In This Article
Patch 16.5.4
Note: Requires 16.5.3 to be installed first!
The links above will download the Version 16 patch as a zip file. This file doesn't need to be extracted as the software extracts the zip file as part of the process while applying the patch. Review the Patching Process Overview article.
Before installing a new patch, please:
- Stop the SQBoxTaskManager service on the webserver. After finishing the patch installation, you must start the service again.
- Run the following code in the "Execute custom code" box in the admin area to reconnect the Lucee SSL certificate:
<cfscript>
SSLCertificateInstall("ws.icthrive.com")
</cfscript>
Once installed, please:
- Reboot the server as soon as possible
Note: If the Lucee version is on 5.3.6.61, please use the instructions here to update.
Version 16.5.4 Patch Notes
Patch Highlights
This release delivers a major new feature alongside a wide range of quality-of-life improvements, bug fixes, and security enhancements designed to make the application faster, more reliable, and more secure.
The highlight is Product Health & Content Cleanup, a powerful new system that proactively scans for clutter, performance issues, and outdated data—paired with a streamlined Cleanup Action Queue that automates bulk cleanups after hours to keep operations smooth and efficient.
In addition, this update introduces several usability improvements across search, forms, themes, and user permissions, while also completing our infrastructure move from AWS to Azure. Dozens of bugs have been resolved to improve stability and user experience, and key security patches strengthen protection against XSS vulnerabilities.
Together, these changes enhance performance, simplify administration, and provide a more secure foundation for future growth.
Features
• FEATURE - Product Health / Content Cleanup. Keep your system running at peak performance with our powerful Product Health & Content Cleanup feature. Behind the scenes, smart background processes continuously scan your database to detect potential issues and unnecessary clutter that may slow things down. Paired with a suite of intuitive tools, you can quickly resolve problems and remove outdated data with ease.
• At the heart of this innovation is the Cleanup Action Queue—a streamlined way for administrators to schedule and manage bulk cleanups. Simply select the items you want addressed, queue them up, and let the system automatically perform the heavy lifting after hours (9 PM by default), ensuring your operations stay fast, clean, and disruption-free.
• The result? A healthier, leaner, and more efficient system—without the extra work.
Quality Of Life Improvements
• FEATURE – System – Moved automatic patch download mechanism to use new Azure cloud instead of AWS.
This is to support our infrastructure move from AWS to Azure. New updates pushed will come from an Azure cloud storage rather than AWS.
• FEATURE – Site Search – Add ability for users to see if last index failed
The Site Search admin page now displays a message if the most recent bulk re-index task did not complete successfully. Previously, only the last successful run time was shown, with no indication of failed or incomplete tasks.
• FEATURE – Forms – Option to Hide System Status Column in Form Responses
We have added a new option to the "Advanced View Options" in the "Views" tab of the form builder. The option labelled "Hide Status Column" will allow you to remove the "Status" column from your response view where previously, this was not possible.
• FEATURE – Forms – Add Column-Based Sorting to Form Response Table
Sorting capabilities to the response table, allowing responses to be ordered by status or any other column. Previously, users could only filter by department or user, making it time-consuming to locate specific submissions. This update improves response management speed, enhances usability, and lays the groundwork for future advanced views and logic.
• FEATURE – Advanced Theme Editor - Add option for static background image
Added a setting in the "Advanced Theme Editor" for making a background image fixed and not scrollable.
• FEATURE – User Permissions Report - Include disabled users in list for User Permissions report and in Bulk Ownership change functionality
Allow administrators to select disabled users from the dropdown for User Permissions report. Then the admin can now do Bulk Ownership changes for that user.
Bugs
• BUG FIX - Preview button won't close in documents app
• BUG FIX - Edit Widget popup cannot be moved
• BUG FIX - SecureFileLink does not handle spaces
• BUG FIX - Workflow Approval Popup won't appear
• BUG FIX - Change Password Screen Infinitely Loops in certain conditions
• BUG FIX - Photo Album - For Smaller images, the details on image overlay floods out of the box.
• BUG FIX – AD Sync Photos pull from Azure Entra ID even when not selected in field mapping screen.
• BUG FIX - Deadlocking in cleanup task
• BUG FIX - Support Desk Agent can't save tickets
• BUG FIX - UsernameMapping is not remembering choice in a AD Connection Target Screen
• BUG FIX - Graph Target Screen UserNameMapping NEEDS an onPremiseUserPrincipalName option.
