iTop Essential - Change Log

• 3.1.0-3 : N°6710 - 6716 - Performance issue and high memory consumption on operation on Persons and Ticket classes (ex data synchronisation)
• 3.1.0-2 : N°6618 - Fix crash due to router's cache containing an integer instead of an array
• 3.1.0-1 : official release number, 3.1.0 was never published.

• N°3200 - New “Filter list…” icon on datatables widgets
• N°6147 - Filter list : tooltip and new action
• N°3190 - Edit n:n LinkedSetIndirect in object details using a tagset-like widget
• N°1212 - Bulk actions on links attributes of an n:n relation
• N°803 - Allow display & edition of attributes on n:n relations on Portal
• N°6398 - Portal: Allow linkset visible attributes to be limited to attributes defined in a zlist
• N°5972 - Allow User creation in Pop-up from details of a Person
• N°6347 - 1:n Add nice french dico entry on standard 1:n relationship
• N°6339 - n:n Add nice french dico entry on standard lnk
• N°6223 - 1:n & n:n - Pop-up creation/edit: set key to host in read-only
• N°6219 - 1:n Read: tooltip, modal title and message on Add-Edit-Remove-Delete
• N°6212 - Report Target class info on Trigger, so it can be displayed in complementary_name
• N°6154 - n:n Read - tooltip, confirmation title and message on Add-Edit-Remove
• N°6153 - n:n - Polish edition in Tagset
• N°5976 - Add modal creation for linksets displayed with tagset-like widget
• N°6148 - Add icon on Ticket class standard datamodel and other classes
• N°5920 - Add linkset's description as corresponding tab's tooltip in object details
• N°3213 - Order transition attributes as in the “details”
• N°6200 - Harmonize menu entries
• N°5042 - “Problem” tickets display is inconsistent with other types of tickets
• N°6392 - New icon for adding a search criteria
• N°6203 - Improve standard DM to use overcard and complementary name
• N°6159 - Improve Mail Notification display (columns, status, fieldset, tooltips)
• N°5908 - Add a description on “known error” tab on UserRequest and Incident
• N°6357 - Prevent entering same password on change user password
• N°4838 - Redirect to login page automatically on logoff
• N°6240 - Improve display of picture in read or edit mode
• N°5971 - Prevent changing the Org of a Person having Portal User with Allowed Orgs
• N°6338 - Add organization and location on standard classes: all Interfaces, LogicalVolume & NASFileSystem
• N°6331 - Add Service tab in Provider Contract
• N°4703 - Add “chat” / “in person” as possible “origin” value for tickets
• N°3889 - Add default search criterion on SLA and SLT
• N°4702 - DataModel : fix attribute type for SLA.customercontracts_list

• N°5822 - Do not display the tab separator in scroll mode when there is only one tab
• N°5335 - Inactive hyperlink attributs on list with radio or checkbox displayed within an object in edition
• N°681 - Fix multi-lines attribut not supported in n:n edition
• N°3067 - LinkedSet multilines attributes are editable in pop-up
• N°6188 - Fix cancellation of creation in pop-up from parent object edition, no more returns to object list
• N°6169 - Prevent Profile creation from Link object
• N°5923 - Align panel's header within another panel when it has no icon
• N°5529 - Fixed notification on object creation with $this→xxxx_list$ placeholders
• N°4148 & N°5350 - Fix in 1:n in place edition, deleted object re-appears
• N°2250 - Fix DisplayObject with ormLinkSet ignoring Removed
• N°2212 - Fix tracking level on AttributeLinkedSetIndirect (probably fixed in 2.7.x)
• N°6054 - Fix display of LinkedSet indirect with an UNION OQL using different aliases
• N°5609 - Fix regression when displaying a list in a transition
• N°1876 - Fix regression on LinkedSet, new object and prefill of read_only attribute
• N°5906 - Fix Impact Analys not updated after link class modification in details mode (EVENT_DB_LINKS_CHANGED)
• N°5825 - Add label, friendlyname, details view, uniqueness rules on Link classes
• N°5871 - Navigation menu: Show ellipsis on long menu group labels
• N°5872 - Navigation menu: Wrap menu group label instead of ellipsis in drawer
• N°5681 - Add support for “Ctrl + Enter” and “Meta (Cmd) + Enter” submit on multi-line fields
• N°5575 - Mouseover Tooltips for tabs
• N°4852 - iTop menu : use “+” dict entries
• N°4737 - Adjust button position in iTop hub connector
• N°4798 - Change attribute “description” of Service class, from string to text
• N°5124 - Fix edition of relation between a NetworkDevice and a ConnectableCI
• N°5703 - Fix navigation menu drawer under dashlets on Safari
• N°5174 - Fix tagset edition on small window & too many tags
• N°6174 - Fix download from the portal of attachments on objects without org_id
• N°6250 - Fix PHP 8 issue on datatable when one or more column are before the friendlyname
• N°6216 - Fix line-height being too big in the attachments table
• N°5423 - Fix invalid value on AttributeURL with custom validation pattern
• N°1608 - Fix organization attachments not visible for some users
• N°5671 - Fix Excel export of query phrase
• N°5834 - Fix activity panel disappearing when creating a Ticket in 'resolved' state
• N°6077 - Attachments: set values for creation_date and user_id fields if not provided

• N°5960 - Configurable Login Screen
• N°6370 - Replace Audit Category menu by a dashboard
• N°1350 - Audit: Introduce audit domains and ability to choose one before running the audit
• N°918 - Translate placeholder in notifications
• N°6320 - Add Password Expiration Enforcement and User authentication by token
• N°5873 - Audit : Set threshold level and colors by Rule
• N°2199 - Request history tables without the Admin profile
• N°5559 - Enable User anonymization created then obsoleted by a DataSynchro
• N°4010 - MTT: prevent production configuration file overwritte with test version
• N°2889 - Add counter & triggers on file attributes / attachments downloads
• N°6311 - User management, add a Caselog on User class
• N°5993 - Add purge mechanism for log files
• N°2639 - Improve tooltips dictionnary entries and details of technical classes
• N°4921 - Add support for attcode & attvalue parameters in URL to access an object
• N°4454 - Measuring the use of the query phrase book
• N°5915 - Display n:n in Trigger and Action using tagset widget
• N°5841 - Non-admin managing User can't see Administrator Users
• N°5106 - New Users tab on Person, visible to User manager only
• N°4919 - Application upgrade: new 'Launch iTop setup“ button
• N°6305 - Fix export of RemoteApplicationConnection and ActionWebhook classes
• N°5897 - Improve deprecated logs relevance for PHP “trigger_deprecation”
• N°2013 - Setup: Cannot execute if existing config file contains an inaccessible MySQL server
• N°6198 - Trigger OnObjectUpdate is not executed when attribute is updated via OnUpdate
• N°6009 - Fix click twice to restore a backup

• N°6213 - Enable iTop User to suscribe or unsuscribe to a Ticket Notifications
• N°3191 - Introduce summary cards for objects hyperlinks
• N°6381 - Add rank on Enums of default DataModel
• N°5968 - Add structural data for Brand, OSFamily and OSVersion
• N°6236 - Read Request template data though the REST/JSON API
• N°5368 - Allow all HTTP methods (not just GET / POST)
• N°5366 - Add “path” field to ActionWebhook
• N°1646 - Add possibility to sort Attribute[Meta]Enum either by code (default), rank or label
• N°1345 - Add possibility to sort transitions automatically
• N°4756 - Ease extensibility for CRUD operations : Event Service
• N°6324 - CRUD Event for one time treatment before creation and before update
• N°5916 - Generic message on Link Uniqueness rules
• N°6385 - New optional “edit_mode” XML tag on AttributeLinkedSet (n:n) actions/none defaut action
• N°6384 - Flag LinkedSet (Indirect) when the attribute is concerned by CheckToWrite

• N°2883 - Improve XML compiler robustness on branding logos
• N°3070 - Menu creation fails when parent menu has also a parent menu
• N°3141 - Deprecate legacy SQL build
• N°3769 - Add missing HTML meta data on attributes in transition forms
• N°3824 - History: Remove deprecated APIs from 2.7 and older
• N°4280 - Fix module loading crash when 'datamodel' file doesn't exists (model.*.php)
• N°4287 - Portal: Factorize TWIG extensions between portal and backoffice
• N°4527 - Cleanup utils::GetImageSize()
• N°4577 - Move service dependencies from “itop-bridge-cmdb-ticket” to another module
• N°4621 - Fix naming inconsistencies of dirs inside /sources
• N°4837 - Fix wrong date conversion in approval base on reject messages
• N°4875 - Compiler : do not force the model.*.php file to be present in the module.*.php file ('datamodel' key)
• N°4978 - Check incorrect condition in Action class
• N°5066 - Clean CMDBSource methods
• N°5072 - Fix default priority to undefined (not fixed if ComputePriority is overloaded)
• N°5073 - Implements line actions in a datatable
• N°5085 - Fix moving menu - compilation handle parent menu hierarchy
• N°5172 - Add internal helpers to keep usage of null value in native PHP methods
• N°5367 - Fix non-string values (boolean, null) converted into empty string
• N°5369 - Fix BrowseBrick tree “opening_target” mode for “self” and “new” values
• N°5391 - Incoherent UTF8 data length control
• N°5410 - Handle non existing auloader files
• N°5473 - Better logs when invalid JSON
• N°5496 - Add <constants/> in itop-structure
• N°5522 - Fix session storage (breadcrumbs) not cleared on logout
• N°5551 - System information database size is way off
• N°5622 - Fix backup cannot be done if TLS enabled with no CA
• N°5659 - Introduce modal helper for the backoffice
• N°5766 - Fix linkset not iterable as intended in DBObject::AfterUpdate
• N°5779 - update-xml : ease XML migrations
• N°5793 - HTML Sanitizer: Allow 'start', 'type', 'reversed' attributes in 'ol' tag and 'value' attribute in 'li' tag
• N°5796 - Fix typo in method name
• N°5944 - Fix new install error: Event APPLICATION_EVENT_METAMODEL_STARTED is not registered
• N°6040 - Extensibility: Add prerequisites for future attribute type - Compilation & Designer extensibility
• N°6041 - Extensibility: Add prerequisites for future attribute type - Portal extensibility
• N°6042 - Extensibility: Add prerequisites for future attribute type - Console extensibility
• N°6055 - Fix undefined offset error in synchro_exec.php
• N°6100 - ObjectFormManager::OnSubmit : better log for DBWrite exceptions
• N°6104 - Fix exception when silo attcode is not 'org_id'
• N°6105 - Cleanup unnecessary use of dirname(FILE)
• N°6125 - Issue with GetAttributeFlags and GetInitialStateAttributeFlags within iTop 3.0.2
• N°6131 - Improve robustness of tooltips helper when no DOM element passed to CombodoTooltip::InitTooltipFromMarkup()
• N°6139 - Add HTML metadata on activity panel to be aligned with regular fields
• N°6140 - Add HTML metadata on custom fields to be aligned with regular fields
• N°6172 - Remove fallback when no curl available
• N°6179 - Tooltip attribute in field component (in Twig)
• N°6265 - Improve performance due to too many call to current person in DB

