SCP-2225 : Unauthenticated file uploaded (only .tmp files) to windows temp directory.
What's new in 11018?
(Released on: 03 December 2021)
Issues Fixed
SCP-2193 : Authentication bypass vulnerability leading to limited data exposure and modification.
What's new in 11017?
(Released on: 02 December 2021)
Vulnerability
SCP-2178 : Spamming/DoS vulnerability in the forgot password functionality.
Issues Fixed:
SCP-1625 : An error is thrown when choosing request custom filters that are configured with user criteria.
SCP-2148 : An error occurs when updating inactive support groups.
SCP-2180 : In single-portal setups, the scaling of header logo is not consistent across the application.
SCP-2182 : Support for NTLM Single Sign-On is deprecated. Going forward, users with NTLM SSO configured in their applications are advised to configure SAML SSO. Refer here for more details.
Enhancements
SCP-2185 : SupportCenter Plus now supports SAML 2.0, which is an easier alternative to conventional sign-in methods already available for online services. With this configuration, a single set of credentials can be used to access different applications. You can configure SAML single sign-on for SupportCenter Plus from Admin > Users > SAML Single Sign-On. Please refer to here for more details.
What's new in 11016?
(Released on: 25 October 2021)
Issues Fixed:
SCP-2133 : CVE-2021-43295 : Reflected XSS vulnerability in the Accounts module reported by Victor Portal.
SCP-2135 : CVE-2021-43294 : Reflected XSS vulnerability in the Products module reported by Victor Portal.
SCP-2136 : CVE-2021-43296 : SSRF vulnerability in ActionExecutorServlet reported by Victor Portal.
What's new in 11015?
(Released on: 29 September 2021)
Issues Fixed:
SCP-2083: Performance issue when the application has large number of accounts.
SCP-2081: Page crashes when opening the request details page in some cases.
SCP-2068: Unable to delete portals in some cases.
SCP-2067: Unable to change password when it is already expired.
SCP-2062: Page Scripts and Global Field and Form Rules are inadvertently appearing in the Standard and Professional Edition.
SCP-1830: In reply templates, the variable "$Description" is not getting replaced properly.
SCP-2094: Email notifications for request creation are not getting sent to the corresponding account manager if the requests are created via email.
What's new in 11014?
(Released on: 11 September 2021)
Issues Fixed:
SCP-2078/CVE-2021-44077 : Authentication bypass vulnerability in certain application URLs
What's new in 11013?
(Released on: 22 July 2021)
Issues Fixed:
SCP-1939: Authentication bypass vulnerability in few rest API urls reported by David
What's new in 11012?
(Released on: 01 July 2021)
Enhancements:
SCP-1284 : Two-factor authentication Support Reps can now be mandated to use an additional authentication mode such as Google Authenticator or email-based OTP along with regular passwords to log into the application. To learn more, click here.
SCP-1872 : A linked request when viewed from the parent request is displayed with details such as subject, support rep, group, and status, along with the request ID and comments.
SCP-1875 : Adjust the height for Description and Multi-line fields in request templates.
SCP-1876 : Control the size of multi-line fields using execute script action in field and form rules.
SCP-1877 : Enable/Disable Request templates right from the templates list view.
SCP-1878 : Option to copy request templates.
SCP-1879 : Disable the API key generation under the Personalize menu for support reps. Admin >> General Settings >> Security Settings >> Advanced
SCP-1880 : Global FAFR Create Field And Form Rules common to all request templates. To configure global field and form rules for request templates, go to Admin >> Helpdesk Customizer >> Field And Form Rules.
SCP-1881 : Test Mail Test your mail server settings by sending and fetching a sample email.
SCP-1883 : Page Scripts Page Scripts allow you to customize the application page-wise as per your requirement. You can modify the UI elements as well as the functionalities of a page in the application using custom scripts for end users.
SCP-1888 : Option to configure and append .msg/..eml type attachments in description by modifying the globalconfig table in the database which will have three values : processboth, processcontentalone, and processattachmentalone.
SCP-1891 : Add Notes while assigning a support rep Add additional information via notes when assigning a request to a group or support rep.
SCP-1901 : Option to filter active/in-active/all request templates.
Issues Fixed:
SCP-1844 : If the Request url is copied and used between different instances, it throws an error.
Behavior Changes:
SCP-1887 : Mails fetched by EWS will be permanently deleted.
What's new in 11011?
(Released on: 18 June 2021)
Enhancements:
SCP-1266 : Ability to select Product under Custom trigger criteria.
SCP-1279 : SLA can be mapped to multiple support plan.
SCP-1280 : Ability to add Country as a criteria in the business rules.
SCP-1354 : Account manager feature is introduced. Some of its abilities are mentioned below.
The account manager keeps a track of the customer accounts and keeps them up to date.
The account manager has permission to create/view all the requests raised by the contacts in the account, thereby coordinating with the support rep to solve the issues immediately. Click here to know more.
SCP-1355 : Ability to maintain same contract number across contracts.
SCP-1356 : Introduced new enhancements in Reply templates.
Option to show inactive templates in the reply template list view.
Option to restrict technicians from creating their own reply templates.
