+# Version 27
+## Über
+Hotfixes beseitigen einen bestimmten Fehler und werden in der Regel als ZIP-Datei zur Verfügung gestellt. Die ZIP-Datei wird im Installationsverzeichnis von i-doit entpackt. Die Abfrage, ob Dateien beim Entpacken überschrieben werden sollen, kann bestätigt werden (Taste **Y** für "yes" oder **A** für "all"). Hier ein Beispiel:
+sudo cp i-doit_<version>_hotfix_<description>_<ticket>_<commit>.zip /var/www/html/i-doit/
+cd /var/www/html/i-doit/
+sudo -u www-data unzip i-doit_<version>_hotfix_<description>_<ticket>_<commit>.zip
+sudo rm i-doit_<version>_hotfix_<description>_<ticket>_<commit>.zip
+!!! attention "Bitte beachten"
+    Bitte nutzen Sie Hotfixes ausschließlich mit der genannten Version. In neueren Versionen werden diese bereits enthalten sein, sodass eine erneute Installation nicht notwendig ist.
+    Sollten Sie eine ältere Version von i-doit nutzen, ist es notwendig, zuerst auf die aktuelle Version zu aktualisieren.<br>
+    Falls ein Hotfix zur Ausführung des Updates einer älteren Version notwendig ist, ist dieser in den Unterkapiteln zu den Hotfixes hier in der Knowledge Base zu finden.<br>
+    Da es sich hierbei um Hotfixes handelt, empfehlen wir, diese nur einzuspielen, wenn diese für den sauberen Betrieb Ihrer Installation notwendig sind oder Sie durch den Support zur Verwendung aufgefordert werden. Bitte stellen Sie sicher, dass vor der Verwendung dieser Hotfixes ein [Backup von i-doit](../../wartung-und-betrieb/daten-sichern-und-wiederherstellen/index.md) erstellt wurde.<br>
+    Sollten Sie nach der Verwendung der Hotfixes mit dem Support in Kontakt treten, ergänzen Sie bitte den Hinweis auf dessen Verwendung.
+!!! info "Aktualität"
+    Die unten genannten Systemvoraussetzungen beziehen sich auf die aktuelle Version von i-doit, in diesem Fall ==27== Zu jedem Release von i-doit werden diese Angaben angepasst. Wer die Angaben für ältere Versionen von i-doit benötigt, kann die Änderungshistorie dieser Seite verfolgen.
+!!! attention "Einverständniserklärung"
+    Mit dem Herunterladen eines Hotfixes erklären Sie, dass Sie die oben genannten Hinweise vollständig gelesen und verstanden haben
+## i-doit core
+!!! bug "Hotfix release"
+    If you downloaded i-doit 27 prior to November 28th, we've identified some issues that require attention.<br>
+    We have prepared a linked package that contains necessary fixes.
+    Please refer to one of the guides below for assistance
+    !!! example "**Use the updater to download the package**"
+        -   Set file and folder rights, either via `idoit-rights.sh` or [manual](../../installation/manuelle-installation/setup.md)
+        -   Open the i-doit web update
+        -   At **2. Available Updates** you copy and paste the **[LINK](https://login.i-doit.com/downloads/idoit-27-update.zip)** in to the corresponding URL field and click **Download and extract**
+        -   Now do the update
+    !!! example "**or download and extract the package**"
+        -   Download the new package from the [customer portal](../../administration/kundenportal.md)
+        -   Extract the package into the i-doit Folder, see [here](../../wartung-und-betrieb/update-einspielen.md#update-über-die-konsole-vorbereiten)
+        -   Set file and folder rights, either via `idoit-rights.sh` or [manual](../../installation/manuelle-installation/setup.md)
+        -   Use the i-doit web updater to update with the new package
+    !!! note "**This update Package includes the following Hotfixes**"
+        **Adding a condition block for location > below > X location outputs no results**<br>
+        **HTML is displayed in Report**<br>
+        **Exported report displays \_\_id\_\_ column**<br>
+        **Report objects adds `&nbsp;&nbsp;` after each column**<br>
+        **Placeholder is not correctly replaced**<br>
+        **Operators for some fields can not be selected - TypeError: equation.map is not a function**<br>
+        **The encoding of umlauts are displayed in report titles**<br>
+        **Status filter for multivalue categories in report manager is not working correctly for custom categories**
+### Assigned clusters are removed after saving the object type configuration
+Use this if you need to assign the specific category **Assigned Clusters**.
