Blesta 5.12 Beta Released

July 17, 2025
Paul

We are pleased to announce that Blesta 5.12.0 BETA 1 has been released!

Can I participate in the beta?

If you have an owned or monthly license with us directly, you may download blesta-5.12.0-b1.zip in the client area now (Login Required). If you obtained your license from a reseller or distributor, you may be able to participate. Contact your reseller to find out. As with any beta, this release is for non-production use only and is unsupported. DO NOT UPGRADE YOUR PRODUCTION. During installation, choose to start a free trial, open a ticket to request a trial key, or use your dev license if you have one. Direct license holders can request a dev license by opening a ticket.

Once you are up and running, head to the forums to report any issues and let us know what you think! If you have a license and are verified or become verified on our Discord chat, you’ll have access to a license holder only beta forum.

Visit the Beta Forums! Visit Discord Chat!

It's now possible to re-activate cancelled services inside Blesta.

(Caption: It’s now possible to re-activate cancelled services inside Blesta.)

So what is new in 5.12?

Blesta version 5.12 includes more Domain Manager improvements like the sync’ing of expiration dates more quickly and converting the currency to the default currency on price sync. We added the Realtime Register domain registration module as well, and a module for VirtFusion. Oauth2 support has been added for outgoing email with Google and Microsoft. Cancelled services can be re-activated by staff. It’s now possible to copy/clone invoices, and the renew date for services in the client area takes into consideration whether they have any open invoices for their services. The Import Manager has been updated to improve imports from WHMCS, and much more!

New and Updated Extensions

  • Domain Manager now sync’s expiration dates more quickly.
  • Domain Manager now attempts to convert currency to the default currency on price sync.
  • Domain Manager edit pricing link now opens in a new tab.
  • Domain Manager TLD sync timeout was reduced.
  • Realtime Register domain registrar module has been added.
  • VirtFusion module has been added.
  • DirectAdmin now supports single sign on (SSO).
  • DirectAdmin now shows an input field for plans when creating a Package if the API doesn’t return any.
  • cPanel now includes an SSO link under Manage in addition to the expand area.
  • cPanel now shows an input field for plans when creating a Package if the API doesn’t return any.
  • BTCPay Server gateway uses BTCPay settings to allow the client to choose payment method.
  • Order Plugin now includes events for affiliates and orders (See docs).
  • Order Plugin email verification landing page was improved.
  • Order Plugin was updated to improve the slider.
  • Order Plugin was updated to fix an issue with applying a coupon in the order summary.
  • Support Manager now allows a field containing a dropdown of services to be displayed on ticket creation.
  • Support Manager now includes events for departments and tickets (See docs).
  • Support Manager has new custom client field option for “Escalate to Emergency” and a “Client Only” visibility option.
  • Blesta License module now masks the password field.
  • Portal plugin now uses the ACE editor.
  • Universal Module now uses the ACE editor.
  • Generic Domains now sync’s registration and expiration dates.
  • Stripe Payments now shows the card type and last 4 in transaction emails.
  • Stripe Payments has been updated to address several issues.
  • Logicboxes was updated for consistency with other registrar modules, using “domain” as the domain field.
  • Braintree was updated to the latest SDK version.
  • Payza payment gateway was removed.
  • Import Manager now imports draft invoices from WHMCS as draft invoices in Blesta.
  • Import Manager now imports inactive clients in WHMCS as inactive clients in Blesta.
  • Pterodactyl module was updated to address several issues.
  • Namesilo module was updated to address several issues.
  • Mass Mailer plugin now has a rate limit for sending email.
  • Coinbase Commerce payment gateway API library has been updated.
  • IP Unblocker plugin now works for reseller users.

Changes to the Core

  • Oauth2 support has been added for outgoing email for Google and Microsoft mail servers.
  • It’s now possible to copy/clone invoices under a client’s profile.
  • The service renew date is now displayed differently to clients, depending on whether the invoice is paid.
  • Cancelled services can now be re-activated by staff.
  • Pending service changes are now visible under Tools.
  • A new report has been added: Clients with Credits.
  • When editing a custom client field, the client group is now displayed.
  • Email verification can no longer be completed if the client’s status is not “Active”.
  • Autocomplete has been added for clients who store their card details in their browser.
  • When a language is disabled, users using that language are updated to the default language.
  • When editing a service, client, or contact as staff, you are no longer redirected.
  • Amazon S3 vendor code has been updated with support for v4 signatures.
  • Custom client field data is now available to invoice templates (for developer use).
  • When clients set up 2FA, their password must be confirmed so a password field is more conveniently located nearby.
  • Invoices now show values that are beyond the currency precision if those places contain a value.
  • Fixed more PHP 8.3 deprecated notices.
  • Resending a welcome email now properly includes the signature in the preview.
  • Credit card expiration dates now include the month number in the month dropdown.
  • Resolved an issue with removing line items from quotes.
  • Clients can no longer update their email address to one that is on the blacklist.

