FreeScout - Package Updates

Package Updates

[1.15.33]

• Update freescout to 1.8.208
• Full Changelog
• Adjust Message-ID for outgoing emails to minimize matching by Apache SpamAssassin patterns (#​5245)
• Show errors on Status page when shell_exec() funciton can not be executed (#​5250)
• Reduced Cc and Bcc in languages where the text does not fit nicely (#​5247)
• Do not show Cc and Bcc fields by default when replying (#​5247)
• Fixed incomplete object error on Status page (#​5246)
• Check access to mailbox when emptying a folder.
• Improved sanitizing uploaded PDF files.
• Fixed permissions check when Following/Unfollowing conversation (Security)
• Fixed in dependency: Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass (Security: CVE-2025-64500)
• Fixed in dependency: PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling (Security: CVE-2026-24765)

Package Updates

[1.16.0]

• Fix Laravel cache permission errors causing queue job failures

Package Updates

[1.16.2]

• Update freescout to 1.8.211
• Full Changelog
• Allow to search conversations by #number (#​5251)
• Fixed Helper::checkIpByMask() function (Security)
• Add TrustHosts middleware to disallow host header injection (Security)
• Fixed fetching emails containing null bytes in the body (#​5292)
• Search conversation by correct number field (#​5298)
• Removed IMAP extension from list of required PHP extensions.

Package Updates

[1.16.3]

• Update freescout to 1.8.212
• Full Changelog
• Take limit_user_customer_visibility parameter into account when merging customers (Security)
• Check if conversation IDs match when marking thread as read (Security)
• Fixed fetching emails with deeply nested HTML (#​5304)
• Fixed "Passing null to parameter" error in Html2Text (#​5306)
• Fixed "Incomplete object" error on Status page (#​5307)

Package Updates

[1.16.4]

• Update freescout to 1.8.213
• Full Changelog
• Added mailbox.sidebar.buttons hook (#​5316)
• Change attachment token generation algorythm (Security)
• Take into account limit_user_customer_visibility parameter in load_customer_infoload_customer_info Ajax action (Security)
• Fixed "Call to a member function close()" on string in Zipper.
• Strip tags from name when creating a user (Security)
• Escape user name in flash message when deleting a user (Security)
• Strip also style tags in Helper::stripDangerousTags().
• Apply safe_raw_html() function to {!! ... !!} (Security)
• Improved joining customer messages into conversations on Fetching (#​5308)
• Improve Helper::getWebCronHash().

Package Updates

[1.16.5]

• Update freescout to 1.8.214
• Full Changelog
• Fixed Browser check (#​5331)
• Improved joining customer messages into conversations on Fetching (#​5308)
• Do not allow to move emails from customers from inaccessible mailboxes (Security)
• Check if customer is accessible when changing conversation customer (Security)
• Check customer visibility when creating a customer within Change Customer dialog (Security)
• Check customer visibility when creating Phone conversation (Security)
• Check thread created_by_user_id when Undoing sending (Security)

Package Updates

[1.16.6]

• Update freescout to 1.8.215
• Full Changelog
• Check file paths in Zipper before extracting files (Security)
• Add csrf_token to OAuth Disconnect link (Security)
• Sanitize $attachments_to_remove when deleting attachments (Security)
• Check permissions when setting chat_start_new for a mailbox (Security)
• Check permissions for assigned-only users when editing drafts (Security)
• Check permissions when assigned-only user is editing customer message (Security)
• Fixed compact() - Undefined variable operator (#​5308)
• For assigned-only users show only assigned conversations in the Search (Security)
• Make conversation Unassigned when moving it if its assignee does not have access to the target mailbox (#​5333)
• Fix error on creating a user (#​5337)

Package Updates

[1.16.7]

• Update freescout to 1.8.216
• Full Changelog
• Fixed null parameter error in CheckBrowser middleware (#5342)
• Fixed moving conversations (#5343)
• Fixed OAuth disconnect link on PHP 7.1 (#5345)
• Fixed search.title hook (#5347)
• Fixed mute icon for non-admin users in Dashboard (#5348)
• Improved fetching into multiple mailboxes (#5350)
• Fixed error in MailHelper::isGeneratedMessageId() (#5351)

Package Updates

[1.16.8]

• Update freescout to 1.8.217
• Full Changelog
• Fixed On-Off switch on RTL (#5352)
• Fixed "Zipper: Path traversal detected" error (#5354)
• Fixed redirect check in Helper::sanitizeRemoteUrl() (Security: GHSA-22wf-848c-c856)
• Improved sanitizing Auto Reply message (Security: GHSA-q3fh-rj9h-jfrc)
• Fixed permissions check for user Notifications settings (Security: GHSA-f489-qxv6-gvgg)
• Make user invite link expirable after 7 days (Security: GHSA-hqff-cwx7-3jpm)

Package Updates

[1.16.9]

• Update freescout to 1.8.218
• Full Changelog
• Added indexes to several tables (#5328)
• Fixed decoding ISO-2022-JP emails (#5356)
• Require DB Password and check PHP Path direcotory in tools.php (Security: GHSA-jx2w-fhmw-rg39)
• Patched PHPUnit (Security: GHSA-qrr6-mg7r-m243)
• Fixed Helper::linkify() for emails (#5362)
• Do not allow to merge convesation with itself.
• Fixed linking messages into conversations (#5372)
• Fixed fetching emails into multiple mailboxes (#5368)
• Do not log "Untrusted host" error (#5361)
• Allow to use CIDR in APP_REMOTE_HOST_WHITE_LIST (#5363)