Automatic update and now very broken UI

Hi,

I received this message this morning:

Your server [] discovered the following security issues:
framework has been automatically upgraded to fix security issues:
SEC-2019-001

and when I tried to logon to my server I got this:

As you can see the password field is extremely large and there is no username field…

When I saw that I tried to update all modules (fwconsole ma updateall) but even after doing so and clearing my browser cache I am still getting this…

How can I fix this?

That’s with FreePBX 14 distro by the way…

Thank you and have a nice day,

Nick

PS: It’s reallllly not the time for this kind of thing to happen, I need to place calls here and there because my Father died last Friday :sob: and there are a loooooot of things to take care of…

Looking at the code (it’s open source). It looks like @qwell fixed the bug this morning:

Can you get into ssh? if so: fwconsole ma upgrade framework

Yeah, sorry, there’s a follow-up update going out. There was a limitation that was found in the initial update that went out that you may be hitting.

Matt

2 Likes

Hi!

As suggested by Andrew I updated framework (and later all modules).

If I type my server name without anything else I get redirected to http://pbx/admin/# instead of http://pbx/admin/config.php.

If I manually go to http://pbx/admin/config.php, everything seems OK now…

The frozen in time page (copyright is from 2017 and it always report 14.0.1.4), the screen capture you can see above, I get when I am redirected to http://pbx/admin/# complains that IE 11 is too old and wants me to update it so I assume it is something I should not actually be redirected to.

That box was a FreePBX 13 distro updated to FreePBX 13/Sng 6.5 when the upgrade script was very much beta and not everyone got back a working machine at the end. I believe I was one of the first one to try the upgrade script when it was made available. It proved to be quite difficult to get a working box but once I did it seemed to be working as intended.

That being said, before that forced update, I don’t remember ever seeing the screen I am redirected to and this screen reports an old FreePBX 14 version, not a FreePBX 13 one so I don’t know if this is in any way related to that box originally being a FreePBX 13 distro based machine.

I searched for a possible RewriteRule in Apache’s config files which could redirect to the incorrect URL but did not find any, looks like this is done dynamically in PHP…

Thank you and have a nice day,

Nick

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.