Hi All
We have done a couple of security fixes recently.
Please find the details of fixes and fixed modules version information from the below wiki pages -
https://wiki.freepbx.org/display/FOP/2021-09-15+SQL+Injection+in+Asterisk+Manager+Users+Module
https://wiki.freepbx.org/display/FOP/2021-09-15+XSS+Injection+vulnerability+in+TTS%2C+Blacklist%2C+Bulk+handler+and+UCP+Module
https://wiki.freepbx.org/display/FOP/2021-09-15+XSS+Injection+vulnerability+in+Voicemail+Module
Best Regards
Kapil
For FreePBX-16, We have found some PHP 7.4 compatibility issues so we need to update the framework first from the Freepbx linux CLI before updating security fixes.
fwconsole ma downloadinstall framework --tag=16.0.10.31
Thanks
Kapil
While this is likely fine to say for a beta/unreleased setup such as FreePBX 16, this is not something that should ever be possible to even require.
You cannot expect users to do this, ever. Users update via the web interface, and that is it.
Yes, yes, exceptions. I am one. I update everything via a script, but it is still simply a fwconsole ma upgradeall. The modules update process needs to know how to handle things.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.