Live helper chat - open source live support chat with bot, Voice, Video, ScreenShare support.

7 min read Original article ↗

  • 2026-04-10 08:50:20

    4.84v Content Chunks

    Notable changes since 4.83v

    • REST API and bot workflow: improved REST API trigger execution and request body handling with attachment support; added skipped-body debug preview; enhanced chat locking behavior for streaming and chunked responses while preserving typing indicators.
    • Widget and UI: expanded widget theme customization options (including color controls), applied theme colors to offline form, improved message delivery indicator styling, fixed height adjustments and zoom/icon interaction issues, and added support for custom nick from admin themes.
    • Notifications and operator workflow: added assignment notification preferences (assigned pending chats vs all pending chats), quick action for auto-assignment, and persistent disabling of mobile notifications.
    • Chat filters and analytics: added participant filters to chat search, improved filters and restored pagination behavior, added participant-aware export enhancements, and introduced average chat duration by agent/participant.
    • File validation and security hardening: expanded MIME type handling for common file types and strengthened uploaded file verification (including file preview upload flow).
    • Translation and UX polish: improved translation error handling and transaction flow, added operator notice for active chat translation state, and updated translations across modules.
    • Core/codebase maintenance: added new tables and schema updates, improved error/log reporting and timing diagnostics (render and DB connection timing), and modernized PHP code style in core files.

    Summary

    • This release focuses on reliability and operator experience: stronger REST API/bot handling, better widget customization and messaging UX, richer notification controls, and improved chat search/export analytics.
    • It also includes security-oriented file validation improvements, translation workflow refinements, and core maintenance updates for better observability and long-term stability.

  • 2026-03-19 13:23:33

    4.83v Subject archive

    1. Notable changes since 4.82v

      • Chat list sorting: added sort options for highest and lowest message count in chat lists; a validation warning is shown when sorting by message count without a date range of 31 days or less.
      • Webhooks: debug mode support added to processEvent in both chat and mail conversation continuous webhook classes; new validation conditions notempty and in_list; improved error handling and logging; webhook form updated with chat ID testing and improved button styling; test pattern module enhanced with webhook ID validation.
      • Dropdown: "Select all" and "Unselect all" buttons added to multi-select dropdowns across the back-office; dropdown plugin and render helper updated accordingly.
      • Subject filter: subject filter conditions added to the chat list search panel and mail conversation search panel; department user dep logic enhanced.
      • Widget: bumped to version 272; improved screenAttributesUpdate height/width calculations for better responsiveness across screen sizes; wrapper now passes its version to the API; fixed proper termination in wrapper source.
      • Canned messages: fixed auto-uppercase breaking text input in the new rich-text editor (LHCEditor).
      • REST API: fixed authentication validator regression.
      • Chat core: added support for dashes in chat handling logic.
      • Templates: minor fixes in chat lists template and survey fill-widget template.

    2. Summary

    3. This release improves chat list usability with message count sorting, strengthens webhook debugging with debug mode and new validation conditions, and enhances multi-select dropdowns with select-all/unselect-all controls.
    4. Widget responsiveness and wrapper version reporting are improved; canned message auto-uppercase and REST API auth issues are resolved.

