ServiceDesk Plus MSP ReadMe

What's new in 14720?

(Released on: 22 May 2024)


  • SDPMSP-6585,11990,12730,13159: Archive Accounts
    • Archive inactive accounts and retain them in the application for audits.
    • The archived account data can be accessed only via query reports.
    • Archived account(s) cannot be activated again.
  • SDPMSP-22976: Attachment API is now supported for change description and note fields.
  • SDPMSP-23300: Users can expand/resize the cell width of gantt charts. The customized cell width will also be reflected while exporting gantt charts.
  • SDPMSP-23303: $Risk variable is added to Notification Rules, Stage and Status notifications and Workflows.

Framework Upgrade Information :

  • SDPMSP-22415: Bootstrap javascript dependency is removed.

Behavior Changes:

  • SDPMSP-23297: When the application is opened in multiple tabs, logging out from one tab will automatically log you from all tabs, and similarly, logging into the application from one tab will allow you to access the application from other tabs.
  • SDPMSP-23298:
    • Maintenance details can now be opened in a new tab.
    • Edit option is now available for completed maintenance.
  • SDPMSP-23301: Previously, when a user without access to a child task closed a parent task, the child tasks would not be triggered. Now, the system will ensure that closing the parent task triggers the child tasks, regardless of the user's permission.


  • SDPMSP-23348 : CVE-2024-27314 : XSS vulnerability in request custom actions.

Issues Fixed:

  • SDPMSP-22967: When the domain drop-down is disabled during login, the Forgot Password reset link is not sent to the Not in Domain users.
  • SDPMSP-22977: Error thrown while accessing AD Manager Plus Custom Action from sub header in admin pages.
  • SDPMSP-23255: The To, Cc, and Bcc recipients in emails fail to be parsed by Microsoft Graph if it contains a comma (,).
  • SDPMSP-23282: Upgrade from 14700 to 14710 fails if the closed request via.query is deleted.
  • SDPMSP-23285: Release module is not shown in Standard edition with change addon.

What's new in 14710?

(Released on: 23 April 2024)

Behavior Changes:

  • SDPMSP-22157: Contract name and number in criteria (is empty/is not empty) is not valid. Therefore, all such criteria configured under Request List View Custom Filter, Request Advanced Filter,Request Timer Action, Business Rules, and Custom Trigger are changed to contract is empty/not empty.
  • SDPMSP-21937: Descriptions of emails fetched from calendar invitations are displayed in the iCalendar format. Going forward, email descriptions will be updated properly.
  • SDPMSP-23102: Application restart is required if Validation approach or File attachment filtering configurations are updated under Attachment Settings.
  • SDPMSP-23115: The size of inline images in incoming emails is limited to 3MB.

    Note : If the inline image size exceeds 3MB, the image will be dropped from the email and the sender will be notified.

  • SDPMSP-23223: Approval stage in Changes module is renamed as CAB Evaluation stage. Additionally In change list view filters & change dashboard,
    • Approved changes widget is renamed as Pre/CAB Approved Changes.
    • Unapproved changes widget is renamed as CAB Unapproved changes.
  • SDPMSP-23224: Priority field is color coded in Request Kanban view and Trash filter.
    • In Request list view, the priority color icon for No fill colour will be displayed as an empty box.
  • SDPMSP-23225: V1 API for Change module will no longer be supported. Click here to know more.
  • SDPMSP-23228: End of Life Announcement for EWS for Exchange Online
    • Support for EWS for Exchange Online mailboxes will be discontinued with this release. Going forward, migration will halt if EWS with Exchange Online mailboxes is enabled in incoming/outgoing mail server settings.
    • Customers are advised to switch to the Microsoft Graph for both incoming and outgoing email configurations. Click here to learn more.


Billing Enhancement

  • SDPMSP-15241: Option to extend expired contracts and make them active.
  • SDPMSP-15461: Extend billing contract to requests created before the creation of the first contract. Click here to know more
  • SDPMSP-15644: Option to manually mark worklogs as billed & paid. Click here to know more.
  • SDPMSP-22652: V3 API for marking request as billable or non-billable.
  • SDPMSP-21579: Ability to configure cost and allowance at billing contract level.
  • SDPMSP-21580: Ability to bulk associate contract with requests.
  • SDPMSP-21581: Ability to recalculate cost of request and worklogs of a contract.


  • SDPMSP-23020: Account Criteria in SLA

    Customers can now select account under the incident SLA criteria.

  • SDPMSP-20121: Delta OU sync minimizes data payload transferred during an OU import and syncs the data of updated OU details and newly added OUs and deleted OUs.

    Delta OU sync will be used in AD manual and Scheduled Full import for fetching OU details from Active Directory.

  • SDPMSP-22303: Technicians can clear all associated sites while editing a rule group by clicking Remove All Sites option.
  • SDPMSP-23226: The pick list type user additional field limit is increased to 500.
  • SDPMSP-23227: SDAdmins can configure Two Factor Authentication for admin configurations in their service desk instance.
  • SDPMSP-23232: Technicians can now control the click actions of service categories via page scripts.
  • SDPMSP-22989: Import users from AD Groups

    Users can be imported from Active Directory groups by specifying the group names under Admin > Users > Active Directory. Click here to know more.


  • SDPMSP-19551: In query reports, IDs will be hyperlinked to the corresponding details page. The supported modules are Requests, Changes, Problems, Projects, Milestones, Tasks, Solutions, and Releases.


  • SDPMSP-20207: Set Requester Name as Sender Name in MS Outlook add-in integration.


  • SDPMSP-22829: Page Script control in change stages and subtabs.

Issues Fixed:


  • SDPMSP-19383: Unable to add email addresses with special characters while creating requests in Email IDs to notify field.
  • SDPMSP-21752: Worklog description is missing under Resolution tab in request details page if the request status is updated after adding resolution and worklog.
  • SDPMSP-22236: Unable to view or delete requests with huge description or resolution if the description or resolution content is not found under ServiceDesk Plus MSP directory.
  • SDPMSP-23109: The request title is double encoded in the survey email if it contains special characters.


  • SDPMSP-19770: Page crashes upon viewing billing contract in the account details page.
  • SDPMSP-22758: Unable to access PDF files in custom folder through URL.
  • SDPMSP-22800: In some cases, scheduled backup fails when requests conversations index file is corrupted.
  • SDPMSP-22980: PGSQL: The decryptPostgresPassword script file is not available aftermigrating from 14600 to 14620 due to permission issue.
  • SDPMSP-22849: Unable to add users through API when the department name instead of the department ID is entered.
  • SDPMSP-23163: Home page appears blank for admin in certain cases.
  • SDPMSP-23168: Upgrade fails when we have account-specific graph outgoing mail server configuration.
  • SDPSMP-23177: Values added in the additional fields picklist are not fetched during AD import.
  • SDPMSP-23196: Mail fetching stops if the attachment name in the incoming mail contains "?" and ":" characters.
  • SDPMSP-23206: Unable to save requester notification in standard license.


  • SDPMSP-22634: Unable to send change notifications via REST API.


  • SDPMSP-22754: Problem custom triggers with the Execute on actions condition as Created are executed when the Analysis tab in the problem details page is updated.


  • SDPMSP-22891: The task expiry flag does not appear on the task list view page automatically after the scheduled end time has expired.


  • SDPMSP-23115: XSS vulnerability in email attachments.
  • SDPMSP-23119: XSS vulnerability while executing page scripts reported by Ranjit Pahan.

What's new in 14700?

(Released on: 05 March 2024)

Behavior Changes:

SDPMSP-22632: Filters for Project History

  • The existing Recent Updates icon is replaced with the Recent Updates button and relocated to the top-right of the project list view for better user experience.
  • Recent Updates cannot be set as the default view for Projects.
  • Only users with View All Projects permission can access the Recent Updates button.
  • Users can now filter project history by selecting multiple accounts using show filters > account field. Earlier, the header account was used to filter project history.

SDPMSP-23012: Tasks description will not be fetched while obtaining a list of all task details via API. Users can use fields_required API input to obtain task description, if needed.


SDPMSP-17227: External Frame support for Home and request modules

  • Allow users to quickly access their service desk details by adding Home and Requests tabs in ServiceDesk Plus MSP to Microsoft Teams and other external applications.

SDPMSP-22344: Asset Booking

  • Streamline asset booking by allowing end users to book assets for a set duration, reschedule/cancel bookings, check assets out, extend and check the assets back in when the booking schedule is completed. Asset Booking can be accessed from Assets > Assets Booking and Loan

Click here to Know more.

SDPMSP-22763: Support for Upload Videos in Solution description

  • Embed YouTube links or upload videos in .MP4 or .WEBM formats in the solution description.

SDPMSP-22764: Chat channels

  • Build a channel to facilitate collaboration between service desk technicians and users.
  • Create private or public support channels.
  • Allow users to pin important messages in the channel.

SDPMSP-22765: Missed Chat notification

  • Notify users through email when a chat is left unattended for a specific time. Click here to Know more.
  • Configure roles and users in the notification template to send notifications for missed chats.

SDPMSP-22766: Zia Multilingual Approval Prediction

  • Zia approval prediction now supports Spanish & Swedish languages.

Click here to know more about server requirements.

SDPMSP-22767: Mark clarification as resolved by default

  • Configure to resolve approval clarification when users respond to the clarification.

SDPMSP-22768: Accessing Pending Approvals from header

  • Access pending approvals from the quick access header.

SDPMSP-22785: Dynamic sub-form/entity support

  • Create sub-forms, a section of fields to be used in custom module forms.
  • Create sub-entities, an additional entity for web tab type custom module.
  • Select a pre-defined custom sub-form or sub-entity and include it within a web tab type custom module,.

SDPMSP-22786: Moving import xls solutions over the API framework

  • Import solutions via xls, xlsx, and csv files.
  • Perform the following operations while importing solutions:
  • Add and update records
  • Delete existing records and add new ones
  • Ignore duplicate records

Click here to Know more.

SDPMSP-22787: Custom view for Solution list view

  • Create and save custom views to filter solutions displayed in the list view and classic view.

SDPMSP-22788: Mandate Release roles

  • Administrators can mandate assigning users to dynamic release roles.
  • Customize the field layout of the Roles section while configuring release templates.

SDPMSP-22789: Bell Notification Enhancements

  • Enable Do Not Disturb mode to disable bell notifications.
  • Sort and filter bell notifications in the Notifications pane.

SDPMSP-22790: Insert Solution in Reply request popup

  • Technicians can insert solutions in their replies to requests.
  • For detailed solutions, a link can be added to reply emails.

SDPMSP-22799: Zia Predictions Role

  • Configure Zia Verifier role to restrict who can verify Zia predictions. Combine this role with module roles to verify module-specific predictions.

SDPMSP-22997: Two-Factor Authentication for admin configurations

  • Enable Two-Factor Authentication for modifying general/advanced security settings and password policy under Admin > General Settings > Security Settings.
  • Activate Two Factor Authentication for admin configurations under Admin > General Settings > Two Factor Authentication > Configuration.
  • Enable TFA Trust to establish a time frame during which the admin can modify the security settings without the need for re-authentication.

Click here to Know more.

SDPMSP-22998: What's New - User Education

  • What's New section is added to Help icon on the application header to assist customers in exploring the latest features and behavior changes that are introduced in this update.

SDPMSP-22632: Filters for Project History

  • Use history filters in Projects, Milestones, and Tasks to display history based on specific criteria such as Operations, Performed by, Show Only and Fields.
  • History cannot be filtered based on additional fields.
  • Recent history updates are now displayed in a slider panel.
  • Use the Show History filter in the recent history updates to display history based on specific criteria such as Operations, Projects, Performed by, Show Only and Fields.
  • Filter the history based on predefined time values or custom values.
  • Module icons help identify operations history at a glance.
  • On the Recent Updates page, click on the IDs to navigate to the corresponding details page. For milestones and tasks, hover over the IDs to view their project and milestone details in a pop-up.

SDPMSP-22999: Project History Enhancements

  • Project history now displays Settings updates as Enabled/Disabled instead of boolean value.
  • On selecting the Enable parent to child auto scheduling setting, child entry updates are recorded under the View Auto Propagated Entries link in the history.

Issues Fixed:


  • SDPMSP-22902: Performance issue in the change account form of requests when a substantial number of sites are associated with the account.


  • SDPMSP-22658: Account-based custom headers and login images are broken after upgrading to 14506.
  • SDPMSP-22828: The Account Group option is not available in the category creation page in standard edition.
  • SDPMSP-22846: Unable to update the email address for new release notifications when a non-English language is set as the default application language.
  • SDPMSP-22905: Unable to create accounts due to an issue with user group creation
  • SDPMSP-22933: When using the outlook plugin, the page remains stuck indefinitely
  • SDPMSP-22942: "Invalid input" error thrown when additional field is included in the search criteria in the account GET API.
  • SDPMSP-22953: The Override user based on email option is not working in AD import.

What's new in 14620?

(Released on: 08 February 2024)

Behavior Changes:

  • SDPMSP-22886: While adding attachments received via emails, the restricted special characters in the attachment name will be replaced with underscore (_) or the attachment name will be replaced with random text containing alphanumeric characters.
  • SDPMSP-22887: For security reasons, the default Postgres database password will now be randomly generated for sdpadmin. Any external tools that use the default sdpadmin password to connect to the database will be impacted. For more information, click here.

Framework Upgrade Information:

  • SDPMSP-22883: Upgraded maverick jar file for agentless scan based on SSH.
  • SDPMSP-22884: PostgreSQL is upgraded from 11.7 version to 15.2 version.


  • Customers using the built-in PGSQL databases are advised to upgrade the OS of the server hosting ServiceDesk Plus setups to versions that support PGSQL 15.2 for the migration to be successful.
  • Compatible OS list:

  • Windows : Windows Server 2019, Windows Server 2022, Windows 11
  • Ubuntu : Version 20 and above
  • RHEL & Centos : Version 7 and above
  • Debian : Version 10 and above


  • SDPMSP-22861: Users can now disable addition of emails as conversations based on email headers. After disabling, conversations will be added based on the entity ID in the email subject. Click here to know more.


Users with SDSiteAdmin and SDAccountAdmin role can enable auto assign workstations.

  • Access to the auto assign owners list view in Windows no longer allows for automatic redirection to the Import Usre from AD page.
  • Search/Sort is supported for the Department column in the auto assign owners list view.
  • UI of Auto assign owners page is improved for better user experience.
  • Retain user site as asset site checkbox personalization is retained. Use the Show suggested owner only option in the auto assign owners list view to list only workstations with suggested owners.


  • UEM Integration has a new security certificate verification procedure to ensure secure integration.
  • A switch has been made from httpclient-3.0-rc1.jar to httpclient-4.5.13.jar to improve security.

Issues Fixed:


  • SDPMSP-22556: Complete request details (including description stored as attachments) are fetched to check the User authorization for an API call.
  • SDPMSP-22842: Character limit increased to 2000 in the comments section of a request approval.


  • SDPMSP-18129: For non-login users, the change approval link ID does not redirect to the relevant page
  • SDPMSP-22572: While copying a change, the task status is not set to its default values.


  • SDPMSP-22336: Only the initially loaded list of 100 Affected Services is shown in the Add/Edit Problem form, even if there are more than 100 entities.


  • SDPMSP-22430: Contract expiry notification configured in the enterprise edition is sent to customers even after downgrading to the standard edition.


  • SDPMSP-21679: Auto - Suggestion of email IDs is not working from the second email onwards in the To field under Schedule Reports.


  • SDPMSP-22899: Unable to create an account with a huge number of sites in some cases.
  • SDPMSP-22901: Blank screen is displayed while accessing the application after upgrading to 14500 or later versions in specific cases.

Mobile App:

  • SDPMSP-20504: The status of online users who logged in via mobile is not reflected in the application.

What's new in 14610?

(Released on: 28 December 2023)


  • SDPMSP-20515: Account Group Feature

    • Enhance user experience by allowing users to organize their accounts efficiently. Users can group their related accounts together and associate them with templates, categories, and solutions.
  • SDPMSP-22491 : Support Group V3 API

    • Introducing Support Group V3 API. This marks the end of Support Group Servlet API (/sdpapi/admin/supportgroup). Refer Support Group V3 API documentation available in the application (API DocTool) for details.
  • SDPMSP-22568 : Discovery : Asset Scan Options in UI

    • Integrate SDP MSP with DC MSP to scan assets from SDP MSP UI.

