edit mode
  • N°5971 - Prevent changing the Org of a Person having Portal User with Allowed Orgs
  • N°6338 - Add organization and location on standard classes: all Interfaces, LogicalVolume & NASFileSystem
  • N°6331 - Add Service tab in Provider Contract
  • N°4703 - Add “chat” / “in person” as possible “origin” value for tickets
  • N°3889 - Add default search criterion on SLA and SLT
  • N°4702 - DataModel : fix attribute type for SLA.customercontracts_list
  • N°5822 - Do not display the tab separator in scroll mode when there is only one tab
  • N°5335 - Inactive hyperlink attributs on list with radio or checkbox displayed within an object in edition
  • N°681 - Fix multi-lines attribut not supported in n:n edition
  • N°3067 - LinkedSet multilines attributes are editable in pop-up
  • N°6188 - Fix cancellation of creation in pop-up from parent object edition, no more returns to object list
  • N°6169 - Prevent Profile creation from Link object
  • N°5923 - Align panel's header within another panel when it has no icon
  • N°5529 - Fixed notification on object creation with $this→xxxx_list$ placeholders
  • N°4148 & N°5350 - Fix in 1:n in place edition, deleted object re-appears
  • N°2250 - Fix DisplayObject with ormLinkSet ignoring Removed
  • N°2212 - Fix tracking level on AttributeLinkedSetIndirect (probably fixed in 2.7.x)
  • N°6054 - Fix display of LinkedSet indirect with an UNION OQL using different aliases
  • N°5609 - Fix regression when displaying a list in a transition
  • N°1876 - Fix regression on LinkedSet, new object and prefill of read_only attribute
  • N°5906 - Fix Impact Analys not updated after link class modification in details mode (EVENT_DB_LINKS_CHANGED)
  • N°5825 - Add label, friendlyname, details view, uniqueness rules on Link classes
  • N°5871 - Navigation menu: Show ellipsis on long menu group labels
  • N°5872 - Navigation menu: Wrap menu group label instead of ellipsis in drawer
  • N°5681 - Add support for “Ctrl + Enter” and “Meta (Cmd) + Enter” submit on multi-line fields
  • N°5575 - Mouseover Tooltips for tabs
  • N°4852 - iTop menu : use “+” dict entries
  • N°4737 - Adjust button position in iTop hub connector
  • N°4798 - Change attribute “description” of Service class, from string to text
  • N°5124 - Fix edition of relation between a NetworkDevice and a ConnectableCI
  • N°5703 - Fix navigation menu drawer under dashlets on Safari
  • N°5174 - Fix tagset edition on small window & too many tags
  • N°6174 - Fix download from the portal of attachments on objects without org_id
  • N°6250 - Fix PHP 8 issue on datatable when one or more column are before the friendlyname
  • N°6216 - Fix line-height being too big in the attachments table
  • N°5423 - Fix invalid value on AttributeURL with custom validation pattern
  • N°1608 - Fix organization attachments not visible for some users
  • N°5671 - Fix Excel export of query phrase
  • N°5834 - Fix activity panel disappearing when creating a Ticket in 'resolved' state
  • N°6077 - Attachments: set values for creation_date and user_id fields if not provided
For Administrators
  • N°5960 - Configurable Login Screen
  • N°6370 - Replace Audit Category menu by a dashboard
  • N°1350 - Audit: Introduce audit domains and ability to choose one before running the audit
  • N°918 - Translate placeholder in notifications
  • N°6320 - Add Password Expiration Enforcement and User authentication by token
  • N°5873 - Audit : Set threshold level and colors by Rule
  • N°2199 - Request history tables without the Admin profile
  • N°5559 - Enable User anonymization created then obsoleted by a DataSynchro
  • N°4010 - MTT: prevent production configuration file overwritte with test version
  • N°2889 - Add counter & triggers on file attributes / attachments downloads
  • N°6311 - User management, add a Caselog on User class
  • N°5993 - Add purge mechanism for log files
  • N°2639 - Improve tooltips dictionnary entries and details of technical classes
  • N°4921 - Add support for attcode & attvalue parameters in URL to access an object
  • N°4454 - Measuring the use of the query phrase book
  • N°5915 - Display n:n in Trigger and Action using tagset widget
  • N°5841 - Non-admin managing User can't see Administrator Users
  • N°5106 - New Users tab on Person, visible to User manager only
  • N°4919 - Application upgrade: new 'Launch iTop setup“ button
  • N°6305 - Fix export of RemoteApplicationConnection and ActionWebhook classes
  • N°5897 - Improve deprecated logs relevance for PHP “trigger_deprecation”
  • N°2013 - Setup: Cannot execute if existing config file contains an inaccessible MySQL server
  • N°6198 - Trigger OnObjectUpdate is not executed when attribute is updated via OnUpdate
  • N°6009 - Fix click twice to restore a backup
For customization
  • N°6213 - Enable iTop User to suscribe or unsuscribe to a Ticket Notifications
  • N°3191 - Introduce summary cards for objects hyperlinks
  • N°6381 - Add rank on Enums of default DataModel
  • N°5968 - Add structural data for Brand, OSFamily and OSVersion
  • N°6236 - Read Request template data though the REST/JSON API
  • N°5368 - Allow all HTTP methods (not just GET / POST)
  • N°5366 - Add “path” field to ActionWebhook
  • N°1646 - Add possibility to sort Attribute[Meta]Enum either by code (default), rank or label
  • N°1345 - Add possibility to sort transitions automatically
  • N°4756 - Ease extensibility for CRUD operations : Event Service
  • N°6324 - CRUD Event for one time treatment before creation and before update
  • N°5916 - Generic message on Link Uniqueness rules
  • N°6385 - New optional “edit_mode” XML tag on AttributeLinkedSet (n:n) actions/none defaut action
  • N°6384 - Flag LinkedSet (Indirect) when the attribute is concerned by CheckToWrite
Technical bugs
  • N°2883 - Improve XML compiler robustness on branding logos
  • N°3070 - Menu creation fails when parent menu has also a parent menu
  • N°3141 - Deprecate legacy SQL build
  • N°3769 - Add missing HTML meta data on attributes in transition forms
  • N°3824 - History: Remove deprecated APIs from 2.7 and older
  • N°4280 - Fix module loading crash when 'datamodel' file doesn't exists (model.*.php)
  • N°4287 - Portal: Factorize TWIG extensions between portal and backoffice
  • N°4527 - Cleanup utils::GetImageSize()
  • N°4577 - Move service dependencies from “itop-bridge-cmdb-ticket” to another module
  • N°4621 - Fix naming inconsistencies of dirs inside /sources
  • N°4837 - Fix wrong date conversion in approval base on reject messages
  • N°4875 - Compiler : do not force the model.*.php file to be present in the module.*.php file ('datamodel' key)
  • N°4978 - Check incorrect condition in Action class
  • N°5066 - Clean CMDBSource methods
  • N°5072 - Fix default priority to undefined (not fixed if ComputePriority is overloaded)
  • N°5073 - Implements line actions in a datatable
  • N°5085 - Fix moving menu - compilation handle parent menu hierarchy
  • N°5172 - Add internal helpers to keep usage of null value in native PHP methods
  • N°5367 - Fix non-string values (boolean, null) converted into empty string
  • N°5369 - Fix BrowseBrick tree “opening_target” mode for “self” and “new” values
  • N°5391 - Incoherent UTF8 data length control
  • N°5410 - Handle non existing auloader files
  • N°5473 - Better logs when invalid JSON
  • N°5496 - Add <constants/> in itop-structure
  • N°5522 - Fix session storage (breadcrumbs) not cleared on logout
  • N°5551 - System information database size is way off
  • N°5622 - Fix backup cannot be done if TLS enabled with no CA
  • N°5659 - Introduce modal helper for the backoffice
  • N°5766 - Fix linkset not iterable as intended in DBObject::AfterUpdate
  • N°5779 - update-xml : ease XML migrations
  • N°5793 - HTML Sanitizer: Allow 'start', 'type', 'reversed' attributes in 'ol' tag and 'value' attribute in 'li' tag
  • N°5796 - Fix typo in method name
  • N°5944 - Fix new install error: Event APPLICATION_EVENT_METAMODEL_STARTED is not registered
  • N°6040 - Extensibility: Add prerequisites for future attribute type - Compilation & Designer extensibility
  • N°6041 - Extensibility: Add prerequisites for future attribute type - Portal extensibility
  • N°6042 - Extensibility: Add prerequisites for future attribute type - Console extensibility
  • N°6055 - Fix undefined offset error in synchro_exec.php
  • N°6100 - ObjectFormManager::OnSubmit : better log for DBWrite exceptions
  • N°6104 - Fix exception when silo attcode is not 'org_id'
  • N°6105 - Cleanup unnecessary use of dirname(FILE)
  • N°6125 - Issue with GetAttributeFlags and GetInitialStateAttributeFlags within iTop 3.0.2
  • N°6131 - Improve robustness of tooltips helper when no DOM element passed to CombodoTooltip::InitTooltipFromMarkup()
  • N°6139 - Add HTML metadata on activity panel to be aligned with regular fields
  • N°6140 - Add HTML metadata on custom fields to be aligned with regular fields
  • N°6172 - Remove fallback when no curl available
  • N°6179 - Tooltip attribute in field component (in Twig)
  • N°6265 - Improve performance due to too many call to current person in DB
Maintenance

Deprecation and libraries upgrade

  • N°3717 - History API : allow to set a non persisted current change
  • N°6388 - Fix MetaModel::IsValidClass on classes without fields and a php parent
  • N°6135 - Booking : hide / display on conditions
  • N°6132 - Add capability to disable/enable tabs dynamically
  • N°2783 - Add support for custom zlists
  • N°6261 - Deprecate \DataTableUIBlockFactory::MakeForRenderingObject() method
  • N°6102 - Deprecate JQuery Hotkeys plugin
  • N°5311 - Deprecate old backoffice stylesheets
  • N°5302 - Replace deprecated php strlen usages
  • N°5232 - Deprecate \CMDBObject::DBCloneTracked
  • N°4690 - Deprecate “FilterCodes” and remove some unused methods
  • N°4415 - Remove SetupPage::log*
  • N°3607 - Improve SCSS compiler method to include current variables so they can be used by extension's stylesheets
  • N°3357 - Deprecate core/expression.class.inc.php
  • N°2779 - Introduce auto-routing mechanism for backoffice pages
  • N°2363 - API : deprecate old linkedset update pattern
  • N°5412 - Upgrade to PHPUnit 9 to fix PHPUnit 8.5 error with PHP 8.1
  • N°5618 - Setup : Compatibility PHP 8.1
  • N°6101 - run_query : change ctrl+enter shortcut detection
  • N°3795 - Replace JS alert native calls with centralized informative modals
  • N°5985 - PHP 8.1: Fix FunctionExpression::Evaluate() “TO_DAYS” misalignment due to PHP 8.1 bug fix
  • N°4985 - Bugs PHP 8.0 on support/2.7 branch
  • N°4307 - Replace SwiftMailer by laminas-mail
  • N°4224 - Handle phpunit/phpunit-mock-objects E_DEPRECATED notices
  • N°5281 - Symfony 5.4 extensions controllers registration
  • N°3091 - Update unmaintained PHPUnit 6 to PHPUnit 8.5
  • N°5651 - Fix GetAbsoluteUrlModulePage() JS method not reporting parameters values
  • N°5279 - PHP 8.1: Migrate usages of deprecated strftime() function
  • N°5270 - Move “apereo/phpcas” lib from “authent-cas” module to core composer.json
  • N°5108 - Update embedded libs for PHP 8.0 (3.0 branch)
  • N°4822 - unattended_install : warning thrown in PHP 8.1
  • N°4628 - Upgrade bulma lib to avoid hack from N°4481
  • N°4517 - PHP 8.1 compatibility
  • N°4072 - Deprecate ajax.render.php xlsx_* operations
  • N°4034 - Deprecate duplicated TWIG extensions class
  • N°3950 - Deprecate old unreferenced methods that are @deprecated
  • N°3895 - Remove tests on “apc_xxx” methods presence
  • N°3390 - Upgrade from Symfony 3.4 to Symfony 5.4
  • N°2743 - Upgrade libraries
Localization
  • N°5947 - Error in a french translation - incident status
  • N°5946 - Error in a french translation - user preference
  • N°5792 - Update dutch translations thanks to @jbostoen
  • N°5625 - Dict error when opening a DocumentFile with the ES language
  • N°5571 - Fix some unused translations
  • N°5550 - Add missing french translation for “Other Transitions” button
  • N°5507 - Impact analysis: title of pages that display the dependencies is wrong
  • N°6419 - Update hungarian translations thanks to @tacsaby
  • N°6417 - Update chinese translations thanks to @purplegrape
  • N°6376 - Portal french menu naming (Requête ⇒ Demande)
  • N°6121 - Update hungarian translations (thanks to @tacsaby)
  • N°6013 - Update hungarian translations thanks to @tacsaby
  • N°5929 - Update hungarian translations thanks to @tacsaby
  • N°5706 - Update polish translations thanks to @DudekArtur !
  • N°4765 - Update brazilian translations thanks to @eduardomozart
  • N°6418 - Fix dutch translations on impact relation view
Security
  • N°6396 - CVE-2023-34443 CSRF vulnerability in the run_query.php page
  • N°6359 - Cross-site Scripting (XSS) - DOM XSS in activity panel
  • N°6358 - CSRF (Cross Site Request Forgery).on API Rest
  • N°6350 - CVE-2023-34445 XSS vulnerability on pages/ajax.render.php
  • N°6349 - CVE-2023-34446 XSS vulnerability on pages/preferences.php
  • N°6348 - CVE-2023-34447 XSS vulnerability on pages/UI.php
  • N°6002 - CVE-2022-24894 Prevent storing cookie headers in HttpCache (Symfony framework vulnerability)
  • N°5722 - CVE-2022-31402 XSS vulnerability via /itop/webservices/export-v2.php
  • N°5564 - CVE-2022-39261 Twig lib vulnerability
  • N°6238 - guzzlehttp/psr7 vulnerability
  • N°3863 - exec.php : security eforcementr