+[i-doit_27_hotfix_ID-9977_eb1035c.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9977_eb1035c.zip){ .md-button .md-button--primary }
+### JDisc mapping error with MAC address
+Hotfix for the JDisc import error `Duplicate entry 'object-56-ABCDEF123-aa:aa:aa:aa:aa:aa,aa:aa:aa:aa:aa:aa,aa:aa:a...' for key 'isys_jdisc_mapping__type_device_serial_mac'.`
+[i-doit_27_hotfix_ID-10098.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-10098.zip){ .md-button .md-button--primary }
+### Description fields yield validation errors on 32bit systems
+[i-doit_27_hotfix_ID-9928_7dca69d.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9928_7dca69d.zip){ .md-button .md-button--primary }
+### Changing technical keys to only contain words causes entries to lose the values when filled with API (Number only)
+[i-doit_27_hotfix_ID-9938.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9938.zip){ .md-button .md-button--primary }
+### Icon redirects are not cached
+If loading takes too much time between switching from object type to object type.
+[i-doit_27_hotfix_ID-9924_8c73a0f.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9924_8c73a0f.zip){ .md-button .md-button--primary }
+### Refactor the automatic update-check to a separate (ajax) request
+If opening the administration area of i-doit and navigating to "[Tenant-name] management" the page will take quite some time to load.
+[i-doit_27_hotfix_ID-9919_63ba178.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9919_63ba178.zip){ .md-button .md-button--primary }
+### Document does not exist error message when opening a document
+[i-doit_27_hotfix_ID-10086.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-10086.zip){ .md-button .md-button--primary }
+### Report viewing DBMS version always shows the first entry
+[i-doit_27_hotfix_ID-10083_801ae6b.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-10083_801ae6b.zip){ .md-button .md-button--primary }
+## API Add-on 1.15
+### cmdb.reports.read attaches "&nbsp;&nbsp" to each value
+[api_1.15_hotfix_API-458_7e2ae2e.zip :material-file-download:](../../assets/downloads/hotfixes/api/api_1.15_hotfix_API-458_7e2ae2e.zip){ .md-button .md-button--primary }
+### When using cmdb.objects.read it should be possible to use 'categories' without an array
+[api_1.15_hotfix_API-415.zip :material-file-download:](../../assets/downloads/hotfixes/api/api_1.15_hotfix_API-415.zip){ .md-button .md-button--primary }
+### cmdb.objects.read gives empty/nameless object with error message as a result when reading objects with the category licenses
+[api_1.15_hotfix_API-462.zip :material-file-download:](../../assets/downloads/hotfixes/api/api_1.15_hotfix_API-462.zip){ .md-button .md-button--primary }
+## Analyze Add-on 1.3
+### Service assignment is not displayed in data quality
+[Analysis_1.3_hotfix_ANALYSE-76_aa07fc2.zip :material-file-download:](../../assets/downloads/hotfixes/analyze/Analysis_1.3_hotfix_ANALYSE-76_aa07fc2.zip){ .md-button .md-button--primary }
+## Forms Add-on 1.2.0
+### Object is not created when a attribute validation is used and no error is displayed
+[forms_1.2.0_hotfix_AOF-38_69144fc.zip :material-file-download:](../../assets/downloads/hotfixes/forms/forms_1.2.0_hotfix_AOF-38_69144fc.zip){ .md-button .md-button--primary }
+## Floorplan Add-on 1.6
+### MySQL8 causes database error "incorrect DATETIME" when opening Floorplan AND Adding new Floorplan gives Error message and deletes existing objects added to floorplan
+[floorplan_1.6_hotfix_FP-130_FP-131.zip :material-file-download:](../../assets/downloads/hotfixes/floorplan/floorplan_1.6_hotfix_FP-130_FP-131.zip){ .md-button .md-button--primary }
+# Changelog 28
+[Task][Category folders]         Streamline wording of move browser in Category Tree
+[Task][Category folders]         Streamline wording of reorder modal in category tree feature
+[Task][Category folders]         Rename message when folder is empty
+[Task][Category folders]         Reset category list when the search is deleted
+[Task][Category folders]         Improve category folders drag and drop
+[Task][Category folders]         Add option to select and move multiple items
+[Task][Category folders]         Rename GERMAN Expand Button
+[Task][Category folders]         Add info to empty state of category folders feature
+[Task][Category folders]         Disable move button when nothing is selected
+[Task][Category folders]         Add information about the use of language constants to add a modal folder
+[Task][Code (Internal)]          Remove global $g_convert variable
+[Task][Code (Internal)]          Show architecture in system-overview
+[Task][List editing]             The text with leading zeros needs to be written more clearly.