Issues Fixed:

  • Admin:

    • SDPMSP-19023: Technician count is wrongly shown in account details page when the site is referring to any custom site.
    • SDPMSP-22179: Problem templates in notification rules do not fetch Account variables.
    • SDPMSP-22209: Unable to import users from Active Directory.
    • SDPMSP-22446: Account Managers receive SLA Escalation notifications when the Group role is assigned to an SLA.
    • SDPMSP-22540: Account creation fails due to TechnicianAccountMapping insert statement trying to set account IDas NULL.
    • SDPMSP-22592: Error adding CIs in CMDB through API.
  • Requests:

    • SDPMSP-19766: Service Categories not associated with an account are listed in the new request form.
    • SDPMSP-21595: 'Consider Worklog Addition as First response' checkbox is not enabled when adding a worklog in Requests.
    • SDPMSP-22388: $Resolved date value is wrongly shown in job sheet.
    • SDPMSP-22621: Unable to open service requests when a resource question value is given with long space.

What's new in 14600?

(Released on: 11 December 2023)

Behaviour Change:

  • SDPMSP-22615: My Approvals widget is renamed as All My Pending Approvals.
  • SDPMSP-22616: Unwanted conditions removed from technician auto assign configuration.


  • Auto Update :

    • Auto Update allows you to apply the security patches easily and ensures that the application is up-to-date and secure. Apply patch updates in a single click from the application UI. Click here to learn more..
    • To apply minor patch updates automatically without restarting the application, use the HotSwap option. However, it is recommended to update and restart the application to receive further updates.
    • To configure auto update, go to Admin > General Settings > Auto Update.
  • SDPMSP-22615: My Approvals widget is renamed as All My Pending Approvals and the total count of pending approvals of the user is displayed on the widget.

Issues Fixed:

  • SDPMSP-10775: Wrong product version is shown in control panel.
  • SDPMSP-20024: Navigation button in request details page are not displayed after refreshing the page.
  • SDPMSP-22176: Request attachments with a modified attachment path are not transferred properly to JIRA.
  • SDPMSP-22292: V3 APIs for change approval and change approval levels are added to the REST API documentation tool.
  • SDPMSP-22334: Custom triggers are not applied to the child tasks if they are auto triggered upon closing the parent task.

What's new in 14507?

(Released on: 05 December 2023)

Issues Fixed:

  • SDPMSP-18580: Application does not respond when user attempts to view change credentials under Asset Details > Remote Control > Change Credentials.
  • SDPMSP-22208: In some scenarios, unable to edit requests that contain both text and images in the description.
  • SDPMSP-22301,22560: While creating a change from a request, an internal error is thrown for site/group restricted users.
  • SDPMSP-22328: Closed Request count in requester home page is shown as 0 even when closed requests are present.
  • SDPMSP-22458: Change owner and manager roles are reset in the Change Edit form in specific cases.
  • SDPMSP-22528: AaaLogin duplicate queries from getAccountDOForSSOID.
  • SDPMSP-22553: Duplicate queries in ChangeRoles table.
  • SDPMSP-22558: Resource questions added as double columns in service request templates are not rendered properly in request details page.

What's new in 14506?

(Released on: 23 November 2023)


  • SDPMSP-15296:Technicians can now create time sheets even if they are in a different timezone than that of the server by enabling the "Allow timezone difference between technician and application server" option under timesheet settings.

    Click here to know more about the timesheet configurations.

  • SDPMSP-22242: Webhooks for Problem, Change, Project, and Task You can now create webhooks for problems, changes, tasks, and projects and add them as actions to the corresponding triggers. To configure webhooks, go to Admin > Developer Space > Webhooks.

Issues Fixed:


  • SDPMSP-14282 : Czech characters like á,š etc are not encoded properly under the technician list in timesheet.
  • SDPMSP-14989 : In Time sheet, the option today under Time period filter is inconsequential.
  • SDPMSP-14990 : In Time sheet, the options This Week, Last Week, and Last 2 Weeks under Time Period filter shows date starting from Monday irrespective of the start day configured in Time Sheet Settings.
  • SDPMSP-15165 : Unable to view time sheets if the date format in the user personalization is set as
  • SDPMSP-15182 : Worklogs added for a task are not shown under time sheets.
  • SDPMSP-15384 : Time sheet filters are not working properly.
  • SDPMSP-15495 : Account name is not shown for home tasks that are associated with an account under a time sheet.
  • SDPMSP-15533 : Able to log time sheet for current date if the current date is available in previous months.
  • SDPMSP-22486 : Post upgrade 14504, unable to view the time sheet module and settings page.


  • SDPMSP-19946 : Unable to reset the password for file attachments.
  • SDPMSP-22099 : Unable to add a support group in certain cases.
  • SDPMSP-22304 : Performance issue in get_technicians_for_account call is fixed.
  • SDPMSP-22409 : The email configuration is removed due to wrong DB cache.
  • SDPMSP-22494 : Performance issue in billing contracts is fixed.


  • SDPMSP-21483 : Unable to reply to a request from a requester login through mobile app.
  • SDPMSP-21585 : In some cases, sites and groups are not listed in the request add form for requester login based on the selected site (site refer site)
  • SDPMSP-21868 : Multiline formatting is not maintained in request description when a request is created through mobile app.
  • SDPMSP-22181 : Requests are closed automatically when "Close all associated Incidents" option is enabled under problem closure rules.
  • SDPMSP-22184 : Account manager is unable to reply to a request if the request is associated with a support group.
  • SDPMSP-22230 : Notification is not sent to technician when a request is created via email by unknown users.
  • SDPMSP-22311 : When multiple users concurrently access a request, with a lengthy description stored as an attachment, synchronization issues occur in accessing the stored description.


  • SDPMSP-22182 : When Workstation is selected in the CMDB, accounts are not displayed in the Advanced Filtering option of the Custom report.


  • SDPMSP-22226 : Unable to approve the change with the technician in Android mobile app.
  • SDPMSP-22241 : Account value is not displayed along with the group selected in the Change/Task custom filter.
  • SDPMSP-22283 : Change details are not shown in the change approval/print page.
  • SDPMSP-22309 : Unable to delete changes when there are numerous users without view change role permission.
  • SDPMSP-22330 : After upgrading to 14500, only a predefined list of 100 services are shown in the Change Add and Edit form, even if there are more than 100 services available.


  • SDPMSP-22276 : The value in Solution Owner field disappears when editing a solution and saving it.


  • SDPMSP-22286 : Assets are not pushed when scanned using standalone audit scripts scan.

What's new in 14505?

(Released on: 15 November 2023)

Behaviour Change:

  • SDPMSP-22427 : Throttle limit to access the URL api/v3/approvals is increased to 60 per minute.
  • SDPMSP-22428 : If multiple recipients are specified while sending emails from ServiceDesk PlusMSP via SMTP protocol, the email will be sent only to valid recipients. For invalid recipients, the email will not sent and an entry will be added to the system log.
  • SDPMSP-22429 : The time interval for notifying asset inventory count is reduced to 8 hours.
  • SDPMSP-22431 : MSSQL version 2008 and below are deprecated. Going further, MSSQL versions will impact migration and database configuration as follows :

    MSSQL Version

    Configuring Database

    During Migration

    Version 2008 and below

    Unsupported versions - Cannot be configured

    Versions 2012 and 2014

    Unverified versions - Warning message will be displayed while configuring database

    Versions 2016, 2017, 2019, and 2022

    Supported versions - Can be configured

Framework Upgrade Information:

  • SDPMSP-22368 : JSON jar version upgraded from 20230227 to 20231013.

Issues Fixed:

  • SDPMSP-21927 : In some cases, mail fetching via Microsoft Graph protocol fails if CC or BCC fields are empty.
  • SDPMSP-21935 : While configuring approval nodes in change workflow, $ApprovalLink variable is not hyperlinked when it is removed and added again in the approval message.
  • SDPMSP-21969 : The column sort order personalized by the user in request list view is not retained on exporting requests if the browser is refreshed after personalizing the column order.
  • SDPMSP-22082 : Unable to create request custom view with Onhold time as criteria.
  • SDPMSP-22190 : Error while fetching mails with multiple inline images embedded in the email message.
  • SDPMSP-22235 : Change field and form rules configured to add or remove field values are not executed while creating or editing change requests.
  • SDPMSP-22331 : Users are logged out of the application, even with active sessions if the timeout period set for an inactive session is less.
  • SDPMSP-22380 : In some cases, system notifications or custom triggers are not triggered when a request is created via email.
  • SDPMSP-22385 : While creating a change from a request, the request details are not retained in the change if the change template is modified.

What's new in 14504?

(Released on: 01 November 2023)

Behavior Change:

  • SDPMSP-22332 : Account based approval link will not sent for technician and account URI will not appended in approval link for both requester and technician.

Issues Fixed:

  • SDPMSP-20199 : Unable to send mail to the users when different EWS Oauth outgoing configuration is configured for "Default Settings" and for a particular account.
  • SDPMSP-21653 : The New Custom Report page and the report wizard displayed while editing reports load slowly if more than 5000 CI types are created under CMDB.
  • SDPMSP-22035 : After upgrading to version 14201, reports related to the Changes module get deleted when creating change additional fields.
  • SDPMSP-22173 : Advanced Analytics periodic sync fails after upgrading to version 14306, 14500, 14501, 14502, and 14503.
  • SDPMSP-22221 : Scheduled backup and indexing of request conversation fails.
  • SDPMSP-22263 : Mail fetching stops if a mail is sent to a support group created in the custom site after changing site settings from custom to refer.
  • SDPMSP-22297 : Change could not be associated to a request under specific case.
  • SDPMSP-22232 : CVE-2023-49943 : Stored XSS vulnerability in Time Sheets reported by l0c4l_h05t

What's new in 14503?

(Released on: 13 October 2023)


  • SDPMSP-8847 : Release Management in ServiceDesk Plus MSP

    ServiceDesk Plus MSP now supports Release Management in the IT help desk. Release management allows you to plan, build, test, and deploy releases to the production environment. A release can be defined as the process of delivering a set of authorized changes to IT services in a controlled environment. You can use release management to deploy hardware, software, documentation, processes, guidelines, policies, and other components to service operations. Throughout its life cycle, the release process is closely associated with the change management process.

    • ServiceDesk Plus MSP supports the following 9 stages that are essential to any release process :
      • Submission
      • Planning
      • Development
      • Testing
      • UAT
      • Deployment
      • Training
      • Review
      • Closure
    • Each stage in the release management contains statuses that indicate the progress of a release within the stage. Besides statuses, each stage has its planned schedule, roles, approvals, tasks and in some cases, downtime.
    • You can create a release request easily by using pre-configured templates, associate workflows with release requests to define the direction of the flow of the release process. Using workflows, you can include statuses in each stage, set up approvals, allocate stage-wise permissions to users, and configure notifications.To learn more about release management, Click here.
  • SDPMSP-22080 : Task Quick Add Feature
    • You can now create tasks instantly using Quick Add in the task list view in Home, Requests, Problems, Changes, Projects, and Releases. You can also assign the owner while creating a task. Click here to know more.
  • SDPMSP-22222 : Add a name for the jobsheet PDF under print jobsheet page.

Issues fixed:

  • SDPMSP-13298 : Wrong translations for strings Within the Network and Across Network under the request details page in French language.
  • SDPMSP-13619 : Performance issue while viewing a request in list view and details page.
  • SDPMSP-14442 : When custom trigger is configured, an exception occurs if a user, who is not in the application, sends an email.
  • SDPMSP-15050 : Split as New Request is not working if no site is associated to a request.
  • SDPMSP-15225 : Unable to import category through a CSV file if the language selected is other than English.
  • SDPMSP-15524 : Error thrown in task list view page under incident template workflow on sorting associated entity id field.
  • SDPMSP-15604 : Unknown request is shown under trash list view page when searched using request id.
  • SDPMSP-16186 : Privilege error thrown while clicking on On Behalf Of user in request details page.
  • SDPMSP-17936 : Unable to edit the FAFR under service catalog in certain cases.
  • SDPMSP-19721 : When a technician tries to create a new request using an email command, a new account is created instead of a request under MSP account.
  • SDPMSP-19826 : Technicians without sufficient permission can access StandaloneAudit page.
  • SDPMSP-20009 : Removed unused code with potential XSS risk.
  • SDPMSP-20032 : Add worklog icon is missing in iOS and Android apps for contract requests.
  • SDPMSP-20112 : Mail Fetching is stopped when an MSP requester sends an email to a primary address with an asset that belongs to another site.
  • SDPMSP-20160 : Account name is changed in contract renew and edit page.
  • SDPMSP-20218 : Unable to edit a request from Android app if the language is set to Polish.
  • SDPMSP-20322 : Approvals are not triggered automatically for organization role users.
  • SDPMSP-20362 : Alignment issue in jobsheet page if the jobsheet content has table format in it.
  • SDPMSP-20445 : Requester ID is mandatory to create a request through V3 API if asset parameter is passed.
  • SDPMSP-20510 : Hours field value in a worklog gets cleared on editing. The issue occurs if the allow tech to override time option is enabled under service plan and the worklog is created from the resolution tab.
  • SDPMSP-20530 : Unable to send approval through mobile app
  • SDPMSP-21545 : Sign off image is broken under Job sheet customizer page.
  • SDPMSP-21602 : Notification mail is not sent when the business rule is applied to a newly created request.
  • SDPMSP-21660 : Send Information on new version notification is not sent to the customer.
  • SDPMSP-21836 : Performance issue in account details page.
  • SDPMSP-21843 : Account change is restricted in Android app.
  • SDPMSP-21863 : Unable to preview, download, and view the job sheet attachment while sending it via Email.
  • SDPMSP-21938 : Organization logo is not changed in the print jobsheet page under requests.
  • SDPMSP-21940 : Performance issue in survey configuration page in certain cases.
  • SDPMSP-21951 : Unable to import users using Active Directory in SDAccount admin login.
  • SDPMSP-21953 : SVG format image is broken when a user tries to save and edit the account.
  • SDPMSP-21963 : Send Self-service login details notification is not sent when the user is imported through CSV.
  • SDPMSP-21968 : Notification rule is saved for both requester and technician notification while saving it from all account.
  • SDPMSP-22051 : Send Self-service login details under notification rule is not working when an unknown user sends a mail to the application.
  • SDPMSP-22196 : When a requester replies to a ticket from the self-service portal, with no email ID mentioned under the Notify Users field, an internal error is thrown in the UI.
  • SDPMSP-22240 : Global search is not working properly after upgrading to 14500.

What's new in 14502?

(Released on: 29 September 2023)

Issues fixed:

  • SDPMSP-20289 : Unable to edit Category (Admin > Customization > Helpdesk) if the Change Manager of the category is removed from the SDChangeManager role and license is downgraded from Enterprise/Professional to Standard (without change add-on).
  • SDPMSP-21550 : Unable to edit details for support groups imported from CSV files.
  • SDPMSP-21640 : The table in the rich text editor breaks while pasting multi-line content.
  • SDPMSP-21778 : While creating/editing requests, if the request template is changed, priority matrix stops working.

What's new in 14501?

(Released on: 27 September 2023)

Behavior Change:

  • SDPMSP-22160 : While importing contracts with picklist additional fields, contract entries whose picklist values are not configured as the picklist option in ServiceDesk Plus-MSP will be added to Failed Records.
  • SDPMSP-22162 : The following behavior changes are introduced for request attachments:
    • Attachment size will not be displayed in request history.
    • For requests created from emails, the attachment created user will be listed as System User in request details page.
    • The following scheduled migration tasks will no longer be executed after upgrading to 14501 build or later: InlineImageMigration, ResolutionTemplateMigration, AntisamyNotificationMigration. During patch validation, users will be notified via a prompt message in the UI if any task is not completed. To resolve any incomplete task, please contact support.
    • The folder paths for attachments is updated as follows :

      Attachments Fetched From

      Old Folder Path

      New Folder Path

      Reply emails


      System notifications and chat conversations


      Notifications in moved requests and conversation added via merged requests


      Notes in moved requests and notes copied to linked requests


      Resolution content added as attachment



  • SDPMSP-22161 : Users can adopt custom trust store to support untrusted security certificates while configuring Mail Server Settings. Click here know more.

