Releases »

11.1 »

11.1.5

Cerb (11.1.5) is a maintenance update released on September 30, 2025. It includes 14 minor features and fixes from community feedback covering the 11.1 update. You can follow these instructions to upgrade.

Changelog

Added

  • [Mail/HTML/Images] Added an image external URL allowlist to HTML email message security. When a pattern matches an image is displayed by default while others remain blocked.

Changed

  • [Platform/Stats/Performance] When comparing vectors, cosine similarity now uses pure PHP rather than bcmath since the latter is much slower.

Fixed

  • [Records/Validation] Fixed an issue where validating a set of email addresses uppercased them rather than lowercasing. This was only used in the cerb.email.relay automation API command.

  • [Automations/Email/Relay] Fixed an issue in the cerb.email.relay automation API command that prevented relayed messages from sending.

  • [Email] Fixed a PHP notice in the 'Re:' subject line tagging for non-reply message types (e.g. transactional).

  • [Mail/Comments] Fixed a rendering issue with comments in ticket threads. Comments are now converted from Markdown to HTML as untrusted and partial tags are escaped.

  • [Mail/HTML] Fixed an issue in sent HTML messages. The de-duplication SHA-1 content was not being saved, which impacted the ability to download those files from the Support Center. [#1820]

  • [Portals/Support Center] In the Support Center, when displaying a conversation, attachments without an SHA-1 content hash are omitted as download links.

  • [Worklists/Behaviors] Fixed an issue with "Record worklist rendered" behaviors where modified worklists didn't contain a notice and links back to the behaviors.

  • [Mail/Parser] Fixed an issue in the inbound email parser when a message contains multiple 'Message-Id:' headers.

  • [Mail/Parser] Fixed an issue in the inbound email parser when a message contains multiple 'In-Reply-To:' or 'References:' headers.

  • [Resources] Added more error reporting when uploading resource files larger than the configured limits.

  • [Widgets/Charts] In 'Chart KATA' widgets, fixed an issue where tooltips didn't display for negative y-values.

Security

  • [Security/Composer] Updated the enshrined/svg-sanitize dependency from 0.15.4 to 0.22.0 in response to a security advisory.