Zammad Release Notes

Security Release

Zammad 7.0.1 & 6.5.4

April 8, 2026 · Our latest security updates address vulnerabilities in Zammad versions 7.0 and 6.5. For users who cannot yet upgrade to version 7.0, we have provided back-portable fixes for version 6.5.

Read on for full details:

In this article

• Recommended Resolution
• Zammad 7.0.1
• Zammad 6.5.4
• Infos & Advisories / Downloads

Recommended Resolution

SaaS Customers:

No action is required. Your instances have already been patched and secured by our team.

Self-Hosted Installations:

We strongly advise upgrading to the latest version of Zammad immediately to ensure your system is protected.

Zammad 7.0.1

For full technical details, please refer to the security advisories on GitHub.

Vulnerabilities patched

• Information disclosure in ticket detail view of customers in shared organizations
• Incorrect access control in getting_started_controller
• Improper neutralization of script-related HTML tags in ticket articles
• Improper access control in AI assistance controller for text tools
• Server-Side Template Injection leading to RCE via AI Agent type_enrichment_data
• Missing authorization in AI assistance controller for context data used in text tools
• Server-side request forgery (SSRF) via webhooks
• Cross-site request forgery (CSRF) in OAuth callback endpoints
• Origin validation error in SSO mechanism
• Missing authorization in ticket create endpoint

Zammad 6.5.4

For full technical details, please refer to the security advisories on GitHub.

Vulnerabilities patched

• Incorrect access control in getting_started_controller
• Improper neutralization of script-related HTML tags in ticket articles
• Server-side request forgery (SSRF) via webhooks
• Cross-site request forgery (CSRF) in OAuth callback endpoints
• Origin validation error in SSO mechanism
• Missing authorization in ticket create endpoint

Original source

Zammad 6.5.3

Zammad 6.5.3 is a security release that provides all back-portable fixes for users of version 6.5 who cannot yet update to version 7.0.
Read on for all the details:

Insertion of Sensitive Information into Log File

A vulnerability was identified where Zammad recorded the REDIS_URL environment variable into log files during startup. This variable may contain credentials information.
📖 For more details, please refer to the Security Advisory ZAA-2026-02

Incorrect Access Control

Ticket customers were able to use the API to move their tickets to other groups they have no permissions for. This behavior has been corrected and is no longer possible.
📖 For more details, please refer to the Security Advisory ZAA-2026-03

Exposure of Sensitive Information to an Unauthorized Actor

Unauthorized users were able to use the API to get information about internal import status metadata. This is no longer possible.
📖 For more details, please refer to the Security Advisory ZAA-2026-04

Authorization Bypass Through User-Controlled Key

Authorized agent users were able to use the ticket_related endpoint to fetch asset data of arbitrary tickets, including customer and related user information. This is no longer the case.
📖 For more details, please refer to the Security Advisory ZAA-2026-05

SQL Injection

Due to improper SQL statement sanitization, authorized agent or customer users were able to use several API endpoints to inject custom statements to SQL queries. This could lead to the execution of unwanted operations on database level.
📖 For more details, please refer to the Security Advisory ZAA-2026-06

Original source

Long awaited, now finally here: With Zammad 7.0, the first AI features are making their way into your everyday support work. We have worked hard to develop a solution that requires no compromises: Benefit from intelligent support while retaining full control over your data and the language model used.

Zammad 7.0 makes AI a practical tool for your helpdesk — from automated ticket actions and lightning-fast summaries to hands-on support when drafting replies. And we’re staying true to our principle: we provide the features, you stay in control of the infrastructure. Which LLM is used is entirely up to you — aligned with your own security standards.

Want to see what that looks like in practice and how our beta testers rate the new features? Head over to our AI topic page.

But first — the release highlights 👇

🎥 Prefer watching to reading?
No problem! Marcel – aka That Helpdesk Guy – will guide you through what’s new in Zammad 7.0 in his latest YouTube video. Nerd talk included!

1. AI agents: Intelligent process control

Our AI agents do the groundwork in your inbox. Once configured, they can be flexibly integrated into triggers, macros, or scheduler jobs. These agents take on tasks such as automatic categorization, setting priorities, or even overwriting ticket titles for greater clarity.

• Complete transparency: Every action taken by an AI agent is documented in the ticket history, so every change remains traceable.
• Live collision notification: When an AI agent is processing a ticket, this is indicated by an avatar in the live user bar. This prevents simultaneous manual changes.

Setup and requirements:

1. AI provider: Before you activate agents, the LLM of your choice must be configured.
2. Permissions: The new permission ‘admin.ai_agent’ is required to manage agents.
3. Activation: Define your AI agents under “AI” > “AI Agents.” These do not run on their own, but must be explicitly called as an action in a trigger, macro, or scheduler job (e.g., perform action on objects: AI Agent > [your agent]).

You can find all the details on setting up the different types in our Zammad Admin documentation on AI Agents.

2. AI ticket summary: Your 'TL;DR' Section

Long ticket histories take time. With the AI summary, agents can get a precise overview of the conversation so far and the core issues of a case with just one click. This ensures immediate knowledge transfer, especially during handovers or escalations, without having to manually review pages of communication history.

What the AI summary provides you at a glance:

• Customer Intent: What does the customer want to achieve?
• Conversation Summary: What has been discussed so far?
• Open questions: What is still unclear, what information is missing?
• Upcoming Events: What appointments/tasks are pending (e.g., callback, shipping)?
• Customer Sentiment: What is the tone of the ticket (e.g., cooperative, neutral, angry)?

Setup and requirements:

• Not active by default: The feature is disabled by default. Before activation, an AI provider (LLM) must be configured. If no provider is stored, the system will display a warning message.
• Modular configuration: While the customer concern and summary are set by default after activation, you can flexibly enable or disable the other analysis modules (open questions, events, sentiment) as needed and depending on the use case.
• Resource control: As an admin, you can set whether the summary is generated automatically when the ticket is opened (maximum convenience) or only when the tab is clicked (resource-saving). This setting can be defined individually for each group.

You can find all the details on setup in our Zammad admin documentation on AI Summary.

3. AI writing assistant: Your digital editor

The AI writing assistant helps your team in the ticket editor to formulate more precise and professional responses. The AI provides suggestions, but the final decision always rests with your agents.

Standard tools (activate and use immediately):

• Convert drafts into well-written paragraphs
• Correct spelling and grammar
• Easily rephrase complex paragraphs
• Summarize long texts concisely
• Translate into other languages

Custom tools:

Create your own AI writing assistants for very specific use cases, for example, for industry-specific wording or to give texts a very specific tone (mood).

Detailed information on setup and configuration can be found in our Zammad admin documentation on AI writing assistants.

4. Bubble menu: Text formatting with a click of your cursor

Zammad 7.0 makes text editing much more convenient. Previously, formatting options were mainly accessible via keyboard shortcuts. Now, the new bubble menu provides all the important text formatting tools conveniently in the editor.

• Tools at your fingertips: Use formatting options such as bold, italics, or lists, as well as the new AI writing tools, directly on your selection.
• Auto-scroll: To help you stay focused, the menu always remains visible—even when the selection is at the edge of the screen.
• Smooth workflow: The menu eliminates the need for long mouse movements and makes keyboard shortcuts optional without interrupting your writing flow.

5. Smart details, big impact

In addition to major AI innovations, we have made many adjustments to make Zammad even more flexible and powerful.

LDAP extension: Support for nested groups

Zammad now supports nested (recursive) groups for role mapping. Admins can decide individually for each assignment whether users from subgroups should be automatically included. This enables seamless integration of existing, complex directory structures without additional manual effort.

Role-based reporting profiles

Access to reporting profiles can now be restricted to specific roles (similar to overviews). For example, team leaders can be given targeted access to relevant metrics without reporting remaining an “all-or-nothing” tool. Without an assigned role, a profile remains visible to all users with reporting permissions.

Advanced webhook functionality

Webhooks now support additional HTTP methods and the Bearer token authentication standard. This not only makes connecting third-party systems more secure, but also allows Zammad to communicate with itself via its own API. This enables complex processes to be automated, such as the automatic creation of follow-up tickets or the direct assignment of checklist templates when tickets are updated.

🚨 Important note on the update

The new ASCII folding support in the search requires that the Elasticsearch index (if used) be rebuilt after updating to Zammad 7.0. Detailed information can be found in our documentation at Rebuilding Elasticsearch Index.

⚠️ Breaking Changes

• MySQL support discontinued, database-related application settings obsolete
• Full-text search now supports Asciifolding
• nginx configuration must be updated
• Assigning the same organization as the primary and secondary organization is no longer permitted.
• Change to the Catalan language setting
• Removal of Slack integration (now via webhooks)
• Removal of Twitter/X integration

📣 Important Announcements

We are changing the behavior of the hidden setting system_bcc in the next release. System notifications will no longer be sent automatically with system_bcc. From now on, only customer communications will continue to be sent.

