ServiceDesk Plus ReadMe

Requests :

• SD-110726 : In release and request notifications, request description, and resolution, data exceeding 7KB will be stored as a file in database

Vulnerability :

• SD-106148 : CVE-2022-47966 : Pre-Auth RCE vulnerability when SAML authentication is enabled

Vulnerability :

• SD-103631 : CVE-2022-35403 : Path traversal vulnerability while processing inline images.

• SDF-99157 : Images inserted in the description of tasks, problems, changes, projects, and solutions can now be previewed from the details page.
• SDF-99147 : Improved login flow in embedded live chat.
• SDF-100286 : The failed users list in AD full sync import is now attached as a CSV file in the notification.

Vulnerability :

• SD-100536 : Sensitive information leakage in an admin REST API URL
• SD-100638, SD-100691 : log4j framework jar version is upgraded to 2.17.1.

Requests :

• SD-100216 : Requests field and form rules using inbuilt setDescription script does not work if null is passed as parameter.
• SD-100255 : In the list view of request tasks, the values displayed under Start Time and End Time column overlap the adjacent column values.
• SD-100284 : The announcement details are displayed at the top of the request details view and list view pages while assigning a technician/group/site, or closing a request, or marking FCR after creating an announcement.

Solutions :

• SD-99912 : Unable to attach files to solutions configured without expiry date but with review date.

Purchase :

• SD-100289 : Contents of purchase order email notifications to the owner/vendor are misaligned.

Admin :

• SD-99870 : The requests created via Microsoft Teams have an empty description if certain template customizations are configured.
• SD-100264 : The instance name and description are truncated on the ESM Portal page if the display settings is set to scale at 100% or if the browser is zoomed out.
• SD-99987 : In Self-Service Portal settings, able to configure the Acknowledge approver of the approval action performed option, even if the Allow approvers to perform approval actions by replying to the approval email option is disabled.
• SD-100633 : Typo error in the phrase Mandate support group for initiating a new chat under Admin > Chat Settings.

General :

• SD-100328, SD-98983 : Unable to upgrade ServiceDesk Plus if Windows Authentication is used to connect to Microsoft SQL Server.
• SD-99843 : In Linux machines, unable to install free version of ServiceDesk Plus Standard edition via console mode.
• SD-99911 : Error occurs while clicking AD user deletion notification in Chinese setup

• SDF-99099 : You can now increase the number of assets fetched via global search by updating the "paramvalue" for the entry below in the GlobalConfig table.

  category = "Asset_Workstation_Global_Search"
  parameter = "searchLimit"
  paramvalue = "<any_value_up_to_1000>"

  Note : For better performance, it is recommended to set the paramvalue to the default count of 500.

• SDF-99062 : Contract custom report now supports Description and Support columns in the column chooser.

Changes :

• SD-99250 : Pre-approved changes are not automatically approved in the approval stage in some scenarios.
• SD-98955 : Unable to sort change requests based on Completed Time from the global search list view page.
• SD-99529 : In Changes configured with a workflow, deleting an approver does not result in auto approval of the change stage.
• SD-99139 : Unable to schedule the next review date for Changes in the Firefox browser.
• SD-99292 : When a change proceeds to the next stage via approval without satisfying closure rules, alert notification is not thrown.

Solutions :

• SD-99499 : Content overflows for the Topic Name field in the Add New Topic and Change Parent forms under Manage Topics in Solutions.
• SD-99526 : Global search results in the Solutions module are not listed based on relevance.

Assets :

• SD-99038 : While adding workstations/servers via web form, the NIC address added in Network Adapter details is not retained under the Hardware tab in the workstation or server details page.
• SD-77914 : Unable to add relationships between Virtual Hosts and Virtual Machines via V3 API.
• SD-99302 : Asset ownership details are removed during auto site allocation.
• SD-98990 : Error thrown while accessing a group if the technician is assigned to more than 1000 sites.
• SD-98074 : In assets, allowed Virtual Machines and Installed Virtual Machines are not listed in the details page of a Virtual Machine host.
• SD-59463 : Unable to update switch details via Asset scan.

CMDB :

• SD-98369 : Some of the CI relationship entries are missing in the list view under the Relationships tab when multiple CIs are added under different relationship types with same relationship name.
• SD-99685 : Unable to add relationship between two CIs when the CIs have same names and are located in different sites.