+[Improvement][Import]            Allow user to import "input" of the first object in cabling import
+[Improvement][JDisc]             JDisc: It should be possible to import more information (SLOT) regarding hard disc
+[Improvement][JDisc]             Import von einzelnen Geräten aus JDisc anhand der IP über die Console / IP filter for JDisc import console command
+[Improvement][JDisc]             New JDisc Import Mode: "Update (Existing)"
+[Improvement][JDisc]             JDisc Import: Importiere SNMP Attribute
+[Improvement][JDisc]             Comparison of available objects from i-doit and JDisc
+[Improvement][JDisc]             Archive objects, that have not been seen by JDisc for a defined set of days
+[Improvement][Code (Internal)]   Purge all objects in i-doit via command
+[Bug][Code (Internal)]           Refactor the automatic update-check to a separate (ajax) request
+[Bug][Code (Internal)]           Installation of different Add-on Versions does not replace old files
+[Bug][Code (Internal)]           Changes in SMTP configuration encrypt the password
+[Bug][Code (Internal)]           Assigned clusters are removed after saving the object type configuration
+[Bug][Code (Internal)]           de-humanize the login page
+[Bug][Code (Internal)]           Mouseover at object placed in rack shows html character instead of "ß" if language is german
+[Bug][Code (Internal)]           Wrong translation of Editing lock
+[Bug][Code (Internal)]           Creating a object-type at "edit-datastructure" causes error because of https
+[Bug][Code (Internal)]           Fix object ID reset in URL in "Configurate object browser" after canceling an edit
+[Bug][Code (Internal)]           Icon redirects are not cached
+[Bug][Code (Internal)]           Changing technical key in multi value category causes problems in listview
+[Bug][Code (Internal)]           Too small resolution does not display object titles in search bar
+[Bug][CMDB]                      TypeError when assigning a Software
+[Bug][CMDB]                      JDisc Import date is imported as string and not as date
+[Bug][CMDB]                      Location is not selectable in object browser
+[Bug][CMDB]                      Removing 'end of contract' of a contract makes it reappear after saving even though the runtime is now 0
+[Bug][CMDB]                      Language constant overwrites another attribute
+[Bug][CMDB]                      Date fields in category SIM are prefilled with character '-'
+[Bug][LDAP]                      Creating an LDAP/AD filter that includes multiple filters
+[Bug][Custom categories]         Changing technical keys to only contain words causes entries to lose the values when filled with API (Number only)
+[Bug][JDisc]                     JDisc mapping error with MAC address
+[Bug][JDisc]                     Saving a JDisc profile with a empty categories selection displays malformed JSON warning
+[Bug][Category folders]          It is possible to select disabled folders as target
+[Bug][Category folders]          Translations should not be overwritten after opening the category folders for the first time
+[Bug][Category folders]          Fix move of categories when search is used
+[Bug][Category folders]          Fix jumping view port when searching and selecting items
+[Bug][Category folders]          After using search and delete the string via the X it is not possible to select category/folder container
+[Bug][Category folders]          Security issue category folders prevent XSS usage in folder names
+[Bug][Category folders]          Show root folder categories in move folder modal
+[Bug][Category folders]          Correct sorting of category folders and categories
+[Bug][Category folders]          Remove leftover categories
+[Bug][Category folders]          Show language constants in edit folder modals
+[Bug][Category folders]          Do not collapse category folders automatically
+[Bug][Category folders]          Do not show language constant in add folder modal
+[Bug][Category folders]          Do not show "no content" text when category is moved in empty folder
+[Bug][Security]                  Prevent SQL-Injection in combobox endpoints (solves: CVE-2023-46856 & CVE-2023-49303)
+[Bug][Security]                  Prevent loading "isys_cats_person_list" data over combobox "load" endpoint
+[Bug][Security]                  Escape config values before writing them into config.inc.php (solves: CVE-2023-49300)
+[Bug][Security]                  Remove option to download other files than i-doit update files via atomatic updater (solves: CVE-2023-49307)
+[Bug][Security]                  Remove possibility to execute mysqldump over the UI
+[Bug][Security]                  Prevent XSS in "qr.php" (solves: CVE-2023-49301)
+[Bug][Security]                  Prevent XSS in category update for "File Links" (solves: CVE-2023-49302)
+[Bug][Security]                  Prevent XSS in IT-Service Filter (solves: CVE-2023-49304)
+[Bug][Security]                  Prevent XSS in Logbook entries through category data (solves: CVE-2023-49305)
+[Bug][Security]                  Prevent XSS in usage of "proxy.php" (solves: CVE-2023-49306)
