Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36174: Freshservice Release Notes - April 2022 | Freshworks Community

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.

CVE
#web#ios#android#mac#windows#microsoft#linux#aws#oauth#auth#ssl

Important update: We have updated the release timelines of “Android mobile updates” on 18th May 2022. This enhancement will be available on 01st Jun’ 22 instead of 29th Apr’22.

Note: All the features/enhancements below will be available on Blossom, Starter, Garden, and Growth plans on Apr 18th. For Estate, Pro, Forest, and Enterprise plans will be available on Apr 29th.

Product version: 2022.R04L.01

**New Features and Enhancements******Reduce MTTR using Automated Grouping for Alerts****

Category: IT Operations Management

Users can now use ML-driven Automated Grouping – now in Public Beta – to attach related incoming alerts to open incidents. This would make incidents contextually rich, reduce noise, and help resolve incidents faster.

More details here

****Gain Flexibility in Noise Reduction by Grouping Alerts using more Values****

Category: IT Operations Management

Users can now group alerts by Message & Node in addition to the default values of Resource and Metric in any combination through custom integration. More details here

**
**Integrate Monitoring Tools in just three simple steps****

Category: IT Operations Management

Users can now integrate monitoring tools to Freshservice Alert Management in just three steps. The alert profile is being retired and users can view all their integrations on the Alert Integrations page. More details here

**
**Detect and Correct Invalid Phone Numbers with Ease****

Category: IT Operations Management

Users will now be intimated about missing or incorrectly formatted agent phone numbers as and when they create a shift for On-Call Management. Users can either correct individual phone numbers from within the On-Call Management module, or correct them en masse through a CSV file. More details here

****Get Separate Notifications for Urgent and High Priority Incidents** **

Category: IT Operations Management

Users can now configure the escalation path and notification rules for High and Urgent priority incidents separately in On-Call Management. More details here

**
**Business Impact for Change****

Category: IT Service Management

The Change managers and implementers can now proactively associate ‘Impacted Services of a Change’ and automate approvals based on the ‘impact’. This will eventually reduce the number of unplanned outages to business-critical services.

More details here

**
**Increased Size of the Email Attachment****

Category: IT Service Management

We have increased the limit of email attachment files from 25MB to 40MB. Users can now share and receive bigger files in their tickets, problem, change, release, and project modules experiencing an enhanced sharing option.

****New Metrics - Unresolved Tickets****

Category: IT Service Management

Introducing a new metric called Unresolved Tickets, in the tickets module, to track the total number of unresolved tickets in any defined time period. Users can now analyze unresolved tickets for a period by defining a time period and comparing trends across different time periods (month over month, week over week, etc.)

****Conditional Fields in Tabular Data****

Category: IT Service Management

Users can now access service item fields and asset type-specific fields in tabular format when those fields are applied in the metrics filter. Just add the conditional field in filters and click on the View underlying data option to view the conditional fields.

****Edit Gantt bars in Project List View****

Category: Project Management

Users can now quickly change the start and end dates of a project in the Projects list view page itself. Click and drag either end of the Gantt bar to make edits to the project. The icon will change to a double-headed arrow indicating editing. The change (in days) will be reflected at the end of the Gantt bar once it is released.

Note: The start and/or end date changes will only reflect at the project level and will not impact the dates of tasks/sub-tasks

****Manage and Optimize SaaS usage better with User Filters****

Category: IT Asset Management

An integral part of managing and optimizing your SaaS applications would be understanding app usage on a user level based on varied criteria. With filters for SaaS users, slice and dice through user-level SaaS usage by filtering using User fields and using Ready-to-view filters. More details here

**
Discover and manage Microsoft 365 licenses **

Category: IT Asset Management

Understanding how your licenses are utilized enables you to plan the best optimization efforts to cut SaaS costs. With your Microsoft 365 integration, get visibility into all your licenses and their utilization right within Freshservice. More details here

Note: Auto-discovered license utilization information will be available on the overview tab. All manually created licenses will be available as contracts.

****Create Relationships with your Software in your Inventory****

Category: IT Asset Management

Understanding dependencies between your hardware and software is important to see the big picture when critical issues arise. You can now create software relationships with all inventory items and track them under the relationship tab for any software.

