SupportCenter Plus ReadMe

SupportCenter Plus Support SupportCenter Plus ReadMe

What's new in 11024?

(Released on: 05 August 2022)

Behaviour Changes:

  • SCP-2201 : When connecting to OAuth2-based mail servers, the consent of the Azure administrator is no longer required


  • SCP-1547 : Option to include the Bcc field in the emails from SupportCenter Plus.
  • SCP-1900 : Added an option in the Self-Service Portal Settings to hide the Solutions tab from contacts.
  • SCP-2567 : You can now enable permission for support reps to view, add, and edit contracts when configuring roles.

Issues Fixed:

  • SCP-1773 : Unable to add announcements in the Chinese language.
  • SCP-2100 : Performance issue with the Advanced Filtering option in the report generation wizard.
  • SCP-2327 : The values of multi-line account additional fields appear in a single line after saving the account details.
  • SCP-2388 : Unable to configure two-factor authentication in single portal setups.
  • SCP-2529 : The support rep and location data are incorrectly populated under the Maps tab.
  • SCP-2526 : The contact name is not populated automatically in the new request form when creating a request using the option in the incoming call pop-up.

What's new in 11023?

(Released on: 21 July 2022)

Issues Fixed:

  • SCP-2559 : CVE-2022-36412 : Authentication bypass vulnerability in V3 REST API URLs reported by Raphael Cheneau.

What's new in 11022?

(Released on: 11 July 2022)

Issues Fixed:

  • SCP-2554 : CVE-2022-35403 : Path traversal vulnerability while processing inline images.

What's new in 11021?

(Released on: 02 June 2022)


  • SCP-2442: Support for email reply separator in request conversations.
  • SCP-2251: Added email command options to set Account and contact fields in requests.

Issues Fixed:


  • SCP-2336: Security enhancements for OAuth-based mail server connections.
  • SCP-1759: Support reps cannot access unread requests assigned to them if the length of the request resolution is on the higher side.
  • SCP-1753: Labels for Door, Street, and City fields in account add/edit forms are missing.

What's new in 11020?

(Released on: 22 March 2022)


  • SCP-2230 : Request additional fields are now supported for configuring SLA criteria.

Issues Fixed:


  • SCP-2311 : (CVE-2022-25373) Stored XSS vulnerability in request history reported by Matt.
  • SCP-2258 : Log4j is upgraded to version 2.17.1.

What's new in 11019?

(Released on: 08 January 2022)

Issues Fixed:


  • SCP-2225 : Unauthenticated file uploaded (only .tmp files) to windows temp directory.

What's new in 11018?

(Released on: 03 December 2021)

Issues Fixed

  • SCP-2193 : Authentication bypass vulnerability leading to limited data exposure and modification.

What's new in 11017?

(Released on: 02 December 2021)


  • SCP-2178 : Spamming/DoS vulnerability in the forgot password functionality.

Issues Fixed:

  • SCP-1625 : An error is thrown when choosing request custom filters that are configured with user criteria.
  • SCP-2148 : An error occurs when updating inactive support groups.
  • SCP-2180 : In single-portal setups, the scaling of header logo is not consistent across the application.
  • SCP-2182 : Support for NTLM Single Sign-On is deprecated. Going forward, users with NTLM SSO configured in their applications are advised to configure SAML SSO. Refer here for more details.


  • SCP-2185 : SupportCenter Plus now supports SAML 2.0, which is an easier alternative to conventional sign-in methods already available for online services. With this configuration, a single set of credentials can be used to access different applications. You can configure SAML single sign-on for SupportCenter Plus from Admin > Users > SAML Single Sign-On. Please refer to here for more details.

What's new in 11016?

(Released on: 25 October 2021)

Issues Fixed:

  • SCP-2133 : CVE-2021-43295 : Reflected XSS vulnerability in the Accounts module reported by Victor Portal.
  • SCP-2135 : CVE-2021-43294 : Reflected XSS vulnerability in the Products module reported by Victor Portal.
  • SCP-2136 : CVE-2021-43296 : SSRF vulnerability in ActionExecutorServlet reported by Victor Portal.

What's new in 11015?