+[Bug][Security]                  Prevent Path Traversal in Filemanager endpoint (solves: CVE-2023-49308)
+[Bug][Security]                  Prevent Path Traversal in Filemanager "Image" in CMDB (solves: CVE-2023-49309)
+[Bug][Security]                  Prevent Path Traversal in Import Module which allows to delete files (solves: CVE-2023-49311)
+[Bug][Security]                  Disallow file urls in "reports.browser-url" to prevent exposing sensitive file contents (solves: CVE-2023-49310)
+[Bug][Security]                  Add rights guard to isys_ajax_handler_logbook.class.php
+[Bug][Security]                  Add guard by right-checking to "isys_ajax_handler_json.class.php"
+[Bug][Report-Manager]            Report objects adds    after each column
+[Bug][Report-Manager]            Exported report displays __id__ column
+[Bug][Report-Manager]            HTML is displayed in Report
+[Bug][Report-Manager]            Adding a condition block for location > below > X location outputs no results
+[Bug][Report-Manager]            Status filter for multivalue categories in report manager is not working correctly for custom categories
+[Bug][Report-Manager]            Status filter for multivalue categories is not working for CPU cores
+[Bug][Report-Manager]            Operators for some fields can not be selected - TypeError: equation.map is not a function
+[Bug][Report-Manager]            Placeholder is not correctly replaced
+[Bug][Report-Manager]            SQL error in report manager for Wiring System > Assigned objects categories
+[Bug][Report-Manager]            %LIKE% Operator for guarantee date is not working correctly
+[Bug][Report-Manager]            '=' operator does not work correctly for custom categories
+[Bug][Report-Manager]            The encoding of umlauts are displayed in report titles
+[Bug][API]                       Can not use API when the API System Person is deleted
+[Bug][API]                       Contact roles can not be authorized for API
+[Bug][API]                       SQL error when using order_by
+[Bug][Categories]                Reordering category folders causes visibility "eye" to disappear
+[Bug][Categories]                'Edit' button disappears after 'purging' single value categories
+[Bug][Categories]                Vertical slots for rack backside are mirrored
+[Bug][Categories]                Deselecting a stack member sets it to generic location
+[Bug][Categories]                Typo in category "Remote Management Controller" attribute "Primäre ZugriffsURL"
+[Bug][System settings]           Not setting SMTP Timeout leads to SMTP Error
+[Bug][System settings]           Save buttons do not display a success notification
+[Bug][System settings]           Create Ticket button does not use the configured URL with PORT
+[Bug][System settings]           API System setting overwrites tenant setting
+[Bug][System settings]           System settings are not set through expert settings
+[Bug][Validation]                Enable user to filter for attribute settings
+[Bug][Validation]                Show empty attribute settings table to user
+[Bug][Validation]                Do not show error message in tooltip while hovering over validation error in custom fields
+[Bug][Validation]                Description fields yield validation errors on 32bit systems
+[Bug][Notifications]             Group and User receive notification if receive strategy (-) is selected and both user & group have primary emails
+[Bug][Notifications]             Neither group nor user receive notification if receive strategy (Groups if available, else assigned persons) is selected and only group member has primary email
+[Bug][Notifications]             Notifications interval does sent E-Mails also a day after interval date
+[Bug][List editing]              Can't create Model in list edit
+[Bug][Search]                    Minimum search string error message should match setting
+[Bug][Logging]                   Show detailed log does not work
+[Bug][Lists]                     Sorting numbers in multi value category
+[Bug][CMDB-Explorer]             SQL Error in CMDB Explorer
+[Bug][Monitoring]                Monitoring - Livestatus add KeepAlive for checkmk
+[Bug][Object type configuration] Assigned SIM cards can not be displayed on the Overview page
+[Bug][Installation]              mod_rewrite test button is not working
+[Bug][Admincenter]               A tenant can be over-licensed when deactivated
+# Version 27
+## About
+Hotfixes fix a certain error and are usually provided as a ZIP file. The ZIP file is unpacked in the i-doit installation directory. Confirm the question whether you want to overwrite files during unpacking (**Y** key for "yes" or **A** key for "all"). Here you can find an example:
+sudo cp i-doit_<version>_hotfix_<description>_<ticket>_<commit>.zip /var/www/html/i-doit/
+cd /var/www/html/i-doit/
+sudo -u www-data unzip i-doit_<version>_hotfix_<description>_<ticket>_<commit>.zip
+sudo rm i-doit_<version>_hotfix_<description>_<ticket>_<commit>.zip
+!!! attention "Please note"
+    Please use hotfixes exclusively with the specified version. Hotfixes will be included in newer versions so that a renewed installation is not necessary.