Note: To better search through your software records, use the software statuses (Managed, Discovered, Disabled, In review, Restricted, Ignored).

****Create and Manage Warranties at ease****

Category: IT Asset Management

Warranties are critical documents required to secure asset costs and an asset’s lifecycle. With the contract management module, create warranties and automate approvals right from Freshservice.

**
**Stay on top of Software usage with the Analytics Module****

Category: IT Asset Management

Getting a bird’s eye view of your software usage is critical in establishing software governance in enterprises. With software reports in Freshservice analytics, you can now track software used based on varied criteria like status, users, asset, source of creation, and more.

Note: This will be rolled out in phases from April 30th.

****Workflow Automator Enhancements****

Category: Workflows/Automation

  • Expression Builder Node

Users can now perform operations like adding numbers together, replacing a part of a string of text, comparing strings, manipulating date/date-time fields, and much more using the Expression builder node. For eg: Calculate the due date of a ticket based on the employee’s joining date. More info

here

  • Expressions in Condition Node

Users can now evaluate boolean expressions directly from the condition node allowing them to craft more complex conditions.

  • Date fields in Condition and Actions

Both default and custom date fields are now available to use within the condition and action nodes.

  • ISO Date placeholders

Date fields are now available in ISO format from the placeholder section. Use this format when constructing date-based expressions in the expression builder node and integrating with 3rd party systems via APIs. Sample formats for date and DateTime fields are mentioned below:

ISO Date (yyyy-mm-dd) - ‘2022-01-02’

ISO DateTime (yyyy-mm-ddThh:mm:ssZ) - ‘2022-01-02T12:24:30Z’

  • Test Improvements for App Actions, Webhooks and Web Requests

Testing web requests, app actions, and webhooks just got easier. Now replace placeholders with sample values to test these actions seamlessly.

****Orchestration Center Updates****

Category: Workflows/Automation

  • Integrating Credential Store with Orchestration Apps

Users can now use the credential store for a curated list of Orchestration apps. For instance, you can create Oauth credentials for Dropbox and leverage them in the new Dropbox orchestration app.

  • New apps added to Orchestration center:

    • Dropbox - Perform operations on users, groups, and files or folders, and attach documents to your Freshservice tickets using the Dropbox Orchestration app. More details here.
  • Orchestration App Enhancements

    • Microsoft Active Directory- Remove users from multiple groups using MS Active directory for Orchestration. More details here
    • MS Exchange - Perform lookup events based on start_date_time and end_date_time filter. More details here.

****Security updates: Discovery Probe and Discovery Agent****

Enabled the following fixes for the asset discovery tools:

  • Security fix, checksum hash verification on Auto Update

Mac agent 4.2.0, Windows agent 2.11.0, Linux agent 3.3.0

  • Ability to Fetch instance ID for AWS & Azure virtual machines

Windows agent 2.11.0, Linux agent 3.3.0

  • Security fix, added TLS certificate verification

Mac agent 4.4.0, Windows agent 2.12.0, Linux agent 3.4.0, Probe 4.11.0

****Mobile App Updates****

iOS:

  • Support for Look-up Fields in Ticket module

Android:

  • Support for Look-up Fields in Ticket module

  • Support for Change form Business Rules

  • Support for Service item Business Rules

Note: These enhancement will be available from 01st June 2022.

****Other updates****

Mac agent 4.3.0

  • Fixed bugs in fetching software details from MacOS Monterey

  • Added new mac models in our directory to reflect the model names

Probe 4.11.0

  • Fixed bugs in fetching software details from MacOS Monterey

  • Added new mac models in our directory to reflect the model names

  • Fixed discovery agent version issue in the software details

****Neo Admin Center:** Create Custom URL**

Category: Platform

Personalizing Freshworks URL as per brand requirements

Admins can now personalize their login URL as per branding requirements. They can do this from within the Organization module of the Neo Admin Center.

Note: They’ll have to create a DNS CName certificate record and process this step from the DNS Zone file while updating the URL in the organization module.

More details here

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907