  • 2026-03-17 08:13:04

    4.82v Security updates, expanded widget mode

    1. Notable changes since 4.81v
      • Security/file handling: enhanced MIME type validation across file download endpoints (downloadfile.phpinlinedownload.php, REST API file.php); MIME type constants added in mail conversation parser; all operator/visitor uploads validated against var folder path; resolved security issues L01, L02, L04, L05, L06, L11, L13.
      • Widget: added expand mode with configurable width/height ratios and new shrink_text/expand_text UI fields; widget communication updated to include user session prefill variables in sent messages; fixed reloadWidget function; updated wrapper version.
      • Chat search/statistics: added message count filters (operators, visitors, bots) to search panel and statistics tabs; added total messages count input field; added search by message ID range.
      • Chat tab visibility: operators can toggle chat tab visibility (show/hide chat tabs) via quick actions in user settings.
      • User settings: added auto-accept chats option and alert preference for transferred chats.
      • Variables/prefill: support for passing custom back-office vars as lhc_var variables; encrypted prefilled variables always applied; variable only set when replaceable variable is non-empty; proactive invitations now update vars when custom vars are passed.
      • Theme/translations: widget theme translate method accepts user context; REST API modules (checkchatstatusgetinvitationinitchatonlinesettingssettings) use user context for theme translations; multilanguage support for custom fields; fetchByVid includes caching option.
      • Canned messages: refactored retrieval with getCannedMessages method; added auto_send filter and ignore_subjects parameter.
      • Extensions: support for extensions to contribute custom side-menu items.
      • Configuration: folder/directory write-permission checks added to the configuration page with per-directory success/error indicators.
      • Bot: support for background workers in REST API bot action; improved bot detection filtering.
      • Message history: previous-message loading always uses all messages when the page limit is not reached; safe inclusion of all chat messages.
    2. Summary
      • This release strengthens file handling security with MIME type validation, file path checks, and resolves multiple L-series security issues.
      • Operator UX improvements include widget expand mode, chat tab visibility toggles, and richer user settings (auto-accept, transfer alerts).
      • Search and statistics gain new message count filters; extensions gain custom side-menu support; theme translations now respect user context.
    3. Contributors
      • L01: SSRF via incoming webhook image download (CWE-918)
      • L06: Mass assignment in REST API file PUT leading to arbitrary file read (CWE-915, CWE-22)
      • L11: Stored XSS via Content-Type spoofing in file upload (CWE-79, CWE-345)
      • L13: Unsafe deserialization in configuration loader (CWE-502)

    Vulnerability Researcher: Pedro J. Núñez-Cacho Fuentes (https://blogs.tunelko.com)

    For update just follow standard update procedure. For manual update it's update_349.sql

    **Full Changelog**: ;https://github.com/LiveHelperChat/livehelperchat/compare/4.81v...4.82v

  • 2026-02-27 09:46:01

    4.81v One-Time proactive invitations

    1. Notable changes since 4.80v
       - One-time proactive chat invitations: new DB table `lh_abstract_proactive_chat_invitation_one_time` tracks which visitors have already seen an invitation, preventing repeat displays.
       - Proactive invitations: cleanup logic added for stale one-time invitation records; widget now records when a one-time invitation is shown; edit module enhanced with custom actions for proactive invitations.
       - Captcha: added provider-based captcha support — Google reCAPTCHA v3 and Cloudflare Turnstile are now both supported with a shared validation layer (`CaptchaValidator`, `erLhcoreClassUserValidator`).
       - Captcha admin UI: provider selector with provider-specific field sections; shared key labels across providers; CSRF redirect fix.
       - Translation system: UX improvements for automatic translations; operator and visitor message translation differentiated; messages with existing translations are now skipped; translation configuration UI updated.
       - Bot/Widget: custom HTML buttons and bot buttons are now disabled when a form is in progress status; alert messages added; placeholder for name field in widget start form.
       - Editor: fixed infinite loop issue in the new rich-text editor (LHCEditor).
       - Dashboard: removed legacy old dashboard; cleaned up related options and switch logic.
       - Security/permissions: added permission access checks in block user, hold action, transfer chat, and chat widget closed flows.
       - PHP 8.5 compatibility: resolved deprecation and compatibility issues.
       - Translations: updated translation catalogs including new captcha-related and translation-workflow keys.

    2. Summary
       - This release introduces one-time proactive chat invitations, a flexible multi-provider captcha system, and several translation workflow improvements.
       - Includes editor stability fixes, dashboard cleanup, PHP 8.5 compatibility, and stricter permission checks across chat action endpoints.

    For update just follow standard update procedure. For manual update it's update_348.sql

    **Full Changelog**: https://github.com/LiveHelperChat/livehelperchat/compare/4.80v...4.81v

  • 2026-02-20 09:29:11

    4.80v Guardrails multilanguage

    1. Notable changes since 4.79v
       - Message content protection: added language-specific warning message support for ghosting/masking rules.
       - UI (back office): redesigned message protection warning editor with multilingual tabs and per-language message fields.
       - Runtime masking: warning text can now be translated by chat locale (full locale and short locale fallback).
       - Data/model layer: added `languages` persistence support in `lh_abstract_msg_protection` model/POS mapping.
       - Frontend cleanup: simplified multilingual tab content rendering in Svelte component used by admin forms.

    2. Summary
       - This release extends message protection rules with localized warning messages and wires the full stack (DB, model, UI, and runtime locale resolution).

    For update just follow standard update procedure. For manual update it's update_346.sql

    ## What's Changed
    **Full Changelog**: https://github.com/LiveHelperChat/livehelperchat/compare/4.79v...4.80v