    Note: EWS basic mail configuration will no longer trust self signed certificates. Hence, users are required to authorize certificated via custom truststore.

Issues fixed:


  • SDPMSP-21699 : SDAccountAdmin can update backup approver configuration for an unauthorized account.
  • SDPMSP-22134 : In some cases, task and worklog reports are not filtered based on selected account.
  • SDPMSP 22384 : Weak Cipher Removal

    The following weak ciphers have been removed for enhanced security:


    If you had these ciphers enabled under Security Settings > Ciphers, they will no longer appear after the upgrade. If no ciphers are present after removing the weak ciphers, default ciphers will be added to Security Settings > Ciphers.

What's new in 14500?

(Released on: 06 September 2023)

Behavior Change:

  • SDPMSP-22045 : Post-migration to build 14500 or later, the following behavior changes will be implemented in the Changes module:
    • Notes added previously will be moved to the Notes sub-tab.
    • Work Logs and Approval Summary is added as a separate tab in change requests.
    • Associations sub-tab is added to the Release stage of a change. Change users can associate release requests with the change request from the Associations sub-tab.
    • Status Comments and Approval History sub-tabs are added to the History tab in change requests.
    • downtime in Planning stage will also be listed under Release stage.
    • Going forward, change closure rules will not be applicable for work logs.
    • Change users can configure scheduled and actual time for downtime under Planning and Release stages.
    • Projects cannot be associated after the change request crosses Implementation stage.
    • Users will be prevented for making any changes in Submission stage after the change reaches Approval stage.
    • Going forward, assetid will be mapped for Assets Involved field instead of ciid.
    • Created Time cannot be set ahead of current time.
  • SDPMSP-20167 : Post-migration to build 14500 or later, the following behavior changes will be implemented in the Problems module :
    • Conversations and notes are displayed in threaded view under Details tab in problem details page.
    • Users with View Problems permission can add or view problem reminders.
    • Only problem users with View Requests permission can associate incidents with problem requests.
    • Work logs are listed in a separate tab under the problem details page.
    • Only problem users with View Solutions permission can view the Solutions tab in problem details page.
    • Custom reports containing picklist fields as columns must be reconfigured to display proper data. Edit the report, re-select the picklist field, and save the custom report.
    • Pick list fields response format is updated. Custom functions containing pick list fields must be updated to the latest format manually.
    • Users can now create upto 90 additional fields.
    • The following URLs are updated in the Problems module. Post migration, the old URLs will not be accessible.

      Old URL

      Updated URL



  • SDPMSP-21982 : The following behavior changes will be implemented in the Project module:
    • While creating projects, the Owner field will list all users with View Project permission.
    • On selecting a project template, the Owner field will list users added as members in the selected template. Subsequently, project users with View Project permission who are not added as members to the template will be listed.
    • My Projects filter will now list projects where the user is the owner. A new filter titled My Associated Projects will list all projects where the user is a member.
    • While creating projects, the Template field will now list 20 project templates, by default. Users can scroll down to view more templates.
  • SDPMSP-22013 : Copy Default Settings option is removed. Sites that are already configured with Copy Default Settings option will be updated with Custom Settings configuration to organize and maintain separate configurations for each site. Default site settings will not influence other sites going forward.


  • SDPMSP-18744: Two-Factor Authentication in mobile application

    Two factor authentication (TFA) is now supported in the ServiceDesk Plus MSP mobile application. The mobile application needs to be updated to use TFA.

  • SDPMSP-14860 : Change Module Enhancements
    • Change additional fields can be added for any stage and relevant change templates from Admin > Customization > Additional Fields > Change.
    • The limit of Text, Numeric and Date/Time change additional fields is increased to 100, 50, and 50 respectively.
    • ServiceDesk Plus MSP now support UAT (User Acceptance Testing) and Release stages for Changes module.
    • Tasks and Notes tabs are added to all stages in change requests. Users can add rich text and mention other users in notes using @.
    • While printing change details, users can choose to print data from any stage, tasks, and work logs.
    • On hovering over usernames in Change Requester field drop-down, the user's display name, employee ID, and email address are displayed as a tooltip.
    • Approval comments will be listed under Approval Summary tab in change details page.
    • While searching in Assets Involved field, the complete search result will be listed.
    • The UI for change details page is now enhanced for better user experience.
  • SDPMSP-6617 : Additional fields for task

    Use task additional fields to capture any extra information in tasks apart from the information captured through the default fields. Available field types include: Single Line, Multi Line, Pick List, Numeric, Decimal, and Date/Time.

  • SDPMSP-8982 : SCCM Integration

    Extend the capabilities of ServiceDesk Plus MSP to manage desktops and Windows-based applications through integration with Microsoft System Centre Configuration Manager (SCCM). You can use SCCM for asset discovery and also simultaneously update asset data in ServiceDesk Plus MSP.

    Configure SCCM integration under Admin >> Discovery >> SCCM Integration. To learn more click here.

  • SDPMSP-20156 : Assisting users on self-service portal
    • Create customized product tours for your users to familiarize themselves with the Self-Service Portal.
    • Create tours in multiple languages and automatically serve requesters with an appropriate tour based on their language personalization.

    To learn more, Click here.

  • SDPMSP-20157 : Software reconcile
    • In assets, you can now reconcile two software from the scanned software list view, retaining the details of the latest added software.

    To learn more, Click here.

  • SDPMSP-20167 : Problem Template
    • Create problem templates for frequently created problems to save time and effort by pre-populating data. You can also include fields specific to your problem in templates.
    • Administrators can create problem templates under Admin > Templates & Forms > Problem Template.
    • The UI for problem details page and problem additional fields is now enhanced for better usability.
  • SDPMSP-20421 : Asset Replenishment
    • Track asset inventory and configure notifications when the inventory count falls below the configured threshold.
    • Notify the relevant technicians by email.
    • The SDAdmin can configure threshold for products/product types available in store.

    To learn more, Click here.

  • SDPMSP-21912 : Support for personalization in Armenian, Ukrainian and Hindi Language.
  • SDPMSP-21966 : Reports Enhancements
    • Export, schedule, and mail reports in DOC, DOCX, and XML file formats. Only tabular and query reports can be exported in XML format. Click here to learn more.
    • Users can enable/disable their scheduled reports. Click here to learn more.
    • Administrators can suspend or reinstate all the scheduled reports.
    • Configure a location to save a scheduled report.
    • Clicking a report chart will now direct you to the respective list view. This is applicable only for the charts created with Requests and Assets data.
  • SDPMSP-21978 : Project Settings

    Use Project Settings to have an enhanced control over your projects with the following options :

    • Schedule Settings : Fine-tune project schedules and their child entities effortlessly.
    • Cost Settings : Include costs from project child entities to accurately calculate the project's actual cost.
    • Closure Settings : Define permissions for project and child entity operations when they reach completion status.
  • SDPMSP-21988 : Zia Bot Workflow Customization

    Zia Workflow enables you to create a directional path for the various actions configured within the Zia Bot.

  • SDPMSP-21989 : Custom Schedules Enhancements
    • Administrators can run custom schedules daily, weekly, monthly, and yearly. While configuring schedule info, select a repeat period and enable Advanced Options check box.
    • Custom schedules can be configured to repeat endlessly, end after certain repetitions, or on a specific date. Click here to learn more.
  • SDPMSP-22012 : Default Mode - Mobile App

    For requests created via ServiceDesk Plus MSP mobile application, mode will be auto-updated as Mobile App. Users can modify the mode name under Admin > Customization > Helpdesk > Mode. Click here to learn more.

  • SDPMSP-22044 : Disable Rate Limit

    Administrators can now disable rate limit for all actions and operations performed in ServiceDesk Plus MSP under Admin > General Settings > Security Settings. Click here to learn more.

  • SDPMSP-22049 : Added support for Catalan language.

Issues fixed:

  • SDPMSP-17982 : Unable to select multiple assets in the change add form.
  • SDPMSP-18873 : Request templates are not shown on the request catalog page if there are more than 100 service categories that have at least one template each.
  • SDPMSP-19996 : Unable to send notifications from a change if an attachment containing space in its name is added manually to the email notification.
  • SDPMSP - 20513 : Unable to save a support group with more than 5 additional fields.
  • SDPMSP-21808 : Account variables not Fetched in Change stage templates.
  • SDPMSP-21835 : When worklog is added or updated, the last updated time is not captured in the request.
  • SDPMSP-21993 : Performance issues during Site creation and updation.

What's new in 14306?

(Released on: 18 August 2023)


  • SDPMSP-15283 : Choose and define which accounts should be synced between Zoho CRM and SDP MSP.
  • SDPMSP-16191 : Account based URLs to be considered for request approval links.
  • SDPMSP-21815 : Introducing Delta import for LDAP.
  • SDPMSP-21914 : Administrators can now delete survey responses from the Survey Reports page.
  • SDPMSP-21930 : Customers can view the full description of a worklog from the list view by enabling the following setting in the database. By default, it will be set to false.
    • Table name : globalconfig
    • Column name - values : category- worklog, parameter-showFullDesc

Issues fixed:


  • SDPMSP-21648 : Unprivileged users can delete the asset group of any user via API reported by Ranjit Pahan.
  • SDPMSP-21905 : XSS vulnerability in request list view page for account name reported by Ranjith Pahan.
  • SDPMSP-21933 : Unprivileged users can fetch barcode scan history related data in sites reported by Ranjit Pahan.


  • SDPMSP-21611 : Mail fetching stops while creating requests via email if there is an issue processing inline images.
  • SDPMSP-21763 : Unable to approve and assign unknown user to a particular account from request details page, if that request was created by sending email to an account's support email address.
  • SDPMSP-21768 : Support groups are not listed in the requester login if refer site is selected while creating the request.
  • SDPMSP-21817 : Replies via email do not reopen closed requests with a fixed charge service plan.
  • SDPMSP-21819 : When the business rule is executed, the checklist is not associated with the request created via email.
  • SDPMSP-21860 : Custom role technicians are not able to view the account advisory details in the request details page.


  • SDPMSP-20444 : Except SDAdmin other technicians are unable to view all solutions from the solution list view page.


  • SDPMSP-21643 : Under maintenance module, if the site is set to refer site, group values are not shown.
  • SDPMSP-21810 : Custom trigger is not executed for service requests through maintenance.


  • SDPMSP-21845 : Tasks, Solutions, and Maintenance pages are not working in specific cases.
  • SDPMSP-21920 : Unable to edit account from UI if the account is created through API without address/contact details in the input_data.


  • SDPMSP-21681 : Contract is not marked as expired/active if there are account variables in contract expiry notification template.


  • SDPMSP-19214 : Unable to integrate with Jira if password is of integer type.
  • SDPMSP-20573 : Console error thrown when saving an archiving exception filter with Subject criteria under Data archiving.
  • SDPMSP-21617 : Technicians do not receive notifications from custom trigger when an unknown requester sends email.
  • SDPMSP-21913 : Survey responses are not listed with respect to the Account combo box in specific cases.

What's new in 14305?

(Released on: 10 August 2023)

Behavior Change:

  • SDPMSP-21826 : SDAccountAdmin and SDSiteAdmin cannot view or configure Service Level Agreements for incidents.
  • SDPMSP-21866 : Administrators can allow users to generate their own API keys.
    • Permission can be set under Admin > Users & Permission > Technicians, Users, Requesters.
    • The option to generate API keys for other users while creating or updating users is removed for administrators.
  • SDPMSP-21867 : Zia Solution search now compares the search text with topic, description, title, solution ID, status and keywords of solutions.
  • SDPMSP-21873 : Security XML limit for mandatory fields is increased to 250.

Issues fixed:


  • SDPMSP-20564 : XSS vulnerability in task title reported by Gowriprasad Kuruba Bedala.
  • SDPMSP-21669 : SSRF vulnerability in accessing internal networks.
  • SDPMSP-21866 : Privilege escalation vulnerability while generating authtoken for users.
  • SDPMSP-21875 : Privilege escalation vulnerability while fetching list of software reported by Ranjit Pahan.
  • SDPMSP-21876, SDPMSP-21878 : Privilege escalation vulnerability while deleting incident SLAs.
  • SDPMSP-21877 : Sensitive data exposure vulnerability in logs.
  • SDPMSP-21879 : Privilege escalation vulnerability while creating incident SLAs.
  • SDPMSP-21880 : Privilege escalation vulnerability while fetching details of attachments in software licenses reported by Ranjit Pahan.
  • SDPMSP-21882 : Privilege escalation vulnerability while deleting software license attachments reported by Ranjit Pahan.
  • SDPMSP-21883 : Sensitive data exposure vulnerability in Query Report API reported by Rakesh.
  • SDPMSP-21884 : Unprivileged technicians can detach associated purchase requests reported by Gowriprasad Kuruba Bedala.
  • SDPMSP-21887 : API key in the server configuration table is not encrypted.
  • SDPMSP-21888 : Disposed or expired workstations or servers are listed in software license operations.
  • SDPMSP-21891 : Privilege escalation vulnerability while downloading software license attachments reported by Ranjit Pahan.
  • SDPMSP-21892 : IDOR vulnerability while creating purchase requests from service requests reported by Ranjit Pahan.
  • SDPMSP-21893 : Technicians can associate parent contracts as child contracts.
  • SDPMSP-21894 : Technicians can renew already renewed contracts.
  • SDPMSP-21896 : CSRF vulnerability in logs reported by Ranjit Pahan.
  • SDPMSP-21897 : XSS vulnerability in then left pane list view page in Purchase module.
  • SDPMSP-21898 : Technicians can associate child contracts with expired contracts.
  • SDPMSP-21899 : XSS vulnerability in chat settings page.


  • SDPMSP-21870 : The request list view popup does not load while clicking on a chart from the dashboard for All Sites if the group name selected under Support Groups contains space.


  • SDPMSP-21918 : Mails with base64 encoded inline images are not fetched into the application.


  • SDPMSP-21795: Unable to access calendar pop-up while configuring custom reports, marking leave in technician availability chart, and in task list view. Additionally, the dashboard does not load in some cases.

What's new in 14304?

(Released on: 25 July 2023)

Issues fixed:


  • SDPMSP-21672 : Stored XSS vulnerability in SDP MSP reported by Ranjit Pahan.
  • SDPMSP-21685 : Unprivileged users can delete credentials of any account reported by Ranjit Pahan.
  • SDPMSP-21686 : Unprivileged users can edit credentials of any account reported by Ranjit Pahan.
  • SDPMSP-21687 : Unprivileged users can edit site of any account reported by Ranjit Pahan.
  • SDPMSP-21707 : Unprivileged users can see contracts of other accounts reported by Ranjit Pahan.
  • SDPMSP-21708 : Unprivileged users can see downloaded contract attachment reported by Ranjit Pahan.
  • SDPMSP-21742 : Unprivileged users can see solution attachment details of other accounts reported by Ranjit Pahan.
  • SDPMSP-21789 : Unprivileged users can view and edit the network-scan of any account reported by Ranjit Pahan.
  • SDPMSP-21790 : Unprivileged users can start the network-scan of any account reported by Ranjit Pahan.
  • SDPMSP-21829 : Unprivileged users can edit user group of any account reported by Ranjit Pahan.
  • SDPMSP-21830 : Unprivileged users can delete user group of any account reported by Ranjit Pahan.

What's new in 14303?

(Released on: 07 July 2023)

Behavior Changes:

  • SDPMSP-20540 : While entering a string in the request notification pop-up, email IDs are displayed based on the username or email address.
  • SDPMSP-21728 : Backups will be retained for a minimum of 2 days in Postgres setups.


  • SDPMSP-21613 : ServiceDesk Plus MSP startup time is reduced for better user experience.
  • SDPMSP-21703 : In the Maintenance module, the threshold value for Daily schedule is increased to 7300 days.
  • SDPMSP-21727 : ServiceDesk Plus MSP now supports RSA and ECC algorithm certificates while importing SSL certificates under Admin > General Settings > Import SSL Certificate.

