Related article - https://doc.livehelperchat.com/docs/bot/image-file-verification-flow

1. Image download verification and protection features
   • Introduced 'img_download_policy' configuration option to manage image download permissions
   • Enhanced file download logic to include image verification and protection checks
   • Added new verifyaccess.php module to handle image access verification requests
   • Updated database schema to include 'meta_msg', 'width', and 'height' fields in lh_chat_file and lh_mailconv_file tables
   • Implemented Svelte component for image handling with verification and protection features
   • Added translations for image access verification messages
   • Updated module.php to include new permissions for downloading verified and unverified files
   • Added sensitive information image to the default theme
2. Chat tabs and dashboard improvements
   • Chat tabs React component now supports custom attributes for styling
   • Enhanced tabs flow with better navigation and user experience
   • Dashboard chat tabs improvements with better state management
3. Bot and webhook enhancements
   • Added support for overriding bot ID in webhook processing for better event handling
   • Implemented chat file variable handling in generic bot action command for dynamic variable updates
   • Enhanced REST API action to support chat file messages
   • Option to sync attribute from database in bot conditions
   • Modal window will show error message when trying to delete a bot that cannot be deleted
4. Form and file handling improvements
   • Fixed reCAPTCHA in offline form when file is submitted
   • Enhanced offline forms with proper cookie handling and headers
   • Better file upload handling with proper content headers
   • Store partial encoded data for better file processing
5. Chat experience enhancements
   • Hide "Switch to Human" button when chat transitions to survey mode
   • System message is now logged when "Switch to Human" button is clicked
   • Custom template support for extensions below chat messages
   • Improved image reveal logic in Svelte components for better scrolling behavior
6. Security and compatibility
   • Fixed deprecated PHP constant E_STRICT for better PHP 8+ compatibility
   • Enhanced file download verification process with user data in event dispatch
   • Improved security for image access and verification
7. UI and UX improvements
   • Better error handling and user feedback
   • Enhanced modal dialogs and confirmation windows
   • Improved responsive design elements
   • Updated sponsors section

1. IMAP and SMTP connection testing features in mailbox settings. You can now test your mail configuration directly from the interface.
2. Enhanced mailbox management with delete folder functionality for better organization.
3. Bot chart generation using Mermaid diagrams for visual workflow representation of bot flows.
4. New configuration option for departments: "Do not transfer to destination department if it has no online operators" to improve chat transfer handling.
5. Enhanced user settings management and dashboard tab management with improved visibility options.
6. Conditions support for replaceable variables, allowing more dynamic content generation.
7. Option to investigate use cases of various objects for better debugging and analysis.
8. Priority rule testing - you can now test priority rules directly from the interface.
9. Enhanced bot message handling and trigger management with better control options.
10. Direct magic attribute support in bot text fields with new direct_ prefix option.
11. Enhanced REST API trigger execution logging and handling for better debugging.
12. Option to suspend/resume online visitors updating in main window for performance control.
13. Canned messages now have max result configuration for display optimization.
14. Enhanced email anonymization features and chat status improvements.
15. n8n integration support for workflow automation.
16. Improved quote handling in messages - quotes will be preserved as plain text.
17. Enhanced access control for displaying user attributes in online user info.
18. Better handling of chat continuation and message rendering.
19. Updated dependencies including TinyMCE, Svelte, and other packages for security and performance.
20. Switch to new modal confirm windows replacing browser native confirms.
21. Enhanced character validation and node identifiers in bot chart generation.
22. Improved debug output with better state attribute handling and clarity.
23. Enhanced bot trigger builder functionality with better workflow management.
24. Fixed chat closing in popup scenarios that sometimes triggered false alerts.
25. Better handling of button payload text values as default triggers.
26. Enhanced message processing with improved direct value handling.
27. Various fixes for online operator department conditions and user management.
28. Pronoun inclusivity improvements changing he/him/his references to they/them.
29. Enhanced template compilation with preserved newline characters.
30. Better background worker exception handling.
31. Enhanced department query to include online hours check for better availability management.
32. React app version updates and chat widget reducer state management improvements.

execute doc/update_db/update_334.sql for update

What's Changed

• Switch to new modal confirm window by @remdex in #2263
• he/him/his changes to they/them and other minor tweaks. by @adrianbj in #2273
• Improvements all around by @remdex in #2275

New Contributors

• @adrianbj made their first contribution in #2273

Full Changelog: 4.65v...4.66v

1. Department statistic modal window will show department online status. Useful for investigations.
2. Case insensitive will be a global in additional chat variables.
3. Sometimes while logging as other operator did not work and operator was logged out instantly.
4. vars_encrypted option should be respected in popup.
5. If condition support in bot individualization. https://doc.livehelperchat.com/docs/bot/multiple-languages#setting-translations-for-messages

execute doc/update_db/update_333.sql for update

What's Changed

Full Changelog: 4.64v...4.65v

1. Departments widget will show online operators counter also, not only their slots.
2. Copy CURL Command will be available in audit login also. Click info icon and you will find it.
3. Debug window in chat will preparse chat_variables for better understandability.
4. If user message contained LHC internal tags, Rest API was reparsing them again.
5. Chat tabs will have light background for better visibility.
6. Option to have custom back office site access more easily. https://doc.livehelperchat.com/docs/security
7. Changes to avoid notices in case invalid requests are made.