3.0.3

Product specific

  • N°5654 - Add UID option support on IMAP + OAuth
  • N°5230 - Fix error “Invalid ID given” in EmailReplica
  • N°5633 - Mail to Ticket crash when cannot decode message on IMAP + OAuth
  • N°5390 - Update german translations for OAuth client module

iTop standard

  • 3.0.3-1
    • N°6124 - Workaround performance problem on the modification of an object with an n:n relation having a large volume
    • N°6085 - Fix UNION not supported in UserRightsProfile::GetSelectFilter
For users
  • N°5919 - Add missing linkset descriptions in french and other languages
  • N°5849 - Fix wrong encoding of external keys in “Header with statstics” dashlet
  • N°5317 - Handle overlapping tables when table cells have fixed widths
  • N°6068 - Setup : restore formatting of error messages
  • N°6023 - Restore upload of SVG file in AttributeImage
  • N°5918 - Restore activity panel display when DoCheckToWrite fails
  • N°5865 - Restore DoCheckToWrite error messages in portal
  • N°5834 - Restore activity panel display when creating a Ticket in 'resolved' state
  • N°5784 - PHP 8.0: restore mandatory attribute in transition form, fixing emptiness test
  • N°5729 - Fix disabled button in bulk update/transition when picking a value in a drop-down list
  • N°5603 - Restore autocomplete for an external key pointing to an abstract class with no friendlyname
  • N°5530 - Fix list of impacted elements (Impact Analysis) due to mixup in async JS files loading
  • N°5922 - Ext. key widget: Add class selection on “+” button if child classes exist
  • N°2916 - Fix CSV import of IPv6 addresses failing when reconciliation is done on the IP
  • N°5428 - Request template: fix autocomplete fields, which could not be master field
  • N°6014 - AttributeURL : default validation pattern not handling PRTG URL (containing commas)
  • N°5423 - Fix AttributeURL when changing the validation pattern, with a not compliant old value
  • N°5625 - Fix dict error when opening a DocumentFile with the ES language
  • N°2244 - Fix image attributes not being visible in PDF exports
  • N°5588 - Improve PDF export robustness when AttributeImage dimensions cannot be determined
For administrators
  • N°5553 - OAuth 2 : secure Client Secret in DB and any change force token regeneration
  • N°5430 - OAuth authentication : customize redirect landing URL
  • N°5333 - OAuth2: Redirect URL, Client ID or Client Secret changes trigger a message as the token must be regenerated
  • N°5867 - Display binary data size in SynchroReplica details
  • N°5727 - Fix REST API/get_related when using [impacts, up] with [redundancy: true]
  • N°6019 - Increase PHP min version to 7.1.3 to enable dependencies update
  • N°5535 - Fix PHP 8.0.x wrongly repported as not supported in iTop 3.0.2+
  • N°5490 - PHP 8.0: Fix crash of bulk modify with email notification / email approval request
  • N°5216 - Error “Invalid ID given” when sending ActionEmail using cron on a system with french locale
  • N°4974 - Avoid session fixation in login
  • N°5414 - Log invalid placeholders in Notification
  • N°5893 - Log more information when a trigger fails and raises an exception
  • N°5897 - Improve deprecated logs relevance for PHP “trigger_deprecation”
  • N°5611 - Fix missing composer files in itop-oauth-client
  • N°3805 - Fix collectors not working on itop 3.0 in seldom situations
  • N°5944 - Fix error on fresh install: APPLICATION_EVENT_METAMODEL_STARTED not registered
  • N°5765 - Setup: Never cache folder permissions test response
  • N°6016 - Setup : improve missing dependencies log
  • N°5235 - Setup : check temp dir permissions
  • N°5758 - Change setup test for GDPR consent
  • N°5523 - Setup wizard : use the ITOP_APPLICATION constant instead of hardcoded “iTop” string
  • N°5543 - Fix Warning on empty case log
  • N°5901 - Fix warnings in file system tab
  • N°5797 - Use LoadConfig method in all Email children classes
  • N°6020 - Decode method for \utils::EscapeHtml
  • N°5608 - Reorganize tests folders for better maintenance and contribution
  • N°5496 - Add <constants/> in itop-structure
  • N°4660 - Fix data synchro unit test failure due to another setting incorrect permissions on iTop conf file
WebHook 1.2.0
  • N°5368 - Allow all HTTP methods (not just GET / POST)
  • N°5589 - Fix sent request incorrect HTTP method due to new cURL options
  • N°5366 - Add “path” attribute in generic “ActionWebhook” for better compatibility with third-party webservices
  • N°5796 - Fix typo in ActionWebhook::GetRemoteApplicationConnectionFromActionWebhok()
  • N°5774 - De-hardcode webhooks configuration rights
  • N°5252 - Added Other/Generic type of Remote Application Connection
  • N°5367 - Fix non-string values (boolean, null) converted into empty string
  • N°5179 - Add chinese translations (thanks to @bdejin)
  • N°5266 - Add dutch translations (thanks to @jbostoen)
  • N°5050 - Add spanish translations (thanks to Miguel Turrubiates)
  • N°5473 - On JSON format exception, more context log and specific Exception impl (InvalidJsonValueException)
Security
  • N°6017 - CVE-2021-46743: Firebase PHP-JWT key/algorithm type confusion
  • N°5741 - Deny use of get_config_parameter in Twigs
  • N°5725 - Prevent Twig privilege elevation to run system commands
  • N°5724 - CVE-2022-31403 : XSS vulnerability via /itop/pages/ajax.render.php
  • N°5722 - CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php
  • N°5685 - Upgrade apereo/phpcas lib to fix vulnerability
For developers
  • N°3769 - Add missing HTML meta data on attributes in transition forms
  • N°4947 - Fix Email always picking “production” env config file
  • N°4449 - Console dashboard export : use relative path (full path disclosure)

3.0.2

Product specific

  • N°3979 - Request Template: handle initial values on dependent Fields
  • N°4425 - Calendar View: Fix not being able to click on hyperlinks in tooltips
  • N°5176 - Request Template: Add PHP 8.0 compatibility
  • N°4658 - Request Template: Fix itop-request-template module dependencies (missing templates-base)
  • N°5458 - Calendar View: Deprecate old unreferenced methods that are @deprecated
  • N°5373 - Customer Survey: Add PHP 8.0 compatibility
  • N°5096 - SAML configuration menu restricted to administrators
  • N°4780 - Brute Force Protection: Fix call to undefined method Combodo\iTop\Fence\Countermeasure\NoAnswerUntil::ResetCurrentCmdbChange()

iTop standard

  • 3.0.2-1
    • N°5394 - CVE-2022-39214 Authenticated users can takeover any account
For users
  • N°5138 - Fix not being able to click on hyperlinks in tooltips
  • N°5408 - Enable mentions on classes with no image attribute
  • N°4834 - Mentions works with any alphabet (cyrillic, asian, corean…) thanks to Vladimir Kunin
  • N°5192 - Restore Green color to highlight OK objects
  • N°5071 - Fix properties tab on objects popup hiding in “…” overflowing button. Fix objects popup shrinking when scrolling.
  • N°4966 - Refresh the page after dashboard creation, to display the switch button
  • N°4927 - Hide date picker widget displayed in a new temporary column on the right
  • N°4918 - Fix “other tabs” pop-up menu displayed behind some others elements and so not readable
  • N°4739 - Add semantic on state for User classes (class icon, state)
  • N°5198 - Fix external key combo-box behavior when more than 150 results
  • N°5088 - Fix audit displaying only 10 rules per category
  • N°5060 - Fix long history display. “max_history_length” moved from 50 to 200.
  • N°5027 - Fix AttributeUrl default validation pattern not handling anchors starting with a digit
  • N°5024 - Fix missing entries in object search banner for external key criteria
  • N°4792 - Improve performance when editing an external key
  • N°5397 - Update Dutch translations
  • N°5050 - Update Spanish translations for 3.0 (thanks to Miguel Turrubiates)
  • N°5179 - Add Chinese translations thanks to @bdejin
  • N°5266 - Dutch translations for the webhooks extension
For administrators
  • N°5315 - Support of OAuth2 authentication protocol to send and receive emails
  • N°5373 - PHP 8.0 compatibility for iTop Community - Be cautious extensions might not be compatible
  • N°5395 - OAuthServer error messages, added to iTop error log
  • N°5389 - Restore linkset placeholder in notification (3.0.0 regression)
  • N°4888 - New url() placeholder in Notification, similar to hyperlink() but not clickable
  • N°5341 - Add tool to repair misalignment between Caselog and caselog index
  • N°3024 - Any class can be archive (no more limited to Ticket, Contact and FunctionalCI)
  • N°5318 - Fix error messages being HTML encoded when not necessary
  • N°5462 - Setup warning if the web server allows unauthenticated user to browse restricted folders
  • N°5393 - CVE-2022-39216- Security hardening against brute force attacks
  • N°4975 - Security hardening against server files read access
For developers
  • N°5389 - TriggerOnObjectUpdate has been moved after the reload, done if a linkset is modified
  • N°5383 - DBObject::EnumTransitions() is now an “overwritable hook”
  • N°5375 - Fix XML custo on Semantic field with hierarchy, breaking at compilation
  • N°5343 - Menu displayed under an user hidden parent menu, are hidden without crash
  • N°5143 - Fix FunctionExpression for DATE_FORMAT and formats %j, %k and %l
  • N°5033 - Add model file to 'itop-bridge-virtualization-storage' module to avoid compilation crash when lnkVirtualDeviceToVolume class is removed
  • N°4910 - Removed format control of old value of AttributeURL (new value must still be compliant to default URL pattern)
  • N°4715 - Remove deprecated legacy SQL build
  • N°5009 - Move empty “icon” tag under “class/properties/style” tag in XML 3.0 datamodel of all standard classes
  • N°4903 - Fix dynamic “app_root_url” conf. param. not used properly for the app. icon
  • N°5101 - Add an explicit message on setup when the state attribute, declared in semantic field property, referred to a non existing field.

3.0.1

Product specific

  • N°1115 - Approval Automation: Portal approver can now see, approve or reject any user requests waiting for their approval, regardless of their access rights
  • N°4675 - Approval Automation: Send approval request to approvers, even if the requestor cannot see the approvers
  • N°4451 - Approval Automation: Improve log entry on approval
  • N°4349 - Customized Request Form: Harmonize user feedback on drop-down mandatory template field
  • N°4827 - Mail to Ticket: add a log when email is bigger than 64K, as Ticket's description is then truncated.
  • N°4753 - Webhook: Fix malformed JSON with multiline payload and generic action
  • N°4585 - Webhook: Fix crash when payload is too big to be logged
  • N°4750 - Webhook: Add Microsoft Teams notification action
  • N°4603 - Webhook: Add ContextTag around response handler for more precise processing
  • N°4879 - Remove all deprecated function from iTopExtensions, Remove ajax_page & Remove deprecated function SetupPage::log_info

iTop standard

  • 3.0.1-1: Fix regression introduced by 3.0.0:
    • N°5229: Caselog inline images lost after changing app-root url in 3.0.x
For users
  • N°4448 - Allow to easily unselect an Organization (top left menu)
  • N°4741 - Fix On mention trigger not working on object creation
  • N°4312 - Activity panel: Keep selected tab when switching between object details and edit
  • N°4479 - Impact analysis : Display and apply filter before display impact analysis graphical
  • N°4913 - Avoid object initials to overflow in medallions, by limiting them to 3 characters
  • N°4777 - UserRequest: fix selecting organization through hierarchy tree
  • N°4740 - Restore support of Dashboard attribute on abstract class
  • N°4705 - Fix newsroom messages not formatted correctly
  • N°4696 - Improve spacing between a fieldset and fields without fieldset
  • N°4694 - Fix wrong icon path for ServiceSubcategory in XML definition
  • N°4674 - CKEditor : fix different colors for PHP Snippet in edit and view
  • N°4671 - Dark Theme : fix additional tabs color
  • N°4619 - Fix line selection in tables
  • N°4582 - Improve look of Widget ExternalKey in drop-down mode with value selected
  • N°4576 - Fix search date widget wrongly displayed on the right, when entering directly a date
  • N°4977 - Fix search widget on ExternalField pointing to an ExternalKey, returning wrong values.
  • N°4570 - Harmonize inputs font size/weight
  • N°4564 - Refresh Tooltip for switching from standard dashboard to custo dashboard
  • N°4553 - Fix label size for “Greater/equals” in search for numeric attributes
  • N°4550 - Fix scroll bar in search for date attribute
  • N°4482 - Polishing : Export page
  • N°4311 - Bubble caselog: align console and portal for user name
  • N°4849 - Improve email notifications reading comfort (better flagging of conversation)
  • N°4814 - Improve image attribute placeholder when no default image
  • N°4787 - Object details: hide field tooltip when identical to the field label
  • N°4565 - Add a message indicator to caselog tabs toggler
  • N°3541 - Button: Improve user feedback during execution of the pressed button
  • N°2643 - Dropdown menu unusable in new SLA/customer contract
  • N°4513 - Prevent Portal User to apply a transition on an object not in his scope
  • N°4806 - Add text for dictionary entry UI:WelcomeMenu:Text
  • N°4934 - Improve German translations
  • N°4397 - update Turkish dictionnaries
For Admins
  • N°4766 - DataSynchro: Supports files and images data in the synchro_import.php
  • N°4515 - AttributeURL default validation pattern handles Sharepoint and Alfresco URL
  • N°4654 - Add license information in About iTop for non admin users
  • N°4525 - Fix french translation of extension source (Data or Hub) in System information and About iTop
  • N°4664 - Core Update : block zip file upload until files check returns OK
  • N°4642 - Core Update : limit the usage of this function to version which do not bring any new module
  • N°2884 - Core update: Fix Database version display
  • N°4764 - Remove iTop version from webservices/status.php
  • N°4665 - Fix notice in logs when uploading an SVG image in an AttributeImage
  • N°4652 - When XML compilation fails on a node which already exist, it specifies where it exist
For developers
  • N°4999 - Align internal saving process of new caselog entries to UI to fix CaseExchange inline images
  • N°4905 - Fix usage of ITOP_APPLICATION constant in dictionaries
  • N°4856 - Add backward compatibility parameters for extension developers
  • N°4836 - Fix dashlet editor if any implementation of iBackofficeDictEntriesExtension exists
  • N°4771 - Fix .make/composer/rmDeniedTestDir.php script issues
  • N°4761 - Fix license.xml content not displayed in setup with multi modules extensions
  • N°4725 - Fix DeprecatedCallsLog::NotifyDeprecatedFile doesn't handle ConfigException
  • N°4667 - Remove call to tooltip function
  • N°4578 - Dict::CloneString no more overwrite an existing entry
  • N°4541 - Allow exit code capture in CLI for CSV import script
  • N°4438 - Disable (temporarly) copy of precompiled stylesheets after setup
  • N°4433 - Fix “date_format” TWIG filter not working for date without time
  • N°4558 - Fix PHP notice in startTansaction and commit functions
  • N°4488 - Remove cmdbAbstractObject::GetSetAsHTMLSpreadsheet() from usable API methods
  • N°4760 - TwigBase : add possibility to control BreadCrumb

3.0.0

Product specific

  • N°1905-Customized request forms: Add TemplateField.max_combo_length to specify when to switch to autocomplete
  • N°3433-Communications to the Customers: Remove useless data in DataModel when itop-portal is not present
  • N°2527-Database maintenance tools: Add Hierarchy key restoration script datamodels/2.x/combodo-db-tools/bin/rebuildhk.php
  • N°4265-Predefined response models: 3.0 compatibility
  • N°4266-Send updates by email: 3.0 compatibility
  • N°4077-User actions configurator: Allow to add an icon and a tooltip for each action.
  • N°3344-Approval process automation: Remove references to Flash
  • N°3345-Customer Survey: Remove references to Flash
  • N°3640-Customer Survey: Translations Spanish

iTop standard

New behaviors
For users
  • N°2847: Redesign iTop Console look and feel
  • N°2844: Redesign of Ticket Pages with Logs and Details
  • N°994: Integrated view of private and public caselogs
  • N°2836: Introduce bubbles conversation as default caselog rendering
  • N°3208: Add a Quick create feature (except for attachment and n:n relations)
  • N°3207: Global search now remembers past searches
  • N°3560: New object display mode “all tabs in one page”
  • N°1957: Add a filter box for quick retrieval of a menu
  • N°3294: Introduce counters in OQL menu entries
  • N°3198: Simplify edition of n:n relations (less clicks)
  • N°2875: Add possibility to mention people in caselogs
  • N°580: Autocomplete in case of namesake, displays other (configurable) information
  • N°923: Add user id to history
  • N°3712: Activity panel “edits” entries now show an icon to explain their origin (csv import, webservices, …) when not done by the user in the GUI
  • N°988: Object display hide automatically empty fieldsets
  • N°1004: View and Edit display of n:n relations are now identical
  • N°2508: Include Obsolescence icon within list and autocomplete
  • N°2390: Auto-complete “starting with” are displayed first
  • N°2907: Keep read-only tabs visible in object edit mode
  • N°1731: Allow Transitions without unnecessary confirmation
  • N°1836: On cancel, console user is redirected to the current class search page
  • N°2629: Allow user to choose default expanded/collapsed toolbar for richtext editors
  • N°3495: WorkOrder fields 'ticket' and 'end date' optionals
  • N°3837: Add missing title to standard datamodel dashboards
  • N°2639: Increase fields tooltip visibility and pertinence
  • N°2224: Portal: Enable tooltips for object's attributes description
  • N°3583: Change default max items per list from 10 to 20
  • N°3524: Add keyboard shortcuts to main actions
  • N°3274: Add “Service family” menu in 'Service Management for Providers' installation option, as it exists in other mode.
For administrators
  • N°463: Queries from Phrasebook usable in Notifications
  • N°3287: Notifications: Set sender (from) display name / label in action email
  • N°3455: Add option to pass json_data as file to REST API
  • N°3381: A healthpage is now available that returns a json status without any authentication required: https://iTOP_URL/webservices/status.php
  • N°4096: In case of error when sending emails in the background, iTop can be configured to try again sending.
  • N°4261: Portal: in case of uncatched Exceptions, iTop can now write logs into the EventIssue class on an opt-in basis.
  • N°4354: Administrator accounts can be hidden with configuration parameter “security.hide_administrators”
  • N°4095: Add one time password user, which can only connect once into iTop
  • N°4036: An iTop user with a contact and Allowed organizations, must be allowed on his contact's organization. No-one can disable his own user, nor remove contact from its user, nor remove the profile which allow him to edit users, nor add a profile which would prevent him from editing users (such as 'Portal User' which deny access to the Console).
  • N°2699: Profile SynchroData Manager can see SynchroReplica
  • N°2713: Allow read access to synchro errors for non-administrator users
  • N°2330: Upgrade minimum PHP/MySQL version supported/required for iTop
  • N°3253: Disallow setup if PHP version not compatible
  • N°4332: include multi-LDAP into iTop Community
  • N°2527: Add Hierarchy key restoration as a DBTools
  • N°3625: Remove n:n classes from the “quick create” autocomplete based on the “is_link” tag of the XML
  • N°3575: Add curl as optional PHP module (required for Impact analyses)
  • N°3724: synchro_exec.php : now outputs the processed datasource