Deprecation and libraries upgrade

• N°3717 - History API : allow to set a non persisted current change
• N°6388 - Fix MetaModel::IsValidClass on classes without fields and a php parent
• N°6135 - Booking : hide / display on conditions
• N°6132 - Add capability to disable/enable tabs dynamically
• N°2783 - Add support for custom zlists
• N°6261 - Deprecate \DataTableUIBlockFactory::MakeForRenderingObject() method
• N°6102 - Deprecate JQuery Hotkeys plugin
• N°5311 - Deprecate old backoffice stylesheets
• N°5302 - Replace deprecated php strlen usages
• N°5232 - Deprecate \CMDBObject::DBCloneTracked
• N°4690 - Deprecate “FilterCodes” and remove some unused methods
• N°4415 - Remove SetupPage::log*
• N°3607 - Improve SCSS compiler method to include current variables so they can be used by extension's stylesheets
• N°3357 - Deprecate core/expression.class.inc.php
• N°2779 - Introduce auto-routing mechanism for backoffice pages
• N°2363 - API : deprecate old linkedset update pattern

• N°5412 - Upgrade to PHPUnit 9 to fix PHPUnit 8.5 error with PHP 8.1
• N°5618 - Setup : Compatibility PHP 8.1
• N°6101 - run_query : change ctrl+enter shortcut detection
• N°3795 - Replace JS alert native calls with centralized informative modals
• N°5985 - PHP 8.1: Fix FunctionExpression::Evaluate() “TO_DAYS” misalignment due to PHP 8.1 bug fix
• N°4985 - Bugs PHP 8.0 on support/2.7 branch
• N°4307 - Replace SwiftMailer by laminas-mail
• N°4224 - Handle phpunit/phpunit-mock-objects E_DEPRECATED notices
• N°5281 - Symfony 5.4 extensions controllers registration
• N°3091 - Update unmaintained PHPUnit 6 to PHPUnit 8.5
• N°5651 - Fix GetAbsoluteUrlModulePage() JS method not reporting parameters values
• N°5279 - PHP 8.1: Migrate usages of deprecated strftime() function
• N°5270 - Move “apereo/phpcas” lib from “authent-cas” module to core composer.json
• N°5108 - Update embedded libs for PHP 8.0 (3.0 branch)
• N°4822 - unattended_install : warning thrown in PHP 8.1
• N°4628 - Upgrade bulma lib to avoid hack from N°4481
• N°4517 - PHP 8.1 compatibility
• N°4072 - Deprecate ajax.render.php xlsx_* operations
• N°4034 - Deprecate duplicated TWIG extensions class
• N°3950 - Deprecate old unreferenced methods that are @deprecated
• N°3895 - Remove tests on “apc_xxx” methods presence
• N°3390 - Upgrade from Symfony 3.4 to Symfony 5.4
• N°2743 - Upgrade libraries

• N°5947 - Error in a french translation - incident status
• N°5946 - Error in a french translation - user preference
• N°5792 - Update dutch translations thanks to @jbostoen
• N°5625 - Dict error when opening a DocumentFile with the ES language
• N°5571 - Fix some unused translations
• N°5550 - Add missing french translation for “Other Transitions” button
• N°5507 - Impact analysis: title of pages that display the dependencies is wrong
• N°6419 - Update hungarian translations thanks to @tacsaby
• N°6417 - Update chinese translations thanks to @purplegrape
• N°6376 - Portal french menu naming (Requête ⇒ Demande)
• N°6121 - Update hungarian translations (thanks to @tacsaby)
• N°6013 - Update hungarian translations thanks to @tacsaby
• N°5929 - Update hungarian translations thanks to @tacsaby
• N°5706 - Update polish translations thanks to @DudekArtur !
• N°4765 - Update brazilian translations thanks to @eduardomozart
• N°6418 - Fix dutch translations on impact relation view

• N°6396 - CVE-2023-34443 CSRF vulnerability in the run_query.php page
• N°6359 - Cross-site Scripting (XSS) - DOM XSS in activity panel
• N°6358 - CSRF (Cross Site Request Forgery).on API Rest
• N°6350 - CVE-2023-34445 XSS vulnerability on pages/ajax.render.php
• N°6349 - CVE-2023-34446 XSS vulnerability on pages/preferences.php
• N°6348 - CVE-2023-34447 XSS vulnerability on pages/UI.php
• N°6002 - CVE-2022-24894 Prevent storing cookie headers in HttpCache (Symfony framework vulnerability)
• N°5722 - CVE-2022-31402 XSS vulnerability via /itop/webservices/export-v2.php
• N°5564 - CVE-2022-39261 Twig lib vulnerability
• N°6238 - guzzlehttp/psr7 vulnerability
• N°3863 - exec.php : security eforcementr

• 3.0.3-1
  • N°6124 - Workaround performance problem on the modification of an object with an n:n relation having a large volume
  • N°6085 - Fix UNION not supported in UserRightsProfile::GetSelectFilter

• N°5919 - Add missing linkset descriptions in french and other languages
• N°5849 - Fix wrong encoding of external keys in “Header with statstics” dashlet
• N°5317 - Handle overlapping tables when table cells have fixed widths
• N°6068 - Setup : restore formatting of error messages
• N°6023 - Restore upload of SVG file in AttributeImage
• N°5918 - Restore activity panel display when DoCheckToWrite fails
• N°5865 - Restore DoCheckToWrite error messages in portal
• N°5834 - Restore activity panel display when creating a Ticket in 'resolved' state
• N°5784 - PHP 8.0: restore mandatory attribute in transition form, fixing emptiness test
• N°5729 - Fix disabled button in bulk update/transition when picking a value in a drop-down list
• N°5603 - Restore autocomplete for an external key pointing to an abstract class with no friendlyname
• N°5530 - Fix list of impacted elements (Impact Analysis) due to mixup in async JS files loading
• N°5922 - Ext. key widget: Add class selection on “+” button if child classes exist
• N°2916 - Fix CSV import of IPv6 addresses failing when reconciliation is done on the IP
• N°5428 - Request template: fix autocomplete fields, which could not be master field
• N°6014 - AttributeURL : default validation pattern not handling PRTG URL (containing commas)
• N°5423 - Fix AttributeURL when changing the validation pattern, with a not compliant old value
• N°5625 - Fix dict error when opening a DocumentFile with the ES language
• N°2244 - Fix image attributes not being visible in PDF exports
• N°5588 - Improve PDF export robustness when AttributeImage dimensions cannot be determined

• N°5553 - OAuth 2 : secure Client Secret in DB and any change force token regeneration
• N°5430 - OAuth authentication : customize redirect landing URL
• N°5333 - OAuth2: Redirect URL, Client ID or Client Secret changes trigger a message as the token must be regenerated
• N°5867 - Display binary data size in SynchroReplica details
• N°5727 - Fix REST API/get_related when using [impacts, up] with [redundancy: true]
• N°6019 - Increase PHP min version to 7.1.3 to enable dependencies update
• N°5535 - Fix PHP 8.0.x wrongly repported as not supported in iTop 3.0.2+
• N°5490 - PHP 8.0: Fix crash of bulk modify with email notification / email approval request
• N°5216 - Error “Invalid ID given” when sending ActionEmail using cron on a system with french locale
• N°4974 - Avoid session fixation in login

• N°5414 - Log invalid placeholders in Notification
• N°5893 - Log more information when a trigger fails and raises an exception
• N°5897 - Improve deprecated logs relevance for PHP “trigger_deprecation”
• N°5611 - Fix missing composer files in itop-oauth-client
• N°3805 - Fix collectors not working on itop 3.0 in seldom situations

• N°5944 - Fix error on fresh install: APPLICATION_EVENT_METAMODEL_STARTED not registered
• N°5765 - Setup: Never cache folder permissions test response
• N°6016 - Setup : improve missing dependencies log
• N°5235 - Setup : check temp dir permissions
• N°5758 - Change setup test for GDPR consent
• N°5523 - Setup wizard : use the ITOP_APPLICATION constant instead of hardcoded “iTop” string

• N°5543 - Fix Warning on empty case log
• N°5901 - Fix warnings in file system tab
• N°5797 - Use LoadConfig method in all Email children classes
• N°6020 - Decode method for \utils::EscapeHtml
• N°5608 - Reorganize tests folders for better maintenance and contribution
• N°5496 - Add <constants/> in itop-structure
• N°4660 - Fix data synchro unit test failure due to another setting incorrect permissions on iTop conf file

• N°5368 - Allow all HTTP methods (not just GET / POST)
• N°5589 - Fix sent request incorrect HTTP method due to new cURL options
• N°5366 - Add “path” attribute in generic “ActionWebhook” for better compatibility with third-party webservices
• N°5796 - Fix typo in ActionWebhook::GetRemoteApplicationConnectionFromActionWebhok()
• N°5774 - De-hardcode webhooks configuration rights
• N°5252 - Added Other/Generic type of Remote Application Connection
• N°5367 - Fix non-string values (boolean, null) converted into empty string
• N°5179 - Add chinese translations (thanks to @bdejin)
• N°5266 - Add dutch translations (thanks to @jbostoen)
• N°5050 - Add spanish translations (thanks to Miguel Turrubiates)
• N°5473 - On JSON format exception, more context log and specific Exception impl (InvalidJsonValueException)