Original source

In this article

• Insertion of Sensitive Data into Log File
• Incorrect Access Control
• Insecure Storage of Sensitive Information
• Infos & Advisories / Downloads

Insertion of Sensitive Data into Log File

The admin interface of Zammad wrote sensitive details, such as private keys, certificates, and passphrases, to the Rails log file.

🏠 Self-hosted users: We strongly recommend updating immediately. Additionally, please review your existing logs — and any connected systems that process them — to identify and clean up potentially exposed data.

☁️ SaaS users: No action is required. We’ve already taken the necessary steps on our end.

📖 For more details, please refer to the Security Advisory ZAA-2025-07.

Incorrect Access Control

Logging subsystem (HttpLog) API access control is now more fine grained. In the past, any admin.* permission was sufficient to access this data. Now, only the relevant parts can be accessed (e.g. admin.webhook).

🏠 For self hosted installations, we strongly advise admins to update their system to Zammad 6.5.2.

☁️ For our SaaS customers, there’s nothing you need to worry about: we’ve already taken care of everything for you.

📖 For more details, please refer to the Security Advisory ZAA-2025-08.

Insecure Storage of Sensitive Information

Logging subsystem (HttpLog) would store complete requests in the database, including sensitive information like tokens, secrets, etc. This was prevented and existing HttpLog records were cleaned up.

🏠 Self-hosted installations: Please update your system to apply the fix and prevent further exposure.

☁️ SaaS users: You’re already protected — no further action needed.

📖 For more details, please refer to the Security Advisory ZAA-2025-09.

Original source

Security Release

Zammad 6.5.1

August 13, 2025 · Important security updates are included in this release. All self-hosted instances must be updated immediately.

Please read on for details:

In this article

• Incorrect Access Control in Knowledge Base
• HTML Injection
• Technical Requirements
• Advisories
• Download Zammad 6.5.1

Incorrect Access Control in Knowledge Base

A permission issue was identified where agents could see titles of Knowledge Base articles they didn’t have permission to access when using the global search. While the article content remained protected, these entries should not have been visible at all. This has now been corrected.

📖 For more details, please refer to the Security Advisory ZAA-2025-05.

HTML Injection

Various sections of the Zammad front end failed to perform the correct HTML escape function when outputting data. This could have allowed HTML injection in the browser. However, execution of JavaScript code was correctly prevented by Content Security Policy.

📖 For more details, please refer to the Security Advisory ZAA-2025-06.

🎥 Prefer video over text?

No problem! In his latest YouTube video, Marcel – aka That Helpdesk Guy – takes you on a quick, clear, and slightly nerdy tour of the latest security release.

👉 Watch the video

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisories

ZAA-2025-05

ZAA-2025-06

Download Zammad 6.5.1

All improvements can be found in the Changelog.

Packages

• Ubuntu / Debian
• OpenSUSE / SLES
• CentOS / RHEL
• Docker-Compose

Source code

• ftp.zammad.com/zammad-6.5.1.tar.bz2 (fe9b2e645f8ecb8bb1b090d8aa61a846)
• ftp.zammad.com/zammad-6.5.1.tar.gz (9e2789a9f54f06166332cf78d4011b64)
• ftp.zammad.com/zammad-6.5.1.zip (33da8a7755fff7e6787b88cf109d489a)

Upgrade

Here you can find information on upgrading your Zammad installation:

• With Package
• From source
• With Docker

Original source

Security Release

Zammad 6.4.2

April 2, 2025 · This release includes important security patches. Please read the release notes carefully and update your Zammad system as soon as possible.

In this article

• Server Side Request Forgery
• Incorrect Access Control
• Incorrect Access Control to Article Drafts
• Technical Requirements
• Advisories
• Download Zammad 6.4.2

Server Side Request Forgery

Authenticated administrators can configure webhooks that send POST requests when specific conditions are met. If a webhook endpoint responds with a redirect, Zammad would automatically follow up with a GET request. This behavior could be exploited by attackers to initiate GET requests to internal network resources. This vulnerability has now been addressed.

📖 For more details, please refer to the Security Advisory ZAA-2025-01.

Incorrect Access Control

When changing their two-factor authentication configuration, users must re-authenticate using their current password. Previously, this was enforced only on the frontend and not validated via the API. This security gap has since been closed.

📖 For more details, please refer to the Security Advisory ZAA-2025-02.

Incorrect Access Control to Article Drafts

Shared article drafts are meant to be visible only to agents. However, logged-in customers were able to see and manipulate draft information for their tickets via the browser console and API. This unintended access has been blocked.

📖 For more details, please refer to the Security Advisory ZAA-2025-03.

Incorrect Access Control

An agent with general knowledge base permissions was previously able to fetch content via the API that they were not explicitly authorized to access. The underlying permission checks have now been corrected to enforce proper restrictions.

📖 For more details, please refer to the Security Advisory ZAA-2025-04.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisories

• ZAA-2025-01
• ZAA-2025-02
• ZAA-2025-03
• ZAA-2025-04

Download Zammad 6.4.2

All improvements can be found in the Changelog.

Packages

• Ubuntu / Debian
• OpenSUSE / SLES
• CentOS / RHEL
• Docker-Compose

Source code

• ftp.zammad.com/zammad-6.4.2.tar.bz2 (f5d9965a036010d151e0229561d79a6a)
• ftp.zammad.com/zammad-6.4.2.tar.gz (333067a44ec600e18bfef8bbce2cc0ed)
• ftp.zammad.com/zammad-6.4.2.zip (0fecdd8f4d14b3a0c2d10d1089339bb9)

Upgrade

Here you can find information on upgrading your Zammad installation:

• With Package
• From source
• With Docker

Original source

In this article

1. 🌍 Language Detection for Better Customer Experience
2. 📬 Connect Microsoft 365 via GraphAPI
3. 🔐 Seamless Logins with OpenID Connect
4. 🛠️ Better Admin Experience with Enhanced Search & Pagination
5. 🚨 Important note on the update
6. ⚠️ Breaking Changes
7. 📣 Important Announcements
8. Technical Requirements
9. Advisories
10. Download Zammad 6.5

🎥 Prefer watching to reading?

No problem – our SysAdmin will guide you through what’s new in Zammad 6.5 in his latest YouTube video. Nerd talk included! 👉 Watch the video here!

1. 🌍 Language Detection for Better Customer Experience

Zammad now detects the language of incoming tickets — offering a new level of multi-language support.
Whether it’s sending auto-replies in the corresponding language or routing tickets to the right team, this new feature helps you deliver more personalized and efficient customer service.

Use Cases:

• Trigger auto-replies based on message language
• Route tickets to language-specific agent groups
• Search and filter tickets by language

🧠 Each article now includes a language attribute you can use in triggers, schedulers, and more. For more detailed instructions and information, please refer to the admin documentation.

💡 Curious how language detection improves your customer support?
Explore the benefits in our blog post: Using Automatic Language Detection for Better Customer Experience

2. 📬 Connect Microsoft 365 via GraphAPI

Microsoft is moving away from IMAP — and with Zammad 6.5, you can too.
You can now connect your Microsoft 365 (formerly Office 365) mailboxes to Zammad using the GraphAPI. It’s a modern, secure alternative to IMAP, offering better performance, improved support for shared mailboxes, and seamless integration — especially in environments where IMAP is restricted or disabled.

Why switch to GraphAPI?
Compared to the traditional IMAP-based connection, GraphAPI offers several key benefits:

• Better support for shared mailboxes — fewer licenses required
• Folder selection made easy — choose inbox folders via a clear tree view
• Modern and scalable — GraphAPI is Microsoft’s recommended approach
• Secure by design — OAuth-based and aligned with Microsoft best practices

Our recommendation:
If you’re unsure which method to choose, go with the GraphAPI channel — it’s the more robust and future-ready option.
👉 Setup instructions and all details are available in our admin documentation.

3. 🔐 Seamless Logins with OpenID Connect

OpenID Connect is a simple and secure way to let users log in with an existing account from a trusted provider. In Zammad 6.5, you can now connect your OpenID Provider (OP) — such as Keycloak — as a Single Sign-On (SSO) method.
In this setup, Zammad acts as the Relying Party (RP), while the OpenID Provider is the identity service you either host or subscribe to. This makes user management easier, improves login security, and offers a streamlined experience for your team.
Set it up once and enjoy smoother logins across the board — with automatic logout sync included.
👉 Find setup instructions and all the details in our admin documentation.
💛 A special thank you to Ostfalia University of Applied Sciences for generously sponsoring this feature!

4. 🛠️ Better Admin Experience with Enhanced Search & Pagination

Managing hundreds of users, groups, or macros? We've got your back. This release adds search bars and pagination to the most heavily-used sections of the admin interface, making navigation faster and more intuitive — even in large-scale environments.

