FreePBX Security Notification May 2018

Seen this message this morning. How urgent are these updates if we are behind the FreePBX built in Firewall? This server is directly connected to the internet and is hosted at FreePBX Hosting.

We are scheduled to do updates on this server at the end of June and I was wondering if we could just wait until then.

Any assistance you can provide would be greatly appreciated.

Somebody posted the CVE link yesterday. It looks like it should be handled sooner rather than later, but (as you pointed out) a properly secured system is less likely to be compromised than one that lives on out the Internet.

I saw the same thing…but my system informed me (by email) that it automatically applied this update. Not sure what was different in settings for this module.

Yes. In 14 a feature we added was to automatically update vulnerable modules. Welcome to the future.


Works for me. It was one less security update I had to install. I have enough issues with updating my servers and workstations. I actually appreciate that feature.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.