Customization

  • N°3185: Datamodel adds compact logo in branding
  • N°3182: Datamodel allows to redefine MenuGroup icons
  • N°3203: Datamodel: Add semantic for image & state attributes
  • N°2677: Datamodel: Add style definition for class & enum
  • N°3018: Add possibility for an object to have a specific image instead of the generic class icon
  • N°3822: Allow caselog ordering within datamodel XML
  • N°3245: Trigger OnObjectUpdate filters objects after their update
  • N°3217: Change iTop internal modules, add: itop-structure, itop-bridge-cmdb-tickets, itop-faq-light, itop-knownerror-light, remove: itop-knownerror-mgmt
  • N°2370: remove MySQL views in iTop, moved to an extension

UI

  • N°1447: Setup screens have fixed height, so the Next button remains under user's mouse
  • N°3722: Hide field description tooltip if it has the same content as field label
  • N°4336: When a tooltip of an action is identical to the label, do not display the tooltip (on console).
  • N°4078: Display in console object details, for custom shortcut actions, the icon (without label) if there is an icon specified.
  • N°4178: Stay on the same page when logging again from the “Login again” prompt
  • N°4082: Update German translations thanks to Itomig
  • N°3640: Update Spanish translations thanks to Miguel Turrubiates
  • N°3887: Max. number of displayed results now uses the 'max_autocomplete_results' configuration parameter.
  • N°3620: Add config. parameter “quick_create.show_history”
  • N°3621: Add config. parameter to disable “global search” history
  • N°3649: Add config. parameters: activity_panel.lock_watcher_period & activity_panel.entry_form_opened_by_default
  • N°3662: Add config. parameter to choose OneWayPassword hash algorithm
  • N°3894: Add config. parameter “activity_panel.prefilter_only_current_log”
  • N°3896: Add CKeditor icon for enhance WikiText URLs syntax, in console only.
  • N°3936: Add user preference to choose backoffice theme + “user_preferences.allow_backoffice_theme_override” config. param. to disable it
Bug fixes
  • N°1964: Fix: Focus stays on current tab when switching to edit mode
  • N°2560: Ignore double form submission, remove error “invalid stimuli in current state”
  • N°4050: Fix: When adding only an inline image to the caselog, the notification is triggered
  • N°331: Fix sort order of list during auto reloading in dashlet and menu
  • N°891: Make Ticket printing independent of browser
  • N°3821: UserRequest:OnInsert in full ITIL call the parent's method
  • N°3325: new version of CKEditor to fix display bugs
  • N°2950: Fix syntax highlighting (CKEditor) not working on AttributeHTML
  • N°3810: Avoid syntax highlighting that shouldn't take place
  • N°2534: Fix dashboard autorefresh to keep filtering on organizations
  • N°1634: List with “Autorefresh”, sum of items refreshed after object deletion
  • N°2511: Fix display of class with 2 dashboard attributes
  • N°3290: Fix attachments filename headers when downloading
  • N°3785: Fix corrupted attribute file on download
  • N°3166: Fix crashes if a “name” expression contains a quote
  • N°2946: Fix name displayed for field from a foreign class
  • N°2870: Portal: Fix “Notice: Undefined index: UI:PropertiesTab” on object form
  • N°2841: Prevent user deletion with not enough rights
  • N°2326: Zoom > 100% - tabs in second row not properly aligned
  • N°2251: Fix truncated tooltips
  • N°2225: Fix tooltips containing a quote
  • N°1397: Tooltip on Datasynchro no more truncated
  • N°2127: Fix field content overlapping outside of the object details
  • N°2788: Fix HTML fields/caselogs content overlapping with a big table or unbreakable word
  • N°3267: Webservices: Fix optional headers not being taken into account
  • N°3171: Friendly name and obsolescence flag now refreshed
  • N°4131: Always use the same dialog for this message instead of creating a new one every time we detect the user is logged off.
  • N°1056: Look: empty field not as high as others in object details
  • N°1505: Fix “Paste” button in iTop Ckeditor not working in all browsers
  • N°1745: Prevent malformed caselog entries from breaking activity panel
  • N°2007: Portal: Tooltips that do not contain text (empty tooltips) are no longer display on BrowseBrick items.
  • N°2852: Fix autocomplete selector error when selecting an object containing special characters
  • N°3680: Advanced search: Fix string criterion contains '0' returning all results
  • N°3944: Prevent a PHP “notice” when the log level is configured per-channel, but not all channels are listed in the config.
  • N°3987: Fix circular reference failures when creating Configuration items.
  • N°4029: Fix caching images in Chrome
  • N°4079: Typo in french dictionary on lnkApplicationSolutionToBusinessProcess
  • N°4105: Fix decimal number being truncated in GroupBy dashlet
  • N°4132: Look: Fix sizes being displayed as bits instead of bytes in Setup
  • N°4327: Fix JS “ReferenceError” in Application Upgrade
  • N°4385: Fix DBObject→GetRelatedObjectsUp behavior
  • N°4173: Reduce AttributeBlob memory footprint
Security
  • N°4362: Security: CVE-2021-41162
  • N°4129: Security: HTTP header “Content-Security-Policy: sandbox;” is send when displaying an AttributeFile directly in a browser's tab.This can be removed with “security.disable_inline_documents_sandbox” config. parameter.
Modernizations

Those changes can have an impact on extension developers:

Enhancements
  • MetaModel::GetStateAttributeCode($sClass) now returns the state code of class with states but no transition (eg. Person, Organization, PhysicalDevice, …)
  • N°3735: New method AddValue on DBObject for ITSM Designer users
  • N°3721: Toolkit: Restore previous behavior on “iTop update”: Delete all env-production folder
  • N°3657: Replace deprecate calls to jQuery event listeners (eg. ”.click“, ”.bind“, …)
  • N°3184: Upgrade JQuery UI (iTop 3.0)
  • N°2956: Upgrade jQuery to v3.5.1
  • N°3199: Add dependencies management system for JS/CSS
  • N°3010: IE11 not supported anymore
  • N°3009: PHP Minimum version raised to 7.1
  • N°2969: Add support for dictionaries folder in modules
  • N°2957: PHP namespace management through XML
  • N°2899: Setup: Add mbstring as mandatory PHP extension
  • N°2214: Add a PHP version check in CLI PHP scripts
  • N°2284: Replace JQuery Autocompleter plugin by JQuery UI Autocomplete widget
  • N°3811: UI.php : log stacktrace with debug level
  • N°2986: Reintegrate application menus from “welcome itil” into application
  • N°2738: Remove unused dict keys
  • N°2286: Remove usages of js/jquery.layout.js lib.
  • N°2737: Migrate table to DataTables plugin to be iso with the end-users portal
  • N°2766: Optimize columns load when using REST/JSON API core/get
  • N°2999: Optimize OQL
  • N°3123: Update the list of required PHP extensions
  • N°3154: Sample data Contacts : integrate new Combodo employees
  • N°3215: Internal: Refactor renderer files to be part of the autoloader instead of being load manually
  • N°3216: Internal: Refactor form files to part of the autoloader instead of being load manually
  • N°3231: Allow browser access to static resources files in the /lib folder
  • N°3251: Internal : Automated tests + refactoring for robustness of the code against SQL injection
  • N°3389: Change XML version from 1.7 to 3.0. From now on, the XML version will be aligned with iTop core version
  • N°3588: SCSS included/cascaded are used in compilation, on top of those declared in XML.
  • N°3663: Move exceptions to the same directory
  • N°3731: Add log of calls to deprecated files / PHP methods
  • N°3828: Remove MPDF coupling from iTop code
  • N°4024: Protect \iApplicationUIExtension::EnumAllowedActions uses
  • N°4158: New developer_mode.enabled config parameter
  • N°4246: MetaModel::GetPrerequisiteAttributes now provides $sClass parameter when calling AttributeDefinition::GetPrerequisiteAttributes() method
  • N°1047: “iTop” occurences in the dictionnaries have been replaced with the ITOP_APPLICATION_SHORT constant
  • N°3433: Remove useless data in DataModel when itop-portal is not present
  • N°3349: Clean references to the old Flash resources
  • N°3379: Introduce more modern tooltip lib. in the backoffice
  • N°4092: New data/.compilation-symlinks compilation flag and setup option
  • N°4155: Add ability to modify the content of MenuBlocks from outside the class
  • N°3617: Use user pref instead of localStorage for collapsible elements state saving
Deprecations
  • N°2393: Font Awesome remove v4 compatibility
  • N°2573: Remove MetaModel::GetNextKey et CMDBSource::GetNextInsertId
  • N°2548: Remove deprecated \DBObject::GetRelationQueries
  • N°2440: API : remove CMDBSource::GetNextInsertId
  • N°2591: API : deprecate \CMDBObject::CheckUserRights
  • N°2522: API : Deprecate SetupPage:log*
  • N°2372: API : remove \MetaModel::EnumLinksClasses and \MetaModel::EnumLinkingClasses
  • N°2362: API : remove DBInsertTracked / DBUpdateTracked
  • N°3792: Deprecate “buttons_position” configuration paramter
  • N°852: Cleanup: remove deprecated impact analysis algorithm
  • N°3748: Deprecation: old tooltip libs in the backoffice and the portal
  • N°3233: Remove “display template” feature from MetaModel
  • N°4176: Portal: Deprecate “AddParameterToUrl” function

2.7.6

Product specific

  • N°1719: ITSM Designer connector : add global check for parameters
  • N°4163: Fix: “undefined index: display_condition” notice when displaying UserRequest after upgrading this extension to v2.2.0
  • N°3941: Remove gregwar/captcha demo files
  • Spanish and German translation

iTop standard

  • N°4486: Fix DataSynchro replica errors due to CMDBChange not found
  • N°4213: EnumSet can be displayed in read mode in user portal
  • N°2510: Fix expand Log entry in list view in console
  • N°4463: Enable trigger even on objects that the user cannot see
  • N°3635: Update spanish translations thanks to Miguel Turrubiates
Robustness
  • N°4399: Fix memory error on setup when lots of attachments in DB
  • N°4335: Fix export crashing on PHP < 7.0
  • N°4298: Fix .maintenance file isn't removed anymore by setup
  • N°4286: Can download again backup at the end of the setup
Supportability
  • N°4162: Portal exception page : restore exception message
  • N°4202: Setup memory_limit check : clearer message
  • N°4126: Improve `max_allowed_packet` checks messages
  • N°4125: When apcu cache does not return what is expected, an error is added to the error_log in a dedicated channel. The cache is not emptied, the error is user visible on purpose as the administrator must fix the wrong APCU version.
Security
  • N°4231: CVE-2021-32610 Update pear/archive_tar lib to 1.4.14
  • N°4289: CVE-2021-41245 : CSRF tokens aren't locked to one session
  • N°4304: Can browse all of the server InlineImage
  • N°4356: Portal : attachment downloads are opened in the browser
  • N°4359: Dashboard export : can load multiple files and URL
  • N°4360: XSS by uploading malicious SVG file as user portal profile picture
  • N°4363: RCSS in ajax.render.php?operation=save_dashboard
  • N°4365: RCSS in the dashboard editor
  • N°4367: RCSS in /pages/ajax.render.php?operation=objectSearchForm
  • N°4384: CVE-2022-24780 - “Twig content not allowed” error when use the extkey widget search icon in the user portal
  • N°4414: Security issue with Database Error
  • N°4478: Update dataTables lib. to 1.11.3 in iTop 2.7
  • N°4491: XSS in “Header with statistics” dashlet
  • N°4492: XSS in Advanced search locked criteria
  • N°4493: XSS in tagset spreadsheet export
  • N°4495: XSS in Advanced search external key criteria
  • N°4499: XSS in export-v2 on OQL error
  • N°4501: XSS in attachment list on uploader name

2.7.5

Product specific

  • Mail to Ticket Automation
    • Enable moving emails to another folder after processing with IMAP protocol
    • Add a retention period on mail replicas, to avoid Ticket duplication on connection lost
  • Customized Request Form: conditional template field displayed based on another field value
  • User Action Configurator: fix duplication of last public log entry when cloning caselogs
  • Fix UserRequest TTO/TTR wrong translations introduced in 2.7.2
  • Brute Force Protection can be disabled with a module parameter
  • Avoid calling Recaptcha Google API when Recaptcha isn't enabled
  • Fix the display of Survey with a lot of data and css issue
  • Align MTP log level to setup log level
  • 2.7.5-2 : Fix Fatal Error when the UserRequest:RequestsDispatchedToMyTeams menu is removed

iTop standard

  • 2.7.5-2 : Fix setup wizard when DB connection is using TLS
  • 2.7.5-1 : Community release. Fix Empty Managed Brick generating an Oups!.

Only 2.7.5-1 was published to the Community

Robustness

  • Increase nb of supported UNION in OQL query from ~40 to more than 450
  • Add ability to skip the rebuild of hierarchical key during setup
  • An echo command present in the code, has been removed.
  • Loader is now displayed immediately before building the items for the tree/mosaic modes, to ensure it is displayed.
  • Fix mutex being silently released after connection timeout, it's no more released.
  • During setup, separate “modify fields” and “create index” in db request.
  • Add \utils::SetMinMemoryLimit
  • Portal database transaction removed.
  • Portal: fix the Notice “Undefined index: max_display_limit” (bug introduced in 2.7.1)

Supportability

  • Specific traces added (option) on cmdbsource log channel. UserId added in the error.log file.
  • New error messages added in case of failure of object creation or update“
  • Add test if ajax call is canceled
  • Portal : fix modification of field in order to hide another one
  • Better formatting of the details and reports (1 line requests)
  • Add new logs for object lists in portal (debug level, 'portal' channel)
  • List order : add a log when data are invalid

Security

  • CVE-2021-32664 - Reflected XSS with Administrator credentials]]
  • Update pear/archive_tar lib to 1.4.13
  • The file index.php is now protected with a token that prevent accessing the setup in an uncontrolled way.
  • Mask the Password database in the setup process
  • Prevent the mysql password to appear on misconfigured servers

2.7.4

Product specific

  • Fix upgrade issue with request template field values using a multi-bytes caracter on the 255th position (Customized Request Form)
  • Fix approvers not being able to download attachments, on Requests they had to approve in Portal (Approval Process Automation)
  • Add missing translations on cron tab of the System information menu (Log Management)
  • Fix 2.7.2 regression impacting users of Mail To Ticket Automation version 2.3.0, keeping mails in the mailbox after iTop processing (Mail To Ticket Automation)
  • 2.7.4-2 Portal: Loader icon is displayed in tree/mosaic modes, visible with large amount of data (fixed in 2.7.3-2)
  • 2.7.4-1 Portal: fix the Notice “Undefined index: max_display_limit” (fixed in 2.7.3-1)

Reverse Proxy

  • Products only: explicit message in case of misconfigured proxies for ITSM Designer connection.
  • Fix improper redirection to the homepage when iTop is behind a reverse proxy:
  • app_root_url: now handle reverse proxies during the setup and preserve existing configuration during an upgrade,

Setup & performance

  • Setup: Prevent usage of “Application upgrade” if a file integrity problem is detected
  • Setup: support for 'auto_select' and extension.xml has been fixed,
  • Setup performance: clean orphan CMDBChange records limited to 100K,
  • Setup performance: orphan attachments deletion is limited to 30s max,
  • Garbage collection of used transaction id, done less often (new config parameter: transactions_gc_threshold)

Misc

  • Restore Portal headers labels on CSV export (regression introduced in 2.7.2)
  • Support parenthesis in enumeration codes,
  • OQL: Fix join on another class than the corresponding external key target,
  • OQL: Fix count on union with conditions on multi-column attributes,
  • Customization: Fix HTML displayed in Login window
  • Dictionary: missing translation when initial_state_path is used
  • Dictionary: missing translation for background tasks status and errors on asynchronous tasks

Security

  • Security: fix validation of CSRF token in the portal
  • Security: fix command injection vulnerability in the Setup Wizard
  • Security: Fixed a bug preventing deletion of used token on windows servers,
  • Security on “group by” dashlets : access right is controlled and password attributes are not usable

2.7.3

Product specific

  • Fix crash when loggin with a admin user in admin only mode (Brute Force Protection)
  • Restore REST comment field used as author of the history change (Brute Force Protection)
  • Restore support of text longer than 255 car in template field value (Customized Request Form)
  • Restore display of bypassing user in the Approval status tab (Approval Process Automation)
  • 2.7.3-1 Portal: fix the Notice “Undefined index: max_display_limit” (bug introduced in 2.7.1)

Regressions fixes

  • Restore support of :current_contact→code in OQL queries (bug introduced in 2.7.2)
  • Restore preview of Document file (bug introduced in 2.7.2)
  • Restore UI behavior: first tab is selected when mandatory field is missing (bug introduced in 2.7.0)
  • Fix setup with Chrome v87 (bug generated by a Chrome upgrade)
  • Fix modal created without an ID in the Portal (bug introduced in 2.7.0)
  • Fix crash when login on with a admin user in admin only mode

2.7.2

Product specific

  • Menu “System information”: new cron tab with Background Tasks information.
  • DB Tools: New CLI command env-production/combodo-db-tools/bin/report.php for offline report. The latest report generated is accessible using the menu “Log management” even in case of connection timeout.
  • Brute Force Protection do not write anymore into the database when iTop is read-only.
  • Approval - approval URL for iTop users direct them again to iTop Portal instead of non-authenticated page
  • Mail to ticket automation: Fix PHP Notice: Undefined variable: index in logs
  • 2.7.2-1 Fix 2.7.2 regression: console exports failing with “missing token” error.

