Bug fixes

We have fixed the following bugs in this release:


Bug Summary
VCC-26644 When you correct a word it remains highlighted as an error until you have turned the spell checker off.
VCC-25439 In Case view, the email body does not show the email ID shared.
VCC-25386 For an inbound queued call, agent details such as agent name, accept time, processing time are missing in the historical Detailed Transaction report.
VCC-26793 In the Local CRM, some agents are unable to access their tasks.
VCC-31641 The email engine crashes repeatedly globally.
VCC-30604 When you transfer a call on line 1 to line 2 connected via click-to-dial, the call fails to transfer and connect.
VCC-30703 In a cold transfer scenario, the inbound caller on line 1 does not hear the ringback before being answered by the destination.
VCC-30342 In Salesforce integration, the SSO login authentication fails.
VCC-30291 Unable to view facebook/Twitter in VCC social channels.
VCC-30328 Agents experience VCC to hang while accessing the case history of a few cases.
VCC-30318 Upon reaching the voicemail of an internal outbound call on line 2, if an agent ends the call, the agent gets disconnected from the call while the caller on Line 1 continues to stay on hold.
VCC-29803 Unable to pull another email while you are in "Email in process" status.
VCC-28987 The thank you message played to the caller after confirming the callback number fails to play if a caller is forwarded from one VCC channel to another.
VCC-28284

When a caller enters invalid data for a 'Get Value' prompt, the invalid message fails to play and drops the call.

VCC-30109 Chat: Race condition when chat is popped out prevents customer information to be sent to the server
VCC-29716 During a chat interaction, the reply box disappears intermittently on the customer's end preventing the customer to respond.
VCC-27068 In VO-VCC tenants, if an agent is in post-processing status on line 1, and a direct agent routed call is accepted on line 2, the call on line 2 has failed audio.
VCC-24896 The historical 'Time on Status' report shows the agent is on break for 13 hours even when the agent is logged out.
VCC-22679

In a warm transfer scenario where agent 1 accepts a call, places a warm transfer call to agent 2, then drops off. When agent 2 places the caller on hold, the hold music fails to play.

VCC-24803 Campaign manager -- some customers' campaigns are running on both platform after a platform switch. On going campaigns do not feed calls to the queue and new campaigns fail to run.
VCC-24548 When an agent transfers an inbound call to another agent, there is no audio after transfer.
VCC-23907 In Local CRM,the "From" and "To" addresses disappear and the signatures go blank until the page is refreshed.
VCC-22456 In Local CRM, some tenants encounter an error when they try to delete more than seven customers at a time.
VCC-24299 In Local CRM, edits done to the case fields in draft state are lost when follow-ups are sent.
VCC-24075 Historical report: stuck aggregations causing zero abandoned calls, lost report data if the platform restarts before fixing the out of sequence events.
VCC-25881 In Campaign manager, the custom field gets updated for other transaction codes even though only Do not call transaction code is enabled to update a custom field.
VCC-26034 Local CRM: Sorting cases by ''last updated'' field fails to sort.
VCC-31657 Local CRM: The files (.CSV) received as attachments download in an incorrect format and fail to open.
VCC-31426 The Detail Transaction report shows incomplete data. Some fields such as Queue name and transaction ID are missing.
VCC-31223 Historical report queries are taking longer than expected to run.
VCC-30965

NA12 Only: When Threshold condition is met, Wallboard audio notification fails to play on Chrome.

VCC-30369

While processing a queued call with mandatory transaction codes, changing status from post processing to Work Offline renders the status code list truncated.

VCC-29655 SAPI - Invalid value is presented for the Queue ID field.
IN-2296 SalesForce Integration: Agents are experiencing periodic issues where VCC loads a blank VCC agent window when trying to access it via Salesforce.
VCC-27112 JCM logs are flooded with "Pending message list has length" message.
VCC-23026 Chat URL auto-redirect is not working when a cluster is in hybrid mode.
VCC-22917

When a supervisor begins to monitor a conference call handled by an agent, the supervisor is automatically integrated into the conference call even though they just initiated monitoring without joining the call.