+    Should you use an older i-doit version it is essential to make an update to the latest version first.<br>
+    If a hotfix is required to update an older version, it can be found in the hotfix subchapters here in the Knowledge Base.<br>
+    As these are hotfixes we recommend installing them only when the adjustments are necessary for a flawless operation of your installation or you are requested by the support team to use them. Please ensure that you made a [backup of i-doit](../../maintenance-and-operation/backup-and-recovery/index.md) before you use any hotfix.<br>
+    Please inform us about the use of hotfixes should you contact our support team afterwards.
+!!! info "Current version"
+    The requirements shown below apply to the current version of i-doit, in this case ==27== These requirements are adjusted for each release of i-doit. If the requirements of older versions are needed, the change history of this page can be used.
+!!! attention "Declaration of consent"
+    By downloading a hotfix you declare that you have read and understood the above mentioned notes completely.
+## i-doit core
+!!! bug "Hotfix release"
+    If you downloaded i-doit 27 prior to November 28th, we've identified some issues that require attention.<br>
+    We have prepared a linked package that contains necessary fixes.
+    Please refer to one of the guides below for assistance
+    !!! example "**Use the updater to download the package**"
+        -   Set file and folder rights, either via `idoit-rights.sh` or [manual](../../installation/manual-installation/setup.md)
+        -   Open the i-doit web update
+        -   At **2. Available Updates** you copy and paste the **[LINK](https://login.i-doit.com/downloads/idoit-27-update.zip)** in to the corresponding URL field and click **Download and extract**
+        -   Now do the update
+    !!! example "**or download and extract the package**"
+        -   Download the new package from the [customer portal](../../system-administration/customer-portal.md)
+        -   Extract the package into the i-doit Folder, see [here](../../maintenance-and-operation/update.md#update-prepared-via-the-console)
+        -   Set file and folder rights, either via `idoit-rights.sh` or [manual](../../installation/manual-installation/setup.md)
+        -   Use the i-doit web updater to update with the new package
+    !!! note "**This update Package includes the following Hotfixes**"
+        **Adding a condition block for location > below > X location outputs no results**<br>
+        **HTML is displayed in Report**<br>
+        **Exported report displays \_\_id\_\_ column**<br>
+        **Report objects adds `&nbsp;&nbsp;` after each column**<br>
+        **Placeholder is not correctly replaced**<br>
+        **Operators for some fields can not be selected - TypeError: equation.map is not a function**<br>
+        **The encoding of umlauts are displayed in report titles**<br>
+        **Status filter for multivalue categories in report manager is not working correctly for custom categories**
+### Assigned clusters are removed after saving the object type configuration
+Use this if you need to assign the specific category **Assigned Clusters**.
+[i-doit_27_hotfix_ID-9977_eb1035c.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9977_eb1035c.zip){ .md-button .md-button--primary }
+### JDisc mapping error with MAC address
+Hotfix for the JDisc import error `Duplicate entry 'object-56-ABCDEF123-aa:aa:aa:aa:aa:aa,aa:aa:aa:aa:aa:aa,aa:aa:a...' for key 'isys_jdisc_mapping__type_device_serial_mac'.`
+[i-doit_27_hotfix_ID-10098.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-10098.zip){ .md-button .md-button--primary }
+### Description fields yield validation errors on 32bit systems
+[i-doit_27_hotfix_ID-9928_7dca69d.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9928_7dca69d.zip){ .md-button .md-button--primary }
+### Changing technical keys to only contain words causes entries to lose the values when filled with API (Number only)
+[i-doit_27_hotfix_ID-9938.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9938.zip){ .md-button .md-button--primary }
+### Icon redirects are not cached
+If loading takes too much time between switching from object type to object type.