• N°6017 - CVE-2021-46743: Firebase PHP-JWT key/algorithm type confusion
• N°5741 - Deny use of get_config_parameter in Twigs
• N°5725 - Prevent Twig privilege elevation to run system commands
• N°5724 - CVE-2022-31403 : XSS vulnerability via /itop/pages/ajax.render.php
• N°5722 - CVE-2022-31402 : XSS vulnerability via /itop/webservices/export-v2.php
• N°5685 - Upgrade apereo/phpcas lib to fix vulnerability

• N°3769 - Add missing HTML meta data on attributes in transition forms
• N°4947 - Fix Email always picking “production” env config file
• N°4449 - Console dashboard export : use relative path (full path disclosure)

• 3.0.2-1
  • N°5394 - CVE-2022-39214 Authenticated users can takeover any account

• N°5138 - Fix not being able to click on hyperlinks in tooltips
• N°5408 - Enable mentions on classes with no image attribute
• N°4834 - Mentions works with any alphabet (cyrillic, asian, corean…) thanks to Vladimir Kunin
• N°5192 - Restore Green color to highlight OK objects
• N°5071 - Fix properties tab on objects popup hiding in “…” overflowing button. Fix objects popup shrinking when scrolling.
• N°4966 - Refresh the page after dashboard creation, to display the switch button
• N°4927 - Hide date picker widget displayed in a new temporary column on the right
• N°4918 - Fix “other tabs” pop-up menu displayed behind some others elements and so not readable
• N°4739 - Add semantic on state for User classes (class icon, state)
• N°5198 - Fix external key combo-box behavior when more than 150 results
• N°5088 - Fix audit displaying only 10 rules per category
• N°5060 - Fix long history display. “max_history_length” moved from 50 to 200.
• N°5027 - Fix AttributeUrl default validation pattern not handling anchors starting with a digit
• N°5024 - Fix missing entries in object search banner for external key criteria
• N°4792 - Improve performance when editing an external key

• N°5397 - Update Dutch translations
• N°5050 - Update Spanish translations for 3.0 (thanks to Miguel Turrubiates)
• N°5179 - Add Chinese translations thanks to @bdejin
• N°5266 - Dutch translations for the webhooks extension

• N°5315 - Support of OAuth2 authentication protocol to send and receive emails
• N°5373 - PHP 8.0 compatibility for iTop Community - Be cautious extensions might not be compatible
• N°5395 - OAuthServer error messages, added to iTop error log
• N°5389 - Restore linkset placeholder in notification (3.0.0 regression)
• N°4888 - New url() placeholder in Notification, similar to hyperlink() but not clickable
• N°5341 - Add tool to repair misalignment between Caselog and caselog index
• N°3024 - Any class can be archive (no more limited to Ticket, Contact and FunctionalCI)
• N°5318 - Fix error messages being HTML encoded when not necessary

• N°5462 - Setup warning if the web server allows unauthenticated user to browse restricted folders
• N°5393 - CVE-2022-39216- Security hardening against brute force attacks
• N°4975 - Security hardening against server files read access

• N°5389 - TriggerOnObjectUpdate has been moved after the reload, done if a linkset is modified
• N°5383 - DBObject::EnumTransitions() is now an “overwritable hook”
• N°5375 - Fix XML custo on Semantic field with hierarchy, breaking at compilation
• N°5343 - Menu displayed under an user hidden parent menu, are hidden without crash
• N°5143 - Fix FunctionExpression for DATE_FORMAT and formats %j, %k and %l
• N°5033 - Add model file to 'itop-bridge-virtualization-storage' module to avoid compilation crash when lnkVirtualDeviceToVolume class is removed
• N°4910 - Removed format control of old value of AttributeURL (new value must still be compliant to default URL pattern)

• N°4715 - Remove deprecated legacy SQL build
• N°5009 - Move empty “icon” tag under “class/properties/style” tag in XML 3.0 datamodel of all standard classes
• N°4903 - Fix dynamic “app_root_url” conf. param. not used properly for the app. icon
• N°5101 - Add an explicit message on setup when the state attribute, declared in semantic field property, referred to a non existing field.

• 3.0.1-1: Fix regression introduced by 3.0.0:
  • N°5229: Caselog inline images lost after changing app-root url in 3.0.x

• N°4448 - Allow to easily unselect an Organization (top left menu)
• N°4741 - Fix On mention trigger not working on object creation
• N°4312 - Activity panel: Keep selected tab when switching between object details and edit
• N°4479 - Impact analysis : Display and apply filter before display impact analysis graphical
• N°4913 - Avoid object initials to overflow in medallions, by limiting them to 3 characters
• N°4777 - UserRequest: fix selecting organization through hierarchy tree
• N°4740 - Restore support of Dashboard attribute on abstract class
• N°4705 - Fix newsroom messages not formatted correctly

• N°4696 - Improve spacing between a fieldset and fields without fieldset
• N°4694 - Fix wrong icon path for ServiceSubcategory in XML definition
• N°4674 - CKEditor : fix different colors for PHP Snippet in edit and view
• N°4671 - Dark Theme : fix additional tabs color
• N°4619 - Fix line selection in tables
• N°4582 - Improve look of Widget ExternalKey in drop-down mode with value selected
• N°4576 - Fix search date widget wrongly displayed on the right, when entering directly a date
• N°4977 - Fix search widget on ExternalField pointing to an ExternalKey, returning wrong values.
• N°4570 - Harmonize inputs font size/weight
• N°4564 - Refresh Tooltip for switching from standard dashboard to custo dashboard
• N°4553 - Fix label size for “Greater/equals” in search for numeric attributes
• N°4550 - Fix scroll bar in search for date attribute
• N°4482 - Polishing : Export page
• N°4311 - Bubble caselog: align console and portal for user name
• N°4849 - Improve email notifications reading comfort (better flagging of conversation)
• N°4814 - Improve image attribute placeholder when no default image
• N°4787 - Object details: hide field tooltip when identical to the field label
• N°4565 - Add a message indicator to caselog tabs toggler
• N°3541 - Button: Improve user feedback during execution of the pressed button
• N°2643 - Dropdown menu unusable in new SLA/customer contract
• N°4513 - Prevent Portal User to apply a transition on an object not in his scope
• N°4806 - Add text for dictionary entry UI:WelcomeMenu:Text
• N°4934 - Improve German translations
• N°4397 - update Turkish dictionnaries

• N°4766 - DataSynchro: Supports files and images data in the synchro_import.php

• N°4515 - AttributeURL default validation pattern handles Sharepoint and Alfresco URL
• N°4654 - Add license information in About iTop for non admin users
• N°4525 - Fix french translation of extension source (Data or Hub) in System information and About iTop
• N°4664 - Core Update : block zip file upload until files check returns OK
• N°4642 - Core Update : limit the usage of this function to version which do not bring any new module
• N°2884 - Core update: Fix Database version display
• N°4764 - Remove iTop version from webservices/status.php
• N°4665 - Fix notice in logs when uploading an SVG image in an AttributeImage
• N°4652 - When XML compilation fails on a node which already exist, it specifies where it exist

• N°4999 - Align internal saving process of new caselog entries to UI to fix CaseExchange inline images
• N°4905 - Fix usage of ITOP_APPLICATION constant in dictionaries
• N°4856 - Add backward compatibility parameters for extension developers
• N°4836 - Fix dashlet editor if any implementation of iBackofficeDictEntriesExtension exists
• N°4771 - Fix .make/composer/rmDeniedTestDir.php script issues
• N°4761 - Fix license.xml content not displayed in setup with multi modules extensions
• N°4725 - Fix DeprecatedCallsLog::NotifyDeprecatedFile doesn't handle ConfigException
• N°4667 - Remove call to tooltip function
• N°4578 - Dict::CloneString no more overwrite an existing entry
• N°4541 - Allow exit code capture in CLI for CSV import script
• N°4438 - Disable (temporarly) copy of precompiled stylesheets after setup
• N°4433 - Fix “date_format” TWIG filter not working for date without time
• N°4558 - Fix PHP notice in startTansaction and commit functions
• N°4488 - Remove cmdbAbstractObject::GetSetAsHTMLSpreadsheet() from usable API methods
• N°4760 - TwigBase : add possibility to control BreadCrumb

• N°2847: Redesign iTop Console look and feel
• N°2844: Redesign of Ticket Pages with Logs and Details
• N°994: Integrated view of private and public caselogs
• N°2836: Introduce bubbles conversation as default caselog rendering
• N°3208: Add a Quick create feature (except for attachment and n:n relations)
• N°3207: Global search now remembers past searches
• N°3560: New object display mode “all tabs in one page”
• N°1957: Add a filter box for quick retrieval of a menu
• N°3294: Introduce counters in OQL menu entries
• N°3198: Simplify edition of n:n relations (less clicks)
• N°2875: Add possibility to mention people in caselogs
• N°580: Autocomplete in case of namesake, displays other (configurable) information

• N°923: Add user id to history
• N°3712: Activity panel “edits” entries now show an icon to explain their origin (csv import, webservices, …) when not done by the user in the GUI
• N°988: Object display hide automatically empty fieldsets
• N°1004: View and Edit display of n:n relations are now identical
• N°2508: Include Obsolescence icon within list and autocomplete
• N°2390: Auto-complete “starting with” are displayed first
• N°2907: Keep read-only tabs visible in object edit mode
• N°1731: Allow Transitions without unnecessary confirmation
• N°1836: On cancel, console user is redirected to the current class search page
• N°2629: Allow user to choose default expanded/collapsed toolbar for richtext editors
• N°3495: WorkOrder fields 'ticket' and 'end date' optionals
• N°3837: Add missing title to standard datamodel dashboards
• N°2639: Increase fields tooltip visibility and pertinence
• N°2224: Portal: Enable tooltips for object's attributes description
• N°3583: Change default max items per list from 10 to 20
• N°3524: Add keyboard shortcuts to main actions
• N°3274: Add “Service family” menu in 'Service Management for Providers' installation option, as it exists in other mode.