execute doc/update_db/update_332.sql for update

What's Changed

Full Changelog: 4.63v...4.64v

1. Attribute to set additional variable to check if it is encrypted in the first place.
2. Permission tab in user window will allow checking which group/role grants specific permission.
3. Holding CTRL will open chat tab in the background.
4. Possibility to search by trigger body in the bot constructor.
5. When logging Rest API message as system message, it will enable generating CURL request by logged data.
6. Search in system configuration.

execute doc/update_db/update_331.sql for update

What's Changed

Full Changelog: 4.62v...4.63v

1. Option to show hidden chat variable directly in the chat window.

execute doc/update_db/update_330.sql for update

What's Changed

Full Changelog: 4.61v...4.62v

Multiple XSS vulnerabilities were fixed (all required operator login to exploit)
These were minor security issues that couldn't be exploited by anonymous visitors

Reported by:

• Name: Manojkumar Jaganathan (TheWhiteEvil)
• LinkedIn: https://www.linkedin.com/in/manojkumar-j-7ba35b202/
• HackerOne Profile: https://hackerone.com/the-white-evil?type=user
• Company: HackerBro Technologies
• Their website https://www.hackerbro.net

Specific fixes included:
1. Properly escaping operator names in the dropdown filtering box
2. Escaping bot usernames in the Telegram module
3. Escaping operator names in the change owner window
4. Escaping "Alias nick" field in department assignment modals
5. Escaping Facebook page "Name" fields
6. Escaping canned message content in chat window flows
New Features
1. Added logging capability for chat priority rules application
2. Added support for passing chat_id and chat_hash parameters
3. Improved UI to show which siteaccess is being used for translated text in widget themes

execute doc/update_db/update_329.sql for update

What's Changed

Full Changelog: 4.60v...4.61v

1. Disabled operators departments relations will be stored in separate table. Performance improvement.
2. Ignore message in Rest API option in text message. Will avoid message being send inside previous_visitor_messages_list_url loop.
3. Option in chat configuration Delete chat on close there there is no visitor messages in chat usefull in case you are using auto chat start in start chat form settings.
4. sensitive, raw, sensitive_raw prefixes support for sensitive_{{args.item.msg}} syntax inside previous_visitor_messages_list_url loop
5. Encrypted variables passing additional options https://doc.livehelperchat.com/docs/custom-fields-and-prefill#how-securely-pass-attributes
6. JS api to hide need help widget manually. https://doc.livehelperchat.com/docs/javascript-arguments#hide-need-help-widget

What's Changed

Full Changelog: 4.59v...4.60v

1. Fixed an issue where the assigned operator's statistics were not updated if the chat was auto-assigned but handled by another operator.
2. Optimized database indexing for the online operators widget, improving data fetching speed by 40–50%.
3. Browser notifications now display unread messages instead of just indicating the assigned chat.
4. Improved clarity of explanations in mobile settings.
5. Added support for canned messages in the mobile app.
6. Implemented a workaround for a Chrome bug: Chromium issue 414284085.
7. Added the option to display a custom message for connection issues.
8. Fixed an issue where the widget, when set to embed mode with a popup-on-click action, failed to render. This now properly handles misconfigurations.
9. The foreach loop in REST API calls now supports a {skip_empty_msg} option to ignore empty messages.
10. The dropdown search component now aborts previous API calls when a new one is made.
11. Migrated browser confirm dialogs to modal-based dialogs to resolve a Safari issue where confirm and submit actions were not handled correctly.
12. Improved user experience when scrolling to previous messages.
13. Fixed an issue causing double replacements in bot trigger texts.
14. Added an option to crop visitor-uploaded images to a square in file upload settings.
15. Option in chat list search by chat close time.
16. lh_transfer table was not cleaned up in some scenarios.
17. Various minor improvements throughout the system.

What's Changed

Full Changelog: 4.58v...4.59v

What's Changed

1. In some cases open action was not logged for chats.
2. Module function can be assigned as Exclude type. Allows scenarios then operator has permission to all module functions, but excludes some.
3. Replaceable variables available in Rest API now also. {{replaceable.}}
4. Option to control after how many characters new row appears in the widget. Widget theme.
5. Bot individual trigger action can be checked against conditions. Allows easier migration of live bot.
6. Login as was fixed.

execute doc/update_db/update_326.sql for update

Full Changelog: 4.57...4.58v