Issues fixed:

  • SDPMSP-20380 : Request status is not updated properly when an approval level is deleted.
  • SDPMSP-20620 : Only a few approved solutions are listed when a topic is chosen under Resolution > Solutions on the request details page.

What's new in 14302?

(Released on: 30 June 2023)

Behavior Changes :

  • SDPMSP-20426 : Some columns under reports module are restricted in account manager login.

    Note: Saved reports that contain these restricted columns will not work anymore. However, you can modify and save the report again to use it further.

  • SDPMSP-21592 : Due to Zoho CRM API being migrated to V4, the old API versions (V2&V3) will be deprecated from Aug 31, 2023. The existing CRM integrations will be paused when you upgrade MSP. To ensure seamless synchronization, connect with the new SCOPE and enable the integration.
  • SDPMSP-21561 : For V1 APIs, TECHNICIAN_KEY/AUTHTOKEN should be sent in request header only.

Issues Fixed :

  • SDPMSP-7759 : System log viewer shows the Type as "Error" instead of "Info" when spam filter criteria is matched.
  • SDPMSP-14429 : Failure message shown while updating email in release notification email box in about page.
  • SDPMSP-15544 : Chart is not shown for the SLA Violation by Technician widget in dashboard.
  • SDPMSP-16163 : Service categories are missing in certain cases after reordering.
  • SDPMSP-17030 : Unable to open the downloaded invoice in Zoho Invoice and Zoho Books.
  • SDPMSP-18002 : Improper exception is thrown while adding attachment containing & symbol.
  • SDPMSP-18934 : DC Bundling related banner is shown in MSP 10.6.
  • SDPMSP-19420 : 404 error is thrown while accessing the application. The issue occurs if only the SAML authentication mode is enabled.
  • SDPMSP-19939 : Site name added in foreign language with special characters gets corrupted in asset creation page.
  • SDPMSP-19974 : Page loading issue while trying to edit a service template.
  • SDPMSP-19983 : Translation issues in Chinese language personalized setups.
  • SDPMSP-20010 : Category, Sub-category, and Group values are getting cleared when adding accounts to the template.
  • SDPMSP-20079 : "One of the given input exceeds the maximum length" error is thrown while adding more values in the multi-line account additional field.
  • SDPMSP-20082 : Unable to import request when there is a picklist field associated to the template.
  • SDPMSP-20230 : While selecting a particular account/All Accounts from request list view, the font style is changed.
  • SDPMSP-20280 : When requests configured with SLAs are created during non-operational hours, incorrect data is populated in the Time Analysis tab.
  • SDPMSP-20302 : Some sites are not listed in Zoho maps under All Sites view.
  • SDPMSP-20348 : Sorting function does not work properly for Account column in Request list view page.
  • SDPMSP-20419 : Users with Change Review stage edit permission are unable to add or edit the Review stage description.
  • SDPMSP-20439 : The bullet list text is changed to special characters and alphabets in the account description field.
  • SDPMSP-20449 : Account deletion issue due to request notification data conflict.
  • SDPMSP-20482 : Account is changed to All account in the account combo-box while navigating back to the list view page.
  • SDPMSP-20486 : Account is not deleted if any of the user data of the account is present in arc_approvaldetails.
  • SDPMSP-20537 : Users are logged out of the application unexpectedly in some cases.
  • SDPMSP-21480 : AD import fails for users with the same username as other domain users.
  • SDPMSP-21501 : Unable to delete account if account contract is configured to it.
  • SDPMSP-21514 : Unable to add picklist if the combination of picklist value is more than 100 characters.
  • SDPMSP-21532 : The Imported OU's are selectable even it is imported under Shared domain accounts.
  • SDPMSP-21562 : Notification rules are not working when the notification template contains $account variables.
  • SDPMSP-21568 : Unable to save the request notification rules when all the notification rules are disabled.
  • SDPMSP-21576 : Requester is unable to reply to a request if site is referring to another site and request is associated to group of refer site.
  • SDPMSP-21631 : Sites are not filtered based on the Account search in Site fields in Request creation page.

What's new in 14301?

(Released on: 19 June 2023)

Issues Fixed :


  • SDPMSP-21552 : CVE-2023-35785 : Authentication bypass vulnerability while logging in using Two-Factor Authentication reported by dalt4sec.

What's new in 14300?

(Released on: 14 June 2023)


  • SDPMSP-20431 : Restrict account count for template and related URLs
  • SDPMSP-20499 : Solution Feedback (Helpful/Not Helpful)
    • Add comments and feedback about solutions under the Feedback tab on the solution details page.
    • Solution owner or SDAdmins can now disable comments and reset the ratings of a solution using Actions menu on the solution details page.

      SDAdmins can globally enable or disable ratings and comments for solutions using Solutions Settings on the solutions list view. Click here to learn more.

  • SDPMSP-20550 : Business Rules and Custom Trigger Enhancements
    • Business rules can be applied to request notes and notifications. Users can create up to 5 rule groups for notes and notification rules. Custom triggers can be applied to request notes, notifications, approvals, and approval levels by creating triggers and grouping them in up to 5 trigger groups.
    • Business rules created post migration will be applicable to all requests irrespective of site.
    • Technicians can now apply If-If, If-Else, and conditional actions via business rules.
    • Business rules and custom trigger conditions can be configured using custom functions.
    • Technician fields can be updated dynamically with a technician assigned to group roles via business rule actions.
    • Multi-select fields can be updated via business rule.
  • SDPMSP-20551 : Dynamic FAFR for SGT Fields.
  • SDPMSP-20552 : The following behaviors are updated with respect to request business rules and custom triggers.
    • Templates can now be changed for requests created using non-default template via incident business rules.
    • Users can select any set of events while configuring business rules and custom triggers across all modules.
    • Business rules and custom triggers will not be triggered when an attachment is added or deleted.
    • In migrated setups, Approval Approved, Approval Rejected or Reply received events will not be listed for request custom triggers.
    • A warning will be thrown when users attempt to change visibility of note if Show to requester is defined via notes business rules.
    • Field update, conditional actions, set SLA actions cannot be configured for Deleted Permanently and Moved to trash events in business rules. A UI message will be used to notify users if they attempt to configure the same.
    • Business rules configured for different sites will now be added to Site rule group. Users are advised to reconfigure all site-based business rules since the Site rule group will be removed in future.
    • Note business rules and custom triggers are not be applicable to notes added when an email sent to the application bounces.
    • Notification business rules and custom triggers are not be applicable in the following scenarios:
      • When a conversation is deleted after being split as new request.
    • Approval level custom triggers cannot be configured for Deleted events.
    • Action Taken By field will not be listed while configuring conditions in Approval Level custom triggers.
    • The pagination drop-down defining the number of records displayed in the list view is not supported for the following request-sub entity automations :
      • Business rules - notes and notifications
      • Custom triggers - notes, notifications, approval levels and, approvals.
    • $(resolution_attachments} variable used in the notification rules template is now renamed as ${resolution.resolution_attachments}.
    • $cc_users variable used in the notification rules template is now renamed as $email_ids_to_notify.
  • SDPMSP-20568 : Solution Associations
    • Introducing Associations tab on the solution details page to link existing solutions and view requests and problems associated with the solution.
  • SDPMSP-20579 : Service SLA Enhancements
    • Technicians can apply SLA to service requests via service business rules custom actions.
    • Users can choose the SLA to be applied while raising service requests if Allow user to choose SLA while raising a request option is enabled in service SLA list view page.
  • SDPMSP-20580 : Contact Collection for SDP

    SDAdmins can store their official contact details to help us reach them instantly during any security update or release. There will not be any marketing communication sent to the stored address. To configure contact collection, go to Admin > General Settings > Security Settings > Security Alerts. Click here to learn more.

  • SDPMSP-20581 : Purchase Order List view Enhancements

    The UI framework for the purchase order list view is revamped for better user experience.

  • SDPMSP-20590 : Inline Image in Request Notification Rules

    Inline images can now be uploaded to Request Notification Rules which will be sent as part of notification emails.

    • Request Email Notification Rules Subject length has been restricted to 500 characters.
    • Request Email Notification Rules Subject has been marked as mandatory.
  • SDPMSP-21471 : Request notification popup is enhanced as a slider window for better usability.
    • Users can close, maximize, or resize the notification pop-up. Additionally, technicians can minimize and restore the notification pop-up. On minimizing the notification pop-up, technicians can view request details, switch to other tabs, and perform various operations while the notification content will be saved as a draft.
    • Description editor can be viewed in full screen.
    • Email addresses can be copied to From, To, CC, BCC fields in the notification pop-up.
    • Note: Drafts will be saved only if the current content is different from the last saved draft.

  • SDPMSP-21486 : Account properties added to the right pane in request details page.
  • SDPMSP-21488 : Sync empty field values from AD

    SDAdmins can now choose to update empty values from Active Directory to ServiceDesk Plus MSP during user import. Click here to learn more.

  • SDPMSP-21489 : If Allow user to choose SLA while raising a request is disabled in service SLA list view,
    • SLA cannot be associated under Workflow tab while configuring templates. A UI message will be displayed in the Workflow tab to brief users.
    • Default SLA configured for a template will not be applied to requests raised using the template.

  • SDPMSP-21489 : If Allow user to choose SLA while raising a request is disabled in service SLA list view,
    • SLA cannot be associated under Workflow tab while configuring templates. A UI message will be displayed in the Workflow tab to brief users.
    • Default SLA configured for a template will not be applied to requests raised using the template.

  • SDPMSP-21498 : reinitializeDB.bat file is moved from <SDP_Home>/bin folder to <SDP_Home>/server/tools folder.
  • SDPMSP-21499 : Conversations and notifications in the old data model will be deleted after migrating to the new data model. It is recommended to take a backup before migration.
  • SDPMSP-21536 : Custom Module Automation and Import/Export Enhancements
    • Business rules and custom triggers can now be applied to custom module records.
      • Business rules can be used to configure field updates and execute custom functions/scripts.
      • Custom triggers can be used to send notifications and execute custom functions/scripts.
    • Users can import records in bulk to custom modules from CSV, XLS, or XLSX files.
    • Records under custom modules can be exported as HTML, PDF, CSV, XLS, and XLSX files.
    • Custom modules can be defined with statuses :
      • Draft - Default status defined for a custom module while it is under development. Only the SDAdmin who created the custom module can access it in draft status.
      • Published - Custom modules can be moved to Published status only if form and permissions are configured. After the module is published, users can access and perform necessary operations in the module.
      • Suspended - Users are temporarily restricted from accessing custom modules while in Suspended status. The SDAdmin who created the custom module can access the records in read-only mode.
      • Retired - The custom module has reached the end of its life. Users are permanently restricted from accessing the custom module. The SDAdmin who created the custom module can access the records in read-only mode or delete them. The module cannot be moved to any other status further.
  • SDPMSP-21537 : Additional Fields Enhancement

    New Additional Field Types for Custom Module

    The following additional field types are now added for custom module :

    • File Upload
    • Phone number
    • URL
    • Email
    • Percentage
    • HTML
    • Boolean
    • Date

    Reference Entity Support

    Use reference entities to populate values by referring another field's value in Pick List, Radio, Check Box and Multi Select additional fields under custom modules. To configure reference entities,

    • Go to Setup > Developer Space > Custom Modules.
    • Edit any custom module and go to Form Customizer tab.
    • Click Add New Field icon.
    • Drag a Pick List, Radio, Check Box and Multi Select field type.
    • Select the reference entity while defining the field properties.

    Other Enhancements

    You can now do the following in the existing additional field types. These changes are applicable only to additional fields in user, technician, projects, worklog and custom modules :

    • Single-line - Set character limit for values in single-line fields by providing the minimum and maximum number of allowed characters.
    • Decimal - Enter a maximum of 13 integers and up to 3 decimal places as decimal field values.
    • Numeric - Set an allowed numeric range by entering Minimum and Maximum values.

    Preview Additional Fields

    Preview how the additional fields will render in the form page by using the Preview option. This is applicable for user, technician, projects, worklog and custom modules.

    Export Additional Field Values

    Option to export Pick List, Radio, Check Box and Multi Select field values in XLS format. This is applicable for user, technician, projects, worklog and custom modules.

    Import Additional Field Values

    The values option in Pick List, Radio, Check Box and Multi Select fields is revamped with a better workflow. It now supports import from XLS, XLSX, and CSV files.

  • SDPMSP-21538 : Microsoft Teams Technician to Requester Chat

    Technicians can initiate chats with requesters from ServiceDesk Plus bot in Microsoft Teams.

  • SDPMSP-21539 : To Ensure proper working of ZIA , it is necessary to have Visual C++ 2015 or a latest version installed on your server.
  • SDPMSP-21554 : Additional Field - Bulk Add Values :

    The Bulk Add option in Pick List, Radio, Check Box and Multi Select fields now supports only the add operation in user, technician, projects, worklog and custom modules

Framework Upgrade Information:

  • SDPMSP-20591 : Postgres Upgrade to 11.17
  • SDPMSP-20588 : JSOUP jar version is upgraded to 1.15.3.
  • SDPMSP-20556 : ZuluJRE Upgrade
  • Zulu OpenJRE upgraded to version 1.8.0_352.
  • SDPMSP-21540 : Upgraded old batik jar files.

Issues fixed:

  • SDPMSP-19620 : Unable to add/edit accounts if there are more than 5 specified email domains.
  • SDPMSP-15365 : Add-on info message is wrong under Telephony Server setting page.
  • SDPMSP-18033 : Unable to shutdown the application through shutdown.bat.
  • SDPMSP-18928 : If extension number starts with +, an internal error is thrown in UI and if extension number starts with 00, the numbers are truncated. Issue in CTI.
  • SDPMSP-19214 : Unable to integrate with Jira if password is of Integer type.
  • SDPMSP-19301 : Unable to select and save 'file sales rate' option in Zoho Books and Zoho Invoice integration.
  • SDPMSP-19432 : Unable to reset the local authentication password for domain usersby using the Forgot Password option in some cases.
  • SDPMSP-19545 : Scan now option is removed from the Asset details page.
  • SDPMSP-19591 : Incorrect login hours are shown when generating reports for technicians.
  • SDPMSP-19648 : Trust this browser is not working for Two-Factor Authentication when the IP address changes or after upgrading to build 14200.
  • SDPMSP-19826 : Technicians can access StandaloneAudit Page even if they don't have the permission.
  • SDPMSP-19886 : LDAP Schedule Import is not working.
  • SDPMSP-19989 : Asset not applicable to entity's account error thrown while creating a request using My Org Inc account.
  • SDPMSP-20088 : Endpoint Central menu is displayed in the header even after disabling it under Integrations.
  • SDPMSP-20438 : Mail fetching is stopped when an unapproved user sends an email.
  • SDPMSP-20446 : Requester is unable to reply to a request if the request is associated to default support groups.
  • SDPMSP-20525 : The solution topics are not visible when the topics count exceeds 100.
  • SDPMSP-20526 : Notification mail is not sent when a user is tagged in Request notes.
  • SDPMSP-20538 : In some cases, while trying to add an account a blank screen is displayed.
  • SDPMSP-20631 : When a reply gets appended to a conversation, CC field user is moved to To field.
  • SDPMSP-21481 : Webhooks fail when invoked through custom trigger.
  • SDPMSP-21494 : Unable to add billable worklogs in some scenario.
  • SDPMSP-21500 : Notification is not received by group members when template subject contains (${}) in the template "Alert group members by e-mail when a new request is added to the group".
  • SDPMSP-21506 : Request cannot be deleted /edited if the "Unknown request" option is selected in the search filter in the request list view page.
  • SDPMSP-21522 : Unable to create and associate a project from the request details page when the project is created using a project template.
  • SDPMSP-21548 : Filters do not load the first try due to /api/v3/requests/metainfo call slowness.

What's new in 14202?

(Released on: 20 June 2023)

Issue fixed:

Vulnerability :

  • SDPMSP-21552 : CVE-2023-35785 : Authentication bypass vulnerability while logging in using Two-Factor Authentication reported by dalt4sec.

What's new in 14201?

