I am using FreePBX Distro 18.104.22.168 and I received emails about the vulnerable modules and when I logged in the above showed up as well… which is really cool. The Apply config button was visable and I hit Apply.
In my Dashboard, it continues to advise me that the vulnerable module was auto upgraded and I cannot get rid of. I hit the - (minus) sign and a refresh or going back from another page and it still shows up.
I went to 'resolve" which takes me Module Admin and nothing is new to update since it apparently auto updated. I also tried a fwconsole ma upgrade framework since that was the vulnerable module and nothing was available since it was already updated.
How do i get rid of this allegedly fixed vulnerability warning from my Dashboard?
Firstly setting your system to email only will still allow it to update vulnerable modules. If you don’t want that then you need to go to advanced settings and disable it. But you will still be vulnerable unless you upgrade manually (this is normally referred to as opt-in)
Secondly this notice is correct. It fixes users who have installed the distro and then in 24 hours their systems updated for the security issue in May (which is really just cross site scripting vulnerabilities which are not major) and as a result dashboard exploded. If we didn’t bump this then people will keep reporting Pico feed errors. Right now we are at 40 duplicate bug reports of an issue that was fixed in September.
Thirdly. For as long as I can remember. Any and all module installations and updates will set the apply config button to on. I don’t think the updates need to tell you why you need to hit that button as any module update will make you hit it so that items are symlinked and updated correctly.
In your case that worked. The reason I wrote this post was the fact that when I hit the minus button the warning did not disappear. Nothing I did made the notification remove itself. Time took care of the issue in my case as might apparently have for others.
Therefore the post that such was a bug from one of the developers and to report it.
I have done thorough debugging, restarted firewall, configured static outbound nat, restarted freepbx nothing worked. only one way RTP stream and nothing coming from FreePBX after this update … it only occurred after this update not before.
Anyway I will create a new post. Thanks for your help