Improvements in:

• Users (pagination)
• Groups, Roles, Organizations (search bar)
• Overviews, Text Modules, Macros, Templates (search bar)
• Global Search Details → Search (pagination)

📚 Pagination now follows a clearer pattern: 1 2 3 [4] 5 6 > 500
🎁 Bonus effect: The global search also benefits from this change - the results list is no longer limited to 50 entries. Admins and agents can now browse through all hits as far as the eye can see.

Are you waiting for a certain feature? 🤨
If you're missing something, we're sorry to hear that. Our list of feature requests is very long and ever-growing. In order to speed up the process and put your favorite feature on the fast track, by becoming a Feature Sponsor. Just reach out to us and let's make it happen!

🚨 Important note on the update

The new search in the admin interface requires that the Elasticsearch index (if used) be rebuilt after the update. You can find detailed instructions here!

⚠️ Breaking Changes

For those that are not able to update to 6.5 sameday (because of larger API-changes), we’re providing version 6.4.2. This version includes the security fixes from 6.5 but does not contain the new feature updates. Click here to view the 6.4.2 Release Notes.

Textarea object manager attribute values

When used as template variables, the textarea object manager attributes are now replaced with an HTML representation of their value. This is a consequence of a bugfix for #5330, which expects newline characters are respected for these attributes in all contexts, including the rich text article body. The administrators are advised to check for usage of such variables in their objects (e.g. triggers, text modules, etc), by making sure the new value type will not break their existing workflows.

Changes to search API endpoints

All search endpoints (/:object/search) have been revised, extended and unified. This will also result in breaking changes in the existing endpoints. Be prepared that the structure in the responses may change (have a look at the API documentation where you can find updated examples).
The standard search (e.g. /ticket/search) returned a hash for some objects, such as the ticket. This will no longer be the case.
The structure for the expanded search (e.g. /ticket/search?expand=true) remains the same.
The structure of the full search (e.g. /ticket/search?full=true) remains the same, but is supplemented by a total_count, which counts all results.
Some objects used an object-related hash key, such as ticket_ids. This is now always record_ids.
The count search (e.g. /ticket/search?only_total_count=true) is a new feature.

Limit to one merged state

It will not be possible to have more than one state of the merged type. Additional states will be changed to the closed type automatically with that update. If you want to prevent that, make sure to only have one state of the type merged before you make an update to the next release.

APP_RESTART_CMD and Zammad self-shutdown

Zammad will now cause a self-shutdown of all running processes after certain configuration changes by default. It is the responsibility of the controlling process manager (e.g. Docker, Kubernetes, systemd) to bring them up again by way of a proper restart policy. This is the default for vanilla Docker, Kubernetes or Package deployments of Zammad.
The previous environment variable APP_RESTART_CMD is not supported any more.
For systems where this behaviour is not wanted, it can be disabled by setting the Zammad Setting auto_shutdown to false.

nginx config needs to be updated

Please update your nginx configuration file to insert the line
proxy_set_header Host $http_host;
to the location /ws and location /cable sections like in the example below:

📣 Important Announcements

Twitter/X Integration Removal

Due to the unclear situation regarding Twitter/X APIs, we consider removing the Twitter/X integration with the release of Zammad 7.0. Please have a look here for more information and updates on this topic.

Note about MySQL deprecation

Zammad is designed to provide our users with a secure and stable platform that is convincing in its performance. For this, the choice of supported database systems is crucial. After long discussions and based on our long experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will not take effect until Zammad 7.0.
Until then, we do not recommend new installations with MySQL/MariaDB. Existing systems will continue to be supported, but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed Migration Guide that can be used to migrate existing systems to PostgreSQL free of charge.
This decision was not easy for us. However, we see it as necessary, because we want to continue to provide you with a long-term and reliable platform and keep the effort for everyone within limits.

Slack Integration Deprecation

Starting with Zammad version 7.0, we will no longer support this particular Slack integration. It is recommended that you switch to pre-built webhooks instead, a new feature of ours. Existing Slack integrations should be migrated manually before this feature is discontinued.

Support for Internet Explorer 11

As of Zammad version 7.0, Internet Explorer 11 is no longer supported.

Support for Centos 8 and Ubuntu 20.04

Due to an upcoming Ruby update, the next version of Zammad will no longer provide binary packages for Centos 8 and Ubuntu 20.04. We recommend that all users upgrade their operating system in a timely manner. Click here for information on supported distributions!

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisories

ZAA-2025-01
ZAA-2025-02
ZAA-2025-03
ZAA-2025-04

Download Zammad 6.5

All improvements can be found in the Changelog.

Packages

• Ubuntu / Debian
• OpenSUSE / SLES
• CentOS / RHEL
• Docker-Compose

Source code

• ftp.zammad.com/zammad-6.5.0.tar.bz2 (bb57d5c2344bf31898514065339eec54)
• ftp.zammad.com/zammad-6.5.0.tar.gz (390064bcfddaf16b086f54e059addf51)
• ftp.zammad.com/zammad-6.5.0.zip (1c9af3b09f24d9e08ad8f8f6320c694a)

Upgrade

Here you can find information on upgrading your Zammad installation:

• With Package
• From source
• With Docker

Original source

Security Release

Zammad 6.4.1

December 5, 2024 · This release note provides a very important security patch. All self-hosted instances must be updated immediately.

Please read on for details:

In this article

• Security Patch 🔐
• 🚨 Important Announcements
• Technical Requirements
• Advisory
• Download Zammad 6.4.1

Security Patch 🔐

Zammad stores its configuration settings in the database, and changes to these settings are logged for auditing purposes. Previously, all setting values—including sensitive data such as tokens and secrets—were included in the log entries. This has now been changed to ensure sensitive settings are filtered out, so their actual values are no longer logged.

🚨 Action required: Administrators are advised to review log files, backups and any systems that process log data and take appropriate action to secure or remove sensitive information.

📖 For more details, please refer to the Security Advisory:

ZAA-2024-05

Note:

🏠 Self-hosted users: Please update to version 6.4.1 immediately to ensure your system remains secure.

☁️ Hosted customers do not have to take any actions, the issue has been resolved on SaaS already.

🚨 Important Announcements

Unified Search Endpoints

With the next release, all search endpoints (/:object/search) will be revised, extended and unified. This will also result in breaking changes in the existing endpoints. Full details will be outlined in the upcoming release notes.

Changes to Merged States in Next Release

In the upcoming release, having more than one state of the "merged" type will no longer be supported. Additional states will be changed to the closed type automatically with that update. If you want to prevent that, make sure to only have one state of the type merged before you make an update to the next release.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisory

ZAA-2024-05

Download Zammad 6.4.1

All improvements can be found in the

Changelog

.

Source code

• ftp.zammad.com/zammad-6.4.1.tar.bz2 (51f80548eb6727864dff066efb9a7ae9)
• ftp.zammad.com/zammad-6.4.1.tar.gz (bca4973ec291530ed0ad2e6d28e6bc70)
• ftp.zammad.com/zammad-6.4.1.zip (c0bcfa3bd525f7d87f3ccba4d4c21229)

Packages

• CentOS
• Debian
• Ubuntu
• Docker-Compose

Upgrade

Here you can find information on upgrading your Zammad installation:

• From source
• With RPM
• With DEB

Original source

Minor Release

Zammad 6.4

November 6, 2024 · Your favourite support ticketing system just got even better. Zammad 6.4 comes with features you've been waiting for. With Checklists, new keyboard shortcuts, and the ability to subscribe or unsubscribe to multiple tickets in one go, you'll enjoy a more streamlined and productive workflow!

In this article

1. ✅ Built-in Checklists for Streamlined Task Management
2. ⌨️ New Keyboard Shortcuts for Consistent Cross-Browser Functionality
3. 🔄 Bulk Subscribe/Unsubscribe with Macros, Triggers or Automation
4. Clean MFA Configuration for LDAP-Only Setups

• Breaking Changes
• 🚨 Important Announcements
• Technical Requirements
• Download Zammad 6.4

1. ✅ Built-in Checklists for Streamlined Task Management

Say hello to Checklists in Zammad! This powerful addition brings structured task management directly into your support workflow—whether you’re dealing with complex processes involving several steps or just need to check off a few routine tasks, this feature makes it easy to stay organized without switching between tools.

What’s more? Checklist items can be linked to related tickets and Zammad’s automation takes it from there: when a linked ticket is closed, the corresponding checklist item is automatically marked complete. This smart integration reduces manual updates and ensures every task is handled with accuracy, giving you peace of mind that nothing is overlooked.

Admins can easily activate this feature and create customizable checklist templates in the admin interface, tailoring checklist items to suit various workflows—from onboarding to troubleshooting technical issues.

The Checklist feature is accessible for agents in the right sidebar under the "Checklist" tab. Please note that only users with edit permissions for the ticket can add or modify checklist items.

Screenshots

Want to get started? Check out our admin documentation for detailed setup instructions.