(Released on: 09 May 2023)


  • SDPMSP-13721: Enhancement in API to Merge, Link requests.
  • SDPMSP-20317: Microsoft Graph for Mail Servers : Administrators can configure Microsoft Graph for Exchange Online mailboxes in Incoming and Outgoing Mail Server settings to send or receive emails from ServiceDesk Plus MSP. Click here to learn more.
  • SDPMSP-20323: Task and Worklog Report Enhancements.
    1. Users can create custom task reports for Problem, Change, Project and Milestone modules.
    2. Users can create custom reports for worklogs across all modules.
    3. New default report folders Reports on Tasks and Reports on Worklog are added in ServiceDesk Plus MSP Click here to know more..
    • SDPMSP-20324: Users are restricted from accessing the local host and local IP by invoking the URL using custom functions.
    • SDPMSP-20325: Added response status for work logs/summary API in the REST API documentation.
    • SDPMSP-20326: Support type information is displayed under License Details for premium support.
    • SDPMSP-20328: Send a password reset link to users who have forgotten their passwords. Click here to learn more.

Issues fixed:

  • SDPMSP-14762: Add Software Installation(s) pop-up takes longer to load and doesn't show any data.
  • SDPMSP-14986: Copy operation fails while trying to copy more than one FAFR with account based fields.
  • SDPMSP-16210: Vulnerable dead code removed.
  • SDPMSP-17897: Privilege error thrown while searching users through global search in account manager login.
  • SDPMSP-17938: Request list is not displayed under the quick view tab for the custom view with "${LOGGEDINTECH}" criteria.
  • SDPMSP-18096: In some cases, few service categories are not shown in the add/edit incident template page..
  • SDPMSP-18097: In some cases, few service categories are shown for all the accounts, irrespective of accounts associated under workflow.
  • SDPMSP-18743: Requests count mismatch issue while using certain filter criteria.
  • SDPMSP-18910: Error while adding approvers to the workflow.
  • SDPMSP-19519: V3 API - Site Id is mandatory to create a request through v3 api if Asset parameter passed.
  • SDPMSP-19718: Sites names are encoded on spot edit when the site names are in Turkish and Chinese languages.
  • SDPMSP-19769: Unable to associate SLA if all accounts are associated with a service template.
  • SDPMSP-19888: Request creation page - Site and Groups are not listed based on the site (site refer site) selected in certain scenarios.
  • SDPMSP-20243: Error while removing assets from contract details page.
  • SDPMSP-20284: Page gets crashed when trying to access the image via a non-login url.
  • SDPMSP-20296: Performance issue when accessing survey links.
  • SDPMSP-20393: V3 restricted API error thrown when trying to use custom module APIs.

What's new in 14200?

(Released on: 10 April 2023)

Behavior changes:

  • SDPMSP-20070 : Improved alert message in the incoming mail settings page.
  • SDPMSP-20133 : In the maintenance module, localization based on the language selection is now available for the following calendar-specific strings
    • Month, Day, Week, and Today
    • Short names and full names of days and months
  • SDPMSP-20162 : "Alert(or Notify) technician by e-mail when there is a new reply for the request" is getting sent for the technician even when the technician corresponding to that ticket replies from UI
  • SDPMSP-20164 :
    • Send Notification popup for reply or forward emails can be resized as needed.
    • Reply or Reply All options are supported for notifications
  • SDPMSP-20208 : In Request response, billingstatus json will be shown in the following format: billingstatus : {id , name }.
  • SDPMSP-20219 : The Print job sheet option in the Request List View opens print preview page.
  • SDPMSP-20220 : For request reply and forward default templates, ${description} is now renamed as $ConversationDetails
  • SDPMSP-20312 : Module delimiter will not be appended in the notification or reply email subject if it is not configured in the respective templates. When a reply email is sent for such, the email will be added as conversation based on the delimiter if a valid module delimiter and module ID is configured in the email subject. Else, the email will be added as conversation based on the email headers.
  • SDPMSP-20262 : Framework changes related to inline images.
  • SDPMSP-20268 : Throttle limit to access /api/v3/requests/summary
  • URL has been increased to 30 per minute.

  • SDPMSP-20270 : External users can no longer access APIs for the following project entities :
    • Project Role
    • Project Status
    • Project type
    • Task type
    • Task Closing Rules
    • Worklog type
  • SDPMSP-20457: If the postgres database is corrupted
    1. Mail notification regarding database corruption will be sent to the backup notify technician (if configured) or SDrgAdmin.
    2. Backup will not be taken.
    3. Recent 2 backups will be retained.
  • SDPMSP-20458: Database backup is mandated for every 24 hours in Postgres setups. Users can set the time to schedule the backup. File attachments backup is optional and configurable.


  • Account classification reason is captured in the Request history page.
  • SDPMSP-13025 : The Last Updated Time field will be updated only when technicians reply to the request.
  • SDPMSP-15305 : Account based variables in email notification rules.
  • SDPMSP-19310 : Split account-specific notifications and non-account specific notifications.
  • SDPMSP-19532 : Custom Modules
    • You can now create custom modules that allow you to manage a collection of records or custom admin configurations. For managing records, create a Web Tab type custom module, and for managing custom admin configurations, create a Configuration type custom module.
    • To create custom modules, go to Admin > Developer Space > Custom Modules.
    • To learn more, click here.

  • SDPMSP-19707 : Need to show customized service desk logo or icon in TFA page.
  • SDPMSP-19972 : Option to include $Account variable under purchase notifications.
  • SDPMSP-20022 : Support for account v3 API.
  • SDPMSP-20023 : Account fields in all notifications.
  • SDPMSP-20055 : Admin History
    • View History allows you to view all admin configuration activities.
    • To learn more, click here.

  • SDPMSP-20056 : Default HTTPS Mode
    • Beginning with 14200, new ServiceDesk Plus MSP installations will start in HTTPS mode by default. A valid SSL certificate must be uploaded to establish a secure connection between clients and ServiceDesk Plus MSP. To upload an SSL certificate, go to Admin > General Settings > Import SSL.
  • SDPMSP-20057 : Add new extensions in Attachment Settings

    Administrators can now include or exclude attachments files added based on the file extensions.

    • Attachment settings can be set under Admin > General Settings.
  • SDPMSP-20058 : You can now add inline images to reply templates.
  • SDPMSP-20131 : Request Notifications and Conversations
    • Bcc field support for reply and forward emails in requests.

      Note : The Bcc field is available only for technicians.

    • BCC recipients can be added while creating requests via email.
    • Added Reply All option in request conversation and description sections.
    • Message ID is now appended to the reply/forward emails. This ID can be used to view the threaded conversation.
    • Support to add attachments for drafts.
    • Request Field and Form Rules now support status change in the reply window.
    • New variables $description.attachments and $resolution.attachments are added in system notifications and reply templates to support attachments.
  • SDPMSP-20137 : Unique Resource Questions in Service Templates
    • ServiceDesk Plus MSP now alerts you when resource questions are duplicated in service templates.
  • SDPMSP-20161 : My approvals
    • My Approvals widget is revamped for better user experience.
    • Approvers can now use the option Show All in the my approvals widget to view all their approvals in one place.
    • The approvals are distinguished by the modules icon.
    • Approvers can quickly respond to approval requests by using the Take Action option in the slider panel.

    To learn more, click here.

  • SDPMSP-20163 : Project and Worklog UDF Revamp
    • Servlet calls are now replaced with API calls.
    • UI is revamped for better user experience.
  • SDPMSP-20217 : Task and worklog
    • Bulk assign and pick up tasks in Requests, Problems, Changes, Projects.
    • View the work log type from the Work Logs list view under Requests, Problems, Changes, and Projects.
    • Bulk associate task templates in Projects, Milestones, Incidents, and Service templates. However, editing of the task templates associated with the incident or service templates is restricted.
    • Use Column Chooser to customize the task template list view in the Project and Milestone templates.
    • Task title and template name are now made as default columns in the task template list view.
  • SDPMSP-20261 : Dashboard Enhancements
    • Use the Column Chooser icon in Requests by Technician widget to add or remove columns based on request status.
    • Link widgets from ServiceDesk Plus MSP dashboard to external applications using the Embed Widget icon.
    • Use the filter drop-down on the list view page accessed via widgets to change the list view based on the parameters in the widget without closing the page.
    • Warning message is shown while adding invalid or vulnerable URLs in new external widgets.
    • Embed dashboards in external applications using the Dashboard Options > Share Dashboard option.
    • Drill down analysis report widget is newly added to the Helpdesk dashboard.
    • Apply site and support group filters only to current dashboards. Filters are dashboard-specific.
    • Add reports directly to custom dashboards.
  • SDPMSP-20267 : Solution API based Client
    • User interface for Solutions module has been revamped. This revamp includes user experience improvements in add solutions page, solution details page, and classic list view page.
    • Solutions details page URL has been changed to "<localhost>/ui/solutions?entity_id={solution_id}&mode=detail". Going forward, the old URL will not be accessible.
  • SDPMSP-20269 : V3 API support for reply and conversation in requests.
  • SDPMSP-20271 : V3 API is supported for Region. Users can perform bulk operations under Admin > Regions.
  • SDPMSP-20285 : Security advisory banner will be displayed to SDAdmin.

Issues fixed:

Vulnerability :

  • SDPMSP-20068 : IDOR vulnerability in purchase request attachments reported by Ranjit Pahan.
  • SDPMSP-20250 : Account admin can create solutions for non associated accounts.
  • SDPMSP-20357: XSS vulnerability during remote control and other actions performed via Endpoint Central tools reported by Khanh Nguyen.
  • SDPMSP-20359: IDOR vulnerability while uploading or deleting technician files reported by Ranjiit Pahan.
  • SDPMSP-20363: Unprivileged approver can associate checklists to a request reported by Ranjit Pahan.
  • SDPMSP-20364: Unprivileged approver can add notes to a request reported by Ranjit Pahan.
  • SDPMSP-20365: Unprivileged technicians can remove dependency from a request reported by Ranjit Pahan.
  • SDPMSP-20366: Unprivileged technicians can add dependencies to a request reported by Ranjit Pahan.
  • SDPMSP-20367: CVE-2023-29443:XXE vulnerability in Servlet API reported by Vo Van Minh.
  • SDPMSP-20368: SQL injection in query reports.
  • SDPMSP-20369: XSS vulnerability on the survey email configuration page.
  • SDPMSP-20370: Privilege escalation vulnerability under the Analysis tab in the problem details page reported by Ranjit Pahan.
  • SDPMSP-20371: Privilege escalation vulnerability while detaching incidents from problems reported by Ranjit Pahan
  • SDPMSP-20382: Privilege escalation vulnerability in asset loans reported by Ranjit Pahan.
  • SDPMSP-20383: Privilege escalation vulnerability while adding relationships between assets by modifying the application page URL reported by Ranjiit Pahan.
  • SDPMSP-20384: Privilege escalation vulnerability while associating users with workstations by modifying the application page URL reported by Ranjiit Pahan.
  • SDPMSP-20386: IDOR vulnerability while configuring depreciation for assets reported by Ranjit Pahan.
  • SDPMSP-20388: SQL injection vulnerability in CI History Reports.
  • SDPMSP-20394: Unprivileged data is displayed under Add Assets popup in Add/Edit Contract form and contract detail page.

Requests :

  • SDPMSP-13988 : Unable to add worklog for request associated with contract billing.
  • SDPMSP-14413 : The Mark as billable option is shown for fixed charge contract requests.
  • SDPMSP-15302 : In some cases, the HTML9 format is not maintained for the resolution in Notifications or Conversation threads.
  • SDPMSP-17118 : Exception thrown when a custom view criteria contains deleted additional fields.
  • SDPMSP-17493 : Unable to add the worklog with technician via POSTMAN in some cases using V3 API.
  • SDPMSP-18442 : In request details page, hovering over the transition info does not display the associated request life cycle.
  • SDPMSP-18443 : Shared requests are shown irrespective of request filter when the Include shared request option is enabled.
  • SDPMSP-18869 : Worklog summary GET call throws Invalid URL in response.
  • SDPMSP-18764 : Request list view page crashes when a request custom filter contains a deleted service catalog additional field.
  • SDPMSP-19470 : Unexpected error while editing and updating the worklog in request after associating with the new contract.
  • SDPMSP-19625 : Copied images in the request description are not displayed if the images are copied along with text.
  • SDPMSP-19918 : Duplicate values are created in the selectable type additional fields. This issue occurs if the additional fields are added/updated inside the incident/service templates.
  • SDPMSP-19985 : Page navigation is not working in Account Manager login if there are more than 10 worklogs.
  • SDPMSP-20029 : Time taken to resolve time is incorrect in worklogs if you use Timer on the request details page.

Changes :

  • SDPMSP-16573 : Page crash exception occurs while viewing changes in list view.
  • SDPMSP-19325 : Account requesters not listed under Change Requesters when the All accounts option is selected in account combo field.
  • SDPMSP-20100 : Unauthorized access error occurs for change default users for view-all user roles.
  • SDPMSP-20135 : Performance issue in Mickey list view, including Change list view.

Projects :

  • SDPMSP-19378 : A distorted page is displayed while exporting task details in Gantt View under Projects through a requester login.
  • SDPMSP-19378 : A distorted page is displayed while exporting task details in Gantt View under Projects through a requester login.
  • SDPMSP-20026 : Project (Milestone) notification leads to blank page.

Solution :

  • SDPMSP-19816 : Error while associating accounts in Solutions.

Maintenance :

  • SDPMSP-19011 : Contract name is changed to default contract name when Maintenance task is executed through the schedule.

Assets :

  • SDPMSP-17483 : Null pointer exception error if Software Type is selected in Advanced Filtering for software summary reports.
  • SDPMSP-20008 : Assets are created without site and account using DC scan.

Accounts :

  • SDPMSP-19437 : Unable to save account with additional default attributes.
  • SDPMSP-19779 : Error in account tab when contract roles are removed from account admin role.
  • SDPMSP-19802 : Error while searching for the additional field in the Account list view.

Admin :

  • SDPMSP-14408 : The count of requests is not displayed while hovering mouse over the ‘Satisfaction Levels’ chart in Survey Reports. .
  • SDPMSP-18503 : Unable to open service template in a new tab.
  • SDPMSP-18567 : Survey configuration page scrolls down when accounts are associated.
  • SDPMSP-19144 : $CS.getLoggedInUserName() does not return requester name in Field and Form Rules.
  • SDPMSP-19277 : Requester is not getting listed in the business rule criteria for default settings if more then 100 default sites are present in the application.
  • SDPMSP-19474 : Unable to update logo in two-factor authentication page (google authenticator).
  • SDPMSP-19518 : Fields that are not supported in the Properties section of the right panel are listed in Technician/Requester Layout Customization on the requests details page.
  • SDPMSP-19563 : Exception while adding account additional fields in non-English language.
  • SDPMSP-19580 : SAML -domains are auto-created with no account associated.
  • SDPMSP-19756 : Health Status API is not working externally.
  • SDPMSP-19968 : Adding an attachment format under Include\Exclude does not modify attachment settings.
  • SDPMSP-19997 : Jira integration is not working with the newly created Jira tokens.
  • SDPMSP-20085 : Techician's location data is not encoded while storing the data in database.
  • SDPMSP-20101 : Performance issue in template list view and generic slowness.
  • SDPMSP-20229 : Unable to associate more than 250+ accounts, while assigning template to account.
  • SDPMSP-20255 : Post 13.0 upgrade, unable to edit the approval level in service catalog workflow.

Reports :

  • SDPMSP-19777 : Unable to generate the report based on worklog contract name.
  • SDPMSP-19789 : Java null point exception occurs while generating Time analysis report on Arab language.

General :

  • SDPMSP-15408 : Language preference set to browser default language is not reflected in the listview columns if the browser default language is non-English.

What's new in 14001?

(Released on: 16 February 2023)

Behavior Changes:

  • SDPMSP-19953 : Users can upload images with a maximum of 16000000 pixels across all modules.


