Contact Center - Patch Release Notes - Version 4.13.55
13 min
release details release date 10th july 2026 this document outlines the feature enhancements, security updates, bug fixes, and other updates included in the ecc 4 13 55 patch release ecc build versions component build url ameyo server ameyo server 4 13 635 20260710 r\\ 327397 linux gtk x86\\ 64 rpm ameyo art ameyo art 4 13 111 20260709 r\\ 327307 linux gtk x86\\ 64 rpm management server ameyo management server 3 15 128 20220819 r\\ 53820 x86\\ 64 management ui ameyo management server ui 3 15 79 20220825 r\\ 54354 x86\\ 64 ameyo asterisk ameyo asterisk13 100 0 123 20230202 r\\ 54429\\ el7 linux gtk x86\\ 64 rpm ameyo asterisk13 100 0 122 20230201 r\\ 77845\\ el8 x86\\ 64 rpm ameyo asap ameyo asap 100 0 19 20210708 r\\ 53436 linux gtk x86\\ 64 rpm ameyo asap 100 0 31 20231212 r\\ 122778\\ el8 linux gtk x86\\ 64 rpm ameyo djinn ameyo djinn 100 0 411 20250115 r\\ 176400 x86\\ 64 rpm ameyo codec ameyo codecs13 100 0 10 20180312 r\\ 37320 i386 rpm ameyo codecs16 3 10 1 20150917 linux gtk x86\\ 64 rpm ameyo crm ameyocrm 100 0 379 20240516 r\\ 54694 x86\\ 64 rpm jdk java 1 8 0 amazon corretto devel 1 8 0\\ 312 b07 1 x86\\ 64 rpm caf google play store caf\\ googleplay 100 0 37 20231011 r\\ 112974 x86\\ 64 rpm caf youtube caf\\ youtube 100 8 0 20230904 r\\ 54528 x86\\ 64 rpm ui less integration zoho connector laravel build zoho connector 100 0 40 20260707 r\\ 326504 x86\\ 64 rpm ui less integration zoho user management app zoho\\ crm\\ connector 100 0 10 r\\ 54327 aaex wfm nice response transformation app nice\\ connector\\ app 100 0 13 r\\ 54375 aaex amf for whatsapp, cogno and instagram integration amf 100 0 272 20250916 r\\ 54869 x86\\ 64 rpm voicelog privilege app voice\\ log\\ privilege\\ app 100 0 61 r\\ 54105 aaex dial user app dial\\ user\\ app 100 0 31 r\\ 51344 aaex system smart view app smart\\ user\\ app 100 0 135 r\\ 54858 aaex pick call app pick\\ call\\ app 100 0 36 r\\ 51381 aaex bulk operation app bulk\\ operation 100 0 48 r\\ 51285 aaex desktop notification app notificationapp 100 0 29 r\\ 52192 aaex agent signature app agent\\ signature\\ app 100 0 27 r\\ 51283 aaex agent self monitoring app agent\\ self\\ monitoring 100 1 98 r\\ 51265 aaex redirection app redirectionapp 100 0 3 r\\ 51489 aaex quota app quota\\ management\\ app 100 0 74 r\\ 54362 aaex skill monitoring app skill\\ monitoring\\ app 100 0 14 r\\ 54167 aaex routing test app routingtest 100 0 1 r\\ 54180 aaex debugger app debuggerapp 100 0 7 r\\ 54338 aaex acp acp 100 1 92 20231130 r\\ 120901 x86\\ 64 rpm amd ameyo amd16 100 0 31 20210521 r\\ 52916 linux gtk i386 rpm zabbix ameyo zabbix 100 0 127 20221115 r\\ 63336 el7 x86\\ 64 rpm ameyo zabbix agent 100 0 54 20210617 r\\ 53204 x86\\ 64 rpm failover ameyo failover 100 0 29 20230504 r\\ 89111 x86\\ 64 rpm video micro service video 4 13 110 20240304 r\\ 133174 x86\\ 64 rpm voice agent mobile app android voice agent app 5 7 5 r (voice agent 5 7 4 20211011 release apk) ios voice agent app 3 3 field agent mobile app android field agent app 5 4 r (ameyo fieldagent com 5 4 20230905 release apk) ios field agent app version 3 3 supervisor mobile app android supervisor app com ameyo supervisor 2 1 20210812 release apk ios moved to live on apple store grafana grafana 7 1 4 1x86\\ 64 rpm sfdc integration app crm\\ integration 100 0 8 r\\ 54454 aaex note releases marked in bold have changes, other releases have no change and are the same as delivered in the last patch cycle security & compliance updates this release includes comprehensive security hardening and vulnerability resolutions postgresql password encryption (sha 256) postgresql password authentication now supports sha 256 encryption, replacing the legacy md5 algorithm this significantly improves password hashing strength, providing robust protection for database credentials against brute force and collision attacks applies specifically to application and fusion on premise setups does not apply to video microservices or the management framework architecture (mfa) secure session management (cookie security) addressed a security assessment (vapt) finding where sensitive session information (such as session id and related identifiers) could appear in the browser url when agents open embedded applications (like click to dial in an iframe) a contact center preference is now available to omit session identifiers from application urls, preventing exposure in browser histories, bookmarks, or third party systems enhanced http security headers (/ameyochatjs) security headers were missing on /ameyochatjs responses (hsts and cache control), as flagged in a