+[i-doit_27_hotfix_ID-9924_8c73a0f.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9924_8c73a0f.zip){ .md-button .md-button--primary }
+### Refactor the automatic update-check to a separate (ajax) request
+If opening the administration area of i-doit and navigating to "[Tenant-name] management" the page will take quite some time to load.
+[i-doit_27_hotfix_ID-9919_63ba178.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-9919_63ba178.zip){ .md-button .md-button--primary }
+### Document does not exist error message when opening a document
+[i-doit_27_hotfix_ID-10086.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-10086.zip){ .md-button .md-button--primary }
+### Report viewing DBMS version always shows the first entry
+[i-doit_27_hotfix_ID-10083_801ae6b.zip :material-file-download:](../../assets/downloads/hotfixes/27/i-doit_27_hotfix_ID-10083_801ae6b.zip){ .md-button .md-button--primary }
+## API Add-on 1.15
+### cmdb.reports.read attaches "&nbsp;&nbsp" to each value
+[api_1.15_hotfix_API-458_7e2ae2e.zip :material-file-download:](../../assets/downloads/hotfixes/api/api_1.15_hotfix_API-458_7e2ae2e.zip){ .md-button .md-button--primary }
+### When using cmdb.objects.read it should be possible to use 'categories' without an array
+[api_1.15_hotfix_API-415.zip :material-file-download:](../../assets/downloads/hotfixes/api/api_1.15_hotfix_API-415.zip){ .md-button .md-button--primary }
+### cmdb.objects.read gives empty/nameless object with error message as a result when reading objects with the category licenses
+[api_1.15_hotfix_API-462.zip :material-file-download:](../../assets/downloads/hotfixes/api/api_1.15_hotfix_API-462.zip){ .md-button .md-button--primary }
+## Analyze Add-on 1.3
+### Service assignment is not displayed in data quality
+[Analysis_1.3_hotfix_ANALYSE-76_aa07fc2.zip :material-file-download:](../../assets/downloads/hotfixes/analyze/Analysis_1.3_hotfix_ANALYSE-76_aa07fc2.zip){ .md-button .md-button--primary }
+## Forms Add-on 1.2.0
+### Object is not created when a attribute validation is used and no error is displayed
+[forms_1.2.0_hotfix_AOF-38_69144fc.zip :material-file-download:](../../assets/downloads/hotfixes/forms/forms_1.2.0_hotfix_AOF-38_69144fc.zip){ .md-button .md-button--primary }
+## Floorplan Add-on 1.6
+### MySQL8 causes database error "incorrect DATETIME" when opening Floorplan AND Adding new Floorplan gives Error message and deletes existing objects added to floorplan
+[floorplan_1.6_hotfix_FP-130_FP-131.zip :material-file-download:](../../assets/downloads/hotfixes/floorplan/floorplan_1.6_hotfix_FP-130_FP-131.zip){ .md-button .md-button--primary }
+# Changelog 28
+[Task][Category folders]         Streamline wording of move browser in Category Tree
+[Task][Category folders]         Streamline wording of reorder modal in category tree feature
+[Task][Category folders]         Rename message when folder is empty
+[Task][Category folders]         Reset category list when the search is deleted
+[Task][Category folders]         Improve category folders drag and drop
+[Task][Category folders]         Add option to select and move multiple items
+[Task][Category folders]         Rename GERMAN Expand Button
+[Task][Category folders]         Add info to empty state of category folders feature
+[Task][Category folders]         Disable move button when nothing is selected
+[Task][Category folders]         Add information about the use of language constants to add a modal folder
+[Task][Code (Internal)]          Remove global $g_convert variable
+[Task][Code (Internal)]          Show architecture in system-overview
+[Task][List editing]             The text with leading zeros needs to be written more clearly.