Acknowledgment 💛

Thank you to our sponsors for the generous support in developing this feature:

• 🙏🏻 Hellberg Consulting e.K.
• 🙏🏻 Urban GmbH
• 🙏🏻 Alarm Dispatcher Systems GmbH
• 🙏🏻 rami.io GmbH
• 🙏🏻 FWU – Das Medieninstitut der Länder
• 🙏🏻 Sander Gruppe

2. ⌨️ New Keyboard Shortcuts for Consistent Cross-Browser Functionality

The days of keyboard shortcuts conflicting with system or browser commands are officially behind us. With Zammad 6.4, we've introduced a new set of keyboard shortcuts that work seamlessly across all major browsers—Chrome, Firefox, Safari, and Edge—while ensuring consistent behavior across Windows, macOS, and Linux.

We've carefully selected intuitive combinations that are easy to remember and to use, so you can confidently navigate Zammad without worrying about unexpected issues. Whether you’re navigating tickets, performing quick actions or editing messages, these new keyboard shortcuts will not only take power users to the next level of efficiency.

Ready to speed up your workflow? Press ? while in Zammad to see the full keyboard shortcut reference guide.

3. 🔄 Bulk Subscribe/Unsubscribe with Macros, Triggers or Automation

Managing ticket subscriptions individually can be a hassle—whether it’s unsubscribing from multiple tickets where you’ve been mentioned or subscribing to new or unassigned ones. Zammad 6.4 now streamlines this process with bulk action capabilities, letting you update your subscriptions efficiently without opening each ticket one by one.

How to activate it: Admins can enable this feature in the Zammad admin interface by configuring triggers, macros or the scheduler. This setup ensures that the functionality is tailored to your team’s specific needs, whether it’s for decluttering ticket views or staying informed on key issues.

Here’s how it works: Agents can use drag-and-drop functionality directly from their overview. Simply select the tickets you want to update, drag them to the designated macro and instantly subscribe or unsubscribe from all selected tickets. No more cycling through tickets individually.

4. Clean MFA Configuration for LDAP-Only Setups

For teams using LDAP as their sole authentication method, it’s recommended to disable local password changes for users. Previously, doing so meant MFA also had to be disabled.

With separate controls for password changes and MFA, LDAP-only setups can now keep MFA enabled while blocking local password changes, providing stronger security and better customization.

See the admin documentation for configuration details.

Are you waiting for a certain feature? 🤨

If you're missing something, we're sorry to hear that. Our list of feature requests is very long and ever-growing. In order to speed up the process and put your favorite feature on the fast track, by becoming a Feature Sponsor. Just reach out to us and let's make it happen!

Breaking Changes

JavaScript Package Manager Change

This version changes the JavaScript toolchains to be based on pnpm rather than yarn. This is only relevant for source installations, where you need to provide a recent version of pnpm in order to run the assets:precompile command.

Changed CSV-format for user/organization import/export

We slightly changed the format of the CSV-files you use for importing/exporting users and organizations. If you somehow do that in an automated process via our REST-API, you will need to review that process before updating to Zammad 6.4. Check the details in our documentation.

🚨 Important Announcements

Twitter/X Integration Removal

Due to the unclear situation regarding Twitter/X APIs, we consider removing the Twitter/X integration with the release of Zammad 7.0. Please have a look here for more information and updates on this topic.

Note about MySQL deprecation

Zammad is designed to provide our users with a secure and stable platform that is convincing in its performance. For this, the choice of supported database systems is crucial. After long discussions and based on our long experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will not take effect until Zammad 7.0.

Until then, we do not recommend new installations with MySQL/MariaDB. Existing systems will continue to be supported, but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed Migration Guide that can be used to migrate existing systems to PostgreSQL free of charge.

This decision was not easy for us. However, we see it as necessary, because we want to continue to provide you with a long-term and reliable platform and keep the effort for everyone within limits.

Slack Integration Deprecation

Starting with Zammad version 7.0, we will no longer support this particular Slack integration. It is recommended that you switch to pre-built webhooks instead, a new feature of ours. Existing Slack integrations should be migrated manually before this feature is discontinued.

Support for Internet Explorer 11

As of Zammad version 7.0, Internet Explorer 11 is no longer supported.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Download Zammad 6.4

All improvements can be found in the Changelog.

Source code

ftp.zammad.com/zammad-6.4.0.tar.bz2 (334e31c2ca2d1295359264eb67e2cbce)

ftp.zammad.com/zammad-6.4.0.tar.gz (6d1de0b9e3856474d0489381968a5c4c)

ftp.zammad.com/zammad-6.4.0.zip (c3d0d0064fa674d300d6121f37dd8d5c)

Packages

CentOS

Debian

Ubuntu

Docker-Compose

Upgrade

Here you can find information on upgrading your Zammad installation:

From source

With RPM

With DEB

Original source

Security Release

Zammad 6.3.1

May 15, 2024 · This release note includes a very important security patch. All self-hosted instances should be updated immediately.
Please read on for details:

In this article

• Security Patch 🔐
• Technical Requirements
• Advisory
• Download Zammad 6.3.1

Security Patch 🔐

A Ruby gem bundled by Zammad was installed with world-writable file permissions. This allowed a local attacker to modify these files and inject arbitrary code into the Zammad processes running with the Zammad user's environment and permissions.
Find the Advisory here:
ZAA-2024-04

In addition, the Ruby version in use has been updated from version 3.2.3 to 3.2.4 due to a security release.

Note:

🏠 If you're using Zammad on-premise please update to 6.3.1 as soon as possible. The Ruby 3.2.4 security update must also be carried out locally for source code installations.

☁️ Hosted instances will be updated automatically, so there is no action required from your side.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisory

ZAA-2024-04

Download Zammad 6.3.1

All improvements can be found in the
Changelog
.

Source code

ftp.zammad.com/zammad-6.3.1.tar.bz2 (60322ce57d9e198fd45d81fc4861ab97)
ftp.zammad.com/zammad-6.3.1.tar.gz (16524e29b35b029781253a5c71f7912f)
ftp.zammad.com/zammad-6.3.1.zip (ca3194b847504a6beb01554e47d2b4a7)

Packages

• CentOS
• Debian
• Ubuntu
• Docker-Compose

Upgrade

Here you can find information on upgrading your Zammad installation:

• From source
• With RPM
• With DEB

Original source

In this article

1. 💬 WhatsApp Business Channel
2. 🏷️ Custom Ticket States & Priority
3. 🔤 Translation Management Improvements

🌟Coming next: Improved Shortcuts

Breaking Changes

🚨 Important Announcements

Technical Requirements

Advisories

Download Zammad 6.3

1. 💬 WhatsApp Business Channel

Ready to level up your omnichannel communication? 🆙 With Zammad 6.3, you can integrate your instance with a WhatsApp Business account. This feature unlocks new possibilities for interacting with customers where they are and delivering seamless support.

Please review the prerequisites and limitations of this feature carefully, and follow our detailed tutorial to prepare your setup effectively. Learn more in our admin documentation.

Note: WhatsApp Cloud API is mandatory for connecting the messenger to Zammad. Using the WhatsApp Business App alone will not enable integration.

Acknowledgment

Many thanks to our sponsor Skoda Autohaus Melzer for the generous support in developing this feature! 🙏🏻

Discover more about how integrating an omnichannel strategy can elevate your customer service experience. Visit our blog for insightful articles on omnichannel strategies and the role of WhatsApp in customer service.

2. 🏷️ Custom Ticket States & Priority

Zammad's simplicity is one of its strengths. However, we recognize that some scenarios demand a more tailored approach. That’s why, with Zammad 6.3, we’ve introduced enhancements that allow for greater customization of ticket states and priorities, thus providing users with more control and flexibility.

Use Case Example: When waiting on different parties like customers or vendors, the "pending reminder" status may be too vague. To address this, creating a specific status such as "waiting on vendor" can streamline the ticket management process. Similarly, the ability to customize ticket priorities allows teams to precisely assess the urgency of issues, thus optimizing response times and resource allocation for enhanced workflow efficiency.

You can add, disable or change states and priorities through the admin interface. Simply navigate to "Settings > Tickets" to access the ticket states or priorities management. For more detailed instructions and information, please refer to the admin documentation. ⬅️

Important note: Please inform yourself beforehand about the correct use/philosophy of status. Incorrect configuration can lead to unwanted secondary behavior. You are also welcome to attend user admin training to learn more.

3. 🔤 Translation Management Improvements

In Zammad 6.3, we have improved translation management to give you the flexibility to manage translations specific to your helpdesk environment. This improvement to the UI allows you to customize any translation locally, even if it is not initially provided by the system. Translation is supported for a broad number of features, including but not limited to custom:

• Object Attributes
• Ticket Macros
• Ticket Overviews
• Ticket Priorities
• Ticket States

➡️ Within the translation screen, simply click on the New Translation button. Read more on Customizing Translations in the admin documentation.

