I am using FreePBX Distro 14.0.5.2 and I received emails about the vulnerable modules and when I logged in the above showed up as well… which is really cool. The Apply config button was visable and I hit Apply.
In my Dashboard, it continues to advise me that the vulnerable module was auto upgraded and I cannot get rid of. I hit the - (minus) sign and a refresh or going back from another page and it still shows up.
I went to 'resolve" which takes me Module Admin and nothing is new to update since it apparently auto updated. I also tried a fwconsole ma upgrade framework since that was the vulnerable module and nothing was available since it was already updated.
How do i get rid of this allegedly fixed vulnerability warning from my Dashboard?
Firstly setting your system to email only will still allow it to update vulnerable modules. If you don’t want that then you need to go to advanced settings and disable it. But you will still be vulnerable unless you upgrade manually (this is normally referred to as opt-in)
Secondly this notice is correct. It fixes users who have installed the distro and then in 24 hours their systems updated for the security issue in May (which is really just cross site scripting vulnerabilities which are not major) and as a result dashboard exploded. If we didn’t bump this then people will keep reporting Pico feed errors. Right now we are at 40 duplicate bug reports of an issue that was fixed in September.
Thirdly. For as long as I can remember. Any and all module installations and updates will set the apply config button to on. I don’t think the updates need to tell you why you need to hit that button as any module update will make you hit it so that items are symlinked and updated correctly.
All I was seeking was a way to delete the warning after I saw it and acted upon it by hitting the Apply instead of waiting 24 hours for a cron job to delete it.
I am getting this warning as well and I did click on apply configuration. Restarted FreePBX still showing message and updates says no updates but the message persists.
Are you saying the message will clear in 24hrs automatically?
Yep same thing for me, but with this I have another weird symptom. Calls outside of network used to work just fine (Two way audio) but then now it works only one way.
I am also getting the error “critical Errors found” and Invalid Websocket Transport for Zulu
In your case that worked. The reason I wrote this post was the fact that when I hit the minus button the warning did not disappear. Nothing I did made the notification remove itself. Time took care of the issue in my case as might apparently have for others.
Therefore the post that such was a bug from one of the developers and to report it.
I have done thorough debugging, restarted firewall, configured static outbound nat, restarted freepbx nothing worked. only one way RTP stream and nothing coming from FreePBX after this update … it only occurred after this update not before.
Anyway I will create a new post. Thanks for your help