  • SDPMSP-5335 : Allow MSP CABs to be used for change approvals across all accounts under Admin > Customization > Change Management > Change Configurations.
  • SDPMSP-11686 : Allow requests across accounts to be associated with a MSP Change under Admin > Customization > Change Management > Change Configurations.
  • SDPMSP-14207 : Backup approver - Add a backup approver for users to ensure seamless processing of approval actions even during the approver's unavailability. The approver and backup approver should belong to the same account.
  • SDPMSP-15437 : Mandate account for tasks under Admin > General Settings > Advanced Portal Settings.
  • SDPMSP-17354 : Account-specific Outgoing Mail Server Configuration. You can now configure account-specific outgoing mail server configuration. If the account-specific configuration is added,then it will be used for emails if not the default configuration will be used.
  • SDPMSP-19875 : You can now integrate SDP MSP with Site 24x7 MSP. With this, you can have account specific Integration Actions in SDP MSP.

    Note: The account name must be the same in both SDP MSP and Site24x7 MSP. The scope to be used when using Site24x7 MSP is 'Site24x7.account.All,Site24x7.admin.All,Site24x7.reports.All,Site24x7.operations.All,Site24x7.msp.All,Site24x7.bu.All,Site24x7.Integration.All'.

  • SDPMSP-19982 : Automatic Site Association for Assets based on IP Address. You can now automate the association of IT assets to sites based on their IP addresses. To do this, create a configuration under Admin >> Discovery >> Scan Settings >> Auto Site Allocation.

Issues Fixed:

Vulnerability :

  • SDPMSP-19953 : CVE-2023-26601 : DOS vulnerability during image upload reported by Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
  • SDPMSP-19959 : Privilege escalation vulnerability while associating projects from requests.
  • SDPMSP-19961 : Privilege escalation vulnerability while associating requests from projects.
  • SDPMSP-19962 : Privilege escalation vulnerability while disassociating projects from requests.
  • SDPMSP-19964 : Authentication bypass vulnerability in Two-Factor Authentication login page.
  • SDPMSP-19965 : Cleartext passwords transmission vulnerability in backup scheduling.

Admin :

  • SDPMSP-15281 : Unable to add a Tax Type with a special character '%' in it.
  • SDPMSP-15416 : FAFR - Copy rules, not copying account if the destination template is associated to All accounts.
  • SDPMSP-18690 : Unable to associate SLAs for service templates when huge accounts are present in the application.
  • SDPMSP-18783 : FAFR with On field change is not applied in Account Manager login.
  • SDPMSP-19125 : Copied templates are not renamed properly in the template edit page.
  • SDPMSP-19258 : FAFR rule executes even if the criteria are not met in some cases.
  • SDPMSP-19923 : Restore fails post upgrade to MSP 14000 in specific cases.
  • SDPMSP-19966 : Mail fetching stops after upgrading to MSP 14000.

Requests :

  • SDPMSP-19929 : Account is not set when a technician sends an email with requester via E-mail command.

Others :

  • SDPMSP-8059 : Association between an asset & its components breaks when the asset is moved to a different account.
  • SDPMSP-18451 : Non operational hour is not enabled by default in work logs even if the option Include non-operational hours in time spent under work log is enabled in SSP settings.
  • SDPMSP-19912 : SAML login issue occurs if the SAML configured is marked as default.

What's new in 14000?

(Released on: 23 January 2023)

Framework Upgrade :

  • SDPMSP-19750: Jquery validation JAR upgraded to 1.19.5.
  • SDPMSP-19750: Jquery UI upgraded to version 1.13.2.
  • SDPMSP-19752: Jquery upgraded to 3.6.0.

Behavior Changes :

  • SDPMSP-19501: Email addresses mentioned in Email ID(s) To Notify field will be encrypted in requests module, archived requests, and maintenance module. Data fetched from this field will be masked in query reports.
  • SDPMSP-19505: Limitations:
    • In the request list view, the number of records displayed per page has been changed; the minimum count will be 10 and the maximum count will be 100.
    • In the request list view, the maximum number of columns that can be selected using the column chooser will now be 40.
    • In the request list view, bulk edit support will now be limited to 100 requests.
    • The maximum number of columns that can be selected for the request left panel on the request details page will now be 25.
    • In the GET_ ALL API endpoint, the number of fields supported inside group_by is increased to 10.
  • SDPMSP-19506: Post upgrade to 14000 build, basic authentication will no longer be supported for Office365 mailbox
    For continued service, we recommend users to reconfigure mail servers with OAuth authentication.
  • SDPMSP-19575: HelpdeskConfig technicians will be restricted to access only their allowed accounts in the maintenance module.
  • SDPMSP-19749: Only technicians with view permission to the asset module can access the Assets belonging to <username> pop-up.
  • SDPMSP-19774: CIID to AssetID Migration:
    • Asset association to a request will no more be mapped to the CIID. Instead, it will be mapped to the ASSETID. Click here to see all behavior changes.
  • Dashboard
    • Support for using different filters and charts across dashboards that contain the same widgets.
    • Removed the move to request list option from the filtered task list view.
    • When the requests list view is accessed from dashboard widgets, the corresponding filter criteria applied to the request list view will no longer be shown in the inline search.
  • Support for older version of V3 API for Tasks and Worklogs is deprecated. To use the latest format of the API, add the accept header "application/vnd.manageengine.sdp.v3+json" to the API URL. To know more about the difference between the V3 API old format and the new format, see Tasks and Worklogs.
  • Requests:
    • Request global search can be performed only when Lucene is enabled.
    • Refresh frequency is now moved under the List Settings.
    • Added the "Has linked requests" column in exports that shows the presence of linked requests using boolean values.
    • In the column chooser, reordering and disabling the Select Box option is no longer supported.
    • The column search no longer supports the "null" keyword and regex expressions.
    • The classic view no longer supports basic search.
    • Request custom view filter name and request count will no longer be shown in the task list view.
    • When exporting requests, the ordering of columns in the list view will not be retained.
    • When exporting requests, the request ID column will now be included by default.
    • The following changes are applicable for column names in exports:
      • ID is now Request ID
      • Requester Name is now Requester
      • Assigned To is now Technician
      • DueBy is now DueBy Date
      • Service Catalog is now Is Service Request
      • Overdue is now Is SLA Violated
      • On-Behalf-Of is now On behalf of
      • Response DueBy is now Response DueBy Time
      • Template Name is now Template
    • The following UI labels have been renamed :
      • 'FCR' is now 'Is FCR'
      • 'First Response Overdue Status' is now 'Is First Response Over Due'
      • 'ReOpened' is now 'Is Reopened ticket'
      • 'Overdue Status' is now 'Is SLA Violated'
      • 'Request Shared' is now 'Is Shared'
  • Preventive Maintenance Tasks:
    • Due to the introduction of Maintenance module, there are a few behavior changes in preventive maintenance tasks. Click here to learn more.

Enhancements :

  • SDPMSP-11931: In-App Notifications for Technicians
    • Introducing In-app notifications to alert technicians about their request events while they are using the application. Click here to learn more.
  • SDPMSP-14455: Request Timer Actions
    • Introducing timer actions to trigger time-delayed custom actions on requests. You can configure timer actions under Admin > Automation > Request Timer Actions.
    • You can use During Rules and After Rules to execute custom actions at specific delayed time.
    • Click here to learn more.

  • SDPMSP-15086: Need More Info during Approval
    • Approvers can now inquire for clarification before recording their approval decisions for incident and service requests. Users can preview and follow up the clarifications from the My Approvals widget in Home page.
    • The various exchanges between the approver and the requester will be grouped and displayed in a read-only format under the Approvals tab in the request details page.
      • Technicians can provide clarification for their requests from the My Summary widget on the Home page.
      • Requesters can use the My Request Summary widget to provide clarification.
    • Click here to learn more.

  • SDPMSP-18579, 16116: SAML now supports additional attributes that are used to create a detailed user profile for dynamic users. You can also use additional attributes to add dynamic users logging in via email and user principal name (UPN).

    Click here to learn more.

  • SDPMSP-19052: Custom Filter Enhancements
    • Introducing Advanced Filter in Requests to perform custom search based on predefined conditions and save them for later use.
    • Click here to learn more.

  • SDPMSP-19370: Forgot Password Enhancements
    • Account-based customization such as login page logo and image will be applied to the Forgot Password page.
    • You can now enable or disable password recovery using the forgot password option under Admin > Security Settings.
    • Behaviour Changes

      • In the service login details notification, a password reset link will be sent instead of actual passwords.
      • Retry lock duration is now standardized and will not be configurable in the UI.
    • Reset link expiry duration is now standardized and will not be configurable in UI.
  • SDPMSP-19382: Technicians Personalized Color Settings
    • Administrators can now allow technicians to personalize the color settings applied in the list/classic view of requests and changes.
  • SDPMSP-19423: Reports Micro Feature
    • Introducing options to export reports without header. You can configure the settings from Reports > Custom Settings.
    • You can now schedule multiple reports under Reports > New Report > Schedule Report.
    • You can now save the edited custom report as a new report using the Save report as option.
    • You can now export, schedule, and mail reports in the XLSX format. You can also export requests, purchases, and software in the XLSX format.
    • A new notification rule "Notify technician and other SDAdmins when an SDAdmin edits/deletes another technician's schedules/reports." is added under Admin > Automation > Notification Rules > Reports.

      Click here to learn more.

    • Support for Account and Site columns in the scheduled reports list view.
    • Query Report API now supports account and site values when executing a query or executing query report. (Refer to API doc tool for more details)
    • Both account-specific reports and common reports will now be listed in scheduled reports list view when a specific account is selected.
  • SDPMSP-19480: Security Meter
    • Monitor and gauge how effectively you have configured various built-in application security features using the security meter. To access the security meter, go to Admin > General Settings > Security Settings. The security meter provides the following:
      • A security score in percentage.
      • A security level classification based on the security score: unsecured, weak security, moderate security, and highly secure.
      • An option to view and manage the list of available security features.
  • SDPMSP-19490: Drill-down Analysis for Requests
    • You can now perform drill-down analysis on requests from the reports module.
    • A tree structure for requests will be generated based on the criteria (Created Date, Responded Date, DueBy Date, and Completed Date) along with time period.
    • Use the drill-down analysis URL to share with other technicians.
  • SDPMSP-19491: Advanced Customization for Requester Home Page

    SDAdmins can now customize the self-service portal's home page using advanced options such as panels, buttons, snippets, widgets, etc using predefined or custom templates.


    • For fresh installations with build 14000 or newer, the advanced customization replaces the basic customization.
    • For installations migrated to 14000, the existing basic customization will be accessible only if a customized home page is already configured. If the advanced customization options are used to create a new home page, the existing basic customization will be removed.
  • SDPMSP-19492: Custom Views and Advanced Search:

    Existing custom views will not be migrated in the following cases, and an email notification will be sent to users configured in the Send e-mail when an Application Error Occurs notification rule:


    • Existing custom views will not be migrated in the following cases, and an email notification will be sent to users configured in the Send e-mail when an Application Error Occurs notification rule:
      • Custom view criteria are based on additional fields that no longer exist or contain Description or Resolution field.
      • Exceptions occurred during the migration process
    • The maximum number of criteria allowed in Custom Views and Advanced Search is now 10.
    • Custom views will now be shown in the merge and link request pop-up list views accessed from the request details page.
    • Criteria in Custom Views and Advanced Search now support additional fields and sub-fields.
    • Support for nesting criteria in Custom Views and Advanced Search.
    • Added an option to preview custom views.
    • The custom view filter applied to the request list view will also be applied to the merge and link request pop-up list views accessed from the request details page.
    • When the criteria "is not" and "not contains" are chosen for a request field in Custom Views or Advanced Search, requests that do not contain those fields will also get listed. To prevent this, adding "is not empty" criteria is recommended.
    • The Description and Resolution fields are no longer supported in Custom Views. However, these fields continue to be supported in search.
    • Custom views created by admins will now be private by default.
    • Technicians can now view public custom view filters.
    • Using the same name for different custom view filters is no longer supported.
    • Filters in Advanced Search will no longer be retained. Previously configured filters will now be saved as custom views individually.
    • Inactive users will no longer be listed in the criteria fields of Advanced Search or Custom Views. However, you can use sub-criteria fields to search for specific inactive users.
    • The criteria fields in Advanced Search and Custom Views will no longer support time values but only show dates.
    • The Show groups in Request List filters option has been removed from Admin > General Settings > Advanced Portal Settings. The default group-based filters will no longer be available in request custom view filters.

    Click here to know more for more behaviour changes

  • SDPMSP-19493: Problem Custom Trigger and Problem Custom Function
    • Admins can now configure problem custom triggers to automatically trigger actions on a problem by executing a script file, a custom function, or send email/SMS notifications.
    • Problem custom triggers can be configured under Admin > Automation > Custom Triggers > Problem. Click here to learn more.
    • You can use problem custom functions to manipulate data in SDP-MSP and execute custom actions.

    Click here to know more for more behaviour changes

  • SDPMSP-19494: You can now configure criteria based on date fields for custom triggers and request life cycle.
  • SDPMSP-19495: Showing Dynamic Notifications as Desktop Notifications
    • Desktop notification notifies users about the events in the application even if they are working on different applications.
    • To enable desktop notification, application must run in the HTTPS mode. Click the LOCK icon on your browser's URL and select Site settings > Notification > Allow.
  • SDPMSP-19498: Font Customization
    • You can now use custom/third-party fonts in ServiceDesk Plus. You can either add fonts that are already included in your operating system or upload new fonts via font files in the supported formats.
    • Click here to learn more.

  • SDPMSP-19500: Global Configuration for Time Zone, Date Format, Time Format:
    • Use a global configuration for changing the time zone, date format, time format for all users.
  • SDPMSP-19502: Microsoft Teams Enhancements
    • Administrators can now create custom commands and execute actions in Microsoft Teams right from the ServiceDesk Plus MSP bot.
    • The support groups in ServiceDesk Plus MSP can be mapped with the respective Teams channels. When requests are assigned to support groups, the bot will trigger notifications in the mapped channel.
    • Click here to learn more.

  • SDPMSP-19503: Maintenance Module :

    Create, view, and manage maintenance related requests in your organization from under a new module Maintenance.

    • View upcoming maintenance schedules and plan ahead.
    • Track maintenance using the History tab.
    • Suspend or resume maintenance when required.
    • Use the table and classic view to search and sort quicker.
    • Use the details page to view complete information of the maintenance.
    • Click here to learn more.

  • SDPMSP-19504: Add more details while creating a request from Zia
    • Users can now add vital details such as subject, description, and mandatory fields while raising a request from the Zia bot.
    • Click here to learn more.

  • SDPMSP-19516: Trial license over the production setup
    • Customers can now avail a free trial license to check out the latest features and functionalities of ServiceDesk Plus MSP. The trial license is valid for one month and can be used only once.
  • SDPMSP-19523: Problem Module - Standard license add-on
    • Problems module is now available as an add-on for standard edition.
  • SDPMSP-17527: Telephony Integration Enhancements
    • Automated Request from Missed Calls
      • Option to create requests automatically when a technician misses a call. This option is available under the Settings tab on the telephony server settings page.
    • Telephony Logs
      • Telephony integration allows you to access the details of all incoming and outgoing telephone calls. For each call entry, you can find details such as the caller name, caller number, receiver name, receiver number, call type, time of call, and call duration. You can also create a request when a call to a technician is unanswered. Telephony logs can be accessed from under the Telephony Logs tab on the telephony server settings page. Alternatively, you can also access it by clicking the Call Logs icon on the bottom-right corner.

    Click here to learn more.

  • SDPMSP-19531: Custom Trigger Enhancements
    • Custom triggers can now be applied when requests are moved to trash.
  • SDPMSP-19537: Task Dependency Enhancement
    • Introducing task dependency mapping in Projects
    • The UI for task dependency mapping is revamped for better user experience.
    • API support added for task dependencies.
  • SDPMSP-19741: Custom Actions Enhancements

    You can now configure the following custom actions in request custom triggers and request timer actions.

    If-If Actions : If-If action allows you to execute multiple actions on a request when the specified criteria are met.

    If-Else Actions : You can use If-Else action to execute an action if a criteria is met and an alternate action if the criteria is not satisfied.

    Click here to learn more.