🌟Coming next: Improved Shortcuts

Based on feedback from many of our users, we're excited to announce that our next release will include a new set of keyboard shortcuts. Don't worry, you can switch back and forth between the new and old set so you can explore and get used to them at your own pace.

Are you waiting for a certain feature? 🤨

If you're missing something, we're sorry to hear that. Our list of feature requests is very long and ever-growing. In order to speed up the process and put your favorite feature on the fast track, by becoming a Feature Sponsor. Just reach out to us and let's make it happen!

Breaking Changes

Knowledge base granular permissions setup was changed.

Zammad allows configuration of a granular permission structure for knowledge base access. Previous Zammad versions allowed to misconfigure this in cases of allowing agents editor access to only some, but not all categories: it was possible to grant editor access at a higher level in the category tree, and then restricting access to reader or none for sub-categories. This was not effective due to permission inheritance.

Such a misconfiguration is no longer possible in Zammad 6.3. Administrators with existing knowledge base granular permission structures should review their configuration to ensure that at top-level only reader access is granted, and editor access only for the relevant sub-categories.

Permissions for Ticket State and Priority REST-API

With this release, we will introduce new permissions for the ticket state and priority management. It will no longer be possible to access the corresponding REST-API with "admin.object" permission. Existing roles and/or access tokens that are used for these specific REST-API endpoints need to be updated to include the new permissions ("admin.ticket_state" and "admin.ticket_priority").

🚨 Important Announcements

Twitter/X Integration Removal

Due to the unclear situation regarding Twitter/X APIs, we consider removing the Twitter/X integration with the release of Zammad 7.0. Please have a look here for more information and updates on this topic.

Note about MySQL deprecation

Zammad is designed to provide our users with a secure and stable platform that is convincing in its performance. For this, the choice of supported database systems is crucial. After long discussions and based on our long experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will not take effect until Zammad 7.0.

Until then, we do not recommend new installations with MySQL/MariaDB. Existing systems will continue to be supported, but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed Migration Guide that can be used to migrate existing systems to PostgreSQL free of charge.

This decision was not easy for us. However, we see it as necessary, because we want to continue to provide you with a long-term and reliable platform and keep the effort for everyone within limits.

Slack Integration Deprecation

Starting with Zammad version 7.0, we will no longer support this particular Slack integration. It is recommended that you switch to pre-built webhooks instead, a new feature of ours. Existing Slack integrations should be migrated manually before this feature is discontinued.

Support for Internet Explorer 11

As of Zammad version 7.0, Internet Explorer 11 is no longer supported.

Technical Requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisories

ZAA-2024-01

ZAA-2024-02

ZAA-2024-03

Download Zammad 6.3

All improvements can be found in the Changelog.

Source code

ftp.zammad.com/zammad-6.3.0.tar.bz2 (70f34df1217196e5aaba5e29b8fd7d55)

ftp.zammad.com/zammad-6.3.0.tar.gz (87aa73b23b9b2d2353229f9586d11160)

ftp.zammad.com/zammad-6.3.0.zip (5c50fbadd532ab89243fa23ded8ab4dc)

Packages

CentOS

Debian

Ubuntu

Docker-Compose

Upgrade

Here you can find information on upgrading your Zammad installation:

From source

With RPM

With DEB

Original source

Minor Release

Zammad 6.2

December 6, 2023 · In the spirit of St. Nicholas Day, we are excited to unveil our present to you: Zammad 6.2! 🌟🎁 This minor release comes bearing several enhancements aimed at elevating the efficiency and security of our helpdesk platform.

In this article

• Tree Structure for Groups 🥚🐣🐓
• Security enhancements 🔒
• External Data Source ℹ️🔗
• Manage Data Retention and Deletion via Scheduler 🗂️🗑️
• Simple Storage (S3) 💾

Breaking Changes

• 🚨 Important Announcements
• Technical requirements
• Advisories
• Download Zammad 6.2

1. Tree Structure for Groups 🥚🐣🐓

Zammad's group management just got an upgrade! Now, it works like a family tree, connecting parent groups to child groups and even grandparent groups. Think of it as a way to mimic how larger companies organize themselves. Just like teams within organizations, Zammad's groups are designed for collaboration on assigned topics. They offer a framework for organizing tasks, help in managing access to information and focusing on particular areas of responsibility.

Picture this: as a company grows, things get more complex. More departments, more teams – you get the idea. To keep up, we've made Zammad more flexible. Now, you can create group trees that mirror your organizational structure. It's like a visual map that shows what is connected to what, making things a lot easier to manage.

However, there is no inheritance of membership or permissions. That means you can treat each group as an individual group - even if they have a child/parent relation. ➡️ Read more on Group Settings in the admin documentation.

2. Security enhancements 🔒

• LDAP Interfaces with Mandatory Authentication

  A powerful LDAP integration that allows you to have a single source of truth is one of our many great features of Zammad. Historically, when setting up a new LDAP source in our configuration wizard there was no need for authentication. However, in response to the evolving landscape of modern LDAP interfaces, Zammad has undergone adjustments. Specifically, we've implemented changes to facilitate the addition of new sources like Okta LDAP that mandate authentication.

  Now, if your LDAP system restricts anonymous bind, Zammad 6.2 is equipped to identify this constraint. Consequently, instead of a pre-filled select field, Zammad presents users with an editable "Base DN" text field.

  ➡️ Find out more in our admin documentation.

• SSL Certificates

  Custom certificates and custom Certificate Authority (CA) certificates can be useful if you want to establish a secure connection between Zammad and other systems that use custom certificates. For example, if you have an internal LDAP server that is not accessible from the internet, and you want a SSL-encrypted connection, using a custom certificate.

  With Zammad 6.2 we have created a way to add these certificates in the admin panel. Simply navigate to Settings > Security > SSL Certificates, and there, you'll discover the 'Add SSL Certificate' button. In the dialog, choose to either upload a certificate file or directly insert the certificate content.

  🚨 Important: for existing configured external connections such as email or LDAP, SSL verification will not be turned on automatically. Admins need to review all configured connections and turn on SSL verification where applicable (e.g. in case of publicly available services).

  ➡️ Find out more in our admin documentation.

  Please note: You should have an existing custom certificate file and/or a custom CA certificate file, which you want to add to Zammad. As filetype .crt is supported and the certificate format has to be PEM (Base64 ASCII).

• Encryption with STARTTLS

  Apropos LDAP: we previously covered the process through which Zammad 6.2 establishes a new LDAP source with authentication requirements. However, what if the LDAP setup prohibits the use of an LDAPS (LDAP via SSL) connection?

  Anticipating this scenario during the development of Zammad 6.2, we implemented an alternative solution. Instead of SSL, Zammad 6.2 provides the option of STARTTLS as an encryption method. Now you can choose between different encryption types, namely SSL and STARTTLS or none of them, based on your specific LDAP configuration needs.

  ➡️ Read more on LDAP sources in the admin documentation.

• Sign / encrypt requests via SAML

  Quick login to all your devices and systems - this has long been possible in Zammad via SAML. But we didn't want to stop at convenience. By leveraging this powerful synergy, we looked to extend the capabilities to allow the configuration of signed or encrypted requests. Consider it done - with our latest release, you can specify whether you prefer your requests to be signed, encrypted, both, or nothing at all.

  ➡️ Find out more in our admin documentation.

3. External Data Source ℹ️🔗

When working with Zammad tickets, it can be very handy to pull information from other sources. Instead of manually importing/copying the selected data into Zammad (and dealing with the headache of updates in two places), we've made it easy for users to select a related entity from external sources.

Let's say you want to fetch data from an external product database and thus add your products to tickets. Well, in Zammad 6.2, we've got you covered with the new attribute type called the 'External Data Source field.' Once the connection to the data source is established, you can search and select products from a list. Additionally, you have the option to create a link to the source, which, in this scenario, would be the product website.

➡️ Read everything about External Data Sources Configuration in our admin documentation.

Please note: Currently, only GET is supported as request method and the data structure must be in JSON format.

4. Manage Data Retention and Deletion via Scheduler 🗂️🗑️

Communication systems represent an enormous reservoir of data, continuously accumulating volumes of messages and attachments containing information about customers, employees, and IT systems. This poses the challenge of efficiently managing this data in accordance with legal retention policies, often involving manual deletion processes.

With Zammad 6.2, that manual approach is a thing of the past. Administrators can now establish rules once, aligning with their company's data privacy and retention policy. Consequently, user data or other object data, such as tickets, undergoes automatic deletion after a specified time and specific conditions, all while maintaining a deletion history.

Wondering how we managed to do this? We expanded our scheduler's selection field by adding additional objects, including tickets, users, and organizations. ➡️ Read all about it in the admin documentation.

Attention: Please use Schedulers with Action: Delete immediately and Action: Add a data privacy deletion task with care! If executed, the objects are deleted and no rollback is possible.