• BUG FIX – Fix for groups not syncing on LDAP Connections
• BUG FIX - Bug in "Add Form" UI. New File or Link types have broken UI
• BUG FIX - Scrolling Limited While Editing Workflows
• BUG FIX - Add External Email in Form Workflow shows broken UI
• BUG FIX - Error when clicking R&C tab in AppBuilder Apps
• BUG FIX - Blog app pictures don't auto resize
• BUG FIX – Filter for form responses
• BUG FIX - viewing ratings popup doesn't work
• BUG FIX – Performance improvements to forms application
• BUG FIX - Search Bar Missing on certain browser zoom sizes
• BUG FIX – HTML Displays as text in the file versioning comment text.
• BUG FIX - Photo Album - Folder count is not shown even when 'display item count (x)option' is selected.
• BUG FIX – Thumbs up breaking in appbuilder apps.
• BUG FIX - Form Response custom fields sorting breaks
Security Enhancements
• SECURITY IMPROVEMENT - XSS Vuln in Site Login page.
• SECURITY IMPROVEMENT - Mitigate XSS vulnerabilities inside of Widgets
• SECURITY IMPROVEMENT - Fix XSS vulnerabilities in Employee Directory folder/area
Version 16.5.3 Patch Notes
Patch Highlights
Security Improvements:
- Replaced Encrypted Passwords With Hashing:
We upgraded the hashing algorithm used to store passwords to a stronger standard. To complete the upgrade, please run the Password Upgrade Wizard available on the admin home page.
- CORS Checking Dashboard:
Cross-Origin Resource Sharing is a security feature implemented by web browsers to prevent malicious websites from accessing resources on a different domain. Our new CORS Dashboard located in Admin | Security makes it easy for admins to manage this – view recommended domains, whitelist trusted sources, and add or edit custom entries.
- jQuery upgrade to 3.7.1: Upgraded jQuery and 3rd party jQuery libraries to the latest released version to improve back-end performance and mitigate security vulnerabilities. This update maintains all existing functionality and preserves the current user interface.
Product Enhancements:
- Site Search: File indexing controls and performance updates:
Added new settings to the Site Search admin page, allowing administrators to configure the maximum file size and specific file types to include in search indexing. This release also includes performance improvements to the Search indexing process.
- Added UI for blocked file types in Admin Security tab:
Introduced a new Blocked File Types page under the Security tab, enabling administrators to manage which file types are permitted for upload across the application.
- Multiple bug fixes to improve stability in the application.
Version 16.5.3 Hotfixes
| Hotfix | Issues it fixes |
|
Hotfix 5547 (Combo) |
This fixes 10 bugs occurring on 16.5.3, we recommend installing this after upgrading to 16.5.3. Please reach out to Support for additional details. |
Version 16.5.2 Patch Notes
Patch Highlights
- New option to send all email notifications from the administrator email (to help with Microsoft 365 mail)
- Support Desk email notification improvements: Include custom fields in emails.
- Microsoft Graph synchronization customization: Choose which field sets the username on the Intranet.
- Password complexity checking: Increasing security standards for new form passwords
- Security improvements against XSS (Cross-site scripting) and Cross Site Forgery Requests
Version 16.5.2 Hotfixes
| Hotfix | Issues it fixes |
| Hotfix 5256 | Fixes an issue where PDFs which include spaces in the title will not get loaded correctly. |
| Hotfix 5186 | Fixes thumbs up bug where clicking the thumbs up on an appbuilder item did not work. Also Fixes ability to have urls that click into a new window inside of ckeditor text fields in appbuilder apps. |
| Hotfix 5040 | Fixes link redirect fail after login when site uses SSO. |
| Hotfix 5236 | Fixes an issue in the menu navigation where encodeForHTMLAttribute() is not a valid function. Fixes Broken menu items with icons. |
Note: This patch release is for supported browsers Chrome, Firefox, and the new Edge (Chromium). All versions of Microsoft IE (11 and below) will encounter layout problems and are not supported.
If you are seeing messages about web services not connecting, or cannot obtain expiry information on your admin page, you'll also need to apply the ws.icthrive.com certificate to Lucee for web services to connect. Click here to learn how to add the certificate in Lucee.