(Released on: 29 September 2021)

Issues Fixed:

  • SCP-2083: Performance issue when the application has large number of accounts.
  • SCP-2081: Page crashes when opening the request details page in some cases.
  • SCP-2068: Unable to delete portals in some cases.
  • SCP-2067: Unable to change password when it is already expired.
  • SCP-2062: Page Scripts and Global Field and Form Rules are inadvertently appearing in the Standard and Professional Edition.
  • SCP-1830: In reply templates, the variable "$Description" is not getting replaced properly.
  • SCP-2094: Email notifications for request creation are not getting sent to the corresponding account manager if the requests are created via email.

What's new in 11014?

(Released on: 11 September 2021)

Issues Fixed:

  • SCP-2078/CVE-2021-44077 : Authentication bypass vulnerability in certain application URLs

What's new in 11013?

(Released on: 22 July 2021)

Issues Fixed:

  • SCP-1939: Authentication bypass vulnerability in few rest API urls reported by David

What's new in 11012?

(Released on: 01 July 2021)


  • SCP-1284 : Two-factor authentication Support Reps can now be mandated to use an additional authentication mode such as Google Authenticator or email-based OTP along with regular passwords to log into the application. To learn more, click here.
  • SCP-1872 : A linked request when viewed from the parent request is displayed with details such as subject, support rep, group, and status, along with the request ID and comments.
  • SCP-1875 : Adjust the height for Description and Multi-line fields in request templates.
  • SCP-1876 : Control the size of multi-line fields using execute script action in field and form rules.
  • SCP-1877 : Enable/Disable Request templates right from the templates list view.
  • SCP-1878 : Option to copy request templates.
  • SCP-1879 : Disable the API key generation under the Personalize menu for support reps. Admin >> General Settings >> Security Settings >> Advanced
  • SCP-1880 : Global FAFR Create Field And Form Rules common to all request templates. To configure global field and form rules for request templates, go to Admin >> Helpdesk Customizer >> Field And Form Rules.
  • SCP-1881 : Test Mail Test your mail server settings by sending and fetching a sample email.
  • SCP-1883 : Page Scripts Page Scripts allow you to customize the application page-wise as per your requirement. You can modify the UI elements as well as the functionalities of a page in the application using custom scripts for end users.
  • SCP-1888 : Option to configure and append .msg/..eml type attachments in description by modifying the globalconfig table in the database which will have three values : processboth, processcontentalone, and processattachmentalone.
  • SCP-1891 : Add Notes while assigning a support rep Add additional information via notes when assigning a request to a group or support rep.
  • SCP-1901 : Option to filter active/in-active/all request templates.

Issues Fixed:

  • SCP-1844 : If the Request url is copied and used between different instances, it throws an error.

Behavior Changes:

  • SCP-1887 : Mails fetched by EWS will be permanently deleted.

What's new in 11011?

(Released on: 18 June 2021)


  • SCP-1266 : Ability to select Product under Custom trigger criteria.
  • SCP-1279 : SLA can be mapped to multiple support plan.
  • SCP-1280 : Ability to add Country as a criteria in the business rules.
  • SCP-1354 : Account manager feature is introduced. Some of its abilities are mentioned below.
    • The account manager keeps a track of the customer accounts and keeps them up to date.
    • The account manager has permission to create/view all the requests raised by the contacts in the account, thereby coordinating with the support rep to solve the issues immediately. Click here to know more.
  • SCP-1355 : Ability to maintain same contract number across contracts.
  • SCP-1356 : Introduced new enhancements in Reply templates.
    • Option to show inactive templates in the reply template list view.
    • Option to restrict technicians from creating their own reply templates.
    • Admins can configure private and public reply templates.
    • Technicians with view permission for requests can configure private reply templates under Quick Actions >> Manage Reply Templates.

Behavior Changes:

  • SCP-1615 : In Job Sheet Customizer and Notification Rules, $comments variable is replaced with $ProductComments.

Issues Fixed:

  • SCP-1351 : CTI and Zoho Assist features are not listed in admin pages in certain cases where single portal license is applied.
  • SCP-1756 : Unable to create more than 10 portals even if 20 portal(s) license is applied.

What's new in 11010?

(Released on: 10 May 2021)

Issues Fixed

  • SCP-1729: CSRF vulnerability while making request notes public.

What's new in 11009?

(Released on: 12 April 2021)

Feature :

  • SCP-1735: Password policy to implement strong passwords is now enabled and configured by default for fresh installations. Password Policy configuration is available under Admin --> Security Settings.