5. Simple Storage (S3) 💾

Speaking of data, the increasing volumes of attachments for tickets and the knowledge base demand adequate storage space. By default, Zammad writes to the Database. While we recommend switching to filesystem storage for instances with higher loads, Zammad also provides a third option: Simple Storage (S3), a cloud-based storage service that enables you to store and retrieve data over the internet.

To use the Simple Storage (S3), set the "Storage Mechanism" in Zammad to Simple Storage (S3) under System in Settings. However, before doing so, it's essential to configure the connection to the service with Zammad.

➡️ In our admin documentation you will find a comprehensive step-by-step instruction.

Breaking Changes

• Default SSL Verification in UserAgent

  The default SSL behaviour of the UserAgent class in Zammad was changed. Previously, it would not perform SSL verification unless explicitly requested. Now, it will perform SSL verification unless explicitly rejected.

  This may cause issues on systems with custom addons using the UserAgent to access other systems via https, if these systems have self-signed certificates. In such cases, these certificates or the CA certificates used for their generation should be uploaded via the new SSL Certificates management screen of Zammad. Alternatively, custom code can be adjusted to pass verify_ssl: false to UserAgent calls to restore the old behaviour.

• Oversized Email Handling

  The handling of emails larger than the size limit changed. Previously, Zammad would send a reply and save the emails locally in var/spool/oversized_email (if the setting postmaster_send_reject_if_mail_too_large is true). No ticket is created in this case.

  The new behaviour is that Zammad sends the reply like before, but no longer creates files for these emails locally - they are discarded.

• Reserved Delimiter in Group Name

  The double colon (::) is now a reserved delimiter in the group name, in order to facilitate nested structure for complex hierarchies. Previously, it was possible to freely use this set of characters as part of the group name, but now it is forbidden.

  On existing systems, the group names that contain the now reserved delimiter will be renamed, with sets of double colons being replaced by a dash (-) during the migration process.

  Additionally, existing custom group object attributes named name_last and parent_id will be renamed too, by adding an underscore in front (_name_last and _parent_id). This is due to these attributes now being part of the group model, requiring dedicated table columns under the reserved names.

• Disallowed URL Values in User's Name Attributes

  Text values that resemble valid URI addresses are now disallowed for user's first and last name attributes. Previously, it was possible to save any text in these attributes. The administrators should take a note of this change since it can have an impact on existing user data.

  No migration will be run for existing users on update to Zammad 6.2. In case there are user records that contain URLs in their name attributes, they will be sanitized during subsequent updates. No manual action from administrator will be required, as the URI scheme or protocol will be automatically stripped from offending values.

🚨 Important Announcements

• Documentation

  The admin documentation now includes multi-language support (which was already available for the user documentation). We have published the translated German and Serbian versions, which you can find here (DE) and here (SR). If you want to contribute to the documentation and/or translation, please have a look at our contribution section in the system documentation.

• Docker / Kubernetes Images for ARM64

  With Zammad 6.2, images for deployment on Docker / Kubernetes are available both for traditional AMD64 but now also for modern ARM64 platforms.

• Linux Distribution Support Changes

  In the future, Zammad will provide binary packages for the last two stable/long-term support versions of supported Linux distributions until they reach their end-of-life or can no longer meet the technical requirements for Zammad. Use of the latest supported stable/long-term support version is generally recommended.

  Zammad 6.2 will not provide packages for CentOS 7, Debian 10, Ubuntu 18.04, and SLES 12. Users of these distributions are advised to upgrade to newer versions such as CentOS 8, Debian 12, Ubuntu 22.04, and SLES 15.

• Twitter/X Integration Removal

  Due to the unclear situation regarding Twitter/X APIs, we consider removing the Twitter/X integration with the release of Zammad 7.0. Please have a look here for more information and updates on this topic.

• Note about MySQL deprecation

  Zammad is designed to provide our users with a secure and stable platform that is convincing in its performance. For this, the choice of supported database systems is crucial. After long discussions and based on our long experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will not take effect until Zammad 7.0.

  Until then, we do not recommend new installations with MySQL/MariaDB. Existing systems will continue to be supported, but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed Migration Guide that can be used to migrate existing systems to PostgreSQL free of charge.

  This decision was not easy for us. However, we see it as necessary, because we want to continue to provide you with a long-term and reliable platform and keep the effort for everyone within limits.

• Slack Integration Deprecation

  Starting with Zammad version 7.0, we will no longer support this particular Slack integration. It is recommended that you switch to pre-built webhooks instead, a new feature of ours. Existing Slack integrations should be migrated manually before this feature is discontinued.

• Support for Internet Explorer 11

  As of Zammad version 7.0, Internet Explorer 11 is no longer supported.

• Permissions for Ticket State and Priority REST-API

  With the upcoming 6.3 release, we will introduce new permissions for the ticket state and priority management. It will no longer be possible to access the corresponding REST-API with "admin.object" permission. Existing roles and/or access tokens that are used for these specific REST-API endpoints need to be updated to include the new permissions ("admin.ticket_state" and "admin.ticket_priority").

Technical requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisories

• ZAA-2023-04
• ZAA-2023-05
• ZAA-2023-06
• ZAA-2023-07
• ZAA-2023-08

Download Zammad 6.2

All improvements can be found in the Changelog.

Source code

ftp.zammad.com/zammad-6.2.0.tar.bz2 (102bd3fbf455af0a628966ca59fbb2fa)

ftp.zammad.com/zammad-6.2.0.tar.gz (648ac0c671e5ca612be91f44735d9de5)

ftp.zammad.com/zammad-6.2.0.zip (1a9e9c089025d9290b8078eded5e0c5f)

Packages

• CentOS
• Debian
• Ubuntu
• Docker-Compose

Upgrade

Here you can find information on upgrading your Zammad installation:

• From source
• With RPM
• With DEB

Original source

Minor Release

Zammad 6.1

September 13, 2023 · Summer is coming to an end and everyone is returning from vacation. Meanwhile, we have been improving our features and creating new innovations. 🚀 That's why we can now introduce Zammad 6.1. With features such as the Two-Factor Authentication and Enhanced Time Accounting, we're making the autumn even better for you.✨

In this article

1. Two-Factor Authentication (2FA) ✅✅
2. PGP Integration 📧
3. Enhanced Time Accounting 🕓
4. Improved VIP Organization 👑
5. Logging, Recording and Tracking in the ticket history 📖
   Breaking Changes
   🚨 Important Announcements
   Technical requirements
   Download Zammad 6.1

1. Two-Factor Authentication (2FA) ✅✅

The Two-Factor Authentication is in general a popular feature. Especially for customers who access Zammad from the Internet, this feature is useful. With the 2FA, another barrier can be created in addition to a password, which must be overcome in order to log into Zammad. This way, accounts are safe even if a password falls into the wrong hands. In Zammad 6.1, this Two-Factor Authentication comes with a total of three new authentication methods.

• Authenticator App 📱

The first new option is the support of authenticator apps. You install these on your phone and after entering your password at the Zammad login, you will receive a code on the authenticator app. This code is only valid for a short time. To login successfully, you need to enter not only your password but also this code. The code renews itself on the app after every 30 seconds. This provides a very high level of protection during the login process.

• Security Keys 🔑

Another new option are the Security Keys, that are an attractive alternative to the authenticator app. In this case, after the password has been entered during the login process, a physical security key must be inserted.

The security key is comparable to a USB flash drive. A well-known manufacturer of these security keys is "Yubikey". However, any security key is possible as long as it supports the "Webauthn" technology. The key can be used for different websites and is not only exclusively applicable to Zammad.

• Recovery Codes 🔢

This innovation is basically an emergency mechanism. In the event that you lose your phone or the Security Key, you can still use the Recovery Codes. These are 10 passwords that you should put in a safe place. With them, you can still log in to Zammad in case of an emergency. However, you will only be able to use these codes once. After that, the recovery codes become invalid.

Read more in the Admin Documentation. ⬅️

2. PGP Integration 📧

Currently, we have the S/MIME integration in Zammad for encrypting and signing emails. The PGP integration now adds another integration of this type. Like S/MIME, the PGP integration is used to encrypt and sign emails. By the way, PGP stands for Pretty Good Privacy.

Read more in the Admin Documentation. ⬅️

3. Enhanced Time Accounting 🕓

This is an already existing feature that has been further developed and now contains additional functions. We have also changed the layout of the feature. The following points have been improved:

• Time tracking activities

It is now possible to specify during the time recording of the ticket, which time activity it is. This means that you can enter whether it is travel time, home office time, billable or non-billable time, or some other activity of ticket processing time.

This part of the feature was sponsored by Open Circle. We are very happy and grateful for it!✨

Aghishenth Thayalakumar, Head of IT Support at Open Circle AG, shared his motivation to sponsor the feature:

"It was important for us to simplify the internal support workflow for our employees as much as possible. With the new feature, we can do all the reporting of the work done directly in the ticket tool and no longer have to adjust every entry in the time and effort tracking (RTM) tool."

