1.8.209

Fixed

• Check customer visibility on Customer Conversations page (Security)
• Check access to mailbox when user edits customer thread (Security)
• Improve Helper::sanitizeRemoteUrl() function (Security)
• Improve sanitizing SVG images containing comments (Security)
• Include sanitized thread bodies in replies and email notifications (Security)
• Add CSP header when showing attachments.
• Hide IMAP password in fetch command debug output.
• Encrypt OAuth tokens for IMAP and SMTP.
• Encrypt modules license keys.
• Fixed iconv_mime_decode(): Detected an illegal character in input string (#5265)

Changed

• Offer TLS encryption in Fetching and Sending settings by default.

1.8.208

Fixed

• Adjust Message-ID for outgoing emails to minimize matching by Apache SpamAssassin patterns (#5245)
• Show errors on Status page when shell_exec() funciton can not be executed (#5250)
• Reduced Cc and Bcc in languages where the text does not fit nicely (#5247)
• Do not show Cc and Bcc fields by default when replying (#5247)
• Fixed incomplete object error on Status page (#5246)
• Check access to mailbox when emptying a folder.
• Improved sanitizing uploaded PDF files.
• Fixed permissions check when Following/Unfollowing conversation.
• Fixed in dependency: Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass (Security: CVE-2025-64500)
• Fixed in dependency: PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling (Security: CVE-2026-24765)
• Fixed in dependency: Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows (Security: CVE-2026-25129)
• Fixed in dependency: PsySH has Local Privilege Escalation via CWD .psysh.php auto-load (Security: CVE-2026-24739)

Changed

• Set APP_CURL_SSL_VERIFYPEER parameter to true by default.

1.8.207

Added

• Allow to Fetch and Send emails via Goole Workspace OAuth (#5241)

Fixed

• Fixed array_filter() in DB config (#5230)
• Fixed checking user authorization when changing conversation customer (#5232)
• Check user access to mailbox in empty_folder ajax action.
• Check customer visibility when merging customers.
• Add PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT to DB config (#5230)
• Fixed parsing email part's Content-Type ending with semicolon.
• Fixed "Undefined array key" error on sending reply to a Phone conversation (#5236)
• Perform sanitizing of the file name at the beginning of Helper::sanitizeUploadedFileName() (Security: GHSA-5gpc-65p8-ffwp)

1.8.206

Fixed

• Improved PHP 8.5 compatibility (#5227)
• Improved Helper::sanitizeUploadedFileName() function.
• Improved TokenAuth middleware algorithm (Security: GHSA-6gcm-v8xf-j9v9)
• Extended Helper::$restricted_extensions list (Security: GHSA-mw88-x7j3-74vc)
• Remove role from fillable User model fields.
• Set allowed_classes parameter for unserialize() functions.

Changed

• Update Customer addChannel() method (#5224)

1.8.205

Fixed

• Fixed wrong customer name after recipient change (#5199)
• Do now show CC and BCC fields when editing chat message draft (#5196)
• Fixed styles for folders having .alert class (#5216)
• Improved PHP 8.5 compatibility.

Changed

• Set max letngth for conversation subject (#5201)

1.8.204

Added

• Updated Slovak translation.
• Updated German translation.

Changed

• Remove Australia/Queensland timezone (#5175)
• Add base-uri rule to CSP tag.
• Use PHP library to fetch via POP3 instead of IMAP extension.

1.8.203

Fixed

• Fixed "Invalid byte sequence for encoding UTF-8" error on PostgreSQL on fetching (#5159)
• Make customer email in the conversation list more compact (#5066)
• Revert changes made to "Collapse email history in Gmail" to avoid problems with replies separation in FreeScout (#5136)

1.8.202

Added

• Added command.after_app_update hook (#5147)
• Show customer email in the conversations list (#5066)

Fixed

• Update folders counters when deleting conversations forever.
• Fixed "http_response_header" error in Guzzle (#5137)
• Show scroll when some customer has many social profiles (#4644)

Changed

• Rename "Headers" tab to "Email Headers" in the "Show Original" dialog (#5146)

1.8.201

Fixed

• Send email to correct customer when customer is changed (#5121)
• Collapse email history in Gmail (#5136)
• Improved PHP 8.5 compatibility.

1.8.200

Added

• PHP 8.5 compatibility (#5114)

Fixed

• Sanitize email length before saving (#5106)
• Set last_reply_at when email conversation with single Note thread is created (#5105)
• Delete attachments when mailbox is deleted (#5108)
• Fixed CacheBasedSessionHandler error on PHP >= 8.1 (#5120)