New behaviors

  • Enable CSV import of iTop Users by non admin users (as long as they are allowed by Admin Tools Delegation)
  • Background task: fix issue with tasks not always executed (Notify on Expiration for eg.)
  • Add Trigger information to the error log when an Action fails
  • Fix creation of objects containing AttributeImage on PHP 7.4 with warnings activated
  • Avoid PHP notices on DBObject core code, during transitions
  • PHP notice has been removed when creating a new FULLTEXT index in the database (TagSet attribute)
  • Removed default admin phone number which was invalid for mysql in strict mode
  • Changing Color of Brick Search on Portail with extension Custom is now easier
  • Fix alias problem in portal scopes. Warning: If you have duplicate itop-portal-base, BrowseBrickController.php code must be updated, cf commit on Git.

Translations

  • Fixes two typos in German translations
  • Fix spelling typo on iTop welcome page
  • Spelling mistakes fixed
  • Fix use of application constants in Dutch translations

Security fixes

  • Fix session fixation issue - CVE-2020-15220
  • Sanitize breadcrumb entries - CVE-2020-15221
  • Don't display error details (error details remain logged) - CVE-2020-15219
  • HTTP headers have been added - CVE-2020-15218
  • Better control of the transaction_id parameter - CVE-2020-16842
  • Portal user could export more datas than his portal scope (CVE-2020-4079)
  • Hide MySQL Password from error.log in case of MySQL connection error

Regressions fixes

  • import csv : Fix display, previousely showning confusing html tags
  • Fixed OQL: Fix malformed UNION queries in portal scopes
  • Fix standard Global Search feature which was only searching on last word
  • Fix bug on mass update: blocking message “Please wait while updating fields”
  • Fix regression in notification when using placeholder like $current_user→attribute_code$
  • Fix internal regexp no more compatible starting from PHP 7.3
  • Restore log KPI calls in Portal
  • Fix notifications on threshold not sent when trigger is created on iTop 2.7.1
  • Portal: fix incompatibility between ignore_silo=true and nested query in scopes
  • Portal: Multi-word search has been fixed for ManageBrick in lazy mode.
  • Portal Filters is now executed on visible values and not on html code of cells
  • Fix empty tabs being displayed (misuse of the API or user rights)
  • Fix rendering of an ExternalField on a Text with XML content
  • Configure this list : missing sort icon, replaced by fontawesome character
  • Fix backup download: Stop capturing output before sending backup file (avoid memory problem)
  • Fix corrupted backups when a file has a size which is a multiple of 512 bytes
  • Dashlet: fix invalid filter parameter, when using & (ampersand) in the query
  • Fix cron.php creating a new CMDBChange for every BackgroundProcess
  • Login screen support HTML for dictionary entry: 'UI:Login:About'
  • DataModel - LifeCycle visualization: fix open and close buttons no more working
  • Fix wrong count of related objects due to Obsolete & Archived
  • Fix variable evaluation in ListExpression to avoid double parenthesis.

2.7.1

Product specific

  • Approval by contact with user disabled, now receive an approval URL which does not require to log in anymore.
  • Fix Recurring PHP Notice of Brute Force Protection “Undefined index: login_temp_auth_user”
  • Emails coming from outlook. Unwanted line breaks no more added when editing the ticket.
  • fix forward on error not done if exception occurs during mail processing + log error in the mailbox debug log
  • When a coverage window doesn't have any interval, we consider that it's 24/7.
  • Fix 2.7.0 regression, preventing sending new attachments in email replies

New behaviors

  • Portal: Total count on Managed Brick is now accurate even when objects are in multiple tabs.
  • An attribute File can now be emptied by the user.
  • Auto-complete on external key takes into account obsolescence user preference
  • Search on Text containing “_” now possible without being used as a wildcard.
  • End user Wiki explains how to search for ”%“ character using “\%”, otherwise ”%“ matches any string
  • Dashlet Header statistic on ExternalKey, now displays friendlynames and no more ids
  • All Dashlet Title uses now Left alignment.
  • “Configure this list” shows obsolete data only if required by user preferences.
  • Providing an empty file as attachment is no more allowed (it was crashing iTop)
  • Improve user feedback on invalid transition: Silent or simple warning -yellow banner-, rather than error. A double click on a transition, or a browser back and force, no more generates any fatal error.
  • Limit searchable classes in a tree, to those allowed to the user, in a SearchMenuNode
  • Files integrity is controlled in the first screen of “Application upgrade” and a warning is displayed when the install is not conform
  • Align creation and update message on portal to console message
  • Allow to set return-path with \EMail::AddToHeader

Bug fixes

  • Fix “cron” case in labels
  • Fix Export of html fields such as in Notification Actions
  • Portal : autocomplete keep selected value and use 'max_display_limit' instead of 'max_combo_length'.
  • Prevent object form submission while a filter on depending field is under computation (to prevent saving of incoherent object)
  • Fix search on external key, when using the magnifier and a filter in the pop-up
  • Export of EventIssue object is now possible
  • History of AttributeEncryptedString no more interprets HTML tags
  • Fix OQL scopes generating malformed SQL query (corner case with UNION)
  • Add TLs Options on database restore command
  • Add mbstring as optional extension in setup
  • Fix infinite loops when logging with a Contact having a non empty TagSet field
  • Copy characters after a ”<“ character in a Copy operation on a Transition
  • dbClick to exit the “description” field when creating an incident on the portal
  • Fatal errors now log into error.log instead of setup.log

Developper

  • Backoffice theme: Add variable for menu group background color
  • ApplyStimulus: Rollback the object values when an action fails
  • GetAttributeFlag taken into account on form refresh with dependent field
  • Fix: GetTrackOrigin() now returns 'csv-interactive' value during csvimport
  • Fix error in file light-gray.scss
  • Clearer messages when an object update fails

Login

  • Provisioning for hybrid auth fails
  • Fix “Undefined index: login_mode” Notice
  • Added support for REDIRECT_HTTP_AUTHORIZATION in basic authentication.

Security Fixes

  • CVE-2020-12777
  • CVE-2020-12778
  • CVE-2020-12779
  • CVE-2020-12780
  • CVE-2020-12781

Compatibility IE11

  • Third dashlet added in the same dashboard cell under IE was crashing
  • Portal Filter Brick input was ignored under IE11
  • Applying a transition no more ends with blank page under IE

Fix regressions

  • Portal can again display more 10 attachments
  • OQL syntax error displayed in place of the widget (no more fatal error)
  • Fix syntax error with PHP 5.6 and TCPDF 6.3.4
  • Fix missing fulltext index for all AttributeSet on table creation (i.e. install from scratch) and update (migration).
  • Fix setup crash when having enum with values containing parenthesis
  • Fix filtering of unions with parent class
  • Fix backup not executed anymore
  • The AttributeDefinition::IsSearchable() method has been fixed to check complex attributes like External Fields.
  • Fix unsaved dashlet added on a dashboard
  • Fix alias renaming when already exists in one OQL of an UNION
  • “Printer Friendly Version” screen: Tabs now display labels instead of codes
  • Fix deletion of a single replica within a list

2.7.0

Product specific

  • Approval : from and reply_to are no set per action, and prefilled by the corresponding module parameters
  • Fix calendar view not working if scope containing a “:this→xxx” returned no result
  • Add german dictionnary for Customer Survey
  • Enable OQL query on Request Templates values
  • Request Template: add Field history, menus displayed even with a single organization, French class name
  • Template field generation script now handle correctly deleted request templates
  • DBTools moves from the “Admin tools” to the new “iTop integrity” menu
  • Block MTT and MTP for iTop with ITSM Designer module, when modules are present in /extensions/ directory
  • Check integrity is now skipped on MTT and optional (but checked by default) on MTP
  • Add default search criterion on PrecannedReply, CoverageWindow and CoverageWindowInterval
  • Make EnhancedSLAComputation::GetDeadline and GetOpenDuration more generic
  • 2.7.0-2: Fix regressions introduced by 2.7.0:
    • Fix: RenameAlias: alias 'L-1-1' already used in one OQL of an UNION
    • Fix: Dashlet added on a dashboard are gone when coming back to the dashboard
    • Fix: Provisioning for hybrid auth fails, fixed by changing the Tracked Origin
    • Fix: Can't send attachment added before saving using “Send updates by email”
    • Fix: Global Search doesn't search in external fields
    • Fix: Backup triggered by cron were not executed anymore
  • 2.7.0-1: Fix regressions introduced by 2.7.0:
    • Fix: iTop not working with MYSQL 5.6
    • Fix: Fix DataModel Viewer not supporting special chars in class name (eg. ”)

New behaviors

  • During Setup, Move to production, Hub installation… iTop is set in ACCESS_READONLY
  • After Setup, the configuration parameter access_mode is set to ACCESS_FULL
  • Debug OQL for search is accessible directly for the administrators
  • Replaced first name by last name in default person list view
  • Don't display organization name in menu bar if it's the only one
  • Prevent trigger creation without friendlyname
  • Add applicable contexts on Trigger
  • Track field Comment in core/delete - API REST

Authentication & security

  • Authentication extensibility: Allow login, logoff screens customization through an extension
  • Security extensibility: Add hooks for iTop login security hardening
  • Security extensibility: New fields on UserLocal for an extension to handle password expiration
  • Security: Add a user password complexity constrains on new users and password change
  • Security: Every OQL selected classes are checked against allowed organizations.
  • Security: Fix issue with user creation by a non administrator
  • Security: Prevent search to retrieve users belonging to not allowed Org
  • Security: Global search now ignore fields of type “AttributePassword”
  • Security: Prevent Password Autocomplete in Browser. But most browsers ignore this tag.
  • Security: Restrict access to assets into env-*, extensions and datamodels
  • Security: config.php access rights have been forced to 0440 in creation instead of 0444.
  • Security: Fix CVE-2019-19821
  • Password policy: change password page: add feedback during the password typing
  • Password policy: Enable password expiry

Look & Feel

  • Markup extensibility: Add meta informations and hooks
  • Markup extensibility: Introduce custom themes for iTop's console
  • Markup extensibility: Add markup hooks on BrowseBrick and ManageBrick tables
  • Markup extensibility: Add support for both code AND title in admin. console tabs
  • Markup extensibility: Add password attributes to exclude list in metadata
  • Markup extensibility: Rework some SCSS variables
  • Markup extensibility: Add one additional theme for the backoffice, for test instances
  • Change breadcrumb icons color to black instead of Combodo's orange
  • Fix style for input's feedback on “change password” page
  • Login page : add autofocus attribute to the id field
  • Attachments: Update MS Office and OpenOffice file icons with more modern versions

OQL & ORM

  • OQL: Supports nested queries such as: SELECT Team WHERE id NOT IN (SELECT…)
  • OQL: Supports: ISNULL(NULL) OR (`ServiceSubcategory`.`request_type` = NULL)
  • OQL: Enhance performance of Count() by ignoring external keys
  • OQL: Improve OQL performance
  • OQL: Optimize generation of SQL from OQL, removing useless JOIN.
  • OQL: Spread the finalclass column on all the DB tables except finalclass table it-self. Migration done automatically at Setup.
  • OQL: Transactions added to fix deadlock during concurrent access and guarantee Database integrity
  • OQL: Transactions used for creation of object with class hierarchy, as it generate entries in multiple tables.
  • OQL: Export DBSearch to JSON (for a future OQL graphical editor)
  • ORM: Allow to force a WebPageMenu to open its url in a new window
  • ORM: Access to object modifications in \iApplicationObjectExtension::OnDBUpdate and in \DBObject::AfterUpdate
  • ORM: Delegate definition of the ticket reference format to each sub-classes
  • ORM: Change visibility of \DBObject::GetReferencingObjects internal method from public to protected
  • Allow params “limit” and “page” in REST-API (Dennis Lassiter)
  • Updated wiki for \DBBackup::CreateZip removal

Portal

  • Portal: Show confirmation dialog when closing forms with unsaved data
  • Portal: Add an icon to copy object name and url next to the form title
  • Portal: Add support for abstract classes creation in browse brick
  • Portal: Add support for columns sorting in ManageBrick's “lazy” mode
  • Portal: Hide silently sub-bricks not allowed to the user, when displaying an Aggregate Brick .
  • Portal: External keys in form allow to open the associated object if user scopes allows it.
  • Portal: Introduce navigation rules in Portal, to specify where to go on closing a form
  • Portal: action_rules query without filter will now throw an exception
  • Portal: Add option to display ManageBrick's current tab description as the brick subtitle.
  • Portal: Every brick can display a subtitle if they populate the sBrickSubtitle variable in the template.
  • Portal: Add option to show/hide linkedsets out of user's scopes in portal
  • Portal: Add parameter to set default list length in ManageBrick and BrowseBrick
  • Portal: Allow n:n links for Browse Brick's levels
  • Portal: Browse brick actions are now ordered following a rank tag
  • Portal: Filter linkedsets on remote object scopes
  • Portal: Form submission do NOT include hidden fields anymore, unless they have a dependency to an editable field.
  • Portal: Enable use of a dedicated end-users portal without having to install the standard portal
  • Portal: Make portal denial based on user profiles work again
  • Portal: Manage and Browse brick filters apply on subclasses fields in lazy mode
  • Portal: Migrate end-users portal framework from Silex to Symfony 3.4 🚀 .
  • Portal: Fix filter on external key when coming from filter brick
  • Portal: Increase navigation rules checks robustness
  • Portal: Display attachments count in section title, updated on each add/delete
  • Portal: Fix origin modal not closing when switching to editing of an object
  • Portal: Better display of success messages on form validation
  • Portal: Support for AttributeEnumSet
  • Improve modal backdrop UX
  • Introduce “CombodoPortalToolbox”, helpers to ease JS manipulations especially through the iPopupMenuExtension
  • Increase blur effect on portal modal backdrop
  • Warning: Remove legacy end-user portal
  • Warning: All your portal extensions needs to be migrated, see migration notes

Setup & system

  • Setup: New feature to allow micro versions update, as long as the module list does not change.
  • Setup: New file .maintenance in data directory to prevent iTop or cron to interfer with an application upgrade
  • Setup: hide table prefix option by default.
  • Setup: php-gd is now mandatory on setup
  • Setup: Remove useless alter table queries generated by setup & Toolkit on MariaDB >= 10.2
  • Setup: Add real autoloader for framework files in /core and /application
  • Setup: iTop classes are now loaded with an autoloader
  • Supportability: Maintenance mode (Better setup, CRON, REST and export message)
  • Backup: archive creation errors are now displayed
  • Backup during Setup are stored in data/backups/manual/setup-YYYY-MM-DD-HH-mm.tar.gz (thanks to Hipska - PR #61)
  • System: Change cron.cmd to use arguments instead of fixed paths
  • System: Generic method to check path validity
  • System: New log level “debug” and logs filterable
  • System: PHP dependencies managed by a composer.json

User interface

  • UI: Reorganize admin console menus
  • UI: Attachments are displayed as table with their meta data
  • UI: Add code snippets with syntax highlighting to CaseLog/HTML fields
  • UI: Autocomplete: Harmonize accents handling for better robustness
  • UI: New DroidSansFallback font and 'export_pdf_font' config param for PDF export
  • UI: Trigger description is now required because it is used as friendlyname
  • UI: Center tag is back in default sanitizer white list

