Download Latest Version 4.83v Subject archive source code.tar.gz (37.7 MB)
Email in envelope

Get an email when there's a new version of Live helper chat

Home / 4.82v
Name Modified Size InfoDownloads / Week
Parent folder
4.82v-with-dependencies.zip 2026-03-17 76.8 MB
1 1 weekly downloads
4.82v-with-dependencies.tgz 2026-03-17 67.1 MB
0
4.82v Security updates, expanded widget mode source code.tar.gz 2026-03-17 37.7 MB
0
4.82v Security updates, expanded widget mode source code.zip 2026-03-17 41.4 MB
0
README.md 2026-03-17 3.2 kB
0
Totals: 5 Items   222.9 MB 1
  1. Notable changes since 4.81v
  2. Security/file handling: enhanced MIME type validation across file download endpoints (downloadfile.php, inlinedownload.php, REST API file.php); MIME type constants added in mail conversation parser; all operator/visitor uploads validated against var folder path; resolved security issues L01, L02, L04, L05, L06, L11, L13.
  3. Widget: added expand mode with configurable width/height ratios and new shrink_text/expand_text UI fields; widget communication updated to include user session prefill variables in sent messages; fixed reloadWidget function; updated wrapper version.
  4. Chat search/statistics: added message count filters (operators, visitors, bots) to search panel and statistics tabs; added total messages count input field; added search by message ID range.
  5. Chat tab visibility: operators can toggle chat tab visibility (show/hide chat tabs) via quick actions in user settings.
  6. User settings: added auto-accept chats option and alert preference for transferred chats.
  7. Variables/prefill: support for passing custom back-office vars as lhc_var variables; encrypted prefilled variables always applied; variable only set when replaceable variable is non-empty; proactive invitations now update vars when custom vars are passed.
  8. Theme/translations: widget theme translate method accepts user context; REST API modules (checkchatstatus, getinvitation, initchat, onlinesettings, settings) use user context for theme translations; multilanguage support for custom fields; fetchByVid includes caching option.
  9. Canned messages: refactored retrieval with getCannedMessages method; added auto_send filter and ignore_subjects parameter.
  10. Extensions: support for extensions to contribute custom side-menu items.
  11. Configuration: folder/directory write-permission checks added to the configuration page with per-directory success/error indicators.
  12. Bot: support for background workers in REST API bot action; improved bot detection filtering.

  13. Message history: previous-message loading always uses all messages when the page limit is not reached; safe inclusion of all chat messages.

  14. Summary

  15. This release strengthens file handling security with MIME type validation, file path checks, and resolves multiple L-series security issues.
  16. Operator UX improvements include widget expand mode, chat tab visibility toggles, and richer user settings (auto-accept, transfer alerts).

  17. Search and statistics gain new message count filters; extensions gain custom side-menu support; theme translations now respect user context.

  18. Contributors

  19. L01: SSRF via incoming webhook image download (CWE-918)

  20. L06: Mass assignment in REST API file PUT leading to arbitrary file read (CWE-915, CWE-22)
  21. L11: Stored XSS via Content-Type spoofing in file upload (CWE-79, CWE-345)
  22. L13: Unsafe deserialization in configuration loader (CWE-502)

Vulnerability Researcher: Pedro J. Núñez-Cacho Fuentes (https://blogs.tunelko.com)

execute doc/update_db/update_349.sql for update

Full Changelog: https://github.com/LiveHelperChat/livehelperchat/compare/4.81v...4.82v

Source: README.md, updated 2026-03-17