JQuery vulnerability

Hello,
we have FreePBX 13.0.190.12 and JQuery 1.11.3.
We have a task from our security department to update JQuery to a version higher then 3.5, as older versions have XSS vulnerabilities.
Is it true? Does FreePBX has any options to address this issue?
Should we update our FreePBX to fix this problem and to what version should we update?

FreePBX 13 is EOL and unsupported. You need to update FreePBX.

2 Likes

Thanks, but to what version? Cause we need JQuery version higher then 3.5.

If your primary concern is using a supported system, then you want FreePBX 17 on Debian.

Thank you.

1 Like

Please refer to the below link to see the current supported version of Jquery (and other front end libs) in Freepbx 17.

Regards
Kapil

Many Thanks!

We have a problem, after installing FreePBX 17. After installation is over we reboot server and one of services does not start. If Asterisk starts, then Apache does not, if Apache starts, then Asterisk does not. What can be the cause of that?

Please refer to [bug]: Apache2 is failing due to memory issue on reboot · Issue #496 · FreePBX/issue-tracker · GitHub

I have completed these configurations but Apache still does not start.

What is the error you are getting?

It just needed some time and eventually started. Thank you guys, especially Kapil!

1 Like

you can check “systemctl status apache2” to see if there is any system level error due to which apache is not starting or “/var/log/apache2/error.log” if its not starting due to any issue in config or loading any of the apache module.

Thanks
Kapil

Yes, it is working now. But I have one more question, please. How to transfer the configuration from FreePBX 13.0.190.12 to FreePBX 17? Is there any manual or roadmap for doing this correctly?

Please refer to the https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230850573/Upgrading+to+FreePBX+17

Thanks again!

One more question here. I have installed FreePBX 17 and decided to switch to Asterisk version 18 for using SIP instead of pjsip as our infrastructure requires older channel.
But in FreePBX 17 I have not found configuration menu for SIP. Why is so and how to configure SIP?

Why does it need it? That suggests it isn’t a true SIP implementation, but, in any case, unless provided with detailed technical reasons for an incompatibility, any real incompatibilities are not going to get fixed.

Let me explain our infrastructure. Our older FreePBX is connected to our phone provider with SIP trunk. We need to update FreePBX. Do we need to contact our provider and ask him to change trunk protocol from SIP to PJSIP? Or we can do all job on our side, update FreePBX, transfer all config from the old to a new one and connect to provider?

chan_sip and chan_pjsip are both implementations of the SIP protocol. chan_pjsip is likely to be a more correct one. It is unlikely that the provider is using Asterisk, so unlikely they are using chan_sip.

The configuration files are different, so you need to provide an equivalent configuration file for chan_pjsip. There are some tools to help in doing that, but I’m not sufficiently familiar with them to advise on their.

(Note that most chan_sip configurations I see are poorly designed, being copy and pastes by people who never went back to basics, and didn’t properly understand the options. As such, configuring chan_pjsip from first principles is probably better than any mechanical conversion.)