+[Improvement][Import]            Allow user to import "input" of the first object in cabling import
+[Improvement][JDisc]             JDisc: It should be possible to import more information (SLOT) regarding hard disc
+[Improvement][JDisc]             Import von einzelnen Geräten aus JDisc anhand der IP über die Console / IP filter for JDisc import console command
+[Improvement][JDisc]             New JDisc Import Mode: "Update (Existing)"
+[Improvement][JDisc]             JDisc Import: Importiere SNMP Attribute
+[Improvement][JDisc]             Comparison of available objects from i-doit and JDisc
+[Improvement][JDisc]             Archive objects, that have not been seen by JDisc for a defined set of days
+[Improvement][Code (Internal)]   Purge all objects in i-doit via command
+[Bug][Code (Internal)]           Refactor the automatic update-check to a separate (ajax) request
+[Bug][Code (Internal)]           Installation of different Add-on Versions does not replace old files
+[Bug][Code (Internal)]           Changes in SMTP configuration encrypt the password
+[Bug][Code (Internal)]           Assigned clusters are removed after saving the object type configuration
+[Bug][Code (Internal)]           de-humanize the login page
+[Bug][Code (Internal)]           Mouseover at object placed in rack shows html character instead of "ß" if language is german
+[Bug][Code (Internal)]           Wrong translation of Editing lock
+[Bug][Code (Internal)]           Creating a object-type at "edit-datastructure" causes error because of https
+[Bug][Code (Internal)]           Fix object ID reset in URL in "Configurate object browser" after canceling an edit
+[Bug][Code (Internal)]           Icon redirects are not cached
+[Bug][Code (Internal)]           Changing technical key in multi value category causes problems in listview
+[Bug][Code (Internal)]           Too small resolution does not display object titles in search bar
+[Bug][CMDB]                      TypeError when assigning a Software
+[Bug][CMDB]                      JDisc Import date is imported as string and not as date
+[Bug][CMDB]                      Location is not selectable in object browser
+[Bug][CMDB]                      Removing 'end of contract' of a contract makes it reappear after saving even though the runtime is now 0
+[Bug][CMDB]                      Language constant overwrites another attribute
+[Bug][CMDB]                      Date fields in category SIM are prefilled with character '-'
+[Bug][LDAP]                      Creating an LDAP/AD filter that includes multiple filters
+[Bug][Custom categories]         Changing technical keys to only contain words causes entries to lose the values when filled with API (Number only)
+[Bug][JDisc]                     JDisc mapping error with MAC address
+[Bug][JDisc]                     Saving a JDisc profile with a empty categories selection displays malformed JSON warning
+[Bug][Category folders]          It is possible to select disabled folders as target
+[Bug][Category folders]          Translations should not be overwritten after opening the category folders for the first time
+[Bug][Category folders]          Fix move of categories when search is used
+[Bug][Category folders]          Fix jumping view port when searching and selecting items
+[Bug][Category folders]          After using search and delete the string via the X it is not possible to select category/folder container
+[Bug][Category folders]          Security issue category folders prevent XSS usage in folder names
+[Bug][Category folders]          Show root folder categories in move folder modal
+[Bug][Category folders]          Correct sorting of category folders and categories
+[Bug][Category folders]          Remove leftover categories
+[Bug][Category folders]          Show language constants in edit folder modals
+[Bug][Category folders]          Do not collapse category folders automatically
+[Bug][Category folders]          Do not show language constant in add folder modal
+[Bug][Category folders]          Do not show "no content" text when category is moved in empty folder
+[Bug][Security]                  Prevent SQL-Injection in combobox endpoints (solves: CVE-2023-46856 & CVE-2023-49303)
+[Bug][Security]                  Prevent loading "isys_cats_person_list" data over combobox "load" endpoint
+[Bug][Security]                  Escape config values before writing them into config.inc.php (solves: CVE-2023-49300)
+[Bug][Security]                  Remove option to download other files than i-doit update files via atomatic updater (solves: CVE-2023-49307)
+[Bug][Security]                  Remove possibility to execute mysqldump over the UI
+[Bug][Security]                  Prevent XSS in "qr.php" (solves: CVE-2023-49301)
+[Bug][Security]                  Prevent XSS in category update for "File Links" (solves: CVE-2023-49302)
+[Bug][Security]                  Prevent XSS in IT-Service Filter (solves: CVE-2023-49304)
+[Bug][Security]                  Prevent XSS in Logbook entries through category data (solves: CVE-2023-49305)
+[Bug][Security]                  Prevent XSS in usage of "proxy.php" (solves: CVE-2023-49306)