• N°463: Queries from Phrasebook usable in Notifications
• N°3287: Notifications: Set sender (from) display name / label in action email
• N°3455: Add option to pass json_data as file to REST API
• N°3381: A healthpage is now available that returns a json status without any authentication required: https://iTOP_URL/webservices/status.php“
• N°4096: In case of error when sending emails in the background, iTop can be configured to try again sending.
• N°4261: Portal: in case of uncatched Exceptions, iTop can now write logs into the EventIssue class on an opt-in basis.
• N°4354: Administrator accounts can be hidden with configuration parameter “security.hide_administrators”
• N°4095: Add one time password user, which can only connect once into iTop
• N°4036: An iTop user with a contact and Allowed organizations, must be allowed on his contact's organization. No-one can disable his own user, nor remove contact from its user, nor remove the profile which allow him to edit users, nor add a profile which would prevent him from editing users (such as 'Portal User' which deny access to the Console).
• N°2699: Profile SynchroData Manager can see SynchroReplica
• N°2713: Allow read access to synchro errors for non-administrator users
• N°2330: Upgrade minimum PHP/MySQL version supported/required for iTop
• N°3253: Disallow setup if PHP version not compatible
• N°4332: include multi-LDAP into iTop Community
• N°2527: Add Hierarchy key restoration as a DBTools
• N°3625: Remove n:n classes from the “quick create” autocomplete based on the “is_link” tag of the XML
• N°3575: Add curl as optional PHP module (required for Impact analyses)
• N°3724: synchro_exec.php : now outputs the processed datasource

Customization

• N°3185: Datamodel adds compact logo in branding
• N°3182: Datamodel allows to redefine MenuGroup icons
• N°3203: Datamodel: Add semantic for image & state attributes
• N°2677: Datamodel: Add style definition for class & enum
• N°3018: Add possibility for an object to have a specific image instead of the generic class icon
• N°3822: Allow caselog ordering within datamodel XML
• N°3245: Trigger OnObjectUpdate filters objects after their update
• N°3217: Change iTop internal modules, add: itop-structure, itop-bridge-cmdb-tickets, itop-faq-light, itop-knownerror-light, remove: itop-knownerror-mgmt
• N°2370: remove MySQL views in iTop, moved to an extension

UI

• N°1447: Setup screens have fixed height, so the Next button remains under user's mouse
• N°3722: Hide field description tooltip if it has the same content as field label
• N°4336: When a tooltip of an action is identical to the label, do not display the tooltip (on console).
• N°4078: Display in console object details, for custom shortcut actions, the icon (without label) if there is an icon specified.
• N°4178: Stay on the same page when logging again from the “Login again” prompt
• N°4082: Update German translations thanks to Itomig
• N°3640: Update Spanish translations thanks to Miguel Turrubiates
• N°3887: Max. number of displayed results now uses the 'max_autocomplete_results' configuration parameter.
• N°3620: Add config. parameter “quick_create.show_history”
• N°3621: Add config. parameter to disable “global search” history
• N°3649: Add config. parameters: activity_panel.lock_watcher_period & activity_panel.entry_form_opened_by_default
• N°3662: Add config. parameter to choose OneWayPassword hash algorithm
• N°3894: Add config. parameter “activity_panel.prefilter_only_current_log”
• N°3896: Add CKeditor icon for enhance WikiText URLs syntax, in console only.
• N°3936: Add user preference to choose backoffice theme + “user_preferences.allow_backoffice_theme_override” config. param. to disable it

• N°1964: Fix: Focus stays on current tab when switching to edit mode
• N°2560: Ignore double form submission, remove error “invalid stimuli in current state”
• N°4050: Fix: When adding only an inline image to the caselog, the notification is triggered
• N°331: Fix sort order of list during auto reloading in dashlet and menu
• N°891: Make Ticket printing independent of browser
• N°3821: UserRequest:OnInsert in full ITIL call the parent's method
• N°3325: new version of CKEditor to fix display bugs
• N°2950: Fix syntax highlighting (CKEditor) not working on AttributeHTML
• N°3810: Avoid syntax highlighting that shouldn't take place
• N°2534: Fix dashboard autorefresh to keep filtering on organizations
• N°1634: List with “Autorefresh”, sum of items refreshed after object deletion
• N°2511: Fix display of class with 2 dashboard attributes
• N°3290: Fix attachments filename headers when downloading
• N°3785: Fix corrupted attribute file on download
• N°3166: Fix crashes if a “name” expression contains a quote
• N°2946: Fix name displayed for field from a foreign class
• N°2870: Portal: Fix “Notice: Undefined index: UI:PropertiesTab” on object form
• N°2841: Prevent user deletion with not enough rights
• N°2326: Zoom > 100% - tabs in second row not properly aligned
• N°2251: Fix truncated tooltips
• N°2225: Fix tooltips containing a quote
• N°1397: Tooltip on Datasynchro no more truncated
• N°2127: Fix field content overlapping outside of the object details
• N°2788: Fix HTML fields/caselogs content overlapping with a big table or unbreakable word
• N°3267: Webservices: Fix optional headers not being taken into account
• N°3171: Friendly name and obsolescence flag now refreshed
• N°4131: Always use the same dialog for this message instead of creating a new one every time we detect the user is logged off.
• N°1056: Look: empty field not as high as others in object details
• N°1505: Fix “Paste” button in iTop Ckeditor not working in all browsers
• N°1745: Prevent malformed caselog entries from breaking activity panel
• N°2007: Portal: Tooltips that do not contain text (empty tooltips) are no longer display on BrowseBrick items.
• N°2852: Fix autocomplete selector error when selecting an object containing special characters
• N°3680: Advanced search: Fix string criterion contains '0' returning all results
• N°3944: Prevent a PHP “notice” when the log level is configured per-channel, but not all channels are listed in the config.
• N°3987: Fix circular reference failures when creating Configuration items.
• N°4029: Fix caching images in Chrome
• N°4079: Typo in french dictionary on lnkApplicationSolutionToBusinessProcess
• N°4105: Fix decimal number being truncated in GroupBy dashlet
• N°4132: Look: Fix sizes being displayed as bits instead of bytes in Setup
• N°4327: Fix JS “ReferenceError” in Application Upgrade
• N°4385: Fix DBObject→GetRelatedObjectsUp behavior
• N°4173: Reduce AttributeBlob memory footprint

• N°4362: Security: CVE-2021-41162
• N°4129: Security: HTTP header “Content-Security-Policy: sandbox;” is send when displaying an AttributeFile directly in a browser's tab.This can be removed with “security.disable_inline_documents_sandbox” config. parameter.

Those changes can have an impact on extension developers:

• MetaModel::GetStateAttributeCode($sClass) now returns the state code of class with states but no transition (eg. Person, Organization, PhysicalDevice, …)
• N°3735: New method AddValue on DBObject for ITSM Designer users
• N°3721: Toolkit: Restore previous behavior on “iTop update”: Delete all env-production folder
• N°3657: Replace deprecate calls to jQuery event listeners (eg. ”.click“, ”.bind“, …)
• N°3184: Upgrade JQuery UI (iTop 3.0)
• N°2956: Upgrade jQuery to v3.5.1
• N°3199: Add dependencies management system for JS/CSS
• N°3010: IE11 not supported anymore
• N°3009: PHP Minimum version raised to 7.1
• N°2969: Add support for dictionaries folder in modules
• N°2957: PHP namespace management through XML
• N°2899: Setup: Add mbstring as mandatory PHP extension
• N°2214: Add a PHP version check in CLI PHP scripts
• N°2284: Replace JQuery Autocompleter plugin by JQuery UI Autocomplete widget
• N°3811: UI.php : log stacktrace with debug level
• N°2986: Reintegrate application menus from “welcome itil” into application
• N°2738: Remove unused dict keys
• N°2286: Remove usages of js/jquery.layout.js lib.
• N°2737: Migrate table to DataTables plugin to be iso with the end-users portal
• N°2766: Optimize columns load when using REST/JSON API core/get
• N°2999: Optimize OQL
• N°3123: Update the list of required PHP extensions
• N°3154: Sample data Contacts : integrate new Combodo employees
• N°3215: Internal: Refactor renderer files to be part of the autoloader instead of being load manually
• N°3216: Internal: Refactor form files to part of the autoloader instead of being load manually
• N°3231: Allow browser access to static resources files in the /lib folder
• N°3251: Internal : Automated tests + refactoring for robustness of the code against SQL injection
• N°3389: Change XML version from 1.7 to 3.0. From now on, the XML version will be aligned with iTop core version
• N°3588: SCSS included/cascaded are used in compilation, on top of those declared in XML.
• N°3663: Move exceptions to the same directory
• N°3731: Add log of calls to deprecated files / PHP methods
• N°3828: Remove MPDF coupling from iTop code
• N°4024: Protect \iApplicationUIExtension::EnumAllowedActions uses
• N°4158: New developer_mode.enabled config parameter
• N°4246: MetaModel::GetPrerequisiteAttributes now provides $sClass parameter when calling AttributeDefinition::GetPrerequisiteAttributes() method
• N°1047: “iTop” occurences in the dictionnaries have been replaced with the ITOP_APPLICATION_SHORT constant
• N°3433: Remove useless data in DataModel when itop-portal is not present
• N°3349: Clean references to the old Flash resources
• N°3379: Introduce more modern tooltip lib. in the backoffice
• N°4092: New data/.compilation-symlinks compilation flag and setup option
• N°4155: Add ability to modify the content of MenuBlocks from outside the class
• N°3617: Use user pref instead of localStorage for collapsible elements state saving

• N°2393: Font Awesome remove v4 compatibility
• N°2573: Remove MetaModel::GetNextKey et CMDBSource::GetNextInsertId
• N°2548: Remove deprecated \DBObject::GetRelationQueries
• N°2440: API : remove CMDBSource::GetNextInsertId
• N°2591: API : deprecate \CMDBObject::CheckUserRights
• N°2522: API : Deprecate SetupPage:log*
• N°2372: API : remove \MetaModel::EnumLinksClasses and \MetaModel::EnumLinkingClasses
• N°2362: API : remove DBInsertTracked / DBUpdateTracked
• N°3792: Deprecate “buttons_position” configuration paramter
• N°852: Cleanup: remove deprecated impact analysis algorithm
• N°3748: Deprecation: old tooltip libs in the backoffice and the portal
• N°3233: Remove “display template” feature from MetaModel
• N°4176: Portal: Deprecate “AddParameterToUrl” function

• 2.7.5-2 : Fix setup wizard when DB connection is using TLS
• 2.7.5-1 : Community release. Fix Empty Managed Brick generating an Oups!.