• Display unit for time accounting entries

Thanks to this new feature, it is now possible to specify whether the time entered time is minutes, hours, days or any other display unit.

• Clearer admin interface of the timeaccounting

In the admin interface of the time accounting only the most current times per table are displayed. But you can still download all entries by using the download button.

Read more in the Admin Documentation. ⬅️

4. Improved VIP Organization 👑

Previously, it was only possible to mark users as VIP. Now with Zammad 6.1, organizations can also be marked as VIP. For example, a trigger can be used to evaluate whether a ticket was created by an organization with VIP status. This can facilitate various subsequent work steps. In addition, new operators are now available that can be used to search fields even more easily and precisely. This makes it even easier to implement "if, then" automations.

This feature was sponsored by VoIP Competence Center GmbH. We would like to express our thanks for this.

Marc Steinbach, Team Lead Manager at VoIP Competence Center, let us know why this feature is sponsored and why it has such an important meaning for their daily work:

"We work in B2B with many different contacts that we assign to organizations in Zammad. In the past, it was difficult to keep track which customers had booked service with us and which were not currently using service. With the VIP status for organizations, our staff can directly see if the ticket is covered by the monthly service. By automatically assigning new contacts to the organization via domain mapping, this also works for contacts who are contacting us for the first time."

Read more in the Admin Documentation. ⬅️

5. Logging, Recording and Tracking in the ticket history 📖

This eliminates the need to search/browse the possible reasons for an automations in the text. Previously, when an automatic change was made in the ticket, only a minus was displayed as the author in the ticket history. With our innovation, it is now clearly visible in the ticket history when an automatic change occurred in the ticket. In the case of automatic changes that were created by triggers, the name of the trigger that is responsible for the automatic change is now displayed in the ticket history.

Breaking Changes

New Organization Attribute vip

Zammad 6.1 creates a new vip attribute for organizations. For systems with previously created vip attributes, there is special caution needed. In case of boolean attributes, Zammad will adjust them to the new settings and keep using them. For attributes of other types, Zammad will rename the existing attribute to _vip and add a new vip boolean attribute. This may cause issues if the previous attribute was used in other parts of the system, e.g. Triggers. In such cases, the relevant configurations must be reviewed and adjusted.

Support for the Unicorn Web Server is removed

It seems that the Unicorn Web Server is no longer really used with Zammad. Therefore, we have decided to remove it with Zammad 6.1 after it was deprecated in Zammad 6.0.

🚨 Important Announcements

Linux Distribution Support Changes

In the future, Zammad will provide binary packages for the last two stable/long-term support versions of supported Linux distributions until they reach their end-of-life or can no longer meet the technical requirements for Zammad. Use of the latest supported stable/long-term support version is generally recommended.

Zammad 6.2 will not provide packages for CentOS 7, Debian 10, Ubuntu 18.04, and SLES 12. Users of these distributions are advised to upgrade to newer versions such as CentOS 8, Debian 12, Ubuntu 22.04, and SLES 15.

Twitter/X Integration Removal

Due to the unclear situation regarding Twitter/X APIs, we consider removing the Twitter/X integration with the release of Zammad 7.0. Please have a look here for more information and updates on this topic.

Note about MySQL deprecation.

Zammad is designed to provide our users with a secure and stable platform that is convincing in its performance. For this, the choice of supported database systems is crucial. After long discussions and based on our long experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will not take effect until Zammad 7.0.

Until then, we do not recommend new installations with MySQL/MariaDB. Existing systems will continue to be supported, but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed Migration Guide that can be used to migrate existing systems to PostgreSQL free of charge.

This decision was not easy for us. However, we see it as necessary, because we want to continue to provide you with a long-term and reliable platform and keep the effort for everyone within limits.

Slack Integration Deprecation

Starting with Zammad version 7.0, we will no longer support this particular Slack integration. It is recommended that you switch to pre-built webhooks instead, a new feature of ours. Existing Slack integrations should be migrated manually before this feature is discontinued.

Support for Internet Explorer 11.

As of Zammad version 7.0, Internet Explorer 11 is no longer supported.

Technical requirements

Please note that you must meet the following browser requirements to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Download Zammad 6.1

All improvements can be found in the Changelog.

Source code

ftp.zammad.com/zammad-6.1.0.tar.bz2 (168ff4fda2d56076ab91e690b4c65dfb)
ftp.zammad.com/zammad-6.1.0.tar.gz (b44f38590aad1fecc1f0bf57fef52e70)
ftp.zammad.com/zammad-6.1.0.zip (78c752e6d2219816a88daeb66dcb7398)

Packages

CentOS
Debian
Ubuntu
Docker-Compose

Upgrade

Here you can find information on upgrading your Zammad installation:

• From source
• With RPM
• With DEB

Original source

The wait is over - we are thrilled to introduce Zammad 6.0 with its great array of new features and enhancements. 🥳
Your ideas and feedback have been an immense inspiration to us. Thanks to you and our generous sponsors, we were able to implement many features. 🙏
Zammad 6.0 comes with several eagerly awaited features, including Mobile View, duplicate detection, and the most requested function by the community: MS Teams notifications. We are excited to share all the exciting details about these and other features with you. ⬇️

In this article

• 📱Mobile View
• 🔍 Duplicate Detection
• 🪝WebHooks enhancement - now also with integration for Microsoft Teams
• 🔔 Default Agent Notifications
• ✏️ Core Workflow enhancement: title and text support
• ⚡ Responsive Design improvements: Table column resizing & navigation bar collapse
• 🚨 Important note on the update
• Breaking Changes
• 🚨 Important Announcements
• Are you waiting for a certain feature? 🤨
• Technical Notes
• Download Zammad 6.0

1.📱Mobile View

In an increasingly mobile world, access to information and services through smartphones and tablets is becoming more and more vital. However, our Responsive Design for Zammad fell short in meeting these requirements. 💡We found the solution in a native web application with mobile support, eliminating the need for installing an additional app. Instead, Zammad has implemented mobile device detection, automatically redirecting users to the mobile view. The Mobile View provides essential resources and features that agents use on their desktops, while optimizing them for a mobile format, ensuring a more user-friendly experience.

For the sake of simplicity, we have deliberately omitted certain features in the Mobile View. While some features are already supported, we are continuously working on implementing others. You can find a comprehensive list of supported features in the user documentation . ⬅️

2.🔍 Duplicate Detection

We understand the time-consuming nature of manually searching for and merging duplicate tickets in the system. 😮‍💨 From now on, our Duplicate Detection feature will handle this tedious task for you! With Zammad 6.0, you can now specify the attributes to be compared, enabling automatic verification during ticket creation.🤖 During this process, the specified attributes of the newly created ticket are compared with existing tickets in the system. ⚠️ If similar tickets are identified, the user creating the ticket will be presented with the potential duplicate tickets. By utilizing the Duplicate Detection feature, you can save valuable time and ensure that redundant tickets are not created.

To activate the Duplicate Detection feature and manage its attributes, you can access the settings through the admin interface. Simply navigate to "Settings > Tickets" to access the relevant options. For more detailed instructions and information, please refer to the admin documentation . ⬅️

3.🪝WebHooks enhancement - now also with integration for Microsoft Teams

WebHooks have been available in Zammad since version 3.6 as a simple solution for real-time communication between different applications or services. 🔄 With the introduction of Zammad 6.0, this feature becomes even more powerful. 💪 As an admin, you can now select from a range of predefined WebHooks. These predefined WebHooks come with a user-friendly interface and require no special configuration or programming knowledge. They can also serve as a foundation for creating new WebHooks. While the payload for these predefined WebHooks is static, you can still customize certain values through the provided user interface. For those looking to take customization to the next level, Zammad 6.0 offers the option to add a freely configurable WebHook. With this enhancement, you have the flexibility to define your own payload and assign specific ticket values to it.

We've listened attentively to our Microsoft Teams users, and we're excited to announce that Zammad now offers a new predefined WebHook specifically designed for Microsoft Teams notifications. 🙌 In addition to our existing integrations with Slack, Mattermost, RocketChat, and other platforms, this new predefined WebHook for Microsoft Teams allows for seamless communication and real-time notifications within your Microsoft Teams environment.

➡️ Read more in the admin documentation and check out MS Teams WebHook example here .

Many thanks to our sponsor energy & meteo systems GmbH for the generous support of this feature! 🙏🏻

4.🔔 Default Agent Notifications

In the hosted environment or for the average administrator, changing the default notifications for users used to be a cumbersome task. The only way to do so was through the "Switch to User" feature, and it had to be done individually for each user. 😵‍💫 However, with Zammad 6.0, this time-consuming process is now a thing of the past! Admins can now enjoy the following benefits:

• Manage default agent notification settings from the admin interface.
• Change / update notification settings of all agents via the admin interface.

