Ameyo Contact Center - Patch Release Notes - Version 4.13.35

release details release date 2025 07 12 short description this release includes several security fixes addressing vulnerabilities related to file upload, information disclosure, ip disclosure, username enumeration, and jquery version it also contains numerous bug fixes across system components, toolbar, and reporting highlights / summary security hardening addressed multiple vapt findings including insecure file upload, sensitive information disclosure, internal ip disclosure, username enumeration, and updated jquery version agent state fix resolved an issue where agents in break (erroneous) state received calls after webrtc reinitialization duplicate ticket prevention fixed ui issue allowing multiple clicks on 'send' button, preventing duplicate ticket creation ui layout fixes corrected ui layout issues related to chat panel width during interaction creation and crm page visibility after tab switching reporting fix addressed report generation failures when using non standard postgresql ports component versions component build url ameyo server ameyo server 4 13 593 20250711 r 207953 linux gtk x86 64 rpm ameyo art ameyo art 4 13 91 20250711 r 207952 linux gtk x86 64 rpm note release marked in bold has the change only, other releases has no change and are same delivered in last patch cycle feature enhancements no new features introduced in this patch focus is on security and bug fixes bug fixes ( system common bugs) agent state handling (ga 15099) resolved an issue where agents in a break state continued receiving inbound calls due to webrtc reinitialization, which incorrectly triggered auto call functionality even during an error state the fix ensures that the break to break logic is not executed when the break status is set to “error ” duplicate ticket creation (sl 17180) addressed a problem where clicking the send button multiple times before the api call completed triggered the createnewinteraction function twice, resulting in two tickets being created this behavior has been corrected in the latest app server build unable to reply to tickets when in more than three chats(sl 17258) fixed an issue where the chat panel expanded to the full width of the screen (100%) during active chats, hiding the send and cancel buttons the panel width has been limited to 75%, ensuring both buttons remain visible and functional during interaction creation case id–based resolver – new messages linked to expired tickets (ga 14939) resolved an issue where new messages were appended to existing tickets that remained in an expired status, causing them to be hidden from the ui the updated logic now considers only tickets with active statuses—new, open, pending, or closed—so that all valid tickets are visible as expected crm page not reappearing after returning from knowledge base (sl 17251) fixed a display issue where the crm page did not reappear after switching from the knowledge base page back to the customer tab the crm view now loads properly during tab switching this has been resolved in the current app server build interaction history vs front end discrepancy (ga 14630) corrected an error that created duplicate entries in interaction history when agents opened new incoming mail from the dashboard, an incorrect “all messages read” activity was logged in addition to the mail entry the issue has been fixed so that only one interaction history entry is generated per mail opened voice na toolbar webrtc call answering calls stuck in queue with beep sound (sl 17051) resolved an intermittent issue where agents were unable to answer calls initiated via the click to call api on their webrtc extensions the problem caused calls to remain stuck in the queue with a continuous beep sound this behavior has been corrected in the latest build tag generic toolbar integration and testing (sl 17221) fixed an issue where the event handler failed to respond to login errors due to improper case handling the updated logic now ensures proper functioning for both successful and forced login scenarios this issue has been resolved in the current app server build fusion(ic, chat, social media) na monitoring data and reports ivr call card block failure (ga 15024) resolved an issue where the crm report and crm lead report failed when postgresql was running on port 5433 the failure occurred because the dblink connection in the get crm detail history table columns function did not specify the required port a new function has been created with the correct port configuration, and the issue has been fixed in this art build debugging docs / sops interaction ticket not created for unanswered chats (sl 17093) the system behavior for missed or unresponded chats has been enhanced for missed chats, the system now logs the missed chat event when the user is unavailable and ensures appropriate handling for the specific chat id for forced logouts, the system performs a cleanup process that records session and campaign details, manages forced closed chat sessions, and ensures proper closure and logging for those interactions security and performance updates vapt – insecure file upload (ga 15080) mplemented regex validation and a secure keyword filter in the “upload jrxml” field to prevent uploading files with nested or harmful extensions (for example, php) the application now strictly allows only valid jrxml files, successfully blocking unsafe file types fix verified in the latest build vapt – sensitive information disclosure (ga 15078) resolved an issue in the getalldatasource api where the response payload inadvertently exposed sensitive details, including the database connection url, username, and password these parameters were unused in subsequent flow the unused sensitive fields have been removed from the response to prevent exposure and ensure secure handling of configuration data vapt – internal ip disclosure (ga 15077) addressed an issue where the /cc/userbreak api response exposed internal ip information the error response has been modified to exclude internal system details, ensuring sensitive data such as ip addresses and domain names are no longer exposed vapt – username enumeration (ga 15076) fixed a security concern where distinct error codes were returned for incorrect user ids and passwords due to different exception handling the same exception class is now used for both cases, ensuring a unified error response and preventing username enumeration vapt – jquery version upgrade to 3 7 1 or later (ga 15067) upgraded the jquery version in the app server build from 3 5 0 to 3 7 1 to mitigate known vulnerabilities and enhance security compliance limitations / known issues no new limitations identified in this patch browser and platform compatibility supported browsers chrome version 138 0 7204 93 (official build) (arm64) mobile apps no updates in this patch contact / support information for issues or queries, please contact ameyo support via the support portal or designated email channels