WombatDialer 25.02

This new major release of WombatDialer addresses an important security issue and has a number of small changes meant to make your life easier.

WombatDialer 25.02 can now be readily accessed through various means: an RPM package for CentOS 8, Rocky 8, and Rocky 9 based distributions; a Docker image available on DockerHub; and a TGZ file designed for manual installation on any operating system running the Java platform.

Important security update

This version fixes a major issue with session handling that could theoretically allow an user to bypass security checks on the configuration interface.

The CVE for this will be published soon.

While we have no suggestion that this vulnerability was ever exploited in the wild, as it was found in a security audit, we suggest updating immediately to avoid any possible risk before the vulnerability is publicly disclosed.

Improvements to call reporting

From the Reports page in WombatDialer, under the Call Outcomes panel, it is possible to see a breakdown of those call outcomes grouped by the number of recall it happened to. This way you can see, e.g., how many calls were completed the first time they were placed, how many on the first recall, how many on the second, and so on.

wd2502 recalls

This feature, sometimes known as "Called Counts", can be very effective in deciding how "deep" you recall policy must be set to optimally reach your targets.

Also, on the Realtime page, the panel "Active Lists on Run" was sometimes hard to use because buttons would appear on the very bottom of the panel. Now that’s fixed.

A clarification on AUTO lists

We added a new section to the User Manual called "Automatic Lists" because we felt that a number of customers would not get what AUTO lists are for by reading the current documentation. And - worse - they would end up using them incorrectly. Automatic lists are very handy, but their expected behavior can sometimes be misleading.

If you use AUTO lists, make sure you check it out at https://docs.loway.ch/WombatDialer/020_WD_Concepts.html#AUTOLISTS

API improvements

It is not possible anymore to add numbers to a campaign that has no active run - this makes no sense. Previously these numbers would be added to the AUTO list for the campaign, but not actually dialled. Now this triggers an error.

The CPS parameter for a trunk could not be set - it is not meant to, as it is a derived parameter based on rlMaxMsg and rlMsgEvery settings, but you had to remove it from the JSON description of a trunk to change it. Now it is fixed.

Easier installation and upgrades

Now WombatDialer supports MySQL 8.0.36 out of the box when installing with yum; previously you had to change its password policy to allow WD to use it. MariaDB is always supported and is in general easier to work with - but you choose.

To access the WombatDialer web-app, you now have a fixed symlink /usr/local/queuemetrics/wd-current that will always point to the correct one.

The DbTest transaction used on first installs and upgrades was made a bit easier on the eye and external links were fixed.

Deprecations and security

  • Changes to the lists associated to a run are now written on the system log.

  • Current RPMs do not support CentOS 6 and may not work on CentOS 7 systems. Those systems are obsolete and you really need to upgrade them.

Bug Fixes

  • #6937: CVE: Bypass Cookie Session

  • #6444: Statuses by recalls

  • #6999: "Active Lists on Run" panel is not very readable.

  • #6997: Numbers added to a campaign that has no existing run

  • #6851: Cannot change CPS on a trunk via API

  • #6996: Syslog: logs changes to lists on a run

  • #6998: Better explanation on why AUTO lists must be used carefully

  • #7030: Create symlink "wd-current" in RPM install

  • #7004: DbTest: wrong links and dates

  • #6821: Wombat won’t install on MySQL 8.0.36

  • #6003: Weird events "Channel: OutgoingSpoolFailed" fixed