4.84v Content Chunks

1. Notable changes since 4.83v

   • REST API and bot workflow: improved REST API trigger execution and request body handling with attachment support; added skipped-body debug preview; enhanced chat locking behavior for streaming and chunked responses while preserving typing indicators.
   • Widget and UI: expanded widget theme customization options (including color controls), applied theme colors to offline form, improved message delivery indicator styling, fixed height adjustments and zoom/icon interaction issues, and added support for custom nick from admin themes.
   • Notifications and operator workflow: added assignment notification preferences (assigned pending chats vs all pending chats), quick action for auto-assignment, and persistent disabling of mobile notifications.
   • Chat filters and analytics: added participant filters to chat search, improved filters and restored pagination behavior, added participant-aware export enhancements, and introduced average chat duration by agent/participant.
   • File validation and security hardening: expanded MIME type handling for common file types and strengthened uploaded file verification (including file preview upload flow).
   • Translation and UX polish: improved translation error handling and transaction flow, added operator notice for active chat translation state, and updated translations across modules.
   • Core/codebase maintenance: added new tables and schema updates, improved error/log reporting and timing diagnostics (render and DB connection timing), and modernized PHP code style in core files.

2. Summary

   • This release focuses on reliability and operator experience: stronger REST API/bot handling, better widget customization and messaging UX, richer notification controls, and improved chat search/export analytics.
   • It also includes security-oriented file validation improvements, translation workflow refinements, and core maintenance updates for better observability and long-term stability.

execute doc/update_db/update_351.sql for update

What's Changed

• Msg fix by @remdex in #2370
• refactor: modernize syntax and simplify code by @NullSablex in #2371
• 4.84v by @remdex in #2374

Full Changelog: 4.83v...4.84v

4.83v Subject archive

1. Notable changes since 4.82v

   • Chat list sorting: added sort options for highest and lowest message count in chat lists; a validation warning is shown when sorting by message count without a date range of 31 days or less.
   • Webhooks: debug mode support added to processEvent in both chat and mail conversation continuous webhook classes; new validation conditions notempty and in_list; improved error handling and logging; webhook form updated with chat ID testing and improved button styling; test pattern module enhanced with webhook ID validation.
   • Dropdown: "Select all" and "Unselect all" buttons added to multi-select dropdowns across the back-office; dropdown plugin and render helper updated accordingly.
   • Subject filter: subject filter conditions added to the chat list search panel and mail conversation search panel; department user dep logic enhanced.
   • Widget: bumped to version 272; improved screenAttributesUpdate height/width calculations for better responsiveness across screen sizes; wrapper now passes its version to the API; fixed proper termination in wrapper source.
   • Canned messages: fixed auto-uppercase breaking text input in the new rich-text editor (LHCEditor).
   • REST API: fixed authentication validator regression.
   • Chat core: added support for dashes in chat handling logic.
   • Templates: minor fixes in chat lists template and survey fill-widget template.

2. Summary

   • This release improves chat list usability with message count sorting, strengthens webhook debugging with debug mode and new validation conditions, and enhances multi-select dropdowns with select-all/unselect-all controls.
   • Widget responsiveness and wrapper version reporting are improved; canned message auto-uppercase and REST API auth issues are resolved.

execute doc/update_db/update_350.sql for update

Full Changelog: 4.82v...4.83v

4.82v Security updates, expanded widget mode

1. Notable changes since 4.81v

   • Security/file handling: enhanced MIME type validation across file download endpoints (downloadfile.php, inlinedownload.php, REST API file.php); MIME type constants added in mail conversation parser; all operator/visitor uploads validated against var folder path; resolved security issues L01, L02, L04, L05, L06, L11, L13.
   • Widget: added expand mode with configurable width/height ratios and new shrink_text/expand_text UI fields; widget communication updated to include user session prefill variables in sent messages; fixed reloadWidget function; updated wrapper version.
   • Chat search/statistics: added message count filters (operators, visitors, bots) to search panel and statistics tabs; added total messages count input field; added search by message ID range.
   • Chat tab visibility: operators can toggle chat tab visibility (show/hide chat tabs) via quick actions in user settings.
   • User settings: added auto-accept chats option and alert preference for transferred chats.
   • Variables/prefill: support for passing custom back-office vars as lhc_var variables; encrypted prefilled variables always applied; variable only set when replaceable variable is non-empty; proactive invitations now update vars when custom vars are passed.
   • Theme/translations: widget theme translate method accepts user context; REST API modules (checkchatstatus, getinvitation, initchat, onlinesettings, settings) use user context for theme translations; multilanguage support for custom fields; fetchByVid includes caching option.
   • Canned messages: refactored retrieval with getCannedMessages method; added auto_send filter and ignore_subjects parameter.
   • Extensions: support for extensions to contribute custom side-menu items.
   • Configuration: folder/directory write-permission checks added to the configuration page with per-directory success/error indicators.
   • Bot: support for background workers in REST API bot action; improved bot detection filtering.
   • Message history: previous-message loading always uses all messages when the page limit is not reached; safe inclusion of all chat messages.