Only 2.7.5-1 was published to the Community

• Increase nb of supported UNION in OQL query from ~40 to more than 450
• Add ability to skip the rebuild of hierarchical key during setup
• An echo command present in the code, has been removed.
• Loader is now displayed immediately before building the items for the tree/mosaic modes, to ensure it is displayed.
• Fix mutex being silently released after connection timeout, it's no more released.
• During setup, separate “modify fields” and “create index” in db request.
• Add \utils::SetMinMemoryLimit
• Portal database transaction removed.
• Portal: fix the Notice “Undefined index: max_display_limit” (bug introduced in 2.7.1)

• Specific traces added (option) on cmdbsource log channel. UserId added in the error.log file.
• New error messages added in case of failure of object creation or update“
• Add test if ajax call is canceled
• Portal : fix modification of field in order to hide another one
• Better formatting of the details and reports (1 line requests)
• Add new logs for object lists in portal (debug level, 'portal' channel)
• List order : add a log when data are invalid

• CVE-2021-32664 - Reflected XSS with Administrator credentials]]
• Update pear/archive_tar lib to 1.4.13
• The file index.php is now protected with a token that prevent accessing the setup in an uncontrolled way.
• Mask the Password database in the setup process
• Prevent the mysql password to appear on misconfigured servers

• 2.7.4-2 Portal: Loader icon is displayed in tree/mosaic modes, visible with large amount of data (fixed in 2.7.3-2)
• 2.7.4-1 Portal: fix the Notice “Undefined index: max_display_limit” (fixed in 2.7.3-1)

• Products only: explicit message in case of misconfigured proxies for ITSM Designer connection.
• Fix improper redirection to the homepage when iTop is behind a reverse proxy:
  • Check the reverse proxy recommended settings for iTop compatibility
  • Set the new configuration parameter 'behind_reverse_proxy' ⇒ 'true' if you have reverse proxies.
• app_root_url: now handle reverse proxies during the setup and preserve existing configuration during an upgrade,

• Setup: Prevent usage of “Application upgrade” if a file integrity problem is detected
• Setup: support for 'auto_select' and extension.xml has been fixed,
• Setup performance: clean orphan CMDBChange records limited to 100K,
• Setup performance: orphan attachments deletion is limited to 30s max,
• Garbage collection of used transaction id, done less often (new config parameter: transactions_gc_threshold)

• Restore Portal headers labels on CSV export (regression introduced in 2.7.2)
• Support parenthesis in enumeration codes,
• OQL: Fix join on another class than the corresponding external key target,
• OQL: Fix count on union with conditions on multi-column attributes,
• Customization: Fix HTML displayed in Login window
• Dictionary: missing translation when initial_state_path is used
• Dictionary: missing translation for background tasks status and errors on asynchronous tasks

• Security: fix validation of CSRF token in the portal
• Security: fix command injection vulnerability in the Setup Wizard
• Security: Fixed a bug preventing deletion of used token on windows servers,
• Security on “group by” dashlets : access right is controlled and password attributes are not usable

• 2.7.3-2 Portal: Loader icon is displayed in tree/mosaic modes, visible with large amount of data
• 2.7.3-1 Portal: fix the Notice “Undefined index: max_display_limit” (bug introduced in 2.7.1)

• Restore support of :current_contact→code in OQL queries (bug introduced in 2.7.2)
• Restore preview of Document file (bug introduced in 2.7.2)
• Restore UI behavior: first tab is selected when mandatory field is missing (bug introduced in 2.7.0)
• Fix setup with Chrome v87 (bug generated by a Chrome upgrade)
• Fix modal created without an ID in the Portal (bug introduced in 2.7.0)

• 2.7.2-1 Fix 2.7.2 regression: console exports failing with “missing token” error.

• Enable CSV import of iTop Users by non admin users (as long as they are allowed by Admin Tools Delegation)
• Background task: fix issue with tasks not always executed (Notify on Expiration for eg.)

• Add Trigger information to the error log when an Action fails
• Fix creation of objects containing AttributeImage on PHP 7.4 with warnings activated
• Avoid PHP notices on DBObject core code, during transitions
• PHP notice has been removed when creating a new FULLTEXT index in the database (TagSet attribute)
• Removed default admin phone number which was invalid for mysql in strict mode
• Changing Color of Brick Search on Portail with extension Custom is now easier
• Fix alias problem in portal scopes. Warning: If you have duplicate itop-portal-base, BrowseBrickController.php code must be updated, cf commit on Git.

• Fixes two typos in German translations
• Fix spelling typo on iTop welcome page
• Spelling mistakes fixed
• Fix use of application constants in Dutch translations

• Fix session fixation issue - CVE-2020-15220
• Sanitize breadcrumb entries - CVE-2020-15221
• Don't display error details (error details remain logged) - CVE-2020-15219
• HTTP headers have been added - CVE-2020-15218
• Better control of the transaction_id parameter - CVE-2020-16842
• Portal user could export more datas than his portal scope (CVE-2020-4079)
• Hide MySQL Password from error.log in case of MySQL connection error

• import csv : Fix display, previousely showning confusing html tags
• Fixed OQL: Fix malformed UNION queries in portal scopes
• Fix standard Global Search feature which was only searching on last word
• Fix bug on mass update: blocking message “Please wait while updating fields”
• Fix regression in notification when using placeholder like $current_user→attribute_code$
• Fix internal regexp no more compatible starting from PHP 7.3
• Restore log KPI calls in Portal
• Fix notifications on threshold not sent when trigger is created on iTop 2.7.1
• Portal: fix incompatibility between ignore_silo=true and nested query in scopes
• Portal: Multi-word search has been fixed for ManageBrick in lazy mode.
• Portal Filters is now executed on visible values and not on html code of cells
• Fix empty tabs being displayed (misuse of the API or user rights)
• Fix rendering of an ExternalField on a Text with XML content
• Configure this list : missing sort icon, replaced by fontawesome character
• Fix backup download: Stop capturing output before sending backup file (avoid memory problem)
• Fix corrupted backups when a file has a size which is a multiple of 512 bytes
• Dashlet: fix invalid filter parameter, when using & (ampersand) in the query
• Fix cron.php creating a new CMDBChange for every BackgroundProcess
• Login screen support HTML for dictionary entry: 'UI:Login:About'
• DataModel - LifeCycle visualization: fix open and close buttons no more working
• Fix wrong count of related objects due to Obsolete & Archived
• Fix variable evaluation in ListExpression to avoid double parenthesis.

• Portal: Total count on Managed Brick is now accurate even when objects are in multiple tabs.
• An attribute File can now be emptied by the user.
• Auto-complete on external key takes into account obsolescence user preference
• Search on Text containing “_” now possible without being used as a wildcard.
• End user Wiki explains how to search for ”%“ character using “\%”, otherwise ”%“ matches any string
• Dashlet Header statistic on ExternalKey, now displays friendlynames and no more ids
• All Dashlet Title uses now Left alignment.
• “Configure this list” shows obsolete data only if required by user preferences.
• Providing an empty file as attachment is no more allowed (it was crashing iTop)
• Improve user feedback on invalid transition: Silent or simple warning -yellow banner-, rather than error. A double click on a transition, or a browser back and force, no more generates any fatal error.
• Limit searchable classes in a tree, to those allowed to the user, in a SearchMenuNode
• Files integrity is controlled in the first screen of “Application upgrade” and a warning is displayed when the install is not conform
• Align creation and update message on portal to console message
• Allow to set return-path with \EMail::AddToHeader

• Fix “cron” case in labels
• Fix Export of html fields such as in Notification Actions
• Portal : autocomplete keep selected value and use 'max_display_limit' instead of 'max_combo_length'.
• Prevent object form submission while a filter on depending field is under computation (to prevent saving of incoherent object)
• Fix search on external key, when using the magnifier and a filter in the pop-up
• Export of EventIssue object is now possible
• History of AttributeEncryptedString no more interprets HTML tags
• Fix OQL scopes generating malformed SQL query (corner case with UNION)
• Add TLs Options on database restore command
• Add mbstring as optional extension in setup
• Fix infinite loops when logging with a Contact having a non empty TagSet field
• Copy characters after a ”<“ character in a Copy operation on a Transition
• dbClick to exit the “description” field when creating an incident on the portal
• Fatal errors now log into error.log instead of setup.log

• Backoffice theme: Add variable for menu group background color
• ApplyStimulus: Rollback the object values when an action fails
• GetAttributeFlag taken into account on form refresh with dependent field
• Fix: GetTrackOrigin() now returns 'csv-interactive' value during csvimport
• Fix error in file light-gray.scss
• Clearer messages when an object update fails

• Provisioning for hybrid auth fails
• Fix “Undefined index: login_mode” Notice
• Added support for REDIRECT_HTTP_AUTHORIZATION in basic authentication.