Code upgrade

  • Upgrade Archive_Tar lib from 1.4.4 custom to 1.4.7
  • Upgrade bootstrap to v3.4.1
  • Upgrade CKEditor to v4.11.4
  • Upgrade Font Awesome from v4 to v5.12.0
  • Upgrade jQuery to v3.4.1
  • Upgrade ScssPHP to v1.0.6
  • Upgrade SwiftMailer to v5.4.12
  • Upgrade ArchiveTar to v1.4.9

Misc

  • Update cron.cmd to have better defaults and remove references to old php version
  • Make setup backup location and name similar as other backups (Thomas Casteleyn)
  • Add status.php for getting iTop's status (Guy Couronné)
  • Add support to optionally mention username in password reset mail (Thomas Casteleyn)
  • Make ticket reference generation working with new sub-classes
  • Add KPI on API Rest (Guy Couronné)
  • Only set Ticket ref if not yet present via import or synchro (Thomas Casteleyn)
  • Move expression cache files in a dedicated directory
  • Add bootstrap.inc.php
  • Handle nested transactions
  • apc_clear_cache & opcache_reset are both called when resetting the cache
  • Integrate database integrity module

Translations

  • NL Dictionaries and messages (Thomas Casteleyn)
  • CN @purplegrape
  • SK Martin Kincel
  • Chinese translations
  • Spanish translations

Bug fixes

  • UI: Fix blank page when displaying a synchronized object. Simple quote not escaped before giving content to qTip lib.
  • UI: Fix dashlet edition due to duplicate ids of dashlets, by renumbering them when building in iTop pages.
  • UI: Fix 'G', 'd', 'j' DateTime format in regexp generation
  • UI: Fix GroupBy dashlet on classes with ExternalField to ExternalField
  • UI: Fix missing scroll bar in DataModel Viewer for class with large number of attributs
  • UI: Fix missing scroll bar missing in modal window “Create a new field” from Request Template
  • UI: Fix non editable dashboard when wrong attribute code used in its definition
  • UI: Fix regression on mandatory external field with only 1 possible value
  • UI: Fix regression when creating ticket in “resolved” with lnk objects
  • UI: Fix search equals 0 for integer
  • UI: Fix truncated caselog entry with large HTML table or word
  • Portal: Fix column sorting on date attributes (eg. french format)
  • Portal: Fix crash in object form having empty AttributeBlob field
  • Portal: Fix crash when having comments in some parts of the XML
  • Portal: Fix error on form submit “Attempting to set the value on the read-only attribute”
  • Portal: Fix hyperlink placeholder not working in notifications for other portals
  • Portal: Fix list tabs and on charts click when a Manage brick has a chart as default display mode
  • Portal: Fix missing scrollbar in tall form modals
  • Portal: Fix wrong “apply stimulus” form being used in a branch of classes
  • Portal: Correctly display external fields targeting an enum field
  • Setup: Fix MySQL8 incompatibilities in setup and backup
  • Setup: Fix setup crash when class has an empty zlist tag
  • Setup: fix typo in warning due to non-matching products.
  • Setup: Fix graphiz detection feedback message on Windows systems
  • Setup: Fix extremely slow page load for first user after setup
  • Setup: Fix MySQL TLS wiki URL
  • ORM: Fix “invalid numeric value” when inserting/updating AttributeDecimal
  • REST/JSON fix must_exists flag for remote object of indirect linkedset
  • Fix support of expressions (friendlyname) in different language contexts
  • Fix apc-emulation
  • Fix datepicker locale not set correctly for ZH CN and PT BR (@annProg)
  • Fix cron crash when MySQL connection lost (Thomas Casteleyn)
  • Fix images being too large in icon selector (dashboards and Designer)
  • Fix ticket ref uniqueness rule declaration (@jbostoen)
  • Fix count with Archive mode
  • Fix compiler crashing on setup due to comment in XML
  • Support Microsoft Outlook encoding of non breaking line in UTF-8
  • Fix DBSearch::Intersect (de-duplicate aliases)
  • Fix error when no cache is configured
  • Add more logs
  • Fix run_query error handling incompatible with PHP < 7.3.0
  • Fix some more PHP 7.4 incompatibilities
  • Fix AdminTools DataSynchro creation
  • Fix apply stimulus returning true when stimuli is not applicable
  • Fix ticket ref sometimes being a duplicate

Misc

  • Filterable logs using log_level_min optionally per channels
  • Improve unit tests
  • Security hardening
  • Change AttributeImage methods visibility to allow overrides
  • Setup wizard backup path : larger input widget
  • Many small UI improvements
  • autoload rework for application and core directories
  • Export a DBSearch as an array/JSON structure
  • Abstract implementation for iScheduledProcess
  • Add Alexandre, Anne-Catherine, Olivier, Marie-Annette and Dimitri to the sample data to welcome them! 👋

Deprecations

  • Remove Config deprecated GetDB…() methods
  • Deprecated stopwatch extensivity
  • Deprecated DBObject::DB*Tracked methods (DBInsertTracked, DBInsertTrackedNoReload, DBUpdateTracked, DBDeleteTracked)
  • Removed \DBObject::RegisterCallback
  • Removed DB Config getters and charset/collation config params
  • Removed DBBackup::CreateZip
  • ORM: Deprecate \MetaModel::EnumLinksClasses and \MetaModel::EnumLinkingClasses
  • ORM: Deprecate all Config::GetDB* methods, that need to be replaced by Config::Get() calls
  • ORM: MetaModel::GetNextKey($sClass) is now deprecated in favor of ItopCounter::IncClass($sClass)
  • FontAwesome: FontAwesome v4 is deprecated, use FontAwesome v5 CSS classes instead

2.6.2

  • 2.6.2-2: Fix request template values lost on userrequest edition
  • 2.6.2-1: Fix Backup failing with attachment above 24MB

New behaviors

  • Search form prefill can be used when adding objects to 1:n relationship (only n:n before)
  • Enable notification placeholders to use server name in hyperlinks
  • TagSet code can now have just 3 characters instead of 4 minimum before
  • New IT translations for tickets classes
  • New PT-BR translations
  • Look & Feel: increase width of autocomplete drop-down list for readability
  • Manual backup
    • A temp file containing the password is created.
    • The access is limited to www-data user.
    • The file is removed just after the mysql dump

Bug fixes

  • Fix Portal links on documents to control them against user scope.
  • Fix warning in backups with MySQL 5.7.0 using TLS
  • Fixed iTopMutex not working when only MySQL TLS connection available
  • Fixed blinking of warning image on mandatory HTML field
  • Fix Bulk ticket assignment when only one team is in team list
  • Fix Bulk Modify : search result lost when sort on a new field
  • Fix regression: Link class attributes are correctly copied by Object Copier
  • Fix regression: Loose entered value in auto-complete selection on external key.
  • Fix regression: DataSynchro: deletion rules now applied when using synchro_exec.php
  • Fix regression: “invalid filter” error when refreshing “Requests assigned to me”
  • Fix regression: Console: browser freezes when adding related items on a tab, when having a lot of possible items
  • Fix regression: Stopwatch sub-items are now available as search criteria, timespent and overrun are searchable in seconds
  • Fix regression of CKeditor: image and table properties available even when HTML field is edited in a pop-up window.
  • Fix regression: missing dictionary entries for “Service families” menu of “Service Mgmt Provider” module

Auto Dispatch Ticket to a Team

  • When stimulus is not applicable, it logs an error but pursue silently.
  • Ignores inactive team rules when searching for team to dispatch.
  • No more log success in ticket's log when ticket is not dispatched due to no applicable team found.

Mail To Ticket Automation

  • Add the possibility to get any email in EML format for troubleshooting without format loss
  • Add an “Ignored” flag to avoid processing some emails which stops the mail processing
  • Fix Mail matches by subject pattern
  • Fix debug mode which could crash the background task
  • Handle signed emails with an “enveloped format”
  • Contacts in To/cc with the same email as processed inbox are not added to the ticket contact anymore
  • New warning when (MySQL) “max_allowed_packet” is under (config) “recommended_max_allowed_packet”
  • Control of the size when saving the eml in database to avoid “MySQL has gone away” error
  • Fix unwanted blank lines added when editing a ticket created from an outlook email.

Others Product specific

  • Enable 2 calendars in the same Dashboards
  • Fix regression: Object Copier copy n:n links coping values of links fields such as “role”
  • Fix regression: Object Copier copy_scalar now correctly copy lifecycle's state attribute
  • Fix regression: Customer Survey works even if Organization has no obsolescence.
  • Customized request form: supports mandatory field with a single value (list from CSV or OQL)
  • Fix regression: Customized request form display mandatory flag on mandatory fields
  • Designer: Fix file data/production.delta.prev.xml which was containing the current xml instead of the previous one
  • Add a warning when creating a Coverage Window without Intervals in the GUI

2.6.1

New behaviors

  • Default search criterion defined on the datamodel, are now displayed on top of any prefilled criteria.
  • API/REST: Core/Get supports pagination and limit
  • Backup will now logs using IssueLog, and the 'debug' config parameter is no longer used
  • Allow params “limit” and “page” in REST-API PR #25, code author Dennis Lassiter
  • PHP 7.3 Compatibility
  • External fields are now proposed for group-by dashlets
  • 'Schedule Backup' and 'Configuration' menus are no more available for “Admin Tools Manager” profile.
  • Datasynchro: “Full load interval” obsolete your objects after that delay (instead of immediately).
  • CSV import : can now create an object with value for field that is readonly in modification
  • Uniqueness rules: now supports rules defined on abstract class, with disabling on some children.

Bug fixes

  • CopyAttribute only copy attributes which are writable as ObjectCopier was already doing, to prevent fatal errors.
  • Fix performance issue on modification of object with a lot of relations.
  • Fixed: Text printed in white (on white) in some tables when exporting the impact analysis as a PDF.
  • If not found in the autocomplete cache, the search is done once in the database.
  • Fixed date conversion for linkset, when using custom date format
  • MetaEnum is computed at object creation time instead of being set to its default value.
  • “Group by” dashlet is no more clickable in edition
  • Setup: Fix issue when upgrading extension with an extension.xml file
  • Fix object modification locked when an n:n relation was locked by a DataSynchro
  • Fix lost of in-line images when copied from one iTop to another.
  • Fix issue with Send email which was not handling correctly the number of retries
  • On Windows: Warning during setup if database password contains % ! or “ as iTop backup will not work.
  • Fix: Tags not saved in case of error at form submission.
  • Backup will now logs using IssueLog, and the 'debug' config parameter is no longer used
  • Fix: changing Menu rights to “Admin only” was crashing.
  • Fix user rights control on applying Stimuli through URL.
  • Fix tar gz archive generation with files of size multiple of 1024 bytes
  • Fix query returning recent change on impact analysis, which was not limited to 72h
  • Fix reconciliation key issue in CSV Import of lnkCustomerContractToService with iTop in Service Management for Provider
  • BrowseBrick list pagination is now working even when filtered
  • Notification triggers on entering or leaving state, on abstract class accepts any state available on one of the children classes
  • Portal: Fix regression introduced in 2.5, better error message when user logged out
  • Portal: Fix message content in user profile when password edition is disabled
  • Portal: Wrong encoding of special chars like in dashlets (eg. “ö”, ”&“, …)
  • Fix 2.6.0 regression missing/empty error message when uploading too large attachment
  • Fix pagination issue for search with accent

Translations

  • Fix typos in EN (@jbostoen)
  • Improved CN
  • Improved RU
  • Improved DE (ITOMIG)
  • Add missing entries lost from 2.5.1
  • Improved FR

Security

  • Security hardenings for eg.
    • prevent malicious updates of config.php,
    • XSS and CSRF weakness in multiple places
    • Tag label are sanitized to avoid HTML injection

Product specific

  • Fix object-copier and stencil issues when copying linkedset
  • Fix dispatch rule not working for Tickets created by a user with silos
  • Fix Database maintenance tools → DB-Inconsitencies-Tab → Report → Analyse

Specific date format

  • Fix 2.5.0 regression in date format decoding in Request template
  • Fix Approval Notification with a Request Template with a date field and iTop configured with a specific date format
  • When Setting a date with object-copier or stencil use following syntax for the source date: $this→raw(attcode)$ or $trigger→raw(attcode)$

Customer Survey

  • Fix paging in survey's progress tab
  • Migrate code to XML to simplify customization
  • Add horizontal scrollbar to large survey
  • Fix survey preview/send compatibility with iTop 2.3+
  • Once a survey is finished, you now can't edit contact list or send them another notification for this survey

2.6.0

New features

  • New attribute: dashboard contextualized to the containing object
  • New attribute: tag set
  • Triggers on object update and object delete
  • Uniqueness rules on objects

Console

  • Fix regression on forget password feature
  • Fix regression on autocomplete and accents
  • UX: Better class and attribute selection in triggers
  • UX: Switch back and forth between a custom dashboard and the standard version
  • UX: ExternalField label standardized to key_name->label
  • Notifications: Fix incorrect use of 'from' field for test email
  • Search: Hide unknown external keys from the search criteria if previously defined in shortcut
  • Search: Fix searching a quote on a text
  • Export: Fix external attributes selection on export form
  • Export: Fix none drag-able columns in exports (Excel, CSV, …)
  • Export: Fix excel export when reconciliation key list is containing empty keys
  • Export: Fix XLSX export failing on PHP 7.1 on systems without ”/tmp“
  • Fix new empty caselog entry on bulk modification
  • Fix audit when a current organization is selected in the left menu
  • Fix auto-complete error when the friendlyname depends on other classes
  • Fix security message in the browser console (“Unsafe attempt to load URL data:image/svg+xml;utf8”)
  • Fix “Run Query” page hotkeys behavior in some configurations due to a wrong url
  • Fix ajax “request uri too long” message
  • Fix concurrent lock not released on failed transition
  • Fix dashboard edition when a bad OQL is present in dashlet 'Group By'
  • Fix integer validation in dashlet forms
  • Fix: stop historying differences on trailing 0s in decimals.
  • Fix TTR deadline if reassigned outside of coverage window
  • Fix blank Profile search on User creation with a single Organization
  • Fix non disappearing tooltip for mandatory HTML field
  • Fix edit of ExternalKey, when filter contains UNION
  • Fix lost of n:n relations during edit, when an error was displayed

Portal

  • Nicer display on background errors
  • date/time picker: first day of the week now based on user language
  • Security hardening
  • Fix wrong pictogram placement on email & tel attributes in the ManageBrick
  • Fix default image of image attributes in object forms
  • Fix “UTF-8 Characters Malformed” error when using Spanish language
  • Fix attachment preview during Ticket creation
  • Fix regression, icons not displayed in service catalog
  • Fix service catalog items not collapsed / expended as expected
  • Fix inline images being displayed too large sometimes in forms
  • Add HTML hooks in object forms to know object's class and ID (useful for CSS /JS hacks)

Customization

  • Portal: Add support for SCSS files through the PortalUIExtension API (only CSS were supported)
  • API: New method DBObject::SetIfNull() to set an attribute value only if it is not set
  • Fix MetaModel class not found when calling utils method

DataModel

  • New Dashboard Attribute on Organization class
  • Add Uniqueness rules on Model, Brand and Person classes.
  • New TagSet attribute and class FAQ
  • Search: Add default criteria for FAQ, FAQCategory & KnownError classes.
  • ResolveFrom method now set only unset mandatory Ticket attributes.
  • Show resolution_date in resolved problem details

Web services

  • Remove PHP notice on Ticket Export for tickets created before release 2.0.0
  • Backup: Move check_ticket_itop command line parameter into itop_backup_incident module parameter of itop_backup in the Config file.