Client Template Changes

  • /app/views/client/bootstrap/client_accounts_cc_info.pdt updated
  • /app/views/client/bootstrap/client_accounts_contact_info.pdt updated
  • /app/views/client/bootstrap/client_emails.pdt updated
  • /app/views/client/bootstrap/client_invoices_view.pdt updated
  • /app/views/client/bootstrap/client_main_edit.pdt updated
  • /app/views/client/bootstrap/client_services.pdt updated
  • /app/views/client/bootstrap/client_services_cancel.pdt updated
  • /app/views/client/bootstrap/client_services_service_infobox.pdt updated

Staff Template Changes

  • /app/views/admin/default/admin_billing_services.pdt updated
  • /app/views/admin/default/admin_clients_account_ccinfo.pdt updated
  • /app/views/admin/default/admin_clients_account_contactinfo.pdt updated
  • /app/views/admin/default/admin_clients_editservice_basic.pdt updated
  • /app/views/admin/default/admin_clients_editserviceadvanced.pdt updated
  • /app/views/admin/default/admin_clients_invoices.pdt updated
  • /app/views/admin/default/admin_clients_services.pdt updated
  • /app/views/admin/default/admin_company_billing_invoices_form.pdt updated
  • /app/views/admin/default/admin_company_client_options_editcustomfield.pdt updated
  • /app/views/admin/default/admin_company_emails_mail.pdt updated
  • /app/views/admin/default/admin_tools_provisioning.pdt updated

See the release notes for more details on this release.

Note Regarding PHP 8

Many 3rd party or custom extensions may not yet be compatible with PHP 8. If upgrading Blesta, it is best to use a PHP version that is compatible with both the release you are upgrading from and the release you are upgrading to. Test third party integrations and customizations.

Blesta supports PHP 7.2, 7.3, 7.4, 8.1, 8.2, and 8.3 through Ioncube using the default files, and PHP 8.0, 8.1, and 8.2 through SourceGuardian via the hotfix-php8 directory. Report any PHP 8 related issues for Blesta or official extensions on our forums or Discord #beta channel.

Is there something you want to see in Blesta? Create a new feature request or upvote an existing one!

When is the final release?

Version 5.12 will be officially released after the beta phase has completed, which we expect to happen soon. Once we deem 5.12 stable for production, a final release will be issued. You can help speed things along by participating in the beta!


Related Tags:

Security Advisory

June 9, 2025
Paul

A security issue affecting Blesta versions 4.0.0 through 5.11.3 has been identified.

A path traversal vulnerability has been discovered, though the vulnerability does not allow the disclosure of Blesta configuration files. We recommend applying the appropriate patch for your release, or upgrading to version 5.11.4 as soon as possible. We give this an impact rating of High.

More information about how we rate vulnerabilities can be found on our Security Advisories page.

Always back up your files and database prior to upgrading and be sure to run /admin/upgrade in your browser after uploading either a patch or full release. Patch releases may only be applied to the minor release to which it belongs, so download the appropriate patch for your minor version. If you are running a version of Blesta between 4.0 and 5.11, upgrade to 5.11.4.

Downloads

Download 5.11.4 Patch Download 5.11.4 Full

% blesta-5.11.4.zip
6003fcf0caadc255b7b43e0a504b130e0a0f8751e22d270e9fd126299e018548

% blesta-5.11.0-5.11.4.zip
353996300dd83ceb91b887691aa1956b2be97dd5c481cd5acf290db51d5078f2

Download 5.10.4 Patch

% blesta-5.10.0-5.10.4.zip
37c102ac7f539a039d2b39354f60c5e504c617e32037a228a15b84009a097018

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Resolution

  • If you are running version 5.11.x, apply the 5.11.4 patch above.
  • If you are running version 5.10.x, apply the 5.10.4 patch above.
  • If you are running version 4.0.x through 5.11.x, upgrade to 5.11.4 Full.

Mitigation

It is best to upgrade to 5.11.4 or apply the appropriate patch. However, if you are running an affected unsupported version of Blesta (version 4.0 through 5.9), and you need more time to upgrade, it is possible to mitigate. We are not publishing mitigation steps now due to nature of the vulnerability. For mitigation steps, open a ticket from within your account and provide your license key as well as the version of Blesta you are running along with the reason you are not able to upgrade.

Credits

This issue was reported by a customer in accordance with our Responsible Disclosure Policy.


Blesta 5.11.3 Patch Released

April 17, 2025
Paul

We are pleased to announce the released of Blesta 5.11.3, which addresses bugs discovered in the 5.11 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.11.3.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.11.0, 5.11.1, or 5.11.2. If you are running an earlier version, you must download the full release.

Download 5.11.3 Patch Download 5.11.3 Full

SHA256 Sum

% blesta-5.11.3.zip
3dcd9e67e43ff9df563dc5a099f8436d5b03aa4d60bff1a3975c030f0bb8b498

% blesta-5.11.0-5.11.3.zip
4a275432739d9b92e1f1c066d089518e69f9a3cf212d4ac2c6d2f7944f708811

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.


Blesta 5.11.2 Patch Released

March 19, 2025
Paul

We are pleased to announce the released of Blesta 5.11.2, which addresses bugs discovered in the 5.11 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.11.2.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.11.0, or 5.11.1. If you are running an earlier version, you must download the full release.

Download 5.11.2 Patch Download 5.11.2 Full

SHA256 Sum

% blesta-5.11.2.zip
968a4720f07c73e4d38ff5fd28afb9e493ec23161f85a06f013d0d4c6b40d647

% blesta-5.11.0-5.11.2.zip
1f2457a8d73c631ff1599d01154b65a82ca3244f360216c2de91cdbad8520fc1

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.


Blesta 5.11.1 Patch Released

March 10, 2025
Paul

We are pleased to announce the released of Blesta 5.11.1, which addresses bugs discovered in the 5.11 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.11.1.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.11.0. If you are running an earlier version, you must download the full release.

Download 5.11.1 Patch Download 5.11.1 Full

SHA256 Sum

% blesta-5.11.1.zip
1939d748f852c47e30116784f19df29aa153b4946932a242d38e848fabcc8370

% blesta-5.11.0-5.11.1.zip
94a9b8212c7ae56028053133c61e4e8da1d8fca1fab172bade06601ae5ded363

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.


Top