Admins can configure private and public reply templates.
Technicians with view permission for requests can configure private reply templates under Quick Actions >> Manage Reply Templates.
Behavior Changes:
SCP-1615 : In Job Sheet Customizer and Notification Rules, $comments variable is replaced with $ProductComments.
Issues Fixed:
SCP-1351 : CTI and Zoho Assist features are not listed in admin pages in certain cases where single portal license is applied.
SCP-1756 : Unable to create more than 10 portals even if 20 portal(s) license is applied.
What's new in 11010?
(Released on: 10 May 2021)
Issues Fixed
SCP-1729: CSRF vulnerability while making request notes public.
What's new in 11009?
(Released on: 12 April 2021)
Feature :
SCP-1735: Password policy to implement strong passwords is now enabled and configured by default for fresh installations. Password Policy configuration is available under Admin --> Security Settings.
Enhancement :
SCP-1732: Added support to allow/restrict request closure by non-login users.
SCP-1737: Authentication for survey responses is now enabled by default for fresh installations.
Issue Fixed :
SCP-1733: Access to non-login endpoints for operations in the customer portal page is restricted when no portal is enabled.
What's new in 11008?
(Released on: 02 April 2021)
Behavior change
SCP-1675: Customer Portal Association: A message will now be shown when associating a portal which is already associated with another customer portal.
Issues Fixed
SCP-1259: After moving from a registered/trial version to the free version, the header pane is not displayed for support reps.
SCP-1327: On updating scheduled requests associated to an account, a new contact without any account association is created with the same name of the contact as in the scheduled requests.
SCP-1332: Domain names of accounts disappear when editing the account details in French and Spanish languages.
SCP-1348: Unable to submit requests if the Product field is mandated.
SCP-1394: The banner showing "Allowance of contract is consumed" is not displayed.
SCP-1505: The field Job Title is displayed upon selecting a contact in the new request form, but it is missing from the new contact form.
SCP-1592: Contracts are erroneously getting applied to requests that were raised even before the contracts were created.
SCP-1627: Business rules configured with Account and Product as criteria are not getting applied when the request is created through email.
SCP-1645: Unable to import requests from XLS files if the field Item is selected.
SCP-1663: Forgot password notification mail is erroneously sent as plain text.
SCP-1668: Page crash in Requests Approaching SLA Violation widget.
SCP-1674: In some cases, the default value of the Product field as configured in request templates is not getting populated in the corresponding requests.
SCP-1725: Business rules with Account or Product as a criterion are not getting applied when requests are created using Scheduled Requests.
What's new in 11007?
(Released on: 26 March 2021)
Issues Fixed
SCP-1707: Possible RCE is fixed - Classloader vulnerability in struts 1.1 (CVE-2014-0114)
SCP-1699: Path traversal and reading local files when sending attachments within the 'forward' functionality
SCP-1696: Behavior change - The response for the forgot password rest link will be generic or common for the valid, invalid or mail sending failure case. The masked e-mail will not be shown, and if the user provides invalid details, the retry page will not be shown.
What's new in 11006?
(Released on: 10 March 2021)
Issues Fixed
SCP-1660: Lower privilege user is able to delete attachments.
SCP-1659: CSRF vulnerability when deleting user attachment.
What's new in 11005?
(Released on: 25 February 2021)
Behavior Changes
SCP-1602: Lodash upgraded to version 4.17.20.
SCP-1623: Unable to close requests using non-login URL.
SCP-1633: OAuth-based authentication protocol is now used to integrate SupportCenter Plus with Zoho Analytics.
Issues Fixed
Reflected and stored XSS vulnerabilities are fixed.
What's new in 11004?
(Released on: 03 February 2021)
Behavior Changes
SCP-1362: Ability to add a contract with same configuration on the same date on which another contract is terminated.
SCP-1495: Differential hours split in time entries is shown based on the portal's operational hours. Non-zero splits will be shown in time entries based on the contract setting "Allow support reps to overwrite the time taken to resolve".
Issues Fixed
Privilege escalation vulnerabilities are fixed.
What's new in 11003?
(Released on: 30 December 2020)
Issues fixed
SCP-1334: Users can download attachments in Solutions module through non-login URLs.
SCP-1308: Can download arbitrary file attachments
What's new in 11002?
(Released on: 25 November 2020)
Issues fixed
SCP-1273: Bills are generated before contract expiry for contracts having bill cycle as 'Contract length'
SCP-1278: Privilege escalation vulnerability in Requests list view
SCP-1288 and 1289: Security response headers have been added for few URLs.
SCP-1295: Contract is not applied properly for certain requests is fixed.
What's new in 11001?
(Released on: 23 September 2020)
Enhancements
SCP-1158: Ability to Import accounts/contacts through schedule CSV.
SCP-1191: You can now configure the mail server with Modern Authentication (OAuth 2.0) for secure and delegated access.
SCP-1193: Number of Zoho assist concurrent licenses purchased will be shown on the license page.
Issues fixed
SCP-1189: Support rep purchased license count is shown wrongly in the License details page
World's Largest Organizations Rely On SupportCenter Plus
You're one step away from faster, easier, and effective customer support.