  • SDPMSP-19742: Calendar Revamp
    • Added a redesigned calendar for date and time fields across the application.
    • You can now enter time values manually in the date and time fields.
  • SDPMSP-19743: ME Integration Revamp
  • SDPMSP-19747: UI Enhancements
    • Introducing Puvi font (version 4.0) in ServiceDesk Plus MSP under layout personalization, theme settings, text editor, and form customization.
    • UI revamped for better user experience in the following entities: login details banner, confirmation dialog, scroll bars, checkbox, radio buttons, and Add/Edit form buttons.
    • Note : The scroll bar UI revamp will not reflect in Mac devices.

  • SDPMSP-19748: Enable Dark Mode / Night Mode :
    • Introducing Night Mode in ServiceDesk Plus MSP that allows users to darken their application's screen. Night Mode is user and instance specific.
  • SDPMSP-19749: Only technicians with view permission to the asset module can access the Assets belonging to <username> pop-up.

Vulnerability :

  • SDPMSP-19685 : CVE-2023-23078 : XSS vulnerability in credentials of asset details page.

Issues Fixed :

  • SDPMSP-13461 : Account managers are not able to update the requester when editing requests.
  • SDPMSP-14376 : The Existing requests option is not showing up in the chat window for requesters.
  • SDPMSP-15091, 19603 : Page crashes after saving a new or an existing request template in some scenarios.
  • SDPMSP-15177 : Technician Auto Assign is not working if the Account criteria value is None.
  • SDPMSP-15201 : Category, subcategory, and item field values are not getting reset when the site is changed while changing the request's account.
  • SDPMSP-15252 : Group field value configured in the request template is not shown in preview mode.
  • SDPMSP-16044 : Username is sent in the URLs when authenticating using SAML.
  • SDPMSP-16662 : Asset tag is not getting populated while adding the assets using CMDB API.
  • SDPMSP-17086 : Request Advanced Search page is reloading in some scenarios.
  • SDPMSP-18121 : Discrepancy in font size when content is copied to an editor in the application from an external webpage.
  • SDPMSP-18569 : Unable to edit request properties on the right panel when one of the allowed technicians is locked out or blocked.
  • SDPMSP-19001 : The Collapse the login form by default option is not working in SAML.
  • SDPMSP-19048 : An authorization error occurs in the Approval and Conversations tabs of the change details page.
  • SDPMSP-19488 : Asset Financial details are shown in custom reports to users with Account Manager role due to improper authorization.
  • SDPMSP-19634 : The Load more details option in workstation scan history is not working.
  • SDPMSP-19665 : CVE-2023-26600 : Privilege escalation vulnerability in query reports reported by Piotr Bazydlo (@chudypb) of Trend Micro's Zero Day Initiative.
  • SDPMSP-19744 : When clicking the like or dislike button in Zia notifications for approvals and reopen requests, the rate limit exceeded notification is incorrectly sent to other logged-in technicians.
  • SDPMSP-19817 : When error is thrown when accessing ServiceDesk Plus MSP 13000 builds via mobile browsers.
  • SDPMSP-19822 : Page navigation in the work log list view is not working properly for technicians without the SDAdmin role.
  • SDPMSP-19835 : When auto-assign is enabled, requests are assigned to technicians who are on leave.
  • SDPMSP-19873 : Cab recommendation is not sent to the newly added cab members (In particular, the cab members added after saving the workflow).

What's new in 13004?

(Released on: 05 January 2023)

Vulnerabilities Fixed :

  • SDPMSP-19876: CVE-2023-22964 : Authentication bypass vulnerability in Active Directory/LDAP authentication.

What's new in 13003?

(Released on: 30 December 2022)

Issues Fixed :

  • SDPMSP-19836 : Requests scheduled in Preventive Maintenance tasks are not created when assigned with subcategory whose parent category is not associated with all accounts.

What's new in 13002?

(Released on: 14 December 2022)

Vulnerability :

  • SDPMSP-19481 : Asset Financial details are shown to users with Account Manager role due to improper authorization.
  • SDPMSP-19559 : Denial of Service vulnerability while saving application settings.
  • SDPMSP-19628 : Privilege escalation vulnerability in solution approval.
  • SDPMSP-19644 : Privilege escalation vulnerability in the task list view reported by hir0ot
  • SDPMSP-19673 : CVE-2023-23073 : Stored XSS vulnerability when associating a service request with a purchase request.
  • SDPMSP-20251 : Point Of Contact users are able to view unauthorized changes in specific cases.

Issues Fixed :

  • SDPMSP-15493 : Multiline additional fields in job sheets are incorrectly rendered as single-line fields.
  • SDPMSP-18085 : Unable to import the client-generated XML file in the standalone audit page.
  • SDPMSP-18455 : When the End Time value of a request worklog is set to occur after the operational hours, the value is incorrectly getting reset to match the end time of operational hours if the corresponding request is associated with a charge-per-hour type contract
  • SDPMSP-18726 : Unable to associate more than 100 accounts with a category.
  • SDPMSP-18947 : MSP Account requester cannot approve or reject change requests to other accounts.
  • SDPMSP-19150 : Performance issues in the application when the number of sites configured is large.
  • SDPMSP-19381 : Domains are not getting listed when the login name is provided.
  • SDPMSP-19472 : Script-based asset scan fails when the size of the client-generated XML is larger than 100 KB.
  • SDPMSP-19497 : Add and update operations in Account V1 API are not working in some cases.
  • SDPMSP-19542 : Unable to add technicians when the number of accounts exceeds 1500.
  • SDPMSP-19547 : V1 Conversation APIs are not working after upgrading to build 10600.
  • SDPMSP-19564 : Backups are failing in setups upgraded to build 13000 if the application is rebranded.
  • SDPMSP-19566 : Restoration from backups fails in setups upgraded to build 13000 if the application is rebranded.
  • SDPMSP-19608 : Account managers are unable to view all the changes created in their accounts.
  • SDPMSP-19622 : Unable to delete sites when there are assets associated with the site.
  • SDPMSP-19636 : Unable to import users through dynamic user addition and schedule AD sync if the domain is a shared domain.
  • SDPMSP-19638 : Unable to delete an asset if it is synced via Endpoint Central.
  • SDPMSP-19683 : Performance issues while adding problems if the number of sites configured is large.
  • SDPMSP-19689 : Added additional connectivity-related exception messages relating to mail server configuration.
  • SDPMSP-19706 : Unable to create a site with the same name as the account name using Site V3 API.
  • SDPMSP-19720 : Approvals in old incident requests are not visible after migrating to build 13000.
  • SDPMSP-19758 : Requests scheduled in Preventive Maintenance tasks are not created when the assigned category is not associated with all accounts.
  • SDPMSP-19768 : Requests scheduled in Preventive Maintenance tasks are not created when the assigned service category is not associated with all accounts.

What's new in 13001?

(Released on: 27 October 2022)

Framework Upgrade Information :

  • SDPMSP-19485: Commons-Text JAR upgraded from 1.8.0 to 1.10.0.

Vulnerabilities Fixed :

  • SDPMSP-19499: CVE-2022-47966 : Pre-Auth RCE vulnerability when SAML authentication is enabled.

Issues Fixed :

  • SDPMSP-19701: Unable to login to the application using SAML in builds migrated to 13000 from 10610.

What's new in 13000?

(Released on: 13 October 2022)

Behavior Changes:

  • Computer Telephony Integration V1 API (/sdpapi/admin/cti) is now deprecated. For more information, click here.
  • Attachment API (/api/v3/attachments) is now deprecated. For more information, click here.
  • The 32-bit variant of ServiceDesk Plus MSP has reached its end of life and support. To learn more, click here.
  • Request Admin V1 API endpoints are now deprecated. To learn more, click here.
  • Behavior change in adding E-mail replies to the Request conversations.
    • Replies to a request will be appended to request conversations only if the sender has permission to the request or if the sender replies to the corresponding emails that they received from the application.

SDPMSP-7343: Email commands will be removed from request description.

SDPMSP-16147,18969: Support for TLSv1.3 protocol.

SDPMSP-18713,18840: The SDAdmins will be notified via bell notification about the status of Active Directory user import.

SDPMSP-18807: Changing the default backup password is now mandatory before applying a new license, taking a manual backup, or upgrading the application.

SDPMSP-18808: Technicians can create requests with the site specified in the request template even if they are not associated with the site.

SDPMSP-18810: SDAdmins can now delete the report folders created by any technician.

SDPMSP-18816: Users can import and edit their email signature via HTML from the Personalize tab.

SDPMSP-18839: In the incoming and outgoing mail server settings, the OAuth client secret field value will be concealed from viewing and the field value will be encrypted on the client side while saving the configuration.

SDPMSP-18843: Approval Stage is now renamed to Approval Level in the Request module and the following changes are made:

  • Org roles configured as approvers in request templates will be resolved only when the corresponding approval notification is triggered.
  • The option to configure any email address as an approver in Self-Service Portal is no longer supported. Only users registered in the application can be configured as approvers.
  • Template workflow configurations will now be added as entries in the system log viewer table.
  • Duplicate approvers cannot be configured within an approval level.

SDPMSP-18847: The default value of Backup Scheduling is now 7 days.

SDPMSP-18923: The size of TableDataCount.html and FailedQuery.html files is now restricted to 5 MB inside the log folder

SDPMSP-18925: Auto-completion of email fields is enabled for change notifications.

SDPMSP-18948: Sharing requests across accounts is no longer supported. To learn more, click here.

SDPMSP-18955: The following changes are applicable to the configurations under Admin > Discovery > Scan Settings > General

  • All actions configured under this section will now be recorded in the system log.
  • Modified the "Delete/Dispose workstations and servers that have not been scanned in the last <number> days" text to "Delete/Dispose assets that have not been scanned in the last <number> days"
  • When the Delete/Dispose assets that have not been scanned in the last <number> days option is enabled, the first schedule to delete/dispose of the assets will now run only after 24 hours. An appropriate alert message is also added for this new behavior.

SDPMSP-18971: The Product Type field is removed from the server details page and the list view.

SDPMSP-18974: The loan expiry notifications can now be sent to the users until the loaned assets are returned by configuring an appropriate notification frequency.

SDPMSP-19047: Requests can be created from conversations only if it has valid Site, Group, and Technician dependencies.

SDPMSP-19075: The XML option for the sample script has been removed from the REST API documentation tool.

SDPMSP-19077: Purchase orders now appear with a gray header in print preview and approval email

SDPMSP-19078: The applications running in HTTPS can now be integrated with ServiceDesk Plus MSP only after SSL certificate validation. Click here to learn more.

SDPMSP-19099: The API operations such as ADD, UPDATE, and DELETE can now be performed for Admin entities via custom functions (excluding callback functions).

SDPMSP-19100:ServiceDesk Plus MSP favicon is now updated.

SDPMSP-19101: ServiceDesk Plus MSP is no longer supported on Internet Explorer 11.

SDPMSP-19105: The throttle limit to access the /api/v3/app_resources/build_info URL is increased to 60 calls per minute.

SDPMSP-19106: If an invalid attachment from an email is dropped when adding an entity, a notification will now be sent to the email sender and technicians configured in the Send email when an Application Error Occurs notification rule.

SDPMSP-19107: The throttle limit to access the /sounds/*.mp3 URL is now increased to 120 calls per minute.

SDPMSP-19115: The total number of radio and picklist type incident additional fields is now restricted to 50.

SDPMSP-19161: Executing scripts or classes via NotificationActionPlugins.xml while sending push notifications is no longer supported.

SDPMSP-19165: Post migration, administrators are required to copy the Create_Jira_Ticket.js file from

[SDPMSP_Home]/actionplugins/jira/resources/scripts to [SDPMSP_Home]/integration/resources/scripts directory.


SDPMSP-19170: The option to integrate Zoho Analytics will no longer be available on ServiceDesk Plus MSP UI. If you want to enable this integration, contact support (

SDPMSP-19256: Backup technicians will now be assigned based on the current time (i.e., when a technician gets assigned to a request) instead of the request's creation time.

SDPMSP-19375: Duplicate User Group names are no longer allowed. User Group names should be unique across accounts.

Framework Upgrade:

  • SDPMSP-18842: PostgreSQL upgraded from version 10.16 to 10.21
  • SDPMSP-18907 & 12903: Tomcat upgraded to version 9.0.54
  • SDPMSP-18915: Bootstrap upgraded to version 3.4.1
  • SDPMSP-18917: jQuery validation upgraded to version 1.19.3
  • SDPMSP-18919: Handlebars upgraded to version 4.7.7
  • SDPMSP-18920: Zulu OpenJRE upgraded from 1.8.222 to 1.8.292.
  • SDPMSP-18921: MickeyLite framework upgrade from build 4180 to 4260.
  • SDPMSP-19088: PostgreSQL Driver upgraded from version 42.2.16 to 42.2.19.
  • SDPMSP-19169: jQuery UI upgraded to version 1.13.1


SDPMSP-5219: Operational-level Agreement

Configure Operational Level Agreement to ensure that the SLA is achieved by the internal support groups working on the request. Widgets related to operational level agreements are also included in Dashboards.

Click here to learn more.

SDPMSP-5270: Custom Operational Hours

You can now configure custom operational hours specific to each day of the week along with a break session. You can also configure exclusion rules to define standard non-working days on a monthly basis.

Click here to learn more.

SDPMSP-12442: Embed Videos in Solutions

  • You can now embed video links in Solutions. To learn more, click here.

SDPMSP-12887: Change Trash

  • You can now delete and restore a change. Click here to learn more.

SDPMSP-14033: Notification Sound

  • You can now configure notification sounds for Chats, Broadcast Messages, Announcements, and Technician Notifications. Click here to know more.

SDPMSP-14637: You can now configure an Always On availability group (AG) from the UI.

SDPMSP-15053: Technician Requester Chat

  • Technicians can initiate a chat with the requester from the Request Details page. Click here to learn more.

SDPMSP-15169: Actionable Messages for Outlook

  • Users can perform help desk actions from Outlook Mailbox via actionable mails sent from ServiceDesk Plus MSP.

SDPMSP-15341: Add images to all resources in the service template.

SDPMSP-15349: View the cookies used in ServiceDesk Plus MSP under Community > Troubleshoot > Cookie Policy.

SDPMSP-15410,15643,16108,19066,19196: Webhooks Enhancements

  • Option to include request resolution in webhook action
  • Added support for HTTP PATCH method in webhooks
  • Support for response based actions in webhooks.

Click here to learn more.

SDPMSP-15574: Edit email notification templates using the Edit HTML button.

SDPMSP-16593: On the Projects List View page, using the Import From button you can import project additional fields via MPP import and projects, milestones, and tasks via XLS, XLSX, and CSV files.

Click here to learn more.

SDPMSP-16621: Attachment API Revamp

  • You can now attach up to 10 files in one go across the application.
  • Upload files using a simple drag-and-drop method.
  • Preview available for attachments of certain file types.

SDPMSP-17263: V3 API support for Assets.

SDPMSP-18506: Unified Activities for Request & Tasks

  • Technicians can now view only requests in the Classic View or view both requests and tasks in the Combined View. Click here to learn more.

SDPMSP-18703: Request association APIs under Admin > API > Documentation

SDPMSP-18759: The Account Info popup is revamped to display account details in a larger view.

SDPMSP-18769: Change Configurations and Enhancements

  • Administrators can use Change Configurations to make settings for editing, approval actions, or email notifications. Click here to learn more.
  • Change Owner and technicians with SDChangeManager role can add/edit/delete/organize tasks in a change even after the change is closed.
  • Two new widgets, Open Changes By Type and Unapproved Changes By Type are now added under Dashboard.
  • A new field, Category is added in the Changes Dashboard.
  • The default status notifications settings is added under Notification Rules > Changes.
  • A new column, Next Review Date is added under Custom Reports for Changes.

SDPMSP-18804: You can disable manual deletion of system logs in the Community tab.

SDPMSP-18805: Future approvals in the approval action page.

  • You can now view approvers on the Approval Actions page by updating the paramvalue for the specific entry as shown in the following GlobalConfig table:

    category = " ApprovalAction"
    paramvalue = "true"

  • An approver's organizational role details are now shown in the Approval Details section and the Approval Actions page.

SDPMSP-18806: Option to enable/disable last login information under Admin > General Settings > Security Settings.

