Modules vulnerable to security threats have been automatically updated

I am using FreePBX Distro and I received emails about the vulnerable modules and when I logged in the above showed up as well… which is really cool. The Apply config button was visable and I hit Apply.

In my Dashboard, it continues to advise me that the vulnerable module was auto upgraded and I cannot get rid of. I hit the - (minus) sign and a refresh or going back from another page and it still shows up.

I went to 'resolve" which takes me Module Admin and nothing is new to update since it apparently auto updated. I also tried a fwconsole ma upgrade framework since that was the vulnerable module and nothing was available since it was already updated.

How do i get rid of this allegedly fixed vulnerability warning from my Dashboard?

This is a bug. You should report it.

confirmed. Same issue here.

Okey Dokey! Will do and Thanks!!!


Just an FYI, this morning when I logged into my FreePBX to get versions for the bug report, it was perfectly fine… no warning shown.

Did create a bug report.

link it next time, to make it easiler for others to also reply.

Added some screenshots and comments myself.

I see there is some confusion in the ticket

Firstly setting your system to email only will still allow it to update vulnerable modules. If you don’t want that then you need to go to advanced settings and disable it. But you will still be vulnerable unless you upgrade manually (this is normally referred to as opt-in)

Secondly this notice is correct. It fixes users who have installed the distro and then in 24 hours their systems updated for the security issue in May (which is really just cross site scripting vulnerabilities which are not major) and as a result dashboard exploded. If we didn’t bump this then people will keep reporting Pico feed errors. Right now we are at 40 duplicate bug reports of an issue that was fixed in September.

Thirdly. For as long as I can remember. Any and all module installations and updates will set the apply config button to on. I don’t think the updates need to tell you why you need to hit that button as any module update will make you hit it so that items are symlinked and updated correctly.

Hi Andrew…

All I was seeking was a way to delete the warning after I saw it and acted upon it by hitting the Apply instead of waiting 24 hours for a cron job to delete it.

Did I do something I shouldn’t have?


No I am responding in general to the comments in the ticket you opened that are not your own.

I am getting this warning as well and I did click on apply configuration. Restarted FreePBX still showing message and updates says no updates but the message persists.

Are you saying the message will clear in 24hrs automatically?

I am saying this is a bug. Please wait until a work week for a fix. Thanks.

I went to module admin, hit “Check Online” then went back to the dashboard, hit the Minus icon, refreshed, and it does not re-appear.

1 Like

Yep same thing for me, but with this I have another weird symptom. Calls outside of network used to work just fine (Two way audio) but then now it works only one way.

I am also getting the error “critical Errors found” and Invalid Websocket Transport for Zulu

This is usually a NAT issue, and I think you should create a new topic for that, as it’s unrelated to this subject.

1 Like

There was no need to hit “Check Online” at all. the module was already updated. Clicking the minus would have removed the message.

In your case that worked. The reason I wrote this post was the fact that when I hit the minus button the warning did not disappear. Nothing I did made the notification remove itself. Time took care of the issue in my case as might apparently have for others.
Therefore the post that such was a bug from one of the developers and to report it.

1 Like

Original Post:

I have done thorough debugging, restarted firewall, configured static outbound nat, restarted freepbx nothing worked. only one way RTP stream and nothing coming from FreePBX after this update … it only occurred after this update not before.

Anyway I will create a new post. Thanks for your help

Added a comment to Issue Tracker, FREEPBX-18650.

Edge Version Framework still has issue… or at least I cannot get rid of warnings.


You need to reload: fwconsole ma listonline && fwconsole reload