VCC-1893 Intermittent slow response time of tomcat for all web applications deployed.

In addition to the above fixes, we have resolved the following critical security issues.

Bug Summary
VCC-31205 The request to create a wallboard does not encode user input in the Name and Description fields.
VCC-31193 The request to create an status code menu text does not encode user input before rendering on the code page of a status code.
VCC-31197 The request to create an status code translation text does not encode user input before rendering on the translation tab of status codes.
VCC-31206 The request to create a custom field on a wallboard does not encode user input in the Name and Description fields.
VCC-31207 The request to create a custom threshold on a wallboard does not encode user input in the Name field.
VCC-31241 The request to create a chat design Form does not encode user input in the Name or Description fields.
VCC-31242 The request to create a chat design Window does not encode user input in the Name or Description fields.
VCC-31236 The request to create a chat design Invitation does not encode user input in the Name or Description fields.
VCC-31203 The request to create a transaction code Translation does not set the proper MIME type on the JSON response, therefore, allows for the rendering of script in the HTML.
VCC-31230 The request to create a chat design Button does not encode user input in the Name or Description fields.
VCC-31177 The request to create an status code Category does not encode user input before rendering on the properties page of a status code.
VCC-31198 The request to create a transaction code does not set the proper MIME type on the JSON response lookup, therefore, allows for the rendering of script in the HTML.
VCC-31201 The request to create a transaction code Translation does not set the proper MIME type on the JSON response, therefore, allows for the rendering of script in the HTML.
VCC-31199 The request to create a transaction code menu text does not set the proper MIME type on the JSON response, therefore, allows for the rendering of script in the HTML.
VCC-30843 The request to create an Integration Screen Pop does not validate the name field when reflecting the contents in the response body.
VCC-30842 The request to create a campaign does not validate the name field when reflecting the contents in the response body.
VCC-30763 The request to create a queue does not validate the name of the queue to prevent malicious script execution. Additionally, the MIME type on the page must be set to application/JSON.
VCC-30759 The request to create a queue does not validate the name of the queue to prevent malicious script execution. Additionally, the MIME type on the page must be set to application/JSON.
VCC-30814 The request to create a support center does not validate the name of the script to prevent malicious script execution.
VCC-30768 The request to create a script does not validate the name of the script to prevent malicious script execution.
VCC-30839 The request to create CRM object does not validate the field for custom label upon creation. It reflects the value without encoding considerations.
VCC-30817 The request to create a support greeting does not validate the content to prevent malicious script execution.
VCC-30597 The request to create security roles does not validate the name of the role to prevent malicious script execution. Additionally, the MIME type on the page must be set to application/JSON.
VCC-30598 The request to create an SMTP Server does not validate the name to prevent malicious script execution. Additionally, the MIME type on the page must be set to application/JSON.
VCC-30549 Stored cross-site scripting on Configuration Manager audio files.
VCC-30600 The request to create or alter an agent group does not validate the comment to prevent malicious script execution. Additionally, the MIME type on the page should be set to application/JSON.
VCC-30599 The request to create an Allowed IP Range rule does not validate the description to prevent malicious script execution. Additionally, the MIME type on the page should be set to application/JSON.
VCC-26964 Oracle users with weak password allow access to the database contents and potentially the underlying operating system.
VCC-26787 Cross-site scripting is vulnerable in Virtual Contact Center web chat.
VCC-30594 Configuration Manager reflects user input of the srcUrl parameter without proper encoding.
VCC-30522 Stored cross-site scripting on profile. When updating a user's profile, the following parameters are vulnerable: first_name, last_name, display_name, email, agent_country, and signature.