➡️ Read more on Default Agent Notifications in the admin documentation .

5.✏️ Core Workflow enhancement: title and text support

Prior to Zammad 6.0, it was not possible to utilize the ticket title and article text in core workflows, limiting their potential for customization. However, with the latest version, this limitation has been overcome. In Zammad 6.0, administrators can now define and configure the following actions for the ticket title and article text within core workflows:

• read-only / changeable (set readonly / unset readonly)
• set a value to the field (fill in)
• set an empty value to the field (fill in empty)

For more detailed instructions and information, please refer to the admin documentation . ⬅️

6.⚡ Responsive Design improvements: Table column resizing & navigation bar collapse

With the advent of newer tablet devices boasting higher resolutions, our Responsive Design faced the challenge of adapting effectively. However, we have an exciting solution for this: Zammad 6️⃣.0️⃣! In this latest version, we have made significant improvements to address these changes. We enhanced the navigation bar to collapse and expand more seamlessly, allowing for better utilization of screen space on tablets. The user interface automatically adjusts to the tablet's resolution, ensuring an optimal viewing experience ↔️↕️ Moreover, Zammad 6.0 goes beyond resolution adjustments. Previously, adjusting the size of table columns was limited to devices with mouse input. However, with Zammad 6.0, we have extended this capability to touch devices as well. Now, you can easily customize the size of table columns on touch devices, bringing Zammad's functionality right to your fingertips. 🫵 With Zammad at your disposal, you can confidently navigate and interact with the system, regardless of the device you choose to use.

🚨 Important note on the update

Manual Update Action Required by the Administrator

When updating to Zammad 6.0 from a previous version, the system administrator needs to add some content to the configuration of the reverse proxy.

Example for Apache:

ProxyPass /cable ws://127.0.0.1:3000/cable

Example for nginx:

location /cable {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_pass http://zammad-railsserver;
}

This is required to enable the new Rails Action Cable based realtime communication. You can find more details about this change at this github commit .

Breaking Changes

Mandatory Redis Dependency

Starting with Zammad version 6.0, Redis is required to run Zammad. For package-based installations, the new dependency is automatically installed in the system during the update.
Note: Hosted customers do not need to take any further action regarding this change!

Health Check API Changes

Starting with Zammad 6.0, the "health check" monitoring API at /api/v1/monitoring/health_check will no longer echo the used authentication token in the response payload.

Excel Export Format Change

Starting with Zammad version 6.0, all Excel exports will be exported exclusively in xlsx format. The original xls format will no longer be supported.

Storage location of unprocessable/oversized emails

Zammad stores emails that were unprocessable or rejected due to size constraints in the file system. The location of such emails changed from tmp/unprocessable_mail and tmp/oversized_mail to var/spool/unprocessable_mail and var/spool/oversized_mail within the /opt/zammad directory. Existing emails are automatically moved to the new location.

Naming change in Token model and EmailAddress model

The token model is used to store access tokens and had field names which may have caused confusion for developers using them. Therefore, the field previously called name: now has the correct identifier token: (as it stores the actual token value), and the field previously called label: is now called name: for better consistency with other models. The EmailAddress model is used to information about email addresses Zammad receives mail for. For consistency reasons, its realname: field is now called name: .
This means that the attribute via the REST API also changes: from token or realname to "name".

Docker image zammad-docker was archived

The repository zammad-docker was intended for testing / development purposes only. This repository was archived and will receive no further updates.
Please use zammad-docker-compose instead.

🚨 Important Announcements

MySQL Deprecation

Zammad is designed to provide our users with a secure and stable platform that delivers a convincing performance. For this, the choice of supported database systems is crucial. After much deliberation and based on our many years of experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will be relevant from Zammad Version 7.0.
Until then, no new installations should be set up with MySQL/MariaDB. Existing systems will continue to be supported but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed migration guide that can be used to migrate existing systems to PostgreSQL free of charge.
This decision was not easy for us. Nevertheless, it is necessary to further develop Zammad with reasonable effort and to keep it reliable also in the future.

Unicorn Webserver Deprecation

Zammad currently supports the Ruby web server unicorn . Since this seems to be unused and not actively maintained, we plan to remove this support with Zammad 6.1.

Slack Integration Deprecation

Zammad 7 will no longer support this dedicated Slack integration. It is recommended to switch to pre-defined webhooks instead. Existing Slack integrations should be migrated manually before this feature is dropped.

Internet Explorer 11 Support

Starting with Zammad version 7.0 , Internet Explorer 11 will no longer be supported.

Are you waiting for a certain feature? 🤨

If you're missing something, we're sorry to hear that. Our list of feature requests is very long and ever-growing. In order to speed up the process and put your favorite feature on the fast track, by becoming a Feature Sponsor. Just reach out to us and let's make it happen!

Technical Notes

Please note that you will need to fulfill the following browser prerequisites in order to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Download Zammad 6.0

You will find all improvements in the Changelog .

Source code

ftp.zammad.com/zammad-6.0.0.tar.bz2 (ec70dfdaf7858e26837d04ac8250e997)
ftp.zammad.com/zammad-6.0.0.tar.gz (09bf791738920c211d23bdd2a42fba6f)
ftp.zammad.com/zammad-6.0.0.zip (ea65b787224286dbc860f8ce71aaba57)

Packages

CentOS
Debian
Ubuntu
Docker-Compose

Upgrade

You can find information on an update of your Zammad installation here:

From source
With RPM
With DEB

Original source

Security Release

Zammad 5.4.1

April 12, 2023 · This release note includes a very important security patch. All self-hosted instances should be updated immediately.

Please read on for details:

In this article

• Security Patch
• 🚨 Important Announcements
• Mandatory Redis Dependency
• Health Check API Changes
• Excel Export Format Change
• MySQL Deprecation
• Internet Explorer 11 Support
• Technical Notes
• Advisories
• Download Zammad 5.4.1

Security Patch

An attacker could send manipulated data to the Zammad API to sign up with an arbitrary email address, bypassing the email verification step and manipulating the data of the generated user. In some scenarios this could lead to gaining unauthorized access to existing tickets.

Find the Advisory here:

ZAA-2023-03

Note:

• 🏠 If you're using Zammad on-premise please update to 5.4.1 as soon as possible.
• ☁️ Hosted instances will be updated automatically, so there is no action required from your side.

🚨 Important Announcements

Mandatory Redis Dependency

Starting with Zammad version 6.0 there will be a fixed dependency on Redis. This means Redis will be necessary to run Zammad. The reason for this is our new tech stack, which requires Redis from version 6.0 onwards. We will update the documentation with all important information regarding the installation.

Note: Hosted customers do not need to do anything regarding this change!

Health Check API Changes

Starting with Zammad 6.0, the "health check" monitoring API at /api/v1/monitoring/health_check will no longer echo the used authentication token in the response payload.

Excel Export Format Change

Starting with Zammad version 6.0, all Excel exports will be exported exclusively in xlsx format. The original xls format will no longer be supported.

MySQL Deprecation

Zammad is designed to provide our users with a secure and stable platform that delivers a convincing performance. For this, the choice of supported database systems is crucial. After much deliberation and based on our many years of experience, we have decided that Zammad will only support PostgreSQL as a database in the future. However, this change will be relevant from Zammad Version 7.0.

Until then, no new installations should be set up with MySQL/MariaDB. Existing systems will continue to be supported but must be migrated to PostgreSQL until the release of Zammad 7. For this purpose, we have provided a detailed migration guide that can be used to migrate existing systems to PostgreSQL free of charge.

This decision was not easy for us. Nevertheless, it is necessary to further develop Zammad with reasonable effort and to keep it reliable also in the future.

Internet Explorer 11 Support

Starting with Zammad version 7.0, Internet Explorer 11 will no longer be supported.

Are you waiting for a certain feature? 🤨

If you're missing something, we're sorry to hear that. Our list of feature requests is very long and ever-growing. In order to speed up the process and put your favourite feature on the fast track, by becoming a Feature Sponsor. Just reach out to us and let's make it happen!

Technical Notes

Please note that you will need to fulfil the following browser prerequisites in order to use this version:

• Chrome: 83
• Firefox: 78
• Explorer: 11
• Safari: 11
• Opera: 69
• Edge: 83

Advisories

ZAA-2023-03

Download Zammad 5.4.1

You will find all improvements in the Changelog.

Source code

• ftp.zammad.com/zammad-5.4.1.tar.bz2
  (603f0a8047fca4f76cbcc5e0ddbf5bc6)
• ftp.zammad.com/zammad-5.4.1.tar.gz
  (425943bb168cb04d2c945479fb02fd09)
• ftp.zammad.com/zammad-5.4.1.zip
  (39749ed277928e77139e367bd520d065)

Packages

• CentOS
• Debian
• Ubuntu
• Docker-Compose

Upgrade

You can find information on an update of your Zammad installation here:

• From source
• With RPM
• With DEB

Original source