ZSA-2019-06
Malicious email can cause browser to load external files.
问题
An attacker who sends a malicious email to OTRS can cause the browser to load external files if the agent quotes the email.
临时方案
As a workaround, you can replace the affected files (see below for download). Then, activate SysConfig option Ticket::Frontend::BlockLoadingRemoteContent.
ATTENTION: A lot of OTRS files are affected. Please check if any of these files have been changed in your OTRS installation by additional add-ons. In that case you MUST NOT simply overwrite the files with the ones provided below. Please contact us instead.
解决方案
Upgrade to the latest available OTRS patch level (download.znuny.org).