Admin :

• SD-99232 : IP address is not displayed under the Subject Alternative Name attribute after a SSL certificate is imported.
• SD-98396 : Invalid key exception is thrown during backup if the user changes the database server and reverts to the initial database server without running the application.
• SD-99540 : User import from the Active Directory fails if the predefined password for Local Authentication does not meet the password policy set under Security Settings.
• SD-98409 : Improved description content for the EnableCMDB role under Admin > Users > Roles.

General :

• SD-99260 : Unable to start ServiceDesk Plus due to hinderance in starting an internal service, when proxy settings are disabled.
• SD-100295 : In versions 12004 and above, restore process fails due to missing i18n files in the backup.
• SD-99618 : An error occurs when accessing Admin, Reports or Community pages if configuration files relating to Advanced Analytics integration go missing.

Vulnerability :

• SD-99071 : Sensitive information leakage in ServiceDesk Plus - DC integration page, SCCM configuration page, and Domain scan page.

Requests :

• SD-99080 : Alignment of single column additional field gets truncated in print preview of a request.
• SD-99238 : In request details page, conversations containing HTML tables is distorted.
• SD-99559 : Executing API call to obtain request meta data invokes redundant queries.
• SD-99553 : Executing API call to obtain meta data of custom function invokes redundant queries.
• SD-99256 : Customizing request list view by adding or removing columns is not working when the number of unselected columns exceeds 300.
• SD-99225 : Request creation via email is not working when the email is sent to a group email address of an inactive site.
• SD-99839 : In version 12000 and above, breakage in custom trigger notifications configured with Reporting To and Org Head roles as recipients.
• SD-100245 : Groups are not populated in the Group drop-down for some sites.

Tasks :

• SD-99053 : In task list view and task details page, the placeholder texts Days, Hrs, and Mins are not getting translated when the application language is set to browser default language in non-English environments.

Project :

• SD-99655 : Query to fetch the user details is executed every time a user without default project role accesses the application.

Admin :

• SD-99145 : Unable to edit business rules and custom triggers in Non-English setups.
• SD-96832 : Unable to insert links to the custom trigger notification template.
• SD-99210 : The Assign option in the task template does not work properly in Non-English setup.
• SD-99108 : Error thrown while viewing task dependencies in incident/project templates. The issue occurs only when a task template associated with the incident/project template is deleted.
• SD-99479 : When multiple support groups with the same name are present across various sites, the group name is not displayed in task templates if one of the support groups is inactive.
• SD-99234 : Unable to set default values for the site, group, and technicians fields via field customization popup in incident templates during the first attempt.

General :

• SD-99720 : Theme color is not applied to the footer in the Raise a Request catalog.
• SD-99291 : Non-compatibility message in Internet Explorer is not prominent enough.
• SD-90704 : An error is thrown when the size of deluge script source code exceeds 8000 bytes in setups that use Microsoft SQL Server.

Vulnerability :

• SD-96556 : User enumeration vulnerability in login page.

Home

• SD-98611 : My Approvals widget is missing in Home tab for users after migrating to 12000 build.
• SD-99110 : Unable to search incident and service templates from the home page after searching the templates in the Report a Service and Report an Issue pages. The issue occurs only in the requester login.

Requests :