Translations

  • New dictionary entry for 'Page' tag on PDF export Core:BulkExport:PDF:PageNumber
  • Update German dictionaries (Thanks to Lars Hippler)
  • Update English dictionaries for notification
  • Update Dutch dictionaries (Thanks to Thomas Casteleyn and Jeffrey Bostoen)
  • Update Spanish translations (Thanks to Miguel Turrubiates)
  • Update Russian translations (Thanks to Vladimir Kunin)
  • Update Chinese translations (Thanks to purplegrape)
  • Fix duplicated french label 'Demandeur' on Change class

Others

  • Setup: Add log in case of missing extension
  • Setup: Fix blocking error on backup failure
  • Setup: Clear the caches when switching environment
  • Setup: Fix setup for PHP 5.5
  • Fix PHP 7.2 compatibility issue
  • Fix bug that caused memory_limit=-1 to lead to 'not enough memory'
  • Add new automatic tests
  • Add replacement for mcrypt removal in PHP 7.2, added stronger encryption options
  • Better feedback on fatal errors
  • Upgrade to JQuery v3.3.1
  • Upgrade to tcpdf v6.2.17
  • Strengthen the SQL creation from OQL
  • Strengthen password management
  • The filter parameter in url no more serialized but in JSON format
  • Add warning on setup for unsupported MySQL 8+ versions (MariaDB & Percona not affected)
  • Fix loss of inline images and attachments when user has been logged off
  • Fixed bug that caused memory_limit=-1 to lead to 'not enough memory'
  • Fix integer validation in dashlet edit form
  • Session id regeneration on login
  • Title field XSS vulnerability solution
  • Refactoring in AttributeImage URL generation
  • AttributeImage : add css classes to be able to style
  • Optimize SQL generation from OQL depending on objective, counting or object details
  • Do not refresh search on closing an empty criterion
  • Add the user_id to the log_kpi instead of *
  • Display error log instead of fatal error in case of Exception when modifying an object in console
  • Improves backup/check-backup (fix check-backup sample cli, better error on check-backup invalid check_ticket_itop cli parameter)
  • Change default attachments (and inline images) lifetime to 1 day instead of 1 hour
  • Datamodel viewer: Fix an issue where OQL Filters were truncated
  • Cosmetics on setup (Licenses prompt)

Product specific

  • new Calendar dashlet
  • Object Copier: copy attachments
  • Database Maintenance Tools: check Uniqueness rules
  • Object Copier: Fix transaction_id can't be used when storage=File on Windows
  • Email Reply: Fix an issue where wrong attachments were sent
  • Approbation Extended: Fix import issue on ApprovalScheme and ExtendedApprovalScheme classes
  • Approbation Extended: Fix UI glitch on approval form
  • Tickets from eMails: change OQL to select Person instead of Contact to get object to set in Ticket.caller_id (thanks again Jeffrey, SF#1628)
  • Tickets from eMails: Fix unnecessary trace when no stimulus is specified
  • Database Maintenance Tools: Fix File not found error in reports
  • Database Maintenance Tools: add missing <label> for checkboxes in the UI

2.5.1

  • Fix hard-coded translation in search page when the form has not been automatically submitted.
  • Fix broken search form when user has no read right on objects.
  • Fix request uri too long
  • Fix removing last criterion on a 'or' line resulted in 'OR 1'
  • Fix operator forced to ”=“ on some attributes (indexed ones)
  • Fix external field label not displayed
  • Fix an error when using search form from an union
  • Fix a bug when selecting foreign keys would not add items (#1656)
  • Organization criterion from selected silo is now read-only

Console

  • Fix dashboard edition when a bad OQL is present in dashlet 'Group By'
  • Fix new empty caselog entry on bulk modification of objects.
  • Fix bulk transition integrity exception when “org_id” was not checked.
  • Form prefill: Add possibility to change attributes flag on the fly
  • Fix external attributes selection on export form
  • Fix security message in the browser console (“Unsafe attempt to load URL data:image/svg+xml;utf8”)
  • Fix “Run Query” page hotkeys behavior in some configurations.
  • Fix ajax request uri too long on auto-complete
  • Fix auto-complete error on some attributes (“A DBUnionSearch must be made of at least one search”)

Portal

  • Security hardening
  • Fix default image of image attributes not correctly displayed in object forms
  • Fix “UTF-8 Characters Malformed” exception when using spanish language

Others

  • Setup: Fix blocking error on backup failure
  • Setup: Change iTop 2.6 MySQL requirements from 5.5.3 to 5.6
  • Setup: Fix setup for PHP 5.5
  • Fix 'forgot your password?' link
  • Fix reset password link broken in emails (dictionary entries had wrongly escaped characters)
  • Fix Excel web queries import warnings. (JS script error popups)
  • Fix going back to ITSM Designer from a move to test
  • Fix audit when a current organization is set and there is an audit rule with valid=true
  • Update german translations

Internal

  • Fix PHP 7.2 compatibility issues
  • API: DBObject→GetOriginal() hardening (now support attributes not set: for example sla_tto_passed for UserRequest until it is closed)

2.5.0

New features

  • Deep rework of the search forms:
    • GUI to select a date range
    • Consistent feedback of the filter currently set
    • Possibility to search for Defined/Undefined values
    • Possibility to search on any field of a class
  • Dashlet Group By supports sum, average, min and max. Support of grouping on stop watches has been added.
  • Datamodel viewer entirely rewritten:
    • class selection tool (autocomplete)
    • graphical representation of the class and its neighbours
    • simplification of the list of attributes
    • re-sizable life-cycle graph
  • Export ongoing and closed tickets from the portal

Security

  • Fix DataSynchro Group to allow management of DataSynchros through WebServices for non admin users
  • Fix CSV import : check if user has rights on imported class
  • Restrict the access to the REST/JSON web services to users having the profile “REST Services User”
  • Enabling search and access control by organization on User class
  • Supporting MySQL/SSL connections

Data corruption

  • Fix: the use of some Emoji, depending on you MySQL server settings, could cause your data to be truncated (e.g. losing an entire case log).

User Experience

  • Autocomplete is activated by default after 2 characters now (it used to be 3 by default)
  • Form prefill : Included Contract case in the datamodel.
  • Add support of AttributePhoneNumber which allows launch of phone application on click.
  • Set default search criteria for objects
  • Notification GUI: fix cosmetic issue and save state for the current browser (in the session)
  • When global searching with needles smaller than 'full_text_needle_min', exclude these needles from the search instead of stopping it
  • Exports (csv, xslx, pdf) “Localize Output” option lost when the export has more thant one chunk
  • Related objects count (tab title) not in line with the displayed list (always counting obsolete objects)
  • Failing to bulk delete whenever the scope query contains the % character
  • Added a conf params 'email_default_sender_address' and 'email_default_sender_label' that will be used if a mail has no sender set, to cope with Anti-SPAM systems
  • Could not add a second link (condition: have a date attribute on the link ; regression introduced in 2.4)
  • Portal: Ongoing tickets should be listed the same way as in the console
  • Portal: List of closed tickets not filtered as expected (high cardinality)
  • Portal: Added an information about file max size on forms
  • Portal: Fail to reset password when navigating from an email (hyperlink)

Environment

  • MariaDB: the backup could not be used (setup)
  • New requirements: PHP 5.6.0 and MySQL 5.5.3 (fix for the emoji causing data corruption)
  • Support of PHP 7.2
  • MySQL strict mode compatibility (5.7 - null replaced 0000-00-00 00:00:00 for DateTime).

Performances

  • Added an index on the ticket ref
  • Dashlet “Header with statistics” requiring less queries to be displayed
  • Now uses one count + group by query instead of one count query per grouping value
  • Avoid multiple count requests in the core API (DBObjectSet::Count)
  • Impact analysis: much better (and faster) processing of graphs containing loops
  • Suppression of obsolesence condition on Ticket (was impacting the performance)

Data model

  • Suppression of obsolesence condition on Ticket (See the chapter on performance)
  • Added “approved” state to the tto (time to own) active states

Robustness

  • Setup: Display the XML errors on the screen
  • Make the deletion of a Synchro Data Source a bit more robust, in case of a missing or already deleted data table.
  • Dashboards: Unknown dashlets (eg. from an uninstalled extension) no longer raise an exception, a fallback is displayed and the XML configuration is still available in editor.
  • Setup on Windows systems: workaround for random behavior of rmdir sometimes failing though the directory is empty
  • Fix application being wrongly set to Archive Mode when it fails to retrieve an object from the database.
  • Cron automatically re-orders its tasks to make sure that every tasks get some time to run, even if a task crashes repeatidly or uses all the time slice to process a big backlog.

Cosmetics

  • Update German translations, thanks to Lars Hippler from Itomig
  • Dictionnary error 'criticity' replaced by 'criticality'
  • Update portugues (brazilian) translations, thanks to Pedro Beck and Anderson Cardoso!
  • Update spanish translations, thanks to Miguel Turrubiates!
  • Reworking the list of User account fields displayed in Details and List
  • Run query : add shortcut in submit title
  • Configuration editor: add shortcut in submit button title
  • Documentation shown upon setup completion (Completing the iTop installation for workflow management): the file cron.params has been renamed into cron.distrib
  • Rich text editor: allow merging table cells (regression introduced in 2.3)
  • Portal: Remove copyright (iTop) from page footer

Internal

  • HTMLSanitizer : add wiki ref to white lists
  • Upgrade Silex library to 2.2 (Which is possible as iTop 2.5 requirements are now PHP 5.6+!)
  • Updated swiftmailer to v5.4.9: security fixes
  • Use only hashed server side information as the local storage identifier.
  • jQuery modernization : updated jquery to 1.12.4, jquery-ui to 1.11.4 and jquery-migrate to 1.4.1
  • Rename core english dictionary files to match standard convention.
  • Display of links now support both DBObjectSet and ormLinkSet
  • Enhancement of the data collection for iTop Hub: better detection of the web server version.
  • Linked JS scripts can now be used in ajax pages. This is useful for IPopupMenu extensions which depend on a JS script and are loaded asynchronously when a list of objects changes (for example when changing the target class for a search)
  • Proper use of the “304” (Not modified) HTTP header for InlineImages. Seems that FastCGI is more sensitive to incorrect HTTP headers than MPM…
  • PHPunit is now integrated through composer (inside the directory /test)
  • Portal: Update table's filter hotkeys to prevent unnecessary ajax calls

Customizations

  • Form prefill : Allow to overload new methods in order to prefill search forms, creation forms and transition forms
  • Customizable access to the 'Admin Tools' (delegating administrative roles)
  • Add functions, order by and limits to the API DBSearch::MakeGroupByQuery()
  • New portal capabilities :
    • AggregatePageBrick: create subpage under the portal home page
    • ManageBrick enhancements: statistics added to the tile, set of data presented as charts (bars, pie) or a badge
  • Refined the user rights management (added the 'grant_by_profile' category) to enable the development of a user account management portal
  • Transition form: file not uploaded (blob attribute)
  • Portal: Add XML comments to document the standard portal design
  • Portal: Make sure the FilterBrick will be correctly displayed with default settings
  • Portal: Default object forms are now more like in the administration console instead of just having their fields one after another
  • Portal: ManageBrick lists are now ordered as specified in the datamodel definition (like in the console)
  • Portal: Error in ManageBrick (ongoing tickets) when grouping tabs on an attribute (instead of sub OQLs)
  • Portal: Allow for the customization of Contact scope (collision on XML ids)

Move to production from the designer

  • Error when checking prerequisites: “mysqldump could not be executed (retcode=127): Please make sure it is installed and in the path”
  • Warning “timezone undefined”

2.4.2

Security

  • CSV import : check if user has rights on imported class. Thanks to Vladimir Ivanov (from Positive Technology) who has revealed the weakness.

Portal

  • Portal: OQL optimization in ManageBrick when several UNIONs are used.

Console

  • Performance enhancements for auto-complete widgets (speeds up both the display in search forms, and the response on usage)
  • Fix 2.4.0 regression when creating an object with a lifecycle, directly in a state other than the default one.
  • Audit: Performance optimization for AuditRule with valid_flag=true and lots of negative records
  • Header with statistics Dashlet: performance improvements

Backup/Restore

  • Restore losing extensions installed through the designer

Extensibility

  • Restore compatibility with the data sharing extension

2.4.1

Mail to Ticket Automation

  • Differentiate SPAM and Errors in received emails, and delete them after a delay.
  • Reply to sender when he is an unknown user, if new field 'unknown_caller_rejection_reply' is not empty.
  • Add an OQL filter on the “Trigger (when updated by mail)”.

Customized request forms

  • Enable reference to a Ticket field (:this→attribute) when defining values (in OQL) of a Field.
  • Fix portal when request template field is in auto-complete mode with a wrong value.

Portal

  • Portal: Support for MUST_CHANGE flag on CaseLog attributes in transitions.
  • Portal: Objects and external keys in linkedsets (forms) now have hyperlinks if access is authorized regarding the user's scopes.
  • Portal: Exception raised in BrowseBrick when one of the levels had no scope.
  • Portal: Add CSS/JS hooks on object forms for the current state: CSS class on <form> tag: form_object_state_<STATE_CODE>. HTML attribute on <form> tag: data-object-state=“<STATE_CODE>”

Console UI

  • Enable WYSIWYG feature in CaseLog / HTML attributes on transition.
  • Fix MUST_CHANGE flag behavior on CaseLog attributes in the console.
  • Allow email links (mailto) in HTML attributes.
  • Allow BLOCKQUOTE tag in HTML attributes.
  • Console UI improvements in details forms: Columns size optimization.
  • Tooltip on (none empty) String attribute so long value can be seen without scrolling to the end of the input.
  • OQL attribute displayed as Text/HTML attributes.“
  • Better ergonomics for “Add To Dashboard” popup window.
  • In console dashlets add a scrolling bar on list, if not enough width for content.
  • Restore Organization selector adaptive width
  • Fix AttributeEnum display as vertical radio buttons in console UI.
  • Fix dictionary typo in Notification header text.
  • Show/Hide Obsolete data in Audit based on user preference
  • Show/Hide Obsolete data in CSV export based on user preference
  • Include Archived data in dashlets when in archived mode

Others

  • User actions Configurator: new action 'copy_head()' to prefill a field with the last entry of a CaseLog.
  • New configuration parameter (disable_attachments_download_legacy_portal) to disable attachments download from the legacy portal. Default is “true”!
  • Setup : add checks on PHP and MySQL version to warn for deprecated versions.
  • Enable data synchronization for applications classes (such as Localized Data).
  • Fix issue with menu “Ongoing approvals” when switching to archive mode.
  • Fixed losing the additional links attributes values during impact analysis update. The issue was only visible when attributes were added to the links (FunctionalCIs and Contacts).
  • Fix impact analysis relation upstream description.
  • Show “delete” and “bulk delete” rights in user's grant matrix.
  • New Context Tag on CRON background tasks.
  • Fix TemplateFieldsHandler::IsNull() for EmailNotification with no RequestTemplate selected.
  • Add ArchivedObjectException on MetaModel:GetObject().
  • Add ContextTag on CRON background tasks (eg. “CRON:Task:<CLASS_NAME_OF_THE_CURRENT_TASK>”). Introduced for the “Mail to ticket automation” extension, so we know when a Ticket is created/updated from an email.”
  • Regression introduced in iTop 2.4 : Unable to notify when a template was used with a linkset ($this→functionalcis_list$).
  • Fix regression in 2.4.0 where GET_LOCK is called with a name length greater than 64 characters on MySQL > 5.7.5.
  • Fixed “Notice: undefined index 0” in the portal. UserRequest/Incident::ComputePriority() was failing when attributes impact was still undefined.

Backup

  • Fix Backup very long to generate.
  • PHAR is not used anymore for the backup/restore feature.
  • The disk space necessary to create a backup is now limited to the size of the uncompressed archive + the size of the compressed archive.
  • All the temporary files are now stored into ““web/data/backup/tmp”” folder to avoid access rights issues on temporary folders.
  • Fixed check_backup reporting non existing file.
  • More logs added in case of error during the cron backup.“
  • Fix regression: check_backup.php always returning “missing backup file” in 2.4.0.

2.4.0

Lifecycle

  • New Ticket Lifecycle: Enable a field to be requested or changed only on a particular transition, instead of on all transitions ending on a given state.
  • Move the “must_change” flag on transitions if you don't want the user to be forced to change a field on every edition in a state.
  • Display stimulus codes in the Datamodel page tab:Lifecycle
  • Fix Fatal error on transition with AttributeBlob or AttributeCaseLog

CSV import

  • Images and File documents can now be exported using CSV and Excel formats (the export provides an URL (with iTop authentication required) where to download the actual image/document).
  • CSV import of documents and images via URLs is supported (including URLs pointing to iTop itself). Administrators can also provide directly the path to a local file on the server.”
  • CSV Import now supports friendlynames as reconciliation keys.
  • Enable CSV import of request template fields
  • Fix: Ticket from emails: duplicated dictionary entries which was an issue on CSV import.

Notification

  • Email notification: new placeholder to provide the current user name in the body of the email, so the person who is triggering the notification who may not be the agent nor the caller.
  • Fix Notification: Date & time format is now applied when using a date(time) attribute in a placeholder (eg. Notifications). Note: $this→raw(attcode)$ can be used to display value in SQL format like before.