• CVE-2020-12777
• CVE-2020-12778
• CVE-2020-12779
• CVE-2020-12780
• CVE-2020-12781

• Third dashlet added in the same dashboard cell under IE was crashing
• Portal Filter Brick input was ignored under IE11
• Applying a transition no more ends with blank page under IE

• Portal can again display more 10 attachments
• OQL syntax error displayed in place of the widget (no more fatal error)
• Fix syntax error with PHP 5.6 and TCPDF 6.3.4
• Fix missing fulltext index for all AttributeSet on table creation (i.e. install from scratch) and update (migration).
• Fix setup crash when having enum with values containing parenthesis
• Fix filtering of unions with parent class
• Fix backup not executed anymore
• The AttributeDefinition::IsSearchable() method has been fixed to check complex attributes like External Fields.
• Fix unsaved dashlet added on a dashboard
• Fix alias renaming when already exists in one OQL of an UNION
• “Printer Friendly Version” screen: Tabs now display labels instead of codes
• Fix deletion of a single replica within a list

• 2.7.0-2: Fix regressions introduced by 2.7.0:
  • Fix: RenameAlias: alias 'L-1-1' already used in one OQL of an UNION
  • Fix: Dashlet added on a dashboard are gone when coming back to the dashboard
  • Fix: Provisioning for hybrid auth fails, fixed by changing the Tracked Origin
  • Fix: Can't send attachment added before saving using “Send updates by email”
  • Fix: Global Search doesn't search in external fields
  • Fix: Backup triggered by cron were not executed anymore

• 2.7.0-1: Fix regressions introduced by 2.7.0:
  • Fix: iTop not working with MYSQL 5.6
  • Fix: Fix DataModel Viewer not supporting special chars in class name (eg. ”)

• During Setup, Move to production, Hub installation… iTop is set in ACCESS_READONLY
• After Setup, the configuration parameter access_mode is set to ACCESS_FULL
• Debug OQL for search is accessible directly for the administrators
• Replaced first name by last name in default person list view
• Don't display organization name in menu bar if it's the only one
• Prevent trigger creation without friendlyname
• Add applicable contexts on Trigger
• Track field Comment in core/delete - API REST

• Authentication extensibility: Allow login, logoff screens customization through an extension
• Security extensibility: Add hooks for iTop login security hardening
• Security extensibility: New fields on UserLocal for an extension to handle password expiration
• Security: Add a user password complexity constrains on new users and password change
• Security: Every OQL selected classes are checked against allowed organizations.
• Security: Fix issue with user creation by a non administrator
• Security: Prevent search to retrieve users belonging to not allowed Org
• Security: Global search now ignore fields of type “AttributePassword”
• Security: Prevent Password Autocomplete in Browser. But most browsers ignore this tag.
• Security: Restrict access to assets into env-*, extensions and datamodels
• Security: config.php access rights have been forced to 0440 in creation instead of 0444.
• Security: Fix CVE-2019-19821
• Password policy: change password page: add feedback during the password typing
• Password policy: Enable password expiry

• Markup extensibility: Add meta informations and hooks
• Markup extensibility: Introduce custom themes for iTop's console
• Markup extensibility: Add markup hooks on BrowseBrick and ManageBrick tables
• Markup extensibility: Add support for both code AND title in admin. console tabs
• Markup extensibility: Add password attributes to exclude list in metadata
• Markup extensibility: Rework some SCSS variables
• Markup extensibility: Add one additional theme for the backoffice, for test instances
• Change breadcrumb icons color to black instead of Combodo's orange
• Fix style for input's feedback on “change password” page
• Login page : add autofocus attribute to the id field
• Attachments: Update MS Office and OpenOffice file icons with more modern versions

• OQL: Supports nested queries such as: SELECT Team WHERE id NOT IN (SELECT…)
• OQL: Supports: ISNULL(NULL) OR (`ServiceSubcategory`.`request_type` = NULL)
• OQL: Enhance performance of Count() by ignoring external keys
• OQL: Improve OQL performance
• OQL: Optimize generation of SQL from OQL, removing useless JOIN.
• OQL: Spread the finalclass column on all the DB tables except finalclass table it-self. Migration done automatically at Setup.
• OQL: Transactions added to fix deadlock during concurrent access and guarantee Database integrity
• OQL: Transactions used for creation of object with class hierarchy, as it generate entries in multiple tables.
• OQL: Export DBSearch to JSON (for a future OQL graphical editor)
• ORM: Allow to force a WebPageMenu to open its url in a new window
• ORM: Access to object modifications in \iApplicationObjectExtension::OnDBUpdate and in \DBObject::AfterUpdate
• ORM: Delegate definition of the ticket reference format to each sub-classes
• ORM: Change visibility of \DBObject::GetReferencingObjects internal method from public to protected
• Allow params “limit” and “page” in REST-API (Dennis Lassiter)
• Updated wiki for \DBBackup::CreateZip removal

• Portal: Show confirmation dialog when closing forms with unsaved data
• Portal: Add an icon to copy object name and url next to the form title
• Portal: Add support for abstract classes creation in browse brick
• Portal: Add support for columns sorting in ManageBrick's “lazy” mode
• Portal: Hide silently sub-bricks not allowed to the user, when displaying an Aggregate Brick .
• Portal: External keys in form allow to open the associated object if user scopes allows it.
• Portal: Introduce navigation rules in Portal, to specify where to go on closing a form
• Portal: action_rules query without filter will now throw an exception
• Portal: Add option to display ManageBrick's current tab description as the brick subtitle.
• Portal: Every brick can display a subtitle if they populate the sBrickSubtitle variable in the template.
• Portal: Add option to show/hide linkedsets out of user's scopes in portal
• Portal: Add parameter to set default list length in ManageBrick and BrowseBrick
• Portal: Allow n:n links for Browse Brick's levels
• Portal: Browse brick actions are now ordered following a rank tag
• Portal: Filter linkedsets on remote object scopes
• Portal: Form submission do NOT include hidden fields anymore, unless they have a dependency to an editable field.
• Portal: Enable use of a dedicated end-users portal without having to install the standard portal
• Portal: Make portal denial based on user profiles work again
• Portal: Manage and Browse brick filters apply on subclasses fields in lazy mode
• Portal: Migrate end-users portal framework from Silex to Symfony 3.4 🚀 .
• Portal: Fix filter on external key when coming from filter brick
• Portal: Increase navigation rules checks robustness
• Portal: Display attachments count in section title, updated on each add/delete
• Portal: Fix origin modal not closing when switching to editing of an object
• Portal: Better display of success messages on form validation
• Portal: Support for AttributeEnumSet
• Improve modal backdrop UX
• Introduce “CombodoPortalToolbox”, helpers to ease JS manipulations especially through the iPopupMenuExtension
• Increase blur effect on portal modal backdrop

• Warning: Remove legacy end-user portal
• Warning: All your portal extensions needs to be migrated, see migration notes

• Setup: New feature to allow micro versions update, as long as the module list does not change.
• Setup: New file .maintenance in data directory to prevent iTop or cron to interfer with an application upgrade
• Setup: hide table prefix option by default.
• Setup: php-gd is now mandatory on setup
• Setup: Remove useless alter table queries generated by setup & Toolkit on MariaDB >= 10.2
• Setup: Add real autoloader for framework files in /core and /application
• Setup: iTop classes are now loaded with an autoloader
• Supportability: Maintenance mode (Better setup, CRON, REST and export message)
• Backup: archive creation errors are now displayed
• Backup during Setup are stored in data/backups/manual/setup-YYYY-MM-DD-HH-mm.tar.gz (thanks to Hipska - PR #61)
• System: Change cron.cmd to use arguments instead of fixed paths
• System: Generic method to check path validity
• System: New log level “debug” and logs filterable
• System: PHP dependencies managed by a composer.json

• UI: Reorganize admin console menus
• UI: Attachments are displayed as table with their meta data
• UI: Add code snippets with syntax highlighting to CaseLog/HTML fields
• UI: Autocomplete: Harmonize accents handling for better robustness
• UI: New DroidSansFallback font and 'export_pdf_font' config param for PDF export
• UI: Trigger description is now required because it is used as friendlyname
• UI: Center tag is back in default sanitizer white list

• Upgrade Archive_Tar lib from 1.4.4 custom to 1.4.7
• Upgrade bootstrap to v3.4.1
• Upgrade CKEditor to v4.11.4
• Upgrade Font Awesome from v4 to v5.12.0
• Upgrade jQuery to v3.4.1
• Upgrade ScssPHP to v1.0.6
• Upgrade SwiftMailer to v5.4.12
• Upgrade ArchiveTar to v1.4.9

• Update cron.cmd to have better defaults and remove references to old php version
• Make setup backup location and name similar as other backups (Thomas Casteleyn)
• Add status.php for getting iTop's status (Guy Couronné)
• Add support to optionally mention username in password reset mail (Thomas Casteleyn)
• Make ticket reference generation working with new sub-classes
• Add KPI on API Rest (Guy Couronné)
• Only set Ticket ref if not yet present via import or synchro (Thomas Casteleyn)
• Move expression cache files in a dedicated directory
• Add bootstrap.inc.php
• Handle nested transactions
• apc_clear_cache & opcache_reset are both called when resetting the cache
• Integrate database integrity module

• NL Dictionaries and messages (Thomas Casteleyn)
• CN @purplegrape
• SK Martin Kincel
• Chinese translations
• Spanish translations

• UI: Fix blank page when displaying a synchronized object. Simple quote not escaped before giving content to qTip lib.
• UI: Fix dashlet edition due to duplicate ids of dashlets, by renumbering them when building in iTop pages.
• UI: Fix 'G', 'd', 'j' DateTime format in regexp generation
• UI: Fix GroupBy dashlet on classes with ExternalField to ExternalField
• UI: Fix missing scroll bar in DataModel Viewer for class with large number of attributs
• UI: Fix missing scroll bar missing in modal window “Create a new field” from Request Template
• UI: Fix non editable dashboard when wrong attribute code used in its definition
• UI: Fix regression on mandatory external field with only 1 possible value
• UI: Fix regression when creating ticket in “resolved” with lnk objects
• UI: Fix search equals 0 for integer
• UI: Fix truncated caselog entry with large HTML table or word

• Portal: Fix column sorting on date attributes (eg. french format)
• Portal: Fix crash in object form having empty AttributeBlob field
• Portal: Fix crash when having comments in some parts of the XML
• Portal: Fix error on form submit “Attempting to set the value on the read-only attribute”
• Portal: Fix hyperlink placeholder not working in notifications for other portals
• Portal: Fix list tabs and on charts click when a Manage brick has a chart as default display mode
• Portal: Fix missing scrollbar in tall form modals
• Portal: Fix wrong “apply stimulus” form being used in a branch of classes
• Portal: Correctly display external fields targeting an enum field

• Setup: Fix MySQL8 incompatibilities in setup and backup
• Setup: Fix setup crash when class has an empty zlist tag
• Setup: fix typo in warning due to non-matching products.
• Setup: Fix graphiz detection feedback message on Windows systems
• Setup: Fix extremely slow page load for first user after setup
• Setup: Fix MySQL TLS wiki URL