• SD-98618 : Request auto approval does not work if the approvals are added via custom trigger.
• SD-98701 : Unable to create a request using default template if a service category associated with the default template is deleted.
• SD-98776 : Unable to archive requests if the approvals are configured using older data model and if the approvals are present in Changes.
• SD-97062 : The customized text in a request resolution is not retained when the request template is changed.
• SD-99049 : Search autocomplete is deprecated in the request list view filter drop-down.
• SD-98951 : Error thrown while searching for a user in the Editor field from requester login.
• SD-98985 : Error thrown on executing script from custom triggers, custom menus, and custom schedules in some cases.
• SD-99142 : Split request operation fails if the default template does not have a Group or Technician field.
• SD-98664 : Requester field search is not working in the new/edit request form, if the search fields are configured via Global Config table.
• SD-93435 : During request bulk edit, the mandatory field alert is thrown while closing a request even after all fields are filled in.
• SD-98810 : The notification message is not aligned properly while resending notifications from request conversations.
• SD-98779 : Incorrect error message is displayed while creating a request if the requester does not exist in the service desk instance.
• SD-98814 : While associating assets to a request, the All Sites filter is displayed instead of Not associated to any site filter if the asset count is high.
• SD-98552 : When request templates contain mandatory fields that are hidden from requesters, the requests do not move to On Hold status automatically when approval is pending despite the necessary configuration in the self-service portal settings.
• SD-98687 : When an org role is removed from an approval stage in request templates, other org roles associated with the same stage are also getting removed erroneously.
• SD-98307 : White space appears in the request template while adding or editing a request if all the fields in a section are hidden via Field And Form Rules.
• SD-98492 : When selecting approvers in request form, user approvers are appended with org role values in certain scenarios.
• SD-98302 : An error is thrown when Is Shared and Update Reason columns are chosen using the column chooser in request classic view.
• SD-98686 : Request kanban view does not load when the list is sorted based on multi select fields.
• SD-97933 : If the technician selected in new/edit request form is not associated to any site, the Site drop-down displays all sites configured in the application.
• SD-98775 : Incorrect SLAs are applied to request when an SLA has multiple query IDs.
• SD-98388 : Unable to update the Status field or use Request Life Cycle (RLC) transitions when a Field and Form Rule with add/remove status actions is configured for an RLC-associated template.
• SD-95698 : The default Group value configured in the request template is not getting updated based on the requester's Site value.
• SD-98106 : The template default values for Group and Technician fields are not getting populated if the template was updated via a business rule.
• SD-98690 : Unable to search for assets in add/edit request forms when the Show only associated assets option is enabled in the Self-Service Portal Settings and the asset count exceeds 100.
• SD-98716 : Request Custom Triggers configured for reply received event do not work even if the criteria is satisfied. The issue occurs when the logged-in user cannot access the field configured in criteria.
• SD-92787 : Performance issues in field and form rules for requests.
• SD-97635 : Breakage in field and form rule configured on form load to remove fields based on the selected site.
• SD-98954 : Unable to close the keyboard shortcuts pop-up using the Esc key.
• SD-97489 : Unable to add or edit the following fields via email commands:
  • Subject
  • Description
  • DueBy Date
  • First Response DueBy Date
  • Callback URL

Changes :

• SD-88116 : In requester login, an error is thrown when a change associated with a request is accessed from the request details page.

Projects :

• SD-79541 : The text size of the content under Projects Gantt View is smaller.
• SD-98497 : Additional field goes missing in the Projects List View page if the list view is not personalized before adding the additional fields.

Assets :

• SD-99580: The error messages and troubleshoot messages displayed with respect to Endpoint Central (formerly Desktop Central) functionalities are improved.
• SD-98499 : Data is not populated for the Warranty Expiry Date field in Workstation and Server while pushing data from remote server to central server.
• SD-99247 : DC agent based scan takes longer than usual when the scanned device matches a scan disabled asset.
• SD-97970 : Endpoint Central (formerly Desktop Central) Agent version is missing in Asset details page.

Purchase :

• SD-98615 : In purchase request details page, the scroll bar in the Requested Items section is hidden if the item description is too long.

Contracts :

• SD-98494 : The horizontal scroll functionality is missing in the contracts list view despite adding multiple additional fields to the list view via the column chooser.

Admin :

• SD-98702 : The HTML content in emails appear as plain texts if the emails are fetched via Exchange Web Services (EWS).
• SD-99070 : Request push notification statuses (excluding approval notifications) are not updated in the notification panel if the request is viewed from the details page.
• SD-99582 : Resource sections height is not adjusted when Show/Hide Field action is applied via Field And Form Rules.
• SD-98363 : Personalization does not work properly for time related fields if a timezone is selected.
• SD-98973, SD-98800, SD-98765 : Unable to customize notification templates under Admin > Helpdesk Customizer > Notification Rules in Standard Editions of ServiceDesk Plus.
• SD-98712 : In business rules, the tool tip for enable/disable toggle button displays incorrect text in certain scenarios.
• SD-98860 : In versions 11304 and above, scheduled backups are not automatically deleted even after the duration to retain the backups is completed.
• SD-99567 : Image preview in product tour is not clear.
• SD-50977 : Unable to select an e-mail address with apostrophe in the Email IDs to notify field while creating a request.

Reports :

• SD-71944 : Some separator lines are not visible in a tabular report when exported as PDF file.

Mobile App :

• SD-99910 : The Apple push notification certificate is updated.

