5.66.3.20260706134139

  • [Security] Security improvement (#25085)
  • [Improvement] feat: Move top-up history to a dialog on #AI-Budgets screen (#24920)
  • [Improvement] Standardize frontend-API datetime exchange on ISO 8601 / RFC 3339 with explicit offset (#24757)
  • [Improvement] Browsers don't offer to generate a strong password on password setup/reset forms (#24730)
  • [Improvement] API settings panel: add v4 documentation link and rename "API v3" key labels to "API keys" (#24600)
  • [Improvement] Add recent LLM models for OpenAI AI provider (#24554)
  • [Improvement] Serve ticket message attachments to AI agents via signed download links (MCP) (#24334)
  • [Improvement] Document and enforce RFC 3339 date-time format convention for API v4 endpoints (#24147)
  • [Improvement] Migrate frontend zxcvbn dependency to @zxcvbn-ts/core (#23733)
  • [Improvement] New API endpoint to retrieve the history of agents' availability for services (#19381)
  • [Fix] Several admin-only settings can be viewed or changed by any agent via direct API requests (broken access control) (#25089)
  • [Fix] Incorrect timestamp of the agent rating (#25075)
  • [Fix] Offline agent continues receiving chats — authorization error aborts chat service cleanup on session end, leaving chat service active (#25048)
  • [Fix] Concurrent login dialog renders left-aligned instead of centered (#25026)
  • [Fix] PlannedTask hydration skips rows with legacy recurrence-preset code "every2d" — recurring task silently dead for tenant u71853 (#25023)
  • [Fix] MysqlAuthUserRepository: credential-keyed lookups can resolve the wrong account and non-approved accounts can authenticate (#24978)
  • [Fix] Stuck cron tasks stay claimable and the stuck back-off can be silently lost (#24928)
  • [Fix] PrestaShop integration - not possible to connect (#24926)
  • [Fix] Anonymous chat-widget visitor's name is silently cleared when they later submit a new email/phone (#24921)
  • [Fix] CronTaskCommandRejected escapes dispatch loop — concurrent tick race unhandled (#24905)
  • [Fix] MailForwardDepartmentPresenter calls bind() on every template reload, causing "already binded" error (#24903)
  • [Fix] Agent can change their own Chatting priority and Max chat load (#24870)
  • [Fix] Responsive ticket grid: selection not cleared after mass action completes (#24862)
  • [Fix] Incoming email silently dropped when sender's first name exceeds 100 characters (#24841)
  • [Fix] Agent form freezes when save returns HTTP 400 (#24836)
  • [Fix] Subject containing Thai characters can sometimes be garbled (#24782)
  • [Fix] The Mail account setting in Notifications are sent from section always reverts to the default email address next time you open this section (#24771)
  • [Fix] API v3 tag change via session auth returns 500 (#24738)
  • [Fix] Slow query on qu_la_conversations caused by CloseResolvedConversations task (#24464)
  • [Fix] Edit quoted text button disappears from reply box when email template is loaded (#24162)
  • [Fix] Timezone-Offset header is ignored by some ticket endpoints (#23746)
  • [Fix] La_RestApi_FiltersParser::parseFilters returns HTTP 500 for invalid filter operator code (incomplete fix from #20002) (#23423)
  • [Fix] OOM in Audit Log CSV export: unbounded query + buffered PDO loads all rows into memory (#23031)
  • [Fix] GpfException: Union is empty! — TagWorkReportChart crashes when tenant has no active tags (#22522)
  • [Fix] API v3 Timezone-offset does not work (#23695)
  • [Performance] Time-rule engine MATCH(tags) AGAINST + anti-join scan is ~95% of slow queries on db-08-master-1 (#24976)
  • [Other] Refactorings and other fixes (#25019)(#25016)(#24890)(#24873)(#24829)(#24055)(#23519)