Conf & Setup

  • New configuration parameter 'allow_menu_on_linkset' (boolean, default value false) to display actions in linkset in view mode (new, modify, delete, …).
  • Setup: After a succesfull Setup, XML files are stored under /data with the complete view of the datamodel with and without delta.
  • Setup: Store user selection on setup, so AboutBox is much clearer for users, providing User selection instead of cryptic module names.
  • Setup: supports now changes of Configuration parameter: config db_charset.
  • Setup: New hook available after data load (ModuleInstaller::AfterDataLoad())

Backup

  • Backup: Backup files could not exceed 4Gb (technology limitation). The fix consists in archiving the backup as a tar.gz instead of a zip. As a consequence, installing iTop now requires TWO additional PHP modules: phar/zlib. The zip module remains mandatory because it is used in other places. The restore utility accepts both legacy zip files and brand new tar.gz files. DBBackup::CreateZip is deprecated in favor of DBBackup::CreateCompressedBackup. DBRestore::RestoreFromZip is deprecated in favor of DBRestore::RestoreFromCompressedFile (which autodetects the format for backward compatibility).
  • Backup: Allow database write access during a backup (can still be slow).

Performances

  • Support of PHP7, which divides by two the load on the web server
  • Internal emulation of apc(u), to divide by 5 the load on the web server (varies a lot, depending on the page, and cache hit ratio)

DataSynchro

  • DataSynchro: Enable bulk deletion of Data Synchro Replica
  • DataSynchro: Creation and edition was broken due to the new object set API from ormLinkSet. Backward compatible method have been introduce to ensure plugins and modules compatibility. That being said they are already flagged as deprecated and should not be used. New: Using those deprecated methods will raise a PHP deprecated error.

Email Reply

  • Email reply can be used with Change and Problem management tickets

Request Template

  • Request Template: attribute service_details can now be exploited in web queries (spreadsheet format for export). The format of XLS export has been improved too (used to be a CSV format)
  • Fix: Request template values is set on object creation before notification is triggered, placeholder $this->service_details$ is no more empty.

Approval

  • Approval Email Templates configurable from the console
  • Approval reply can be given from the customer portal
  • Fix: Approval comments invalid when several answers from same user (Typically rejected then accepted)
  • Fix: Keep Approval comment formating
  • Fix: Approval Extended : Check/Uncheck All on portal summary page.
  • Change: Approval on level 2 is executed even if the level 1 has no approver (query returning an empty set)

Ticket auto-dispatch

  • Assign automatically a Ticket based on predefined Dispatch rules
  • The ticket gets assigned to a team and its states gets updated
  • Entirely configured from the console

Internal

  • Security: Portal OpenSans font embedded in iTop instead of fetching from google servers.
  • Rework on ormLinkSet BC with DBObjectSet. PHP notice are not thrown anymore, see PHPDoc instead. GetColumnAsArray() introduced.
  • Portal: Refactoring of const DEFAULT_COUNT_PER_PAGE in several modules
  • Reentrance issue on cmdbAbstractObject when coming from an extension implementing iApplicationObjectExtension.
  • Added an index to prevent a slow down when a lot of tickets have been validated by the mean of an approval process
  • Designer Connector has been revamped to avoid MTP temporary errors, diseappearing at the following Setup.
  • #1499: Regression in 2.4.0 beta: setup was failing with the message “cannot redeclare class XXXXXXX_0” when loading some extensions modules.
  • Fix: PHP Warning on not initialized variable $sHTMLValue in cmdbAbstractObject::GetFormElementForField().

Developpers

  • The main menu “Helpdesk” could not be moved upward/downward by the mean of an XML delta (designer)
  • Internal: LoginWebPage title defaultvalue is now a dictionary entry ('UI:Login:Title')
  • Limitation: an a class having too many external keys, the update query fails with message “too many tables”
  • Cleaned up old datamodel (1.x) as it was no longer maintained and could not be upgraded.
  • Show product name on branding logo title instead of a generic “iTop” text.

Portal possibilities

  • Allowed portals are now displayed in the console user menu.
  • Tickets can be approved from the portal
  • Portal: New “mosaic” browse mode for BrowseBrick.
  • Portal: Form layout optimizations
  • Portal: ExternalField support in forms has been improved. For example, email and url links were not displayed as proper HTML.
  • Portal: Only editable fields are now passed in forms submit, fixing issue where a portal user could unwillingly change the UserRequest status if a Support Agent had assign the ticket while the portal user was editing.
  • Portal: New filter brick that pre-filters a Browse or Manage brick results from the home page.
  • Portal: Linkset widget opening was throwing a warning message on IE9.
  • Portal: ExternalField support in forms has been improved. For example, email and url links were not displayed as proper HTML.
  • Portal: Option to display LinkedSet as opened in a form
  • Portal: Picture/Preferences/Password forms can now be disabled in the user profile
  • Portal: Notification URLs poiting to a portal were not working when several portal instances were configured.
  • Portal: Tabs in ManageBrick display the objects count.
  • Portal: Autocomplete fields were not showing all items when result count was below autocomplete display limit (eg. Showing only 2 elements out of 18 when display limit set to 20)
  • Portal: Added UI extension APIs similar to those used in the console (Experimental!)
  • Portal: ManageBrick tabs could show objects that were not supposed to be shown due to a bad OQL interpretation.
  • Portal: Display / download of blob attributes and attachments in the portal was not compatible with portal configuration and silos by-passing.

Console User Interface

  • Improve UI in object details in the console.
  • CKEditor: edition of HTML source code is now available. Filtering on allowed tags by CKEditor himself then by iTop for security reasons will still apply.
  • Added some attributes to the HTML sanitizer (title for a tag, alt / title for img tag).
  • Display actions on linkset in view mode (new, modify, delete, …).
  • New option to create an object with the [+] button on external key pointing to an abstract class.
  • Existing value always kept while editing an ExternalKey field, even if not in filter.
  • Showing action in object details only when the target class is writable (Archive mode off, access mode “write”, …)
  • Impact analysis: UI Glitch in tooltip when text was too long.
  • Fixed UI in console edit forms that were going over their container sometimes.
  • Added scrollbars to modal dialog for CSV export.
  • Fix Stop displaying Ticket objects in a CI's ongoing tickets tab when the impact code is 'not impacted'.
  • Fix: Edition of an object with an ExternalKey on an object that the user is not allowed to see
  • Fix: concurrent access on n:n relationships when edited from both end of the relation or when edited from portal and console in parallel.
  • Fix: Date format handling in LinkedSetIndirect was causing fatal error on object edition.
  • Fix: Edition of an object with not allowed (silos) remote objects in a linkedset causes fatal error.
  • Fix: Hierarchy button when editing external key

1.3.4

Summary

Changes since iTop Professional 1.3.3 are mainly bug fixes.

User Interface

  • Enable browser spell checking in the rich text editor, use: Ctrl + right click to get it
  • Emails coming from Outlook: Ticket created with many line breaks appearing when editing.
  • #1125 Friendly name format ignored if only one attribute was used.
  • Dependent fields fail to reload when creating an object from another one, with mandatory date using format different from MySQL one.
  • Adding an InlineImage while adding at the same time an object in a IndirectLinkedSet would attach the InlineImage to the linked object instead of the host one. If their organizations were different, it could result in denying the display of the InlineImage.
  • Request Template: Custom fields with autocomplete failing if the subfield depends on another subfield (OR if the error level of PHP allows warnings)
  • Ugly labels when hovering bar or pie charts (grouped on an external key or an enum)
  • Corrupted coverage windows when edited from a browser having a timezone different from the iTop timezone
  • Object with a &, < ou > in its name was not displayed correctly in external key field when created or retrieved through a pop-up search.
  • Object Copier: case logs corrupted in the created object (and loss of HTML formatting for new comments)
  • Object Copier: Dependent fields fail to reload when creating an object from another one and using localised Date format.

Impact analyses

  • Messing up with redundancy settings (could either lead to wrong results or a fatal error if a relation is configured downstream).
  • Missing edges (and redundancy) when two classes impact a given class and both relations use the same neighbour id (and if redundancy is enabled over both relations).
  • Role “Do not notify” on contact was ignored when recomputing the ticket impact (and log flood with PHP Notices)
  • Impact analysis graph does not refresh when unchecking some items (clicking on the blue drawer shows the graph unchanged).

Portals

  • New: add_to_list() can now be used in portal action rules.
  • #1396 $this→hyperlink(portal)$ used in 'notifications' was broken since iTop 2.3.3 (since r4519)
  • Portal: log_kpi_duration / log_kpi_memory are now supported by the portal
  • Portal UI: Request template, all fields were marked as invalid when just one mandatory textarea field was empty.
  • Portal: Fix invalid URL in LinkedSet searchbox when editing an object (eg. Adding a Contact to an UserRequest)
  • Portal & request Template: Template fields having identical code are not reset when changing template (they can be on demand now:'templates-base' / 'reset_fields_on_template_change' / default=false)
  • Portal: Object display crashed when a linkedset attribute has corrupted data (eg. an external key to 0)
  • Portal: Wrong form used in some inheritance cases.
  • Legacy portal: Since iTop 2.3, plain text caselog entries can no longer be toggled due to a bad jQuery selector. Only HTML entries were working.

Administration tasks

  • #1388 Prevents Inbox locking if a source email contains an UTF8 character on 4 bytes not supported by your MySQL instance.
  • #1413 Data synchro: a line break or '<' in the 'description' of the DataSource object, brook the display of synchronized objects edition form.
  • Data synchro: allow setting 'undefined' value for a date when an empty string is provided. Known issue: Integer and Decimal cannot be set to 'undefined' value.
  • OQL: Multi-objects OQL queries with UNION, could fail with various symptoms such as “Class 'IT Department' not found” or “An object id must be an integer value”.
  • Audit: failing with message “Attempting to merge a filter of class A with a filter of class B” (regression introduced in 1.3.2)
  • Configuration: 'log_queries' setting has been deprecated, use 'log_kpi_duration' instead.
  • Remove Fatal Errors when disabling logging in the configuration file or when developing specific pages
  • Fixed XSS vulnerability
  • Improve API/REST JSON to enable adding entry to HTML caselog using non-HTML text (handling 'new line').
  • Move To Production from Designer was failing if iTop Configuration was set to access_mode=2 and a DataSynchro was defined on a class which DataModel was modified.
  • Setup: failing (during database creation) with MetaEnum attribute having no mapping for the class they are declared in.

Known issues

If a source email contains an UTF8 character on 4 bytes, then Ticket creation from eMail will either fail or truncate the CaseLog of the updated ticket depending on your MySQL setting.

  • it either stops with a Fatal Error, so will not treat this email (in case of STRICT mode which is the default for MySQL after 5.6 or 5.7)
  • or truncate the caselog or the description after the unsupported character (default mode of MySQL before version 5.6).

For MySQL version older than 5.5.3 there is no solution, so consider upgrading your MySQL to at least 5.6 or above.

As for more recent versions there is a workaround which will be part of next functional release (but can be applied anytime if needed)

1.3.3

Summary

This maintenance release, only fixes regressions and functions which were supposed to be part of the 1.3 features set. Most of them are related to the introduction of Case Log formatted in HTML.

Enhanced Portal

  • A read-only AttributeDuration in the portal ticket edit form was preventing attachment on that form. It’s been fixed. AttributeDuration field are still read-only in the portal.
  • AttributeFile was not working in the portal. It is now available but in read-only mode only.
  • A Spanish translation of the new Portal has been added.
  • When a Ticket is opened in a new tab, the caselog entry was not emptied after submission, leading to frequent duplicate entries in the Public log, if user was submitting again. This is fixed.
  • Display of Wiki text was still pointing to the console object.

Legacy Portal

  • A combination of 1.3 iTop Professional and Request Template using a date field, was generating a fatal error.
  • Uploading an inline image in the case log was not yet available in Description, in Case log it was not working, image was loaded but not permanently stored.

Embedded HTML editor

Since 1.3.0 a new embedded HTML editor is used in Case Log, Notification, Document Notes… But it was not offering on the Console: Text justification, Fonts and Size selection. This has been fixed.

Known limitations:

  Browser native spell check functionality is currently disabled in this editor.
  Cell background color and border color setting is not user friendly.
  On Link creation, Target = <popup window> also proposed, is not working.

Console & core code

  • Creation of a Ticket in a status different than the default initial value was not working very well.
  • Case log copy from a Parent ticket to its child tickets was not handling properly the HTML formatting.
  • The creation of an object B from an object A edition form (using the + icon), was failing if object B was having a mandatory HTML field, as the data in the HTML field was ignored/dropped.
  • Massive modification of objects having an HTML field, followed by at least one required field was failing.
  • Fixed an access rights issue introduced on 1.3.2 Products, in case of APC cache usage.
  • Backup on Sunday was not working due to wrong query.
  • Non-systematic issue after ITSM Designer Move to Production of a new Data Model, leading to an SQL error with a missing column in DB, has been identified and fixed, it was related to a caching issue.
  • Add to iTop package an .htaccess file in /data and in /log (those files were ignored by zip build)
  • OQL parsing regression in 1.3.2, where a few valid queries were considered as invalid.
  • One OQL query in DataModel could become ambiguous after very specific customer customization.

Ticket creation from eMails 3.0

  • Configuring 2 incoming eMail Inboxes address with IMAP protocol, using the same eMail but different Folders, was not working. It is now.

Approbation

  • A User Request on a service with a Request Template and an Approbation rule, was generating an approbation email which was missing the Template information.
  • The Approbation form in non-authenticated mode was not displaying inline images.

1.3.2

Summary

iTop Professional 1.3.2 is the sixth packaged release of iTop and its companion extensions. This version of iTop Professional is based on the branch 2.3 of iTop Community.

Changes since iTop Professional 1.3.1 are bug fixes, a number of them being related to the ticketing and the use of the Enhanced Customer Portal.

Enhanced Portal

  • Align behavior to legacy Portal: it now works for users having Allowed Organizations defined in their user account.
  • Activate multi-objects sorting based on DataModel default ordering in BrowseBrick. For example the services catalog which is made of 3 objects: ServiceFamily/Service/ServiceSubcategory, used to be ordered only on Service Family is now sorted on Service Family, then on Service and last on Service Sub-category.
  • Fix bug in edition form with multiple LinkedSets.
  • Fix Deadline attributes which were not displayed properly in ManageBrick
  • Fix Autocomplete bug with IE9 in forms
  • Fix for the upload of attachments with IE9
  • Optimized column load in ManageBrick and BrowseBrick to improve performances

Regressions introduced in 1.3.0

  • Fix: a character “à” in a case log was causing the REST/JSON API to fail if mbstring was not enabled.
  • Fix the pollution of “error.log” with the contents of each email sent (transport = PHPMail)
  • Fix regression introduced by HTML sanitizer, which was preventing 'ftp' and 'file' protocols in <a href= > tag, thanks to configuration parameter: 'url_validation_pattern'
  • Within some customized DataModel where users could created Ticket directly in Resolved state, 2 icons with the same purpose were displayed, but much worse, if the date format was not the default, it was displaying a Fatal Error.
  • Remove in IE9 the placeholder “Type your text here” in the Public log of a Ticket as it was wrongly logged as a real user entry

General

  • Request Templates: Added validation pattern to Date and DateTime fields.
  • Request Templates: Fixed a PHP Warning when launching the cron manually.
  • Request Templates: Hidden and Read-only fields are now rendered like multiline strings (like a textarea, though it is read-only)
  • Ticket from emails: Support of inline images in messages issued by Lotus Notes.
  • Resize on AttributeImage used to crash when “gd” extension was not installed. Now it just does not resize. In addition a warning message is displayed during the iTop Setup when “gd” extension is not installed on the server, as no resizing on large images can impact database size, then later performance.
  • Added protection against time differences between the MySQL server and the PHP server, when running 'synchro_import.php'
  • Optimization of database queries which was impacting Portal performance. We found one case where the query execution was never ending and takes now less than a second.
  • Fix corner case situation where UNIONS and INTERSECTIONS were not handled correctly.

References

Source Forge Tickets: #1334, #1323, #1178, #1325

1.3.1

Summary

iTop Professional 1.3.1 is the fifth packaged release of iTop and its companion extensions. This version of iTop Professional is based on the branch 2.3 of iTop Community.