General :

• SD-98873 : Unable to log in to ServiceDesk Plus via Internet Explorer.
• SD-98763 : An email ID with a valid OAuth login credential of another user gets saved when OAuth is configured for Zoho Analytics Integration.
• SD-49521 : Recently accessed requests are not getting removed from Recent Items even after deletion.
• SD-99607 : Telephony Integration : The Add as Requester option in the call pop-up is not working for technicians without SDAdmin role.
• SD-99119 : Unable to start ServiceDesk Plus after silent installation in Linux environments.
• SD-99556 : Performance issue in retrieving theme settings from database.
• SD-98935 : Unable to start the application in some cases when the pg_hba.conf file is customized.
• SD-98908 : MSSQL backup is interfered during application data backup.
• SD-99231 : In MSSQL setups, the application backup process fails for users with lesser database privileges.
• SD-99265 : Application backup fails when the database name contains '-'.

Vulnerability :

• SD-99853 : CVE-2021-44526 : Authentication bypass vulnerability in certain admin configurations.
• SD-99811 : Remote control history and summary can be added without proper authentication.

Vulnerability :

• SD-99665 : Unauthenticated file uploaded (only .tmp files) to windows temp directory

Vulnerability

• SD-98475 : Domain user enumeration vulnerability in login page reported Oscar Ridderheim.
• SD-98506 : Cross site scripting vulnerability in Secondary Email ID(s) field under Add/Edit Users form reported by Kailash Bohara.

Requests :

• SD-96824 : Site description character limit is increased to 2500.
• SD-98008 : Custom triggers are executed twice when approved or rejected is set as execution action and While a request is waiting for approval, stop the timer and set request status to onhold is enabled in the Self-Service Portal.
• SD-98177 : Canceled is not listed in the Status drop-down while bulk-editing requests.
• SD-97496 : Unable to assign technicians in Preventive Maintenance Task templates configured for site with 'Refer to' settings.
• SD-97509 : In certain scenarios, first response time is not updated after the technician responds to the request.
• SD-97591 : When creating a request for on behalf of user, the corresponding assets are not auto-populated in the asset field.
• SD-96045 : Leading space goes missing while selecting and deleting a word in the description field. The issue occurs in Chrome and Edge browsers.
• SD-97457 : Requesters are able to view all the assets from the Asset field while creating a request, even if the Show only associated assets is enabled in Self-Service Portal Settings.
• SD-98359 : Unable to process request/conversation attachment via mail if the attachment file name exceeds 255 characters.
• SD-97351 : The support groups are listed under the technicians details/edit page even after changing the site settings to refer.
• SD-97840 : Unwanted space is appended besides HTML tags when string characters are enclosed within special characters in Notes.
• SD-98194 : Browser page freezes when a pick list value is edited in a request and the pick list contains large number of options.
• SD-98176 : If the same user is configured as technician and requester for a request and another user replies to the request via email, the request is not indicated in bold font.
• SD-98010 : In the self-service portal, the user details pop-up for the on behalf of user is getting incorrectly populated with the logged-in requester details.
• SD-97869 : Updating inline images or any content at the end of the Description field is not getting captured in request history when the description filed content contains more than 64000 characters.
• SD-97020 : Field and form rules configured over the On Field Change events for the Priority field are getting applied when the priority matrix is also configured.
• SD-98387 : Unable to share requests with requesters or technicians when the requests are accessed via the kanban view.
• SD-98063 : Options for UDF fields are getting listed in alphabetical order in the request spot edit and mandatory field pop-ups.
• SD-98073 : Requests are not getting closed when updating Status along with other fields mandated by closure rules via the EditRequest email command.
• SD-98878 : Request custom trigger is not executed if the criteria is set to approved/rejected and the approver does not have view permission for the request.

Changes :

• SD-98410 : Error thrown on adding a user as CAB member from a site where the logged-in user is not associated with.
• SD-98689 : When configuring a change approval level, the Auto-approval rule (%) field is getting populated with all values irrespective of whether a workflow is configured or not.
• SD-96865 : The default description for the Significant change type has been updated to "Changes with high impact, usually approved by CAB members".
• SD-97135 : To address of an incoming email is appended as To address of a reply email while replying to an email in Changes.
• SD-98227 : Unable to access the change non-login approval link in certain scenarios.

Solutions :

• SD-95439 : In request resolutions copied from solutions, non-english file names of attachments is garbled.
• SD-96871 : Unable to add solutions in ServiceDesk Plus instances after migrating to 11200.