Enhancement :

  • SCP-1732: Added support to allow/restrict request closure by non-login users.
  • SCP-1737: Authentication for survey responses is now enabled by default for fresh installations.

Issue Fixed :

  • SCP-1733: Access to non-login endpoints for operations in the customer portal page is restricted when no portal is enabled.

What's new in 11008?

(Released on: 02 April 2021)

Behavior change

  • SCP-1675: Customer Portal Association: A message will now be shown when associating a portal which is already associated with another customer portal.

Issues Fixed

  • SCP-1259: After moving from a registered/trial version to the free version, the header pane is not displayed for support reps.
  • SCP-1327: On updating scheduled requests associated to an account, a new contact without any account association is created with the same name of the contact as in the scheduled requests.
  • SCP-1332: Domain names of accounts disappear when editing the account details in French and Spanish languages.
  • SCP-1348: Unable to submit requests if the Product field is mandated.
  • SCP-1394: The banner showing "Allowance of contract is consumed" is not displayed.
  • SCP-1505: The field Job Title is displayed upon selecting a contact in the new request form, but it is missing from the new contact form.
  • SCP-1592: Contracts are erroneously getting applied to requests that were raised even before the contracts were created.
  • SCP-1627: Business rules configured with Account and Product as criteria are not getting applied when the request is created through email.
  • SCP-1645: Unable to import requests from XLS files if the field Item is selected.
  • SCP-1663: Forgot password notification mail is erroneously sent as plain text.
  • SCP-1668: Page crash in Requests Approaching SLA Violation widget.
  • SCP-1674: In some cases, the default value of the Product field as configured in request templates is not getting populated in the corresponding requests.
  • SCP-1725: Business rules with Account or Product as a criterion are not getting applied when requests are created using Scheduled Requests.

What's new in 11007?

(Released on: 26 March 2021)

Issues Fixed

  • SCP-1707: Possible RCE is fixed - Classloader vulnerability in struts 1.1 (CVE-2014-0114)
  • SCP-1699: Path traversal and reading local files when sending attachments within the 'forward' functionality
  • SCP-1696: Behavior change - The response for the forgot password rest link will be generic or common for the valid, invalid or mail sending failure case. The masked e-mail will not be shown, and if the user provides invalid details, the retry page will not be shown.

What's new in 11006?

(Released on: 10 March 2021)

Issues Fixed

  • SCP-1660: Lower privilege user is able to delete attachments.
  • SCP-1659: CSRF vulnerability when deleting user attachment.

What's new in 11005?

(Released on: 25 February 2021)

Behavior Changes

  • SCP-1602: Lodash upgraded to version 4.17.20.
  • SCP-1623: Unable to close requests using non-login URL.
  • SCP-1633: OAuth-based authentication protocol is now used to integrate SupportCenter Plus with Zoho Analytics.

Issues Fixed

  • Reflected and stored XSS vulnerabilities are fixed.

What's new in 11004?

(Released on: 03 February 2021)

Behavior Changes

  • SCP-1362: Ability to add a contract with same configuration on the same date on which another contract is terminated.
  • SCP-1495: Differential hours split in time entries is shown based on the portal's operational hours. Non-zero splits will be shown in time entries based on the contract setting "Allow support reps to overwrite the time taken to resolve".

Issues Fixed

  • Privilege escalation vulnerabilities are fixed.

What's new in 11003?

(Released on: 30 December 2020)

Issues fixed

  • SCP-1334: Users can download attachments in Solutions module through non-login URLs.
  • SCP-1308: Can download arbitrary file attachments

What's new in 11002?

(Released on: 25 November 2020)

Issues fixed

  • SCP-1273: Bills are generated before contract expiry for contracts having bill cycle as 'Contract length'
  • SCP-1278: Privilege escalation vulnerability in Requests list view
  • SCP-1288 and 1289: Security response headers have been added for few URLs.
  • SCP-1295: Contract is not applied properly for certain requests is fixed.

What's new in 11001?

(Released on: 23 September 2020)


  • SCP-1158: Ability to Import accounts/contacts through schedule CSV.
  • SCP-1191: You can now configure the mail server with Modern Authentication (OAuth 2.0) for secure and delegated access.
  • SCP-1193: Number of Zoho assist concurrent licenses purchased will be shown on the license page.

Issues fixed

  • SCP-1189: Support rep purchased license count is shown wrongly in the License details page
World's Largest Organizations Rely On SupportCenter Plus