+[Bug][Security]                  Prevent Path Traversal in Filemanager endpoint (solves: CVE-2023-49308)
+[Bug][Security]                  Prevent Path Traversal in Filemanager "Image" in CMDB (solves: CVE-2023-49309)
+[Bug][Security]                  Prevent Path Traversal in Import Module which allows to delete files (solves: CVE-2023-49311)
+[Bug][Security]                  Disallow file urls in "reports.browser-url" to prevent exposing sensitive file contents (solves: CVE-2023-49310)
+[Bug][Security]                  Add rights guard to isys_ajax_handler_logbook.class.php
+[Bug][Security]                  Add guard by right-checking to "isys_ajax_handler_json.class.php"
+[Bug][Report-Manager]            Report objects adds    after each column
+[Bug][Report-Manager]            Exported report displays __id__ column
+[Bug][Report-Manager]            HTML is displayed in Report
+[Bug][Report-Manager]            Adding a condition block for location > below > X location outputs no results
+[Bug][Report-Manager]            Status filter for multivalue categories in report manager is not working correctly for custom categories
+[Bug][Report-Manager]            Status filter for multivalue categories is not working for CPU cores
+[Bug][Report-Manager]            Operators for some fields can not be selected - TypeError: equation.map is not a function
+[Bug][Report-Manager]            Placeholder is not correctly replaced
+[Bug][Report-Manager]            SQL error in report manager for Wiring System > Assigned objects categories
+[Bug][Report-Manager]            %LIKE% Operator for guarantee date is not working correctly
+[Bug][Report-Manager]            '=' operator does not work correctly for custom categories
+[Bug][Report-Manager]            The encoding of umlauts are displayed in report titles
+[Bug][API]                       Can not use API when the API System Person is deleted
+[Bug][API]                       Contact roles can not be authorized for API
+[Bug][API]                       SQL error when using order_by
+[Bug][Categories]                Reordering category folders causes visibility "eye" to disappear
+[Bug][Categories]                'Edit' button disappears after 'purging' single value categories
+[Bug][Categories]                Vertical slots for rack backside are mirrored
+[Bug][Categories]                Deselecting a stack member sets it to generic location
+[Bug][Categories]                Typo in category "Remote Management Controller" attribute "Primäre ZugriffsURL"
+[Bug][System settings]           Not setting SMTP Timeout leads to SMTP Error
+[Bug][System settings]           Save buttons do not display a success notification
+[Bug][System settings]           Create Ticket button does not use the configured URL with PORT
+[Bug][System settings]           API System setting overwrites tenant setting
+[Bug][System settings]           System settings are not set through expert settings
+[Bug][Validation]                Enable user to filter for attribute settings
+[Bug][Validation]                Show empty attribute settings table to user
+[Bug][Validation]                Do not show error message in tooltip while hovering over validation error in custom fields
+[Bug][Validation]                Description fields yield validation errors on 32bit systems
+[Bug][Notifications]             Group and User receive notification if receive strategy (-) is selected and both user & group have primary emails
+[Bug][Notifications]             Neither group nor user receive notification if receive strategy (Groups if available, else assigned persons) is selected and only group member has primary email
+[Bug][Notifications]             Notifications interval does sent E-Mails also a day after interval date
+[Bug][List editing]              Can't create Model in list edit
+[Bug][Search]                    Minimum search string error message should match setting
+[Bug][Logging]                   Show detailed log does not work
+[Bug][Lists]                     Sorting numbers in multi value category
+[Bug][CMDB-Explorer]             SQL Error in CMDB Explorer
+[Bug][Monitoring]                Monitoring - Livestatus add KeepAlive for checkmk
+[Bug][Object type configuration] Assigned SIM cards can not be displayed on the Overview page
+[Bug][Installation]              mod_rewrite test button is not working
+[Bug][Admincenter]               A tenant can be over-licensed when deactivated
+# Release Notes 28
+We’re happy to announce i-doit pro 28 - 2023’s final release which focuses on **security and quality**.
+The following **CVE**s have been resolved with the changes from this release:
+Furthermore, we have taken feedback from our customers to further improve the previously released feature to create custom **category folders** for a more intuitive configuration and folder creation. Last but not least, we added a lot of bug fixes for a general improvement of your experience which can be found in detail in our changelog.
+We highly encourage you to [update](../../maintenance-and-operation/update.md) your installation of i-doit pro to version 28 as soon as possible to benefit from all of the contained improvements.