ManageEngine ServiceDesk Plus – Build 9405 Released

Behaviour Changes in 9405

• SD-70241: Jespa log accumulation is cleared during server startup.

Issues fixed in 9405:

Vulnerability Issues:

• SD-70609: Vulnerability in distributed asset scan list view is fixed.
• SD-70604: Able to add and update requester details by CSRF vulnerability.
• SD-70606: Able to configure the Windows agent by using the CSRF vulnerability.
• SD-70607: Able to add custom schedules by using the CSRF vulnerability.
• SD-69186: Vulnerability in request collaboration is fixed.
• SD-68638: Vulnerability in user roles is fixed.
• SD-68373, SD-69384: Vulnerability in logs is fixed.
• SD-68230: Vulnerable content in merge request pop-up is fixed.
• SD-68214: XSS vulnerability in the logged-in technician pop-up is fixed.
• SD-68125: Vulnerability in solutions is fixed.
• SD-68112: Vulnerability in archived requests is fixed.
• SD-68007: Vulnerability in reply template is fixed.
• SD-67814: While importing projects, if the file name has script tags, then it is rendered empty with an alert message.
• SD-67802: Not able to view the imported solution that has XSS characters.
• SD-67533: Vulnerabilities in the AjaxServlet is fixed.
• SD-70382: Vulnerability in password configurations is fixed.
• SD-69972: Vulnerability in generating API keys is fixed.
• SD-69491: Vulnerability in attachments is fixed.

Home:

• SD-68213: Characters (‘<‘ and ‘>’) are replaced by (‘&lt;’ and ‘&gt;’) in the back up technician drop-down while a assigning back technician rule under Scheduler>>Back up Technician.
• SD-66615: Exceptions occurs while adding or viewing tasks from the home page.
• SD-70419: Error occurs while approving a request from the home page.
• SD-69817: Task Owner is not displayed when the edit icon is clicked from Comments/Work log/History tabs under Home–>Tasks.
• SD-70623: In the home page Scheduler, technicians with ‘&’ in their names, when marked on leave continue to list in the backup technicians drop-down.

Tasks:

• SD-70047, SD-70171 : Add worklog page is blank for requesters with add/view task permission.
• SD-69024, SD-70440 : Description content in the task notification is displayed without line breaks.
• SD-70720: Encoded characters are present in subject field of the task notification email.

Request:

• SD-69131: Under service request’s resource questions if the answers have a colon(‘:’) between numeric values (E.g,10:30), then it is not getting saved.
• SD-68115: Diff updates are not mentioned in the history tab if a resource section of a service template is updated multiple times.
• SD-66739: In some cases, diff updates related to checkbox questions in the resource field of a service template are not captured in history.
• SD-70454: Unable to create purchase request from service request when priority is High or Medium or Low.
• SD-70413: When the approval configuration ‘Do not assign technician before Service Request is approved’ is enabled, then the original technician is assigned via service template instead of backup technician after the service request is approved.
• SD-70385: When a signature variable is included in the ‘Notifying for Approval’ notification template through a non-login view, an approval notification is not send to next level approvers automatically after the current stage is approved.
• SD-70356: Unable to perform a column search in request list view with two parameters.
• SD-69880: Expand/Collapse option doesn’t work in the History tab of any tasks under Requests.
• SD-70752: When technicians who are not SDAdmins add/edit resolutions to requests, they are unable to select and use resolution templates.
• SD-70741: When technicians who are not SDAdmins reply to requests, they are unable to select and use reply templates.
• SD-70521: When incoming emails with images are addressed to two custom groups with different aliases, they are created as two requests, but images appear only in one request.
• SD-70579: Requesters are able to delete approvers under the Approval tab of incident requests.
• SD-69279 : Text wrap is not applied for archived log’s description in the work log list view.

Asset:

• SD-70717: When a software, initially with unspecified CI type is edited and saved, the CI type is set to null.

Reports:

• SD-66855: Task description field is missing in the custom reports for tasks.

Admin:

• SD-69050: Alternative email ids of the requesters listed in the CI info tab are encrypted twice.
• SD-68721: If any user group is saved without criteria, then user group specific service templates are not available for requesters.
• SD-68139: Mail fetching is stopped while receiving a push notification.
• SD-63913: If the TLS 1.0 is disabled in the mail server, then the mail fetching stops.
• SD-70442: Closure code and closure comment values for Resolved status are not maintained when the request is auto-closed.
• SD-70367: Support group’s site ID in CI table of a referred site is updated as Null when default support group’s site is updated.
• SD-69449: Unable to import users from AD if all the required OUs are selected.
• SD-69794: V1 GET_WORKLOGS API doesn’t respond properly if the worklog field contains special characters.
• SD-70708: In privacy settings enabled builds, when users try to delete technician accounts accommodating special characters, the names appear broken in the anonymizing window.
• SD-70697: In privacy settings enabled builds, users are unable to delete technician accounts when their anonymous names hold the character, ‘%’.
• SD-70533: Mail fetching is ceased in large environments.

Others:

• SD-69436: While accessing AjaxServlet using an invalid argument, blank page with a ‘null’ text is displayed
• SD-70620: Users are able to upgrade the build to a higher version while running the server which results in a partial upgrade error.
• SD-70619: Users are able to proceed with the build upgrade after an exception error (for current and upgrade versions being the same) is thrown and this results in a partial upgrade error.