2. Summary

   • This release strengthens file handling security with MIME type validation, file path checks, and resolves multiple L-series security issues.
   • Operator UX improvements include widget expand mode, chat tab visibility toggles, and richer user settings (auto-accept, transfer alerts).
   • Search and statistics gain new message count filters; extensions gain custom side-menu support; theme translations now respect user context.

3. Contributors

• L01: SSRF via incoming webhook image download (CWE-918)
• L06: Mass assignment in REST API file PUT leading to arbitrary file read (CWE-915, CWE-22)
• L11: Stored XSS via Content-Type spoofing in file upload (CWE-79, CWE-345)
• L13: Unsafe deserialization in configuration loader (CWE-502)

Vulnerability Researcher: Pedro J. Núñez-Cacho Fuentes (https://blogs.tunelko.com)

execute doc/update_db/update_349.sql for update

Full Changelog: 4.81v...4.82v

4.81v One-Time proactive invitations

1. Notable changes since 4.80v

   • One-time proactive chat invitations: new DB table lh_abstract_proactive_chat_invitation_one_time tracks which visitors have already seen an invitation, preventing repeat displays.
   • Proactive invitations: cleanup logic added for stale one-time invitation records; widget now records when a one-time invitation is shown; edit module enhanced with custom actions for proactive invitations.
   • Captcha: added provider-based captcha support — Google reCAPTCHA v3 and Cloudflare Turnstile are now both supported with a shared validation layer (CaptchaValidator, erLhcoreClassUserValidator).
   • Captcha admin UI: provider selector with provider-specific field sections; shared key labels across providers; CSRF redirect fix.
   • Translation system: UX improvements for automatic translations; operator and visitor message translation differentiated; messages with existing translations are now skipped; translation configuration UI updated.
   • Bot/Widget: custom HTML buttons and bot buttons are now disabled when a form is in progress status; alert messages added; placeholder for name field in widget start form.
   • Editor: fixed infinite loop issue in the new rich-text editor (LHCEditor).
   • Dashboard: removed legacy old dashboard; cleaned up related options and switch logic.
   • Security/permissions: added permission access checks in block user, hold action, transfer chat, and chat widget closed flows.
   • PHP 8.5 compatibility: resolved deprecation and compatibility issues.
   • Translations: updated translation catalogs including new captcha-related and translation-workflow keys.

2. Summary

   • This release introduces one-time proactive chat invitations, a flexible multi-provider captcha system, and several translation workflow improvements.
   • Includes editor stability fixes, dashboard cleanup, PHP 8.5 compatibility, and stricter permission checks across chat action endpoints.

execute doc/update_db/update_348.sql for update

What's Changed

• feat(captcha): add provider-based captcha support (Google v3 + Cloudflare Turnstile) by @NullSablex in #2364

New Contributors

• @NullSablex made their first contribution in #2364

Full Changelog: 4.80v...4.81v

4.80v Guardrails multilanguage

1. Notable changes since 4.79v

   • Message content protection: added language-specific warning message support for ghosting/masking rules.
   • UI (back office): redesigned message protection warning editor with multilingual tabs and per-language message fields.
   • Runtime masking: warning text can now be translated by chat locale (full locale and short locale fallback).
   • Data/model layer: added languages persistence support in lh_abstract_msg_protection model/POS mapping.
   • Frontend cleanup: simplified multilingual tab content rendering in Svelte component used by admin forms.

2. Summary

   • This release extends message protection rules with localized warning messages and wires the full stack (DB, model, UI, and runtime locale resolution).

execute doc/update_db/update_347.sql for update

Full Changelog: 4.79v...4.80v

4.79v Conditions checking improvements

1. Notable changes since 4.78v

   • Abstract/Back office: added subject filter options (Name, Pinned, Internal) and corrected autoresponder filter form routing.
   • Cloning: added generic abstract object cloning support and user clone action in user list.
   • Bot & proactive invitations: expanded condition operator support (( and ||) and added more proactive invitation condition checks.
   • Mail conversations: improved reliability of ticket fetch/send flow, better scheduled-state handling, and replaceable variable support for send e-mail templates.
   • Chat/Webhooks: enhanced chat state tracking and logging across chat validators, dispatchers, and webhook handlers.
   • Forms & UI: added reusable custom form args, extension-specific login sizing, theme existence checks, online users attribute fixes, and widget cache/version updates.
   • Translations: updated translation packs, including Japanese language/default translation updates.

2. Summary

   • This release focuses on reliability improvements in mail/chat workflows and stronger bot/proactive condition handling.
   • It also includes operator-facing UX improvements (filtering and cloning) and broad translation/frontend update refreshes.

execute doc/update_db/update_346.sql for update

Full Changelog: 4.78v...4.79v

4.78v Bot short name

1. Notable changes since 4.77v

   • Bot: support for bot short name.
   • Message masking: mask last message from visitor.
   • Webhooks/Conditions: support additional comparison variables and accept all params for condition checks.
   • Events: included more information for main chat attributes change event.
   • Debugging: added debug message handling inside chat messages.
   • Guardrails: added whitelist support for phone guardrails.
   • Misc: small typo fixes.