security assessment the securityfilter is now applied so responses include strict transport security (hsts), cache control, x content type options, x xss protection, and referrer policy cross domain policy header application responses were missing the x permitted cross domain policies header support is now available via securityfilter and can be enabled via server configuration when enabled, responses include x permitted cross domain policies none, which blocks unauthorized flash/acrobat cross domain policy loading permissions policy header application responses were missing the permissions policy header support is now available via securityfilter and can be enabled via server configuration when enabled, responses allow required browser features for same origin use (geolocation, microphone, camera, etc ) and block unused capabilities (payment, usb, accelerometer, etc ) this reduces the attack surface while preserving webrtc flows information disclosure prevention fixed an information disclosure vulnerability where http 400 and 500 error responses could expose internal exception details, stack traces, and server implementation information to the browser error pages now return only generic status pages with no technical details full exception information is still logged server side dependency upgrades (jquery) upgraded the jquery library from version 1 11 3 to 3 7 1 to address known security vulnerabilities, including cross site scripting (xss) and prototype pollution risks associated with the older version session token exclusion in urls addressed a finding where session parameters could be included in knowledge base and crm iframe urls a new configuration option is available to exclude selected url parameters from these iframe urls the default behavior remains unchanged for backward compatibility pushlistner contract timestamp push messages from the application server to the ui now include a server timestamp (with millisecond precision) along with the existing sequence number this improves troubleshooting of timing related issues across supported push channels (websocket, http push, and toolbar) feature enhancements reporting & analytics timezone aware reporting (4x) reports can now completely honor your configured local timezone for both the data included and how dates/times are displayed previously, reports defaulted to india standard time (ist) accurate windows when running a report for "current day" or "last n hours/days/weeks", the time boundaries will automatically adjust to match your local timezone data privacy in analytics (user id masking) analytics events now use a masked (hashed) user identifier instead of raw user ids tenant name and domain are stored as persistent user properties for consistent segmentation and account level analysis across ameyo ccaas, voicebot, and platform platform & core infrastructure open telemetry integration (4x) zero overhead monitoring is turned off initially, ensuring no extra system resource usage unless explicitly enabled customizable ports when enabled, the app server exposes metrics on a dedicated network port bring your own tools easily connect your existing monitoring stack (e g , prometheus, grafana) to collect and visualize server metrics agent level "voice resource running mode" configuration (4x) configure voiceresourcerunningmode at the individual agent level rather than forcing a blanket configuration across the entire contact center no cc wide downtime mode changes can be applied dynamically without restarting the app server canary rollouts roll out the central registrar to a small subset of agents first isolated rollbacks if an issue arises, roll back only the affected agents automated routing configuration default call manager routing profiles are now created and assigned automatically to the default routing policy on application startup, simplifying inbound call routing setup integrations & toolbar additional events & actions for toolbar sdk the custom toolbar sdk now supports more agent actions (login/logout, ready/not ready, hold/mute, transfer, conference, disposition, manual dial) and call events (ringing, connected, wrap up) this allows building custom agent screens (crm, custom ui, automation) without relying on internal ameyo apis integrations use stable public ids only, with no dependency on internal system ids crm http based authentication scheme a new, first class authentication scheme (auth type general crm http) has been introduced to streamline crm http based logins login requests are routed directly through the dedicated crm http path instead of defaulting to password authentication backward compatibility for