The only changes since iTop Professional 1.3.0 are bug fixes:

  • Support of Internet Explorer 9 in the new portal
  • Various bug fixes in the Request Templates
  • Fix to re-enable the support of a custom timezone in iTop (regression from iTop Professional 1.2.x)
  • Fix to re-enable the support of SOAP web services in iTop (regression from iTop Professional 1.2.x)

Enhanced customer portal

  • Support of Internet Explorer 9 (tested with a real IE 9)
  • Comestic adjustements for IE 9: zoom-in/zoom-out cursors do not exist in IE9: use the hand cursor instead
  • Fixed the rendering of a TEXT AREA in read-only mode.
  • Fixed a regression which caused some characters (like < >) to be displayed as their corresponding HTML entities (&gt;)
  • Fixed the quick search on enumerated values and finalclass field. The search was performed against the “code” instead of the displayed (localized) value.
  • Fixed the display of enums and html images in lists.
  • Fixed the display of friendlyname in lists, which was not behaving well on abstract class when the name was composed of several fields in the child classes.
  • Fixed the list of resolved tickets for power users: the list was restricted to their own tickets.

Request templates

  • OQL list fields marked as mandatory were not validated properly
  • List fields now have a lookup/search as well as an autocomplete option.
  • Hidden and read-only fields are now rendered like multiline strings (like a textarea, though it is read-only)
  • A PHP warning was issued when lauching cron.php (if PHP error reporting was set to E_NOTICE or higher)
  • Validation of the (configurable) format for the date and date/time fields

Other fixes

  • #1321 Table formating (border, cellpadding, width) was lost when editing a table inside the HTML editor
  • #1297: timezone configuration setting was inoperant (regression from iTop 2.2.x).
  • SOAP webservices were broken: iTop was unable to generate the WSDL file.
  • Setup enhancement: protect the method RenameValueInDB() from non-existent attributes.
  • iTop Communications: do not use the profile ID = 20 to avoid collisions with existing customizations
  • The maximize icon for the rich text editor was not showing when iTop was installed in the path containing a space.
  • When editing an object in the console, external fields (i.e. fields depending on a external key) were not automatically refreshed when changing the value of the external key (regression from iTop 2.2.x)
  • Security fixes to prevent XSS injections in the page setup/email.test.php

1.3.0

Summary

iTop Professional 1.3.0 is the fourth packaged release of iTop and its companion extensions. This version of iTop Professional is based on the branch 2.3 of iTop Community.

The main changes since iTop Professional 1.2.1 are the following:

  • Enhanced customer portal
  • Navigation breadcrumb
  • Rich text formatting
  • Date and time formats

Enhanced customer portal

  • Completely new and responsive user interface: support of mobile phone, tablets, etc.
  • Highly customizable via XML
  • FAQs integrated by default
  • Communication banner
  • Based on Most Recently visited pages
  • New shorcuts buttons when the navigation menu is hidden

Rich text fields

  • Case log and ticket description can now be formatted
  • Fullscreen edition
  • Copy/Paste and Drag-and-Drop of images

Date and time format

  • Configurable per language (new setting date_and_time_format in the configuration file)
  • Custom formats are supported for import/export
  • For backward compatibility, the default setting is the MySQL format

Browser compatibility

  • IE8 is not supported anymore: the minimum version for Internet Explorer is 9
  • No need for Flash players anymore

Data model (2.x)

  • Added attribute Ticket::operational_status: depending on the status of the ticket, this attribute will take on of the following values: ongoing, resolved or closed
  • Added Person/picture: optionally add the picture and visualize it in the details or in the enhanced portal
  • User Request (all-in-one): the end-user can leave the request type undefined, in such a case, she can select any type of services and the request type gets computed when the requests is written to the DB. Still, this is possible to select a request type and the list of services is filled with the corresponding services. This behavior was necessary for the new user portal to work fine.
  • Tickets description and case logs are now in HTML
  • New field on the User class to enable/disable user accounts (this attribute is R/O in demo mode).

Data corruption

  • #1213 Losing SLA data when changing any attribute of an SLA.

Security

  • #1202: Fix for a security vulnerability in the Configuration Editor.
  • Fix for potential XSS vulnerability on uploaded file names.
  • XSS: Correctly escape the name of an object when it is displayed within an hyperlink
  • #1206: “Forgotten password” - the temporary token could be hacked by the mean of a hand-made HTTP request
  • #1162 .htaccess and web.config files to prevent users from accessing the contents of data/log directories (support of apache 2.4)
  • Prevent grouping on password fields since it may lead to disclosure of the encrypted version of the password.
  • Properly sanitize the “switch_env” parameter and take it into account only if it contains a valid value.

Customizations (via XML deltas)

  • Switching to XML version 1.3.
    • new attribute MetaEnum
    • new attribute AttributeCustomFields (experimental!)
    • new attribute AttributeImage (experimental!)
    • new flag _delta=“if_exists”. Use this flag to ignore a branch if the corresponding node does not exist in the data model being hacked. This is to reduce the burden of developping separate modules depending on the installation options.
    • new flag to open/collapse the search form at the top of a page in an OQLMenuNode: search_form_open
  • ResetStopWatch could not be used as a lifecycle action: the symptom is “The action has failed”.
  • Label of the final class attribute could only be defined on the root class (overriding it in derived classes had no effect)
  • Improved the error reporting when assembling data model XML files (full path and line number of the faulty node)
  • A module can have its own design defined in XML (/itop_design/modules_designs/module_design) and accessed at run time via the class ModuleDesign.
  • The images specified in the branding or in module_designs can be given as a fileref or a path relative to the env-production directory
  • #1188 Allow to define a new constant or a brand new class as part of a delta that is not in a module
  • #1223 Custom lifecycle actions: improved the reporting when an action returns false (class/function/id logged into error.log)+ the framework now considers that no return value is equivalent to 'true'

Module development (PHP API)

  • No need for bridge (auto-select) modules to be listed as installed modules in the about box. Still, they are listed in the “support information”.
  • Improved the module ordering algorithm. If a module has several dependencies (inclusive OR), it must be installed after each and every of its dependency that has been selected for installation.
  • Support for objects to go “out of the silo” during a transition by making sure that we can reload an object we've just saved.
  • If you have developped specific pages, and want them to appear in the breadcrumb, call iTopWebPage::AddBreadCrumbEntry.
  • Added verbs to the User Rights management API:
    • HasProfile
    • ListProfiles
    • GetAllowedPortals
  • Added a mean to cache data that will be reset upon compilation. To be used in conjunction with ModuleDesign.
  • It is possible to implement several portals and still use placeholders to point to the relevant portal (use DBObject::RegisterURLMakerClass(<my-portal>, <mu-url-maker>), then $this-hyperlink(<my-portal>)$)
  • Context tags to identify the context of the execution. Usage: ContextTag::Check('Portal:itop-portal'). Known tags: 'GUI:Console', 'GUI:Portal', 'Portal:itop-portal', 'CRON'… see ContextTag::GetStack()

Queries (OQL)

  • Magic query arguments:
    • In addition to current_contact_id, the following arguments can be used in any OQL query (provided that the page running the query requires a login): current_contact->attcode and current_user->attcode
    • The “Run queries” page is now taking into account those magic arguments (do not prompt the end-user with these arguments!)
  • Hierarchies can now be expressed both ways. Example of a query that now works fine: SELECT Organization AS root JOIN Organization AS child ON child.parent_id BELOW root.id WHERE child.name LIKE 'Combodo'. In the previous implementation, the operator was interpreted as '='.

Optimizations

  • CRON slow to execute with high volumes of tickets in the Database
  • Do not load all columns when checking if a CI is part of the “context” of a given ticket.
  • Optimization/bug (!): Never use the whole object as a placeholder in ApplyParams !!
  • Cleanup and optimization of the handling/loading of the dictionary files.
  • Optimization: load “pdftage” (and thus tcpdf) only when needed.
  • Adding an extra index to speed-up data synchronization for large volumes of data.
  • Improved the User Rights management API: Doing less queries for user rights: caching the user profiles into the SESSION cookie

Data synchro

  • Enhanced display/edition of the “Reconciliation Key” column when defining the reconciliation using the attributes.
  • Prevent timeouts, since the synchro may be launched from the web (as a “web service”, especially by the “collectors”).
  • #1253 Properly parse dates in synchro import. Thanks to Karl aka karkoff1212 for reporting the issue.
  • Synchro : Change description attribute from AttributeString to AttributeText

Tickets From eMail

  • Support of adding more contacts (To: and CC:) to the ticket.
  • Ability to apply a stimulus (to change the state of a ticket) when receiving an update by email.
  • Security: only administrators can see the password of mail inboxes.
  • Regression: properly import all attachments (not only the last one if it's not an image).
  • Enhancement: preserve hyperlinks when converting from HTML to plain text.

Request templates

  • now editable in the console (and still editable in the legacy/enhanced customer portals)
  • support for related fields (e.g. brand + model)

Other fixes

  • #1210 Dependant field not reset (servicesubcategory not reset when service is reset)
  • Modified the “List” tab of the Impact Analysis to display only the actually impacted objects. The content of this tab is now refreshed every time the graph is rebuilt to take into account the “context” changes which causes the actual impact to change, or the filtering.
  • Initial feedback while loading the 'list' tab of the impact analysis, useful when this tab is displayed first.
  • Fixed a typo in German translation files (“Deails für Benutzeranfrage” ⇒ “Details für Benutzeranfrage”)
  • When a date/time format is specified, don't try to process columns named 'id' since obviously these are neither date/times nor a genuine attribute code.
  • #1209 Setup or Backup failing with french error message 'Effacement du fichier …' Regression introduced in iTop 2.2.1. Occurs when a backup fails and prevents users from seeing the mysql error report.
  • Attachments : Delete button's label of an attachment was hard-coded. Putted dictionnary entry instead.
  • Wiki syntax: allow white spaces in the specification of a link to an object (form: <friendlyname>)
  • #1215: URL fields can now store up to 2048 characters
  • #1214: concurrent access lock not properly released when CheckToWrite() reports an error during a transition from one state to another.
  • Styles fine tuning and nicer display of the main menu (no more animation on initial load).
  • Suppress “Notice” messages when iconv detects invalid UTF-8 characters, since it breaks the JSON output if display_errors in On…
  • #1167 Error while upgrading db model from v 2.1 to 2.2 with orphan attachments.
  • File or image upload is not supported (and thus disabled) when using the [+] button to create a new object inside a popup dialog.
  • #1169 Broken link to iTop Wiki in itop-tickets.htm
  • Impact analysis display: cosmetics on tooltips: widen a bit the tooltips and prevent the text from overflowing horizontally.
  • CSV Imports:
    • Make sure that the CSV Parser has enough time to run on big amount of data.
    • Speedup the display of the CSV Import interactive wizard by parsing only the needed lines of the CSV data (in the first steps of the wizard).
  • #1199 Properly handle the icon of attachments without any extension.
  • #1205 Positioning of dropdown list of “Popup Menus” on Chrome (and IE 11) when the content has been scrolled
  • #1233 Spanish translation: InterfaCe + Solución Aplicativa
  • #1251 Disabling log notification in config causes a fatal error
  • Export: cannot export an object with a property named “length”
  • “Search Drawer” is closed by default, unless the configuration parameter “legacy_search_drawer” is set to “true”.
  • Properly handle the creation of objects which go outside of the silo.
  • Provide some feedback to the end-user in case of a fatal error during an interactive export.
  • When iTop is in restricted access mode (access_mode=2), the upgrade is not completely performed (profiles not updated correctly)
  • Placeholders in notifications:
    • Fixed the error message when a placeholder is invalid
    • Fixed the rendering of the case log in gmail and Outlook (support only the inline styles).
  • The stylesheet cannot be defined within the email templates (aka ActionEmail) anymore. Instead, a default (ready for use) stylesheet is provided into /css/email.css and it can be overriden by the configuration parameter email_css.
  • Coverage Windows: Prevent overflow of an interval to the next day when dragging/dropping this interval in the calendar
  • Bug fix: “Portal users” redirected to the customer portal when trying to approve
  • #1279: CSV export of audit results when there are numerous errors
  • Cosmetics: Enlarge DateTime fields which were too narrow (the end of the time is not visible when editing).
  • Hide the shortcut buttons (Assign) on the ticket creation page, ONLY IF there are some approval rules in the DB
  • Precanned replies: bug when the list of replies triggers the pagination
  • Interactive CSV import fails to reconcile objects with the localized final class (as this is the case when exporting links)

Setup

  • Setup: Automatically remove duplicated modules (by keeping only the most recent one) when loading modules, independently of the loading order.
  • Setup: Make sure that the setup can be launched even if the 'php-zip' module is not installed.
  • #1252 Setup: make the project compatible with Ansible deployment (the file “database exi.png” was in fact not used at all!)
  • #1254 Setup: iTop 2.3.0 requires PHP 5.3.6 (HTML sanitizer using the API DOMDocument::saveHTML with an argument)
  • Make sure that the setup does not crash if some of the prerequisites (PEAR or IMAP) are not installed.

Internal

  • Exclude magic parameters when listing query parameters (refactoring from run_query) This enables the use of magic parameters in the exports. The issue was less exposed in iTop 2.2.0 because only one single magic parameter was available.
  • DBSearch : Allow join between DBUnionSearch by adding the DBUnionSearch::Join verb
  • #1221 Exclude git folder from the copied folders, during the compilation process
  • Fixed typo in the reporting of page spurious chars
  • Installation
    • Better handling of 'auto_select' modules
    • New way of implementing the “includes” of modules, now completely out of the configuration file !
  • Implemented DBObject::ExecActions, enables scripting object preset/modifications
  • Added verb ormCaseLog::GetAsArray()
  • Query arguments: when the value of a query argument is null, it must be considered as being a valid argument (was reported as missing). Improved the error reporting when the argument is in the form :this→attcode and the attcode is not valid for the class of 'this'.
  • Query arguments could be array values, making it easier to build dynamic IN() clauses
  • When uploading documents, get the mimetype from the file itself (if feasible) rather than relying on the mimetype of the HTTP header. This was already implemented but it was buggy and fell anytime into the fallback method.
  • Make the login page more mobile friendly.
  • Add the “filter” attribute into the details form of the TriggerOnThresholdReached class.
  • Prevent infinite cross-ticket recursion when propagating parent→child resolution in tickets.
  • The result of CheckToWrite() was not taken into account (action failed silently) when creating an object using the [+] button inside a form.
  • Programmatically allow to write on any object - if needed - independently of the profiles.
  • PHP warning issued when the CSS is rebuilt (SASS lib)
  • Core API: added DBSearch:SetSelectedClasses
  • #1173 Error during setup on a development system (XML containing unwanted text)
  • Core : Added CloneWithAlias function to DBSearch class. It creates a new DBObjectSearch from a DBSearch with a new alias.
  • Compiler: Model alterations not flattened prior to compilation (when using the setup UI)
  • Model Factory: factorized duplicate code from ApplyChanges + fixed an issue in the error reporting
  • Fixed the verb DBObjectSearch::IsAny
  • Read-only fields are no longer stored in the form as hidden fields.
  • Code refactoring: fix of #876 implemented in 2.0.3 as [r3161], moved to a place where it will fix other implementations of the setup
  • Limitation: DBSearch::Intersect to throw an exception whenever any of the merged queries have a queried class that does not correspond to the first joined class. This is a limitation of the current implementation of Intersect. Allowing such use cases would require quite a rework of that API.
  • Replacing the SCSS→CSS conversion library by a newer one made by Leaf Corcoran: http://leafo.github.io/scssphp, tweaked to work on PHP 5.3
  • Extending action classes (notifications): objects listed twice (in the base classes and leaf classes) in the notification page (actions tab).
  • Email generation - No need to force “Content-Transfer-Encoding: 8bit”. The default is “quoted-printable” and works fine if the content is made of plain text. Leaving the 8bit encoding could work but in such a case, the statement should be:

$oEncoder = new Swift_Mime_ContentEncoder_PlainContentEncoder('8bit', true /*canonicalize*/);… otherwise the lines get truncated at random places (CRLF is assumed while PHP EOL is made of CR only!) -This has an impact on plain text email only.

  • #1235 DBObject API - external fields not up to date after changing the external key (though they seem to be in sync when inspecting the internal values, Get() does not return the expected value).
  • Demo mode: to not allow deleting neither changing the org of persons attached to a user account (this to make sure that the portal users will still have access to the customer portal)
  • Cleanup a Notice message (CRON): align the prototype of DBDeleteSingleObject to the current one.

Localizations

  • The French and English localizations are up to date
  • Czech has been updated thanks to Lukáš Dvořák
3_1_0/products/professional/release/change_log.txt · Last modified: 2023/12/13 15:21 by 127.0.0.1
Back to top

Table of Contents

Contact us