• ORM: Fix “invalid numeric value” when inserting/updating AttributeDecimal
• REST/JSON fix must_exists flag for remote object of indirect linkedset
• Fix support of expressions (friendlyname) in different language contexts
• Fix apc-emulation
• Fix datepicker locale not set correctly for ZH CN and PT BR (@annProg)
• Fix cron crash when MySQL connection lost (Thomas Casteleyn)
• Fix images being too large in icon selector (dashboards and Designer)
• Fix ticket ref uniqueness rule declaration (@jbostoen)
• Fix count with Archive mode
• Fix compiler crashing on setup due to comment in XML
• Support Microsoft Outlook encoding of non breaking line in UTF-8
• Fix DBSearch::Intersect (de-duplicate aliases)
• Fix error when no cache is configured
• Add more logs
• Fix run_query error handling incompatible with PHP < 7.3.0
• Fix some more PHP 7.4 incompatibilities
• Fix AdminTools DataSynchro creation
• Fix apply stimulus returning true when stimuli is not applicable
• Fix ticket ref sometimes being a duplicate

• Filterable logs using log_level_min optionally per channels
• Improve unit tests
• Security hardening
• Change AttributeImage methods visibility to allow overrides
• Setup wizard backup path : larger input widget
• Many small UI improvements
• autoload rework for application and core directories
• Export a DBSearch as an array/JSON structure
• Abstract implementation for iScheduledProcess
• Add Alexandre, Anne-Catherine, Olivier, Marie-Annette and Dimitri to the sample data to welcome them! 👋

• Remove Config deprecated GetDB…() methods
• Deprecated stopwatch extensivity
• Deprecated DBObject::DB*Tracked methods (DBInsertTracked, DBInsertTrackedNoReload, DBUpdateTracked, DBDeleteTracked)
• Removed \DBObject::RegisterCallback
• Removed DB Config getters and charset/collation config params
• Removed DBBackup::CreateZip
• ORM: Deprecate \MetaModel::EnumLinksClasses and \MetaModel::EnumLinkingClasses
• ORM: Deprecate all Config::GetDB* methods, that need to be replaced by Config::Get() calls
• ORM: MetaModel::GetNextKey($sClass) is now deprecated in favor of ItopCounter::IncClass($sClass)
• FontAwesome: FontAwesome v4 is deprecated, use FontAwesome v5 CSS classes instead

• 2.6.2-2: Fix request template values lost on userrequest edition

• 2.6.2-1: Fix Backup failing with attachment above 24MB

• Search form prefill can be used when adding objects to 1:n relationship (only n:n before)
• Enable notification placeholders to use server name in hyperlinks
• TagSet code can now have just 3 characters instead of 4 minimum before
• New IT translations for tickets classes
• New PT-BR translations
• Look & Feel: increase width of autocomplete drop-down list for readability
• Manual backup
  • A temp file containing the password is created.
  • The access is limited to www-data user.
  • The file is removed just after the mysql dump

• Fix Portal links on documents to control them against user scope.
• Fix warning in backups with MySQL 5.7.0 using TLS
• Fixed iTopMutex not working when only MySQL TLS connection available
• Fixed blinking of warning image on mandatory HTML field
• Fix Bulk ticket assignment when only one team is in team list
• Fix Bulk Modify : search result lost when sort on a new field
• Fix regression: Link class attributes are correctly copied by Object Copier
• Fix regression: Loose entered value in auto-complete selection on external key.
• Fix regression: DataSynchro: deletion rules now applied when using synchro_exec.php
• Fix regression: “invalid filter” error when refreshing “Requests assigned to me”
• Fix regression: Console: browser freezes when adding related items on a tab, when having a lot of possible items
• Fix regression: Stopwatch sub-items are now available as search criteria, timespent and overrun are searchable in seconds
• Fix regression of CKeditor: image and table properties available even when HTML field is edited in a pop-up window.
• Fix regression: missing dictionary entries for “Service families” menu of “Service Mgmt Provider” module

• Default search criterion defined on the datamodel, are now displayed on top of any prefilled criteria.
• API/REST: Core/Get supports pagination and limit
• Backup will now logs using IssueLog, and the 'debug' config parameter is no longer used
• Allow params “limit” and “page” in REST-API PR #25, code author Dennis Lassiter
• PHP 7.3 Compatibility
• External fields are now proposed for group-by dashlets
• 'Schedule Backup' and 'Configuration' menus are no more available for “Admin Tools Manager” profile.
• Datasynchro: “Full load interval” obsolete your objects after that delay (instead of immediately).
• CSV import : can now create an object with value for field that is readonly in modification
• Uniqueness rules: now supports rules defined on abstract class, with disabling on some children.

• CopyAttribute only copy attributes which are writable as ObjectCopier was already doing, to prevent fatal errors.
• Fix performance issue on modification of object with a lot of relations.
• Fixed: Text printed in white (on white) in some tables when exporting the impact analysis as a PDF.
• If not found in the autocomplete cache, the search is done once in the database.
• Fixed date conversion for linkset, when using custom date format
• MetaEnum is computed at object creation time instead of being set to its default value.
• “Group by” dashlet is no more clickable in edition
• Setup: Fix issue when upgrading extension with an extension.xml file
• Fix object modification locked when an n:n relation was locked by a DataSynchro
• Fix lost of in-line images when copied from one iTop to another.
• Fix issue with Send email which was not handling correctly the number of retries
• On Windows: Warning during setup if database password contains % ! or “ as iTop backup will not work.
• Fix: Tags not saved in case of error at form submission.
• Backup will now logs using IssueLog, and the 'debug' config parameter is no longer used
• Fix: changing Menu rights to “Admin only” was crashing.
• Fix user rights control on applying Stimuli through URL.
• Fix tar gz archive generation with files of size multiple of 1024 bytes
• Fix query returning recent change on impact analysis, which was not limited to 72h
• Fix reconciliation key issue in CSV Import of lnkCustomerContractToService with iTop in Service Management for Provider
• BrowseBrick list pagination is now working even when filtered
• Notification triggers on entering or leaving state, on abstract class accepts any state available on one of the children classes
• Portal: Fix regression introduced in 2.5, better error message when user logged out
• Portal: Fix message content in user profile when password edition is disabled
• Portal: Wrong encoding of special chars like in dashlets (eg. “ö”, ”&“, …)
• Fix 2.6.0 regression missing/empty error message when uploading too large attachment
• Fix pagination issue for search with accent

• Fix typos in EN (@jbostoen)
• Improved CN
• Improved RU
• Improved DE (ITOMIG)
• Add missing entries lost from 2.5.1
• Improved FR

• Security hardenings for eg.
  • prevent malicious updates of config.php,
  • XSS and CSRF weakness in multiple places
  • Tag label are sanitized to avoid HTML injection

• New attribute: dashboard contextualized to the containing object
• New attribute: tag set
• Triggers on object update and object delete
• Uniqueness rules on objects

• Fix regression on forget password feature
• Fix regression on autocomplete and accents
• UX: Better class and attribute selection in triggers
• UX: Switch back and forth between a custom dashboard and the standard version
• UX: ExternalField label standardized to key_name->label
• Notifications: Fix incorrect use of 'from' field for test email
• Search: Hide unknown external keys from the search criteria if previously defined in shortcut
• Search: Fix searching a quote on a text
• Export: Fix external attributes selection on export form
• Export: Fix none drag-able columns in exports (Excel, CSV, …)
• Export: Fix excel export when reconciliation key list is containing empty keys
• Export: Fix XLSX export failing on PHP 7.1 on systems without ”/tmp“
• Fix new empty caselog entry on bulk modification
• Fix audit when a current organization is selected in the left menu
• Fix auto-complete error when the friendlyname depends on other classes
• Fix security message in the browser console (“Unsafe attempt to load URL data:image/svg+xml;utf8”)
• Fix “Run Query” page hotkeys behavior in some configurations due to a wrong url
• Fix ajax “request uri too long” message
• Fix concurrent lock not released on failed transition
• Fix dashboard edition when a bad OQL is present in dashlet 'Group By'
• Fix integer validation in dashlet forms
• Fix: stop historying differences on trailing 0s in decimals.
• Fix TTR deadline if reassigned outside of coverage window
• Fix blank Profile search on User creation with a single Organization
• Fix non disappearing tooltip for mandatory HTML field
• Fix edit of ExternalKey, when filter contains UNION
• Fix lost of n:n relations during edit, when an error was displayed

• Nicer display on background errors
• date/time picker: first day of the week now based on user language
• Security hardening
• Fix wrong pictogram placement on email & tel attributes in the ManageBrick
• Fix default image of image attributes in object forms
• Fix “UTF-8 Characters Malformed” error when using Spanish language
• Fix attachment preview during Ticket creation
• Fix regression, icons not displayed in service catalog
• Fix service catalog items not collapsed / expended as expected
• Fix inline images being displayed too large sometimes in forms
• Add HTML hooks in object forms to know object's class and ID (useful for CSS /JS hacks)

• Portal: Add support for SCSS files through the PortalUIExtension API (only CSS were supported)
• API: New method DBObject::SetIfNull() to set an attribute value only if it is not set
• Fix MetaModel class not found when calling utils method

• New Dashboard Attribute on Organization class
• Add Uniqueness rules on Model, Brand and Person classes.
• New TagSet attribute and class FAQ
• Search: Add default criteria for FAQ, FAQCategory & KnownError classes.
• ResolveFrom method now set only unset mandatory Ticket attributes.
• Show resolution_date in resolved problem details

• Remove PHP notice on Ticket Export for tickets created before release 2.0.0
• Backup: Move check_ticket_itop command line parameter into itop_backup_incident module parameter of itop_backup in the Config file.