existing auth type crm http remains unchanged unified crm user mapping streamlines how administrators handle user mapping by consolidating everything into a single, unified "crm connectors" tab users from all enabled crm connectors (e g , salesforce, zoho) are pooled into this location a dynamic filtering option appears if multiple crms are enabled crm phonebridge integration mid call state tracking the integration now tracks and dispatches mid call state events for complex routing, specifically blind transfers, attended (warm) transfers, and conference calls this resolves issues where the crm previously lost track of mid call states, resulting in incomplete activity logs crm marketplace app review fixes successfully addressed all review feedback from the integration team to ensure compliance with official app certification standards restored critical failure case notifications that were missing, ensuring administrators and agents receive alerts when operations fail call recording (vla) custom attributes in recording file names recording file names and vla storage paths can now include customer defined business identifiers (e g , policy number, crm record id) attributes can be pulled from nodeflow variables (${variablename}) or customer/process data (${customer attribname}) resolved custom attributes are persisted as jsonb data types the vla natively supports searching archived recordings directly by these custom attributes bug fixes & stability improvements telephony & call handling concurrent request handling (ctimanager jobinprogress check) rapid duplicate cti requests from the same agent session (e g , multiple "transfer in call" requests) could proceed concurrently and cause race conditions ctimanager now checks whether an operation is already in progress for the session/agent and blocks duplicate concurrent requests, keeping flows stable deadlock prevention in transfer flows (fix lock order inversion) under concurrent transfer flows, the system could deadlock because transfer dial state verification acquired object locks in a different order than other operations lock acquisition now follows a consistent identifier based order, preventing deadlocks webrtc extension switching fix when webrtc auto provisioned an extension, using "change extension" from the ui could incorrectly treat the action as a first time selection this could fail the change or leave duplicate agent entries the flow now correctly detects an existing webrtc extension and uses the proper change extension path udh calculation accuracy (wrap time out zero issue) in multi agent transfer flows, an intermediate transfer target agent could get wrap time recorded as 0 and an inflated talk time due to a missed 'call leg entered' event udh calculation now correctly treats a connected association as call leg entered, computing times accurately reacd call recording visibility when an inbound call was reacd’d (because the first agent was force logged out), intermediate records and recordings could still appear these records are now hidden by default in supervisor call details, agent call history, and vla search, showing only the completed call reporting & system operations complete transfer logs (transfer to agent column blank) when a call was transferred to an agent who did not answer, the transfer attempt was previously missing from call reports each transfer leg (answered or unanswered) is now recorded as its own distinct entry in the call report optimized report extraction (interaction report extraction delay) interaction details report generation could take several minutes for specific date ranges due to an inefficient database query path the report query now materializes remote customer data once before joining, reducing extraction time to seconds sso login reliability from application ui saml and google sso logins from the /app/ ui could fail before authentication started due to a missing release version parameter the application ui now includes the release version in sso requests, and the backend validates it appropriately social media interactions (facebook comments not recreating) social media interaction fetching could stop without error if an attachment download hung indefinitely (no network timeout) downloads now use connect and read timeouts so unreachable urls fail fast, allowing the fetcher job to continue and tickets to be created browser support chrome version version 149 0 7827 197 (official build) (arm64)
Have a question?
Our knowledgeable support team and an awesome community will get you an answer in a flash.
To ask a question or participate in discussions, you'll need to authenticate first.