SDPMSP-18809: You can now limit the number of characters displayed in some fields, such as description and resolution when generating reports for improved performance. The configuration is available under Admin > Performance Settings > Reports.

SDPMSP-18811: Organize Tabs

  • Administrators can organize tabs in the navigation menu and allow technicians to personalize the tab order. You can access Organize Tabs from Admin > General Settings > UI Customization > Organize Tabs. Click here to learn more.

SDPMSP-18812: Improved login flow in embedded live chat.

SDPMSP-18815: Images inserted in the description of tasks, problems, changes, projects, and solutions can now be previewed from the details page.

SDPMSP-18817: Force Password Reset for Default Accounts (administrator/guest)

SDPMSP-18837: Problem Attachment

  • Attachments UI in Problems is enhanced for improved user experience.

SDPMSP-18838: Flexible Column Layout

  • You can now configure up to 4 columns in Incident and Service templates.
  • You can also configure flexible column and add up to 12 fields in a single row with various customizable options. Click here to learn more.

SDPMSP-18843: API for request approval actions is now supported.

  • The UI for approval action page and approval tabs under requests and archived requests is enhanced for better usability.
  • Option to mandate approvals comments only on request rejection under Admin > Self-Service Portal Settings (Advanced Portal Settings in ESM setups).
  • You can now configure custom names for an approval level when adding an approval stage to request templates.
  • In Custom Triggers, configure custom scripts to add request approvals in a new format. Update existing scripts before January 2022 to configure request approvals via scripts using the new format.
  • In custom trigger json, current_level and approved_level keys will be added along with current_stage and approved_stage keys, respectively. The keys current_stage and approved_stage will be removed after January 2022.

SDPMSP-18844: Default Chat Reports

  • Reports module now includes pre-defined chat reports such as Chats initiated by requester, Chats answered by a technician, Unanswered chats, and Completed chats. Click here to learn more.

SDPMSP-18845: Translation In-line Edit

  • A new inline edit option to translate a phrase or text in the user interface is available. Currently, this feature supports text modification in the application header, Home, Requests sub-tabs, Tasks and Work Logs. Click here to learn more.

SDPMSP-18846: Impact, Urgency, and Priority Matrix are now available under Admin > Helpdesk Customizer in Standard edition.

SDPMSP-18860: Group Roles

  • Create Group Roles (support group based roles) and associate them to support groups and technicians to use them in support group notifications, SLA escalation notifications, request life cycles, custom triggers, backup technician assignments, dashboards(share dashboards), and approvals.
  • To create group roles, go to Admin > Users > Group Roles. To learn more, click here.
  • You can also configure escalation to group-level role technicians or group owners for incident and service SLAs.

SDPMSP-18865: The mini calendar and the calendar view in Changes will now show the change requests marked in the previous month and next month if the respective dates are shown in the current month view. For example, if the starting day of the current month is Friday, then the changes until the previous day (Thursday) will be shown in the current month view.

SDPMSP-18876: Monitor Malicious Activity

  • SDAdmins can now monitor URL attacks in the application from Admin > General Settings > Security Settings > Advanced. Notifications are sent to SDAdmins if too many attempts are made to access a URL. Click here to learn more.

SDPMSP-18879: Attachment Settings in Admin page

  • You can now configure the file attachments that you want to allow or restrict in the application. You can find the settings under Admin > Attachment Settings. Click here to learn more.

SDPMSP-18881: You can now configure notification sounds for Broadcast Messages, Announcements, and Technician Notifications. Click here to know more.

SDPMSP-18892: Enhancements to Change Approval Notifications

  • Change approval actions can now be notified to a change requester via email.
  • The $MyPendingApprovals variable used in the approval reminder notification template is changed to $MyPendingApprovalLink.
  • In approval notification template, the variable $ApproverName can be used to display the name of the user who approves the change.

SDPMSP-18937: Advanced Matrix Report Enhancement

  • Users can now add up to 5 columns while grouping data in Advanced Matrix Reports.
  • Users can select the Request field in the Columns drop-down under the Column Grouping section for all modules that support matrix reports.
  • The Date Format drop-down will be displayed only if a date field is selected as the column.
  • Users can also add up to 5 rows to group the data in the Group by section.

To learn more, click here.

SDPMSP-18942: Query Report API Feature

  • API support to view all query reports and execute report and query.

SDPMSP-18945: Matrix Report now supports percentage in summary type.

SDPMSP-18949: Zoho Charts in Reports

  • ServiceDesk Plus MSP integrates with Zoho Charts, a charting library with improved UI and features. The integrations allows users to create new chart types while generating reports. The UI of the generated chart is fine-tuned to display detailed information on hovering over the chart.

SDPMSP-18950: Added support for Comments API under Admin -> API -> Documentation -> Comments API.

SDPMSP-18957: Introducing an option to modify the product type of assets.

SDPMSP-18961: Telephony

  • Technicians can now place outgoing call to requesters phone or mobile from the right pane in request details page.

SDPMSP-18963: Added support for Change Template API under Admin > API > Documentation > Change Template API.

SDPMSP-18964: Added support for CAB API under Admin > API > Documentation > CAB API.

SDPMSP-18965: You can now import AD attributes of integer type.

SDPMSP-18966: The failed users list in AD full sync import is now attached as a CSV file in the notification.

SDPMSP-18968: Support for TLSv1 and TLSv1.1 is deprecated further.

SDPMSP-18970: User Group Entity over v3 API

  • User Group API is now revamped for improved user experience.

SDPMSP-18972: You can now increase the number of assets fetched via global search by updating the "paramvalue" for the entry below in the GlobalConfig table.

category = "Asset_Workstation_Global_Search"
parameter = "searchLimit"
paramvalue = "<any_value_up_to_1000>"

Note : For better performance, it is recommended to set the paramvalue to the default count of 500.

SDPMSP-18973: Fail Over Service over Latest Framework

  • Failover Service and Failover Service Replication can now be configured from the application UI under General Settings. Administrators can toggle FOS mode ON or OFF anytime and track the changes performed on the configurations from the History tab.
  • FOS in ServiceDesk Plus MSP now follows a peer-peer architecture. In the event of primary server unavailability, the secondary server takes over and functions as the primary server.
  • Postgres support is provided for the database server.
  • In event of application restore, FOS will be disabled by default. The administrator is required to enable FOS and restart the application again.
  • Click here to learn more.

SDPMSP-19064: Enable/disable and show/hide options are now supported for the Site field in Field And Form Rules.

SDPMSP-19065: Zia Bot

  • Zia, Zoho's AI assistant for business, is available as a virtual conversational support agent, Zia Bot. You can now ask Zia to perform 20 different help desk operations including raising requests, assigning technicians to requests, viewing solutions/announcements.
  • To learn more, click here.

SDPMSP-19068: Callback Custom Functions

  • Create callback custom functions using Deluge scripting to manipulate data in ServiceDesk Plus MSP whenever an event occurs in external applications. To learn more, Click here.


SDPMSP-19069: Introducing PII/ePHI for User Additional Fields

  • Administrators can now mark out user additional fields that contain Personally Identifiable Information (PII) or electronic Protected Health Information (ePHI) to identify the sensitive information collected and stored in ServiceDesk Plus MSP. The personal data of users (both technicians and end users) in PII/ePHI marked fields are handled in accordance with privacy regulations such as GDPR.
  • To learn more, Click here.

SDPMSP-19070: Added V3 API support for purchase order entity.

SDPMSP-19071: You can now edit the price fields of items when creating purchase orders from purchase requests.

SDPMSP-19072: Date field is now listed under Date Filter in Summary Reports.

SDPMSP-19073: You can now access ServiceDesk Plus MSP from any domain by setting Access-Control-Allow-Origin to Trusted in Security Settings

SDPMSP-19074: Contract custom report now supports Description and Support columns in the column chooser.

SDPMSP-19080: Option to add/update auto-generated function name in custom functions.

SDPMSP-19082: Added API support for associating problem with requests and changes.

SDPMSP-19083: Zia, Zoho's AI assistant for business, has been implemented in ServiceDesk Plus MSP. Zia inspects each incoming request and applies her learning to understand and respond to the user's needs. Currently, Zia can perform approval actions by using users' responses to the approval email.

Configure Zia under Admin > Zia Configurations.

Learn more about Zia

SDPMSP-19095: Microsoft Teams Integration

Set up ServiceDesk Plus MSP integration with Microsoft Teams to leverage the collaboration app as an additional channel for IT and Enterprise support. This integration allows users to view service desk requests, pending approvals, and chat with help desk technicians, all from their Microsoft Teams accounts.

Click here to know more.

SDPMSP-19098: SDP MSP Outlook Add-In

ServiceDesk Plus MSP is now available as an add-on in Microsoft Outlook. Using this add-on,

  • Users can raise requests and track their progress in ServiceDesk Plus MSP from the Outlook mailbox
  • Technicians can edit, pickup, or assign requests via Outlook.
  • Click here to learn more.

SDPMSP-19103: From email address is supported while sending emails through custom functions.

SDPMSP-19104: If the sort order is not defined in the work log list view, the latest work log will be displayed on the top of the list.

SDPMSP-19117: Users can now edit assets in bulk from the assets list view.

SDPMSP-19118: Introducing My Assets Widget in the self-service portal that lists all the assets associated with the logged-in user. Requesters can raise an issue related to their assets from the widget.

SDPMSP-19119: Disaster Recovery

Disaster recovery (DR) ensures availability of ServiceDesk Plus MSP when a region or site is down during disaster. DR works by implementing a hot-standby system. When a primary server is down, the secondary server takes over the primary server functions and serves the application. To setup DR, SDAdmins can configure from Admin > General Settings > HA Configuration.

Click here to learn more.

SDPMSP-19121: You can now enable, disable, show, hide, mandate, and non-mandate the On behalf of field in the Add/Edit Request form via Field and Form Rules.

SDPMSP-19132: Users can now add Bcc field in emails from ServiceDesk Plus MSP.

SDPMSP-19133: Country can be added as a business rules criteria.

SDPMSP-19160: Asset and Purchase Admin revamp

  • Revamped UI for the following admin entities: Purchase Default Value, Cost Center, GL Code, Currency, Vendor Services, Contract Type, Product Type, Product, Vendor, and Asset State.
  • Technicians can now delete default contract types. If a deleted contract type is associated with contracts, the contract type will be marked as inactive.
  • V3 API is now supported for admin entities under asset and purchase management.

SDPMSP-19162: Advanced Analytics under Reports Tab

Added Single sign-on (SSO) support for Advanced Analytics. On enabling SSO, Advanced Analytics can be accessed in an embedded view from the Reports tab.

Click here to learn more.

SDPMSP-19163: Admin UI Revamp

The Admin page is revamped with an all new configurations grouping as well as an improved UI layout for ease of access. Other changes include:

  • New configuration pop-up for creating/editing users and technician additional fields.
  • New UI layout for integrations page under Admin > Apps & Add-ons > Integrations.
  • Revamped UI for notification rules under Admin > Automation > Notification Rules.

Click here to learn more.

SDPMSP-19164: Project Admin Revamp

  • Revamped UI for Project admin entities. Click here to learn more.
  • Members tab is added to the project template. You can now add members and assign roles in a project template from the project template details page.

Click here to learn more.

SDPMSP-19166: Special characters in the reports title are missing on exporting the report as PDF.

SDPMSP-19168: Attachments can now be added to Jira tickets created from ServiceDesk Plus MSP.

SDPMSP-19269: Site_V3 API: Support for ADD, EDIT, UPDATE, and DELETE operations.

SDPMSP-19171: ManageEngine Analytics Plus Cloud now integrates with ServiceDesk Plus MSP as cloud-based reporting & business intelligence service instead of Zoho Analytics. Going forward, users will be able to integrate with ManageEngine Analytics Plus Cloud to analyze business data and create reports/dashboards.

Click here to learn more.

SDPMSP-19176: Added support for fetching original client IP addresses using network load balancers. The original client IP addresses are fetched using the X-Forwarded-For HTTP header configuration on your load balancer. Use the following syntax to configure the header : X-Forwarded-For : <client_ip_address>, <proxy1_ip_address>, <proxy2_ip_address>

SDPMSP-19196: Unable to fetch values using $variables in webhooks.

SDPMSP-19239: Going forward, the configurations required to send mobile push notifications will be customizable.

SDPMSP-19351: Throttle limit to access solutions or announcements auto-suggest pop-up while creating requests has been increased to 300 in requester login.

SDPMSP-19354: You can now associate up to 100 projects to change requests and vice versa via the GlobalConfig table.

SDPMSP-19356: You can now increase the number of options that can be selected for resource questions by updating the "paramvalue" for the entry below in the GlobalConfig table.

  • category = "CheckBox_Resource_Question"
  • parameter = "MAX_OPTIONS_SELECTED"
  • paramvalue = "<any_value_up_to_50>"

Note : The default paramvalue is 25.

SDPMSP-19357: Performance improvements in some scenarios when running query reports with setups using Microsoft SQL server.

Issues Fixed

  • SDPMSP-12970: The SameSite attribute will be set for all sensitive cookies for enhanced security.
  • SDPMSP-15078: An error is thrown when approving changes if a custom trigger is configured for the approval action.
  • SDPMSP-15120: Unable to add worklog if an additional field that was used in the Bill rule criteria in the requests contract has been removed.
  • SDPMSP-16091: The /html/APICall.html endpoint is removed. All supported APIs can be tested under Admin > API > Documentation
  • SDPMSP-16668: When data is pushed to central server from remote server, the Warranty Expiry Date field in workstation and server is not populated.
  • SDPMSP-16989: Improper email validation during user enrollment for two-factor authentication.
  • SDPMSP-17192: Unable to add task attachments in task panel under Request List View.
  • SDPMSP-18086: Unable to log in as AD user in some cases if the browser's language is set to non-English languages.
  • SDPMSP-18108: Incorrect SLAs are assigned to requests.
  • SDPMSP-18515: When there are several sites, the : /api/v3/technicians/loggedin_user_details call takes almost 2 minutes, leading to a performance issue.
  • SDPMSP-18538: Unable to add attachment for change through API.
  • SDPMSP-18564: When new custom reports with account additional fields are generated, the page crashes sometimes.
  • SDPMSP-18642: Scheduled backups are not automatically deleted even after the elapse of the backup retention period.
  • SDPMSP-18692: When the Label and Description fields in the Asset and Workstation additional fields contain a special characters, the fields are get encrypted when the Save button is clicked twice after a new field is added.
  • SDPMSP-18833: In custom functions, user details in the context argument are returned as null when the username and login name are different.
  • SDPMSP-18871: Unable to perform a network scan of VM Hosts in certain cases.
  • SDPMSP-18893: Announcement pop-up is shown to non-privileged users in some cases.
  • SDPMSP-18977: In the Add new request form, when the requester is selected, Department is not displayed.
  • SDPMSP-18991: On the Requesters/Users list view page, Site is not available under column chooser.
  • SDPMSP-19038: Under Solution List View, deleted attachments continue to be shown as available.
  • SDPMSP-19158: When worklog is added through API, it's not added as the first response even when the respective option is selected.
  • SDPMSP-19184: Internal error occurs when any service request fields are updated.
  • SDPMSP-19261: Multi-factor authentication fails when the policy to reset the password during the first-time login is enabled.
  • SDPMSP-19280: Unable to add a worklog to requests if the Service Level Agreements option for the corresponding site is changed from custom settings to refer settings.
  • SDPMSP-19320: Page crashes when generating request custom reports that include additional fields whose names contain accented characters.
  • SDPMSP-19323: Non-login access to the change approval page is not working if/when the Glowroot tool is enabled.
  • SDPMSP-19343: When the SLA of a resolved request is changed, the Response DueBy Time is flagged as delayed even though the response has been sent within the SLA time already.
  • SDPMSP-19359: The field update section is getting collapsed while adding a rule to the "During" transition in the request life cycle.
  • SDPMSP-19380: Inline images in emails sent from the application are broken in some cases.
  • SDPMSP-19422: The default service templates are not getting listed while associating service templates with a request life cycle.


  • ManageEngine Applications Manager integration will not work
  • Mobile app will not work