• New dictionary entry for 'Page' tag on PDF export Core:BulkExport:PDF:PageNumber
• Update German dictionaries (Thanks to Lars Hippler)
• Update English dictionaries for notification
• Update Dutch dictionaries (Thanks to Thomas Casteleyn and Jeffrey Bostoen)
• Update Spanish translations (Thanks to Miguel Turrubiates)
• Update Russian translations (Thanks to Vladimir Kunin)
• Update Chinese translations (Thanks to purplegrape)
• Fix duplicated french label 'Demandeur' on Change class

• Setup: Add log in case of missing extension
• Setup: Fix blocking error on backup failure
• Setup: Clear the caches when switching environment
• Setup: Fix setup for PHP 5.5
• Fix PHP 7.2 compatibility issue
• Fix bug that caused memory_limit=-1 to lead to 'not enough memory'
• Add new automatic tests
• Add replacement for mcrypt removal in PHP 7.2, added stronger encryption options
• Better feedback on fatal errors
• Upgrade to JQuery v3.3.1
• Upgrade to tcpdf v6.2.17
• Strengthen the SQL creation from OQL
• Strengthen password management
• The filter parameter in url no more serialized but in JSON format
• Add warning on setup for unsupported MySQL 8+ versions (MariaDB & Percona not affected)
• Fix loss of inline images and attachments when user has been logged off
• Fixed bug that caused memory_limit=-1 to lead to 'not enough memory'
• Fix integer validation in dashlet edit form
• Session id regeneration on login
• Title field XSS vulnerability solution
• Refactoring in AttributeImage URL generation
• AttributeImage : add css classes to be able to style
• Optimize SQL generation from OQL depending on objective, counting or object details
• Do not refresh search on closing an empty criterion
• Add the user_id to the log_kpi instead of *
• Display error log instead of fatal error in case of Exception when modifying an object in console
• Improves backup/check-backup (fix check-backup sample cli, better error on check-backup invalid check_ticket_itop cli parameter)
• Change default attachments (and inline images) lifetime to 1 day instead of 1 hour
• Datamodel viewer: Fix an issue where OQL Filters were truncated
• Cosmetics on setup (Licenses prompt)

• Fix hard-coded translation in search page when the form has not been automatically submitted.
• Fix broken search form when user has no read right on objects.
• Fix request uri too long
• Fix removing last criterion on a 'or' line resulted in 'OR 1'
• Fix operator forced to ”=“ on some attributes (indexed ones)
• Fix external field label not displayed
• Fix an error when using search form from an union
• Fix a bug when selecting foreign keys would not add items (#1656)
• Organization criterion from selected silo is now read-only

• Fix dashboard edition when a bad OQL is present in dashlet 'Group By'
• Fix new empty caselog entry on bulk modification of objects.
• Fix bulk transition integrity exception when “org_id” was not checked.
• Form prefill: Add possibility to change attributes flag on the fly
• Fix external attributes selection on export form
• Fix security message in the browser console (“Unsafe attempt to load URL data:image/svg+xml;utf8”)
• Fix “Run Query” page hotkeys behavior in some configurations.
• Fix ajax request uri too long on auto-complete
• Fix auto-complete error on some attributes (“A DBUnionSearch must be made of at least one search”)

• Security hardening
• Fix default image of image attributes not correctly displayed in object forms
• Fix “UTF-8 Characters Malformed” exception when using spanish language

• Setup: Fix blocking error on backup failure
• Setup: Change iTop 2.6 MySQL requirements from 5.5.3 to 5.6
• Setup: Fix setup for PHP 5.5
• Fix 'forgot your password?' link
• Fix reset password link broken in emails (dictionary entries had wrongly escaped characters)
• Fix Excel web queries import warnings. (JS script error popups)
• Fix going back to ITSM Designer from a move to test
• Fix audit when a current organization is set and there is an audit rule with valid=true
• Update german translations

• Fix PHP 7.2 compatibility issues
• API: DBObject→GetOriginal() hardening (now support attributes not set: for example sla_tto_passed for UserRequest until it is closed)

• Deep rework of the search forms:
  • GUI to select a date range
  • Consistent feedback of the filter currently set
  • Possibility to search for Defined/Undefined values
  • Possibility to search on any field of a class

• Dashlet Group By supports sum, average, min and max. Support of grouping on stop watches has been added.

• Datamodel viewer entirely rewritten:
  • class selection tool (autocomplete)
  • graphical representation of the class and its neighbours
  • simplification of the list of attributes
  • re-sizable life-cycle graph

• Export ongoing and closed tickets from the portal

• Fix DataSynchro Group to allow management of DataSynchros through WebServices for non admin users
• Fix CSV import : check if user has rights on imported class
• Restrict the access to the REST/JSON web services to users having the profile “REST Services User”
• Enabling search and access control by organization on User class
• Supporting MySQL/SSL connections

• Fix: the use of some Emoji, depending on you MySQL server settings, could cause your data to be truncated (e.g. losing an entire case log).

• Autocomplete is activated by default after 2 characters now (it used to be 3 by default)
• Form prefill : Included Contract case in the datamodel.
• Add support of AttributePhoneNumber which allows launch of phone application on click.
• Set default search criteria for objects
• Notification GUI: fix cosmetic issue and save state for the current browser (in the session)
• When global searching with needles smaller than 'full_text_needle_min', exclude these needles from the search instead of stopping it
• Exports (csv, xslx, pdf) “Localize Output” option lost when the export has more thant one chunk
• Related objects count (tab title) not in line with the displayed list (always counting obsolete objects)
• Failing to bulk delete whenever the scope query contains the % character
• Added a conf params 'email_default_sender_address' and 'email_default_sender_label' that will be used if a mail has no sender set, to cope with Anti-SPAM systems
• Could not add a second link (condition: have a date attribute on the link ; regression introduced in 2.4)
• Portal: Ongoing tickets should be listed the same way as in the console
• Portal: List of closed tickets not filtered as expected (high cardinality)
• Portal: Added an information about file max size on forms
• Portal: Fail to reset password when navigating from an email (hyperlink)

• MariaDB: the backup could not be used (setup)
• New requirements: PHP 5.6.0 and MySQL 5.5.3 (fix for the emoji causing data corruption)
• Support of PHP 7.2
• MySQL strict mode compatibility (5.7 - null replaced 0000-00-00 00:00:00 for DateTime).

• Added an index on the ticket ref
• Dashlet “Header with statistics” requiring less queries to be displayed
• Now uses one count + group by query instead of one count query per grouping value
• Avoid multiple count requests in the core API (DBObjectSet::Count)
• Impact analysis: much better (and faster) processing of graphs containing loops
• Suppression of obsolesence condition on Ticket (was impacting the performance)

• Suppression of obsolesence condition on Ticket (See the chapter on performance)
• Added “approved” state to the tto (time to own) active states

• Setup: Display the XML errors on the screen
• Make the deletion of a Synchro Data Source a bit more robust, in case of a missing or already deleted data table.
• Dashboards: Unknown dashlets (eg. from an uninstalled extension) no longer raise an exception, a fallback is displayed and the XML configuration is still available in editor.
• Setup on Windows systems: workaround for random behavior of rmdir sometimes failing though the directory is empty
• Fix application being wrongly set to Archive Mode when it fails to retrieve an object from the database.
• Cron automatically re-orders its tasks to make sure that every tasks get some time to run, even if a task crashes repeatidly or uses all the time slice to process a big backlog.

• Update German translations, thanks to Lars Hippler from Itomig
• Dictionnary error 'criticity' replaced by 'criticality'
• Update portugues (brazilian) translations, thanks to Pedro Beck and Anderson Cardoso!
• Update spanish translations, thanks to Miguel Turrubiates!
• Reworking the list of User account fields displayed in Details and List
• Run query : add shortcut in submit title
• Configuration editor: add shortcut in submit button title
• Documentation shown upon setup completion (Completing the iTop installation for workflow management): the file cron.params has been renamed into cron.distrib
• Rich text editor: allow merging table cells (regression introduced in 2.3)
• Portal: Remove copyright (iTop) from page footer

• HTMLSanitizer : add wiki ref to white lists
• Upgrade Silex library to 2.2 (Which is possible as iTop 2.5 requirements are now PHP 5.6+!)
• Updated swiftmailer to v5.4.9: security fixes
• Use only hashed server side information as the local storage identifier.
• jQuery modernization : updated jquery to 1.12.4, jquery-ui to 1.11.4 and jquery-migrate to 1.4.1
• Rename core english dictionary files to match standard convention.
• Display of links now support both DBObjectSet and ormLinkSet
• Enhancement of the data collection for iTop Hub: better detection of the web server version.
• Linked JS scripts can now be used in ajax pages. This is useful for IPopupMenu extensions which depend on a JS script and are loaded asynchronously when a list of objects changes (for example when changing the target class for a search)
• Proper use of the “304” (Not modified) HTTP header for InlineImages. Seems that FastCGI is more sensitive to incorrect HTTP headers than MPM…
• PHPunit is now integrated through composer (inside the directory /test)
• Portal: Update table's filter hotkeys to prevent unnecessary ajax calls

• Form prefill : Allow to overload new methods in order to prefill search forms, creation forms and transition forms
• Customizable access to the 'Admin Tools' (delegating administrative roles)
• Add functions, order by and limits to the API DBSearch::MakeGroupByQuery()
• New portal capabilities :
  • AggregatePageBrick: create subpage under the portal home page
  • ManageBrick enhancements: statistics added to the tile, set of data presented as charts (bars, pie) or a badge
• Refined the user rights management (added the 'grant_by_profile' category) to enable the development of a user account management portal
• Transition form: file not uploaded (blob attribute)
• Portal: Add XML comments to document the standard portal design
• Portal: Make sure the FilterBrick will be correctly displayed with default settings
• Portal: Default object forms are now more like in the administration console instead of just having their fields one after another
• Portal: ManageBrick lists are now ordered as specified in the datamodel definition (like in the console)
• Portal: Error in ManageBrick (ongoing tickets) when grouping tabs on an attribute (instead of sub OQLs)
• Portal: Allow for the customization of Contact scope (collision on XML ids)

This version has not been published as a Community package, but its fixes are included in the 2.5.0

• CSV import : check if user has rights on imported class. Thanks to Vladimir Ivanov (from Positive Technology) who has revealed the weakness.

• Portal: OQL optimization in ManageBrick when several UNIONs are used.

• Performance enhancements for auto-complete widgets (speeds up both the display in search forms, and the response on usage)
• Fix 2.4.0 regression when creating an object with a lifecycle, directly in a state other than the default one.
• Audit: Performance optimization for AuditRule with valid_flag=true and lots of negative records
• Header with statistics Dashlet: performance improvements

• Restore compatibility with the data sharing extension