VCC-22781 In Agent Console, fix PHP SQL injection related to LIKE statement.
VCC-23089 Oracle users with less strong password allow access to the database contents and the underlying operating system.
VCC-26104 Agent Console: external control of File Name or Path.
VCC-26105 Argument injection or modification (OS Command Injection).
VCC-26101 The application contains hard-coded credentials for inbound authentication and outbound communication.
VCC-26102 The application contains hard-coded password for inbound authentication and outbound communication.
VCC-26094 The script-related HTML tags in a web page are not properly neutralized.
VCC-25509 Oracle users with less strong password allow access to the database contents and the underlying operating system.
VCC-25510 Database runs with more user permissions than required.
VCC-25471 The applications lacks sufficient defenses against clickjacking attacks.
VCC-25469 The Apache UserDir is enabled leading to information being disclosed.
VCC-25475 Cookies scoped to a parent domain of the application leads to security problems and data leakage.
VCC-26424 The web server runs an outdated version of Apache Tomcat. Support NewGenMashUp site.
VCC-23635 Cross-site scripting is vulnerable in Virtual Contact Center web chat.
VCC-23480 Special elements are not properly neutralized in an operating system command (OS Command Injection).
VCC-23476 In Configuration Manager, the script in attributes in a web page is not properly neutralized. The application does not filter text or other data for potentially malicious HTML content.
VCC-23477 In Configuration Manager, the script-related HTML tags in a web page are not properly neutralized.
VCC-23478 In Configuration Manager, private resources are transmitted into a new sphere resulting in a resource leak.
VCC-23445 In Agent Console, the authentication credentials are not sufficiently protected.
VCC-23441 The web server runs an outdated version of Apache Tomcat. Convert cluster tomcat template to chef configuration template.
VCC-23428 The web server runs an outdated version of Apache Tomcat. Move CRMhelper to centOS tomcat QA.
VCC-23434 The web server runs an outdated version of Apache Tomcat. Move Netsuite to centOS tomcat QA.
VCC-23422 The web server runs an outdated version of Apache Tomcat. Move Waveform to centOS tomcat QA.
VCC-23416 The web server runs an outdated version of Apache Tomcat. Move NewGenMashUp to centOS tomcat QA.
VCC-23383 The web server runs an outdated version of Apache Tomcat. Move MashUp to centOS tomcat QA.
VCC-23312 The web server runs an outdated version of Apache Tomcat. Move CRMHelper to centOS tomcat.
VCC-23314 The web server runs an outdated version of Apache Tomcat. Move Waveform to centOS tomcat.
VCC-23313 The web server runs an outdated version of Apache Tomcat. Move Netusite to centOS tomcat.
VCC-23311 The web server runs an outdated version of Apache Tomcat. Move NewMashUp to centOS tomcat.
VCC-22873 Add static code analysis on AGUI PHP7.
VCC-22872 Add static code analysis to EDSA for vulnerability checking.
VCC-22804 In Agent Console, search for and fix Insert/Update/Delete SQL commands in PHP that accepts non-sanitized parameters.
VCC-22805 In Agent Console, scan and remove any PHP unused file that can make AGUI vulnerable.
VCC-22780 EDSA inject other queries.
VCC-22779 EDSA must not access system tables.
VCC-23096 Insecure cookie configuration places user sessions at risk.
VCC-23094 Some Virtual Contact Center applications are vulnerable to reflected or non-persistent, and cross-site scripting attacks.
VCC-23095 A single authentication request to a web application is submitted using the HTTP GET method , resulting in authentication data being sent as plain text in the URL.
VCC-23090 A number of the VCC applications were vulnerable to persistent or stored cross-site scripting.
VCC-23091 The web server runs an outdated version of Apache Tomcat. Move MashUp to centOS tomcat.
VCC-23088 WPJAdmin login to Oracle database must not access system table. The database is running with more permissions than required.
VCC-23139 In Configuration Manager, search for and fix Insert/Update/Delete SQL commands in PHP that accepts non-sanitized parameters.
VCC-23141 The database runs with more user permissions than required.
VCC-23140 In Configuration Manager, scan and remove any PHP unused file that can make Agent Console vulnerable.
VCC-23112 In Configuration Manager, run veracode dynamic scan.
VCC-23114 In Configuration Manager, fix PHP SQL injection related to LIKE statement.
VCC-23110 Add dynamic code analysis to Configuration Manager for vulnerability checking. PHP 4 is not supported on static.

 


Send us your feedback


Copyright © 2018 8x8, Inc. All Rights Reserved