2. Summary

   • Improvements across bot, webhooks, and message masking to increase reliability and observability.
   • Several small bug fixes and developer-facing debug improvements.

execute doc/update_db/update_345.sql for update

Full Changelog: 4.77v...4.78v

4.77v Various improvements

1. Features

   • Add Auto-Submitted header to mail actions (automatic mail handling improvements).
   • Chat messages preview modal with backend support for message previews.
   • Chat widget updates: improved integration with third-party iframes, scroll-to-last-message on show, and refactor of widget internals.
   • Migration and build updates: Svelte 5 migration, Node 22 (bot/node) updates, and package upgrades.

2. Fixes

   • Do not mark our own responses as undelivered (prevents false undelivered status).
   • Ignore auto-submitted e-mails as new to avoid duplicate imports.
   • Fixes for issues reported (e.g. #2359, #2357) and improved error logging (#2347).
   • Various UI/UX fixes: React parsing issue, height flickering, trigger body object support, and trimmed/encoded URLs.
   • Mail handling: do not set custom from-email unless explicitly provided; set custom recipient handling improvements.

3. Performance & Reliability

   • Avoid loading/fetching message bodies when not required (reduce unnecessary DB/IO work).
   • Use static version cache for assets and additional cache improvements.
   • Check and respect rfc822 body presence before processing.

4. Compatibility & UX

   • Support for older browsers and related compatibility fallbacks.
   • UX improvements for canned messages dropdown and related interactions.

5. Chore/Dependencies

   • Dependency and package updates across frontend and backend (React/Node/bot tooling and other packages).
   • Miscellaneous maintenance: hashed payload handling, migration tweaks, and merge/cleanup commits.

execute doc/update_db/update_344.sql for update

What's Changed

Full Changelog: 4.76v...4.77v

4.76v Tabs history

What's Changed

1. Mail Conversation System Enhancements

   • Added pending import functionality for mail import retries with automatic retry mechanism
   • New lhc_mailconv_pending_import table for tracking failed mail imports
   • Manual import interface for retrying failed email imports
   • Improved IMAP retry logic for handling temporary failures

2. Message Masking and Security

   • Added message ghosting for sensitive information protection when guardrails are enabled
   • Operators without permission to see full messages will not see just-sent messages
   • Enhanced regex rules with optional name field and optional replacement variable
   • Additional masking options for PII protection
   • Improved guardrails validation for sensitive information

3. Widget Theme Configuration

   • Added wtop option for widget position from top spacing control
   • Enhanced widget positioning options for better layout flexibility

4. Tab Navigation and UX

   • Improved tab state persistence for chats and mails
   • Direct API implementation for remembering tab states
   • Enhanced tab navigation across multiple interfaces

5. Pre-chat Form Conditions

   • Added conditions support for maintenance mode in pre-chat forms
   • Enhanced validator logic for conditional maintenance mode display

6. Developer Documentation

   • Comprehensive copilot instructions reorganization
   • Added detailed integration points documentation
   • New data flows, testing strategies, and security model documentation
   • Domain-specific guides for API, auth, bot, caching, config, data-layer, departments, events, extensions, routing, UI, and users

7. Bug Fixes and Improvements

   • Improved error handling for robustness and better user experience
   • Enhanced cache management and clearing functionality
   • Various sync and performance improvements

Full Changelog: 4.75v...4.76v

4.75v Message content protection/guardrails

1. Tab Navigation and UX Improvements

   • Added data-remember attribute to tab navigation elements across multiple templates for better state persistence
   • Implemented Safari browser support for tab navigation
   • Enhanced replaceable variables UI with remembered tabs functionality

2. Bot System Enhancements

   • Added 'Keep chat locked' option in bot action text to maintain chat lock from visitor messages
   • Refactored condition handling in bot workflow to support JSON parsing for dynamic conditions
   • Enhanced attribute filtering in bot action text with improved non-empty value processing
   • Updated CURL building UI for better usability

3. Mail Conversation System

   • Added signature fetching functionality with AJAX endpoint for improved email handling
   • Added button to append fetched signature to email templates
   • Enhanced input field layout for better usability and accessibility

4. Bot Conditions Form

   • Added datalist options for filter fields in conditions form with predefined options
   • Options include Chat ID, Status, Department ID, User ID, Email, Phone, Nickname, and Country Code

5. System and Configuration

   • Added ability to clear cache from command line
   • Implemented opcache cache clearing functionality
   • Added fallback if default config file is not found
   • Inform operator when external operator is writing messages

6. Performance Optimizations

   • Various performance optimizations in core components
   • Improved command title handling as argument
   • Enhanced proper checking mechanisms

7. Bug Fixes and Improvements

   • Removed unnecessary variable declarations
   • Various sync improvements

execute doc/update_db/update_342.sql for update

What's Changed

Full Changelog: 4.74v...4.75v