Heads up y’all that before your next apt update on the CLI you’ll want to refresh the FreePBX apt repo GPG key, by either updating Framework module to v17.0.28 from the CLI or by running this new CLI command following a browser-based ACP GUI Module Admin update of Framework to v17.0.28:
$ sudo fwconsole util updategpgkey
More Details
You can check that it worked by running this command before and after the update:
Is there an email list that we could subscribe to that would send notifications about critical updates like this? Or if there are known security updates that are required?
I’m not always reading through the forums, so would be good to see if there is a way to get notified about this.
There is not currently a dedicated mailing list for this purpose.
You might consider instead subscribing to all notifications in this current FreePBX → Security topic – and maybe Blog → Security as well – by navigating to your account’s Preferences → Tracking tab, then further down to either Watched, Tracked, Watching First Post, etc. Confirm that your email settings are up-to-date in Preferences → Emails and Preferences → Account.
Also the GitHub repo for FreePBX security issue reporting gets alerts for those when they are published and can be watched there as well separately.
Note that I compiled Asterisk from scratch and ran the FreePBX installer with the noasterisk command and I still did need to do the
/sbin/fwconsole ma upgrade framework
I noticed this after doing:
root@phony:/home/tedm# apt-get update
Get:1
bookworm-security InRelease [48.0 kB]
Hit:2
bookworm InRelease
Get:3
bookworm-updates InRelease [55.4 kB]
Hit:4
bookworm InRelease
Get:5 http://deb.freepbx.org/freepbx17-prod bookworm InRelease [7,478 B]
Get:6
bookworm-security/main Sources [207 kB]
Get:7
bookworm-security/main amd64 Packages [297 kB]
Get:8
bookworm-security/main Translation-en [182 kB]
Err:5 http://deb.freepbx.org/freepbx17-prod bookworm InRelease
The following signatures were invalid: EXPKEYSIG C4DFE68FCE6DE186 Aptly [email protected]
Fetched 798 kB in 3s (272 kB/s)
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.freepbx.org/freepbx17-prod bookworm InRelease: The following signatures were invalid: EXPKEYSIG C4DFE68FCE6DE186 Aptly [email protected]
W: Failed to fetch http://deb.freepbx.org/freepbx17-prod/dists/bookworm/InRelease The following signatures were invalid: EXPKEYSIG C4DFE68FCE6DE186 Aptly [email protected]
W: Some index files failed to download. They have been ignored, or old ones used instead.
Looks like there was only a narrow window where the old key was still valid that you could either autoupdate FreePBX or manually update it from the GUI.
Note that even after doing an apt upgrade and the fwconsole command above I still had to run the module updater from the FreePBX GUI and update the framework there.