Once again we were able to remove a few security flaws and we also have two helpful new features. Let's have a look at them!
Webhooks enable the exchange between our Zammad system and third-party systems. The system can easily send ticket and article data to any URL. You want to inform another system about events of customer X or tickets in group Y? No problem!
The procedure is as follows:
- Configure a trigger that defines when it should start
- Store a destination URL and a signature token (optional)
- The target server has now received all ticket, article, group, and user data in JSON format
- The integrity of the data can be verified with an HMAC signature in the header
2. Mailbox Archive
Have you ever migrated an existing mailbox to Zammad with emails from ages ago? Then you may know the problem: if you are not careful, you will trigger an automatic reply to the sender for each old mail. Oops!
Those times are over: With the mailbox archive function, this can now be avoided. Simply import the mailbox once as an archive. In this case, no triggers are set off - and no triggers have to be deactivated. This also means that no automatic emails are sent to customers. The old emails are therefore completely "passive".
The advantage of our archive function: timestamps are retained. Accordingly, a mail from 2007, for example, will continue to be sorted under 2007 in Zammad. So it is still based on the date of origin, not the import date.
3. Technical Notes
Besides the security-related features, there is also some technical news.
3.1. Office / Microsoft 365 Authentication Change
There is news at Microsoft:
Soon, the authentication by password will be deactivated. Instead, it will be switched to a web token. (Source: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414)
This means that you need to migrate your existing Office/Microsoft 365 channels. Fortunately, the whole thing can be implemented very easily:
- Open the corresponding channel
- Start the displayed migration wizard
Attention: Your channel will only work until Microsoft enables the new type of authentication for all accounts. So don't lose sight of it!
Here we have updated the required "Scopes" (permissions) to support SSO also for Hybrid On-Premise installations.
🚨🚨 Attention: UIDs of the users supplied by Microsoft will change and can no longer be assigned! But don't worry - there is a way around this:
Enable "Automatic account link on initial logon" in admin interface -> Settings -> Security -> Third-party Applications.
That's it for Zammad 3.6! Have fun with the new features. If you have any questions, please feel free to contact us - as always - at firstname.lastname@example.org.
4: Security vulnerabilities
In the course of this release we've also resolved the following security vulnerabilities and applied the required changes for all upstream Zammad versions.
Hosted users: Your instance has been automatically updated already. No action on your part is required.
Self-hosted users: We recommend that you update your installations immediately.
The following Security Advisories have been addressed in this release.
5. Community Contribution: Webhooks
Credit where credit is due! So full disclosure: our Webhook feature is based on a contribution from the Zammad community! It just needed a bit of fine-tuning on our part to make it "zammadey". We’re super happy to see this kind of support from you guys!
So at this point, we would like to send Kudos to our community member DukeX! Thanks for your work – how amazing!
Click here to see his profiles:
Would you also like to participate? Go for it! Click here for the community: https://github.com/zammad
All improvements can be found in the changelog.
Download Zammad 3.6.0
Download Zammad 3.5.1
Information about upgrading a Zammad installation can be found here:
Your Zammad team!