4.83v

1. Notable changes since 4.82v
   - Chat list sorting: added sort options for highest and lowest message count in chat lists; a validation warning is shown when sorting by message count without a date range of 31 days or less.
   - Webhooks: debug mode support added to `processEvent` in both chat and mail conversation continuous webhook classes; new validation conditions `notempty` and `in_list`; improved error handling and logging; webhook form updated with chat ID testing and improved button styling; test pattern module enhanced with webhook ID validation.
   - Dropdown: "Select all" and "Unselect all" buttons added to multi-select dropdowns across the back-office; dropdown plugin and render helper updated accordingly.
   - Subject filter: subject filter conditions added to the chat list search panel and mail conversation search panel; department user dep logic enhanced.
   - Widget: bumped to version 272; improved `screenAttributesUpdate` height/width calculations for better responsiveness across screen sizes; wrapper now passes its version to the API; fixed proper termination in wrapper source.
   - Canned messages: fixed auto-uppercase breaking text input in the new rich-text editor (LHCEditor).
   - REST API: fixed authentication validator regression.
   - Chat core: added support for dashes in chat handling logic.
   - Templates: minor fixes in chat lists template and survey fill-widget template.

2. Summary
   - This release improves chat list usability with message count sorting, strengthens webhook debugging with debug mode and new validation conditions, and enhances multi-select dropdowns with select-all/unselect-all controls.
   - Widget responsiveness and wrapper version reporting are improved; canned message auto-uppercase and REST API auth issues are resolved.

execute doc/update_db/update_350.sql for update

4.82v

1. Notable changes since 4.81v
   - Security/file handling: enhanced MIME type validation across file download endpoints (`downloadfile.php`, `inlinedownload.php`, REST API `file.php`); MIME type constants added in mail conversation parser; all operator/visitor uploads validated against `var` folder path; resolved security issues L01, L02, L04, L05, L06, L11, L13.
   - Widget: added expand mode with configurable width/height ratios and new `shrink_text`/`expand_text` UI fields; widget communication updated to include user session prefill variables in sent messages; fixed `reloadWidget` function; updated wrapper version.
   - Chat search/statistics: added message count filters (operators, visitors, bots) to search panel and statistics tabs; added total messages count input field; added search by message ID range.
   - Chat tab visibility: operators can toggle chat tab visibility (show/hide chat tabs) via quick actions in user settings.
   - User settings: added auto-accept chats option and alert preference for transferred chats.
   - Variables/prefill: support for passing custom back-office vars as `lhc_var` variables; encrypted prefilled variables always applied; variable only set when replaceable variable is non-empty; proactive invitations now update vars when custom vars are passed.
   - Theme/translations: widget theme `translate` method accepts user context; REST API modules (`checkchatstatus`, `getinvitation`, `initchat`, `onlinesettings`, `settings`) use user context for theme translations; multilanguage support for custom fields; `fetchByVid` includes caching option.
   - Canned messages: refactored retrieval with `getCannedMessages` method; added `auto_send` filter and `ignore_subjects` parameter.
   - Extensions: support for extensions to contribute custom side-menu items.
   - Configuration: folder/directory write-permission checks added to the configuration page with per-directory success/error indicators.
   - Bot: support for background workers in REST API bot action; improved bot detection filtering.
   - Message history: previous-message loading always uses all messages when the page limit is not reached; safe inclusion of all chat messages.

2. Summary
   - This release strengthens file handling security with MIME type validation, file path checks, and resolves multiple L-series security issues.
   - Operator UX improvements include widget expand mode, chat tab visibility toggles, and richer user settings (auto-accept, transfer alerts).
   - Search and statistics gain new message count filters; extensions gain custom side-menu support; theme translations now respect user context.

3. Contributors

- L01: SSRF via incoming webhook image download (CWE-918)
- L06: Mass assignment in REST API file PUT leading to arbitrary file read (CWE-915, CWE-22)
- L11: Stored XSS via Content-Type spoofing in file upload (CWE-79, CWE-345)
- L13: Unsafe deserialization in configuration loader (CWE-502)

Vulnerability Researcher: Pedro J. Núñez-Cacho Fuentes (https://blogs.tunelko.com)

execute doc/update_db/update_349.sql for update

4.81v

1. Notable changes since 4.80v
   - One-time proactive chat invitations: new DB table `lh_abstract_proactive_chat_invitation_one_time` tracks which visitors have already seen an invitation, preventing repeat displays.
   - Proactive invitations: cleanup logic added for stale one-time invitation records; widget now records when a one-time invitation is shown; edit module enhanced with custom actions for proactive invitations.
   - Captcha: added provider-based captcha support — Google reCAPTCHA v3 and Cloudflare Turnstile are now both supported with a shared validation layer (`CaptchaValidator`, `erLhcoreClassUserValidator`).
   - Captcha admin UI: provider selector with provider-specific field sections; shared key labels across providers; CSRF redirect fix.
   - Translation system: UX improvements for automatic translations; operator and visitor message translation differentiated; messages with existing translations are now skipped; translation configuration UI updated.
   - Bot/Widget: custom HTML buttons and bot buttons are now disabled when a form is in progress status; alert messages added; placeholder for name field in widget start form.
   - Editor: fixed infinite loop issue in the new rich-text editor (LHCEditor).
   - Dashboard: removed legacy old dashboard; cleaned up related options and switch logic.
   - Security/permissions: added permission access checks in block user, hold action, transfer chat, and chat widget closed flows.
   - PHP 8.5 compatibility: resolved deprecation and compatibility issues.
   - Translations: updated translation catalogs including new captcha-related and translation-workflow keys.

2. Summary
   - This release introduces one-time proactive chat invitations, a flexible multi-provider captcha system, and several translation workflow improvements.
   - Includes editor stability fixes, dashboard cleanup, PHP 8.5 compatibility, and stricter permission checks across chat action endpoints.

execute doc/update_db/update_348.sql for update

4.80v

1. Notable changes since 4.79v
   - Message content protection: added language-specific warning message support for ghosting/masking rules.
   - UI (back office): redesigned message protection warning editor with multilingual tabs and per-language message fields.
   - Runtime masking: warning text can now be translated by chat locale (full locale and short locale fallback).
   - Data/model layer: added `languages` persistence support in `lh_abstract_msg_protection` model/POS mapping.
   - Frontend cleanup: simplified multilingual tab content rendering in Svelte component used by admin forms.

2. Summary
   - This release extends message protection rules with localized warning messages and wires the full stack (DB, model, UI, and runtime locale resolution).

execute doc/update_db/update_347.sql for update

4.78v

1. Notable changes since 4.77v
   - Bot: support for bot short name.
   - Message masking: mask last message from visitor.
   - Webhooks/Conditions: support additional comparison variables and accept all params for condition checks.
   - Events: included more information for main chat attributes change event.
   - Debugging: added debug message handling inside chat messages.
   - Guardrails: added whitelist support for phone guardrails.
   - Misc: small typo fixes.

2. Summary
   - Improvements across bot, webhooks, and message masking to increase reliability and observability.
   - Several small bug fixes and developer-facing debug improvements.

execute doc/update_db/update_345.sql for update