Assets :

• SD-99295 : Inline search issue of CI attributes in the Assets and CMDB List View pages.
• SD-98563 : The Label and Description fields in Asset-Additional Fields and Workstation-Additional Fields are encrypted if the field value contains special characters. The issue occurs if the Save button is clicked for the second time after adding a new additional field.
• SD-98215 : Unable to search mobile devices using IMEI and SerialNumber in Global Search for Assets.
• SD-95073 : Asset Owner is not retained on modifying the CI type of an asset.
• SD-58416 : Translation issue in Firewall details page.
• SD-97070 : Unable to view the CI details from the Asset/Workstation relationship tab in the Professional edition. This issue occurs if the CMDB module is not enabled.
• SD-80737 : An irrelevant alert message is thrown while searching a workstation under Asset.
• SD-73396: During scan, the Red hat machines are not added as Linux workstation/Linux server CI types. This issue occurs if the operating system name does not contain the keyword Linux.
• SD-98114 : Unable to update asset fields via Update CI API operation.
• SD-96462 : Web RDP sessions are not shown in the asset history.
• SD-98364 : Introduced All States option under the All Assets drop down in the Assets list view page to filter the assets from all states.
• SD-95554 : Added proper alert message to convey that custom software CI types cannot be deleted when they are already in use.

CMDB :

• SD-97987 : The software list view in CMDB displays csv import option, which is misleading.
• SD-98628 : Asset and CMDB Asset list views are loading slow.

Purchase :

• SD-82805 : When a PR is associated with a PO after its creation, the PO items are excluded and only the PR items are marked as received.
• SD-96608 : Unable to create Purchase Order from Purchase Request when an software other than Managed type is selected as the PO item.
• SD-97481 : The purchase order ID is displayed instead of purchase order number in the asset details page.

Admin :

• SD-97228 : In business rules, the criteria does not list departments when the selected site is configured with 'Refer to' settings.
• SD-98118 : Inactive support groups and support groups with refer site configuration are listed along with active groups in technician details and edit request pages.
• SD-97766 : Unable to add PM tasks when a deleted service additional field is not removed from the corresponding table.
• SD-97446 : Unable to bulk-delete credentials from the Credential Library as the default Cisco Phone Credential is also selected.
• SD-97950 : If a rule group contains a business rule with inactive notification action, the business rules after the inactive rule are not executed.
• SD-69068 : Users are able to add duplicate values in asset additional fields of pick list type.
• SD-97665, SD-97223 : Multi-factor authentication fails when password reset is enforced for users during the first login.
• SD-97934 : Unable to create a request via preventive maintenance task if the additional fields configured in the preventive maintenance task are removed.
• SD-92684 : Irrelevant information is displayed in the Reset Password window while resetting the user/technician's password.
• SD-68650 : Web remote help card content is not translated in non-English setups.
• SD-70393 : Unable to disassociate a user from the Owned by field in the Support group edit page.
• SD-98695 : Database maintenance activity gets executed a day prior to the scheduled day.
• SD-97977 : Failure in reindexing healthmeter displays an error.

Reports :

• SD-97338 : Unable to generate custom reports if the displayed column name exceeds respective column limit in the database.
• SD-98707 : While exporting custom reports as CSV or PDF files, the fields containing non-English language values are broken.
• SD-39539 : Everyday/Every Month check box is selected automatically on selecting a day/month in Weekly/Monthly reports under Reports > New Schedule Report.

Mobile App :

• SD-96965 : The request details are not displayed for an approver in the mobile application. The issue occurs if the user does not have permission to view the request.

• SD-98725 : Fail over service (FOS) is not getting started after upgrading to build 11307.
• SD-97300 : The external widget title in the technician home page does not support non-English characters.
• SD-97298 : Unable to input more than 100 characters as parameter values in Custom Functions.
• SD-94113 : Reporting To field is not imported if the UserPrincipalName attribute is null in Active Directory.
• SD-93827 : User import from AD fails if the AD server is not pingable.
• SD-91688 : While previewing file attachments in the resolution of a request, the preview window displays corrupted data.

Requests :

• SD-98075 : Attachments are displayed along with HTML tags before submitting a request resolution.

Purchase :

• SD-98600 : In versions 11306 and above, the approval link in Purchase Order approval notification is broken for some users.

Mobile App :

• SD-91345 : The UI screen on the mobile app is rendered differently on the request approval details page.