Blog

Blesta 5.10 Beta Released

April 5, 2024 | Posted by Paul


We are pleased to announce that Blesta 5.10.0 BETA 1 has been released!

Can I participate in the beta?

If you have an owned or monthly license with us directly, you may download blesta-5.10.0-b1.zip in the client area now (Login Required). If you obtained your license from a reseller or distributor, you may be able to participate. Contact your reseller to find out. As with any beta, this release is for non-production use only and is unsupported. DO NOT UPGRADE YOUR PRODUCTION. During installation, choose to start a free trial, open a ticket to request a trial key, or use your dev license if you have one.

Once you are up and running, head to the forums to report any issues and let us know what you think! If you have a license and are verified or become verified on our Discord chat, you’ll have access to a license holder only beta forum.

Visit the Beta Forums! Visit Discord Chat!

Blesta now ships with 16 additional complete, machine translated languages.

(Caption: Blesta ships with 16 complete, machine translated languages with more to come.)

So what is new in 5.10?

Blesta version 5.10 includes more Domain Manager improvements, including the ability for staff to change the registrar of a domain, and the sync of the domain registration date. We also added the registrar Nominet, and we added domain and service counts to Data Feeds for embedding on your website. We added a new Webhooks system that ties into every Event/Hook. We added a filter option for coupons, added map files to the importer for Enom, OpenSRS, and Namesilo. It’s now possible to include attachments with any email templates. We now ship with 16 additional, complete, language translations with more to come.

New and Updated Extensions

  • Nominet domain registrar has been added.
  • Domain Manager domains widget now loads quicker.
  • Domain Manager now supports the ability for staff to internally change a domains registrar.
  • Domain Manager now sync’s a domains registration date.
  • Domain Manager now sets a sort order to TLDs when created or imported.
  • Data Feeds have been updated to add support for new endpoints for service and domain counts.
  • Support Manager now allows priority restrictions by department.
  • Support Manager now allows 1-minute interval for POP/IMAP ticket polling.
  • Import Manager now includes a map file for Enom, Namesilo, and OpenSRS when importing from WHMCS.
  • Import Manager now allows all options to be submitted via parameters for CLI import.
  • Order System’s MaxMind v2 integration was updated to ignore address_2 if not supplied.
  • Universal Module now includes the Suspend Reason, should it be included in relevant notifications.
  • Razorpay’s cacert.pem certificate was updated, as the old certificate expired.
  • Quantum gateway was updated to disable the auth + capture flow, instead doing an authcapture.

Changes to the Core

  • Blesta now ships with 16 additional, complete machine language translations (via DeepL) with more planned. Languages include: English, Español, Français, Ελληνικά, Italiano, Deutsch, Československý, Nederlands, Polski, Svenska, Pyccĸий, Dansk, Português, Română, 中文, Indonesian, and Türkçe.
  • It’s now possible to set a Package term/price to “default”, which will be selected automatically during order.
  • Attachments may now be added to any email template, which will be included whenever an email is sent using the template.
  • You can now set a favicon for both the client and staff areas under Look and Feel.
  • Admin and Client CSS files may now be cached, improving performance.
  • Coupons now include a filter option to quickly find coupons by Code, Discount Type, Currency, Package Group, Status, or Internal use.
  • All email templates have been updated to use https instead of http by default.
  • Configurable Option quantity fields now show both a slider and a number format option to enter the desired value.
  • When adding a service and appending to an invoice, existing invoices are sorted by most recent invoice number.
  • All plugins (note to developers) are able to set a 1-minute automation task interval.
  • All client email tags are now escaped with a filter in H2O.
  • Made improvements to the way prorated credits are calculated for service downgrades.
  • The CLI installer now supports creation of the 1st staff account and license activation, making it fully scriptable (See docs.)
  • The password reset system was improved.

Client Template Changes

  • /app/views/client/bootstrap/structure.pdt updated

Staff Template Changes

  • /app/views/admin/default/admin_billing.pdt updated
  • /app/views/admin/default/admin_clients_account_achinfo.pdt updated
  • /app/views/admin/default/admin_clients_account_ccinfo.pdt updated
  • /app/views/admin/default/admin_clients_accounts.pdt updated
  • /app/views/admin/default/admin_clients_editcontact.pdt updated
  • /app/views/admin/default/admin_clients_editinvoice.pdt updated
  • /app/views/admin/default/admin_clients_editrecurinvoice.pdt updated
  • /app/views/admin/default/admin_clients_view.pdt updated
  • /app/views/admin/default/admin_company_automation.pdt updated
  • /app/views/admin/default/admin_company_billing_coupons.pdt updated
  • /app/views/admin/default/admin_company_emails_edittemplate.pdt updated
  • /app/views/admin/default/admin_company_gateways_installed.pdt updated
  • /app/views/admin/default/admin_company_lookandfeel_customize.pdt updated
  • /app/views/admin/default/admin_company_messengers_installed.pdt new
  • /app/views/admin/default/admin_company_modules_installed.pdt new
  • /app/views/admin/default/admin_company_plugins_installed.pdt updated
  • /app/views/admin/default/admin_company_themes.pdt updated
  • /app/views/admin/default/admin_main.pdt updated
  • /app/views/admin/default/admin_packages_add.pdt updated
  • /app/views/admin/default/admin_packages_edit.pdt updated
  • /app/views/admin/default/admin_system_companies.pdt updated
  • /app/views/admin/default/admin_system_staff_editgroup.pdt updated
  • /app/views/admin/default/partial_fields.pdt updated
  • /app/views/admin/default/settings_leftnav.pdt updated
  • /app/views/admin/default/structure.pdt updated

See the release notes for more details on this release.

Note Regarding PHP 8

Many 3rd party or custom extensions may not yet be compatible with PHP 8. If upgrading Blesta, it is best to use a PHP version that is compatible with both the release you are upgrading from and the release you are upgrading to. Test third party integrations and customizations.

Blesta supports PHP 7.2, 7.3, 7.4, 8.1, and 8.2 through Ioncube using the default files, and PHP 8.0, 8.1, and 8.2 through SourceGuardian via the hotfix-php8 directory. Report any PHP 8 related issues for Blesta or official extensions on our forums or Discord #beta channel.

Is there something you want to see in Blesta? Create a new feature request or upvote an existing one!

When is the final release?

Version 5.10 will be officially released after the beta phase has completed, which we expect to happen soon. Once we deem 5.10 stable for production, a final release will be issued. You can help speed things along by participating in the beta!

Blesta 5.9.3 Patch Released

February 21, 2024 | Posted by Paul


We are pleased to announce the released of Blesta 5.9.3, which addresses bugs discovered in the 5.9 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.9.3.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.9.0, 5.9.1, or 5.9.2. If you are running an earlier version, you must download the full release.

Download 5.9.3 Patch Download 5.9.3 Full

SHA256 Sum

% blesta-5.9.3.zip
bfed233dfcc2883a6c4408e1b4d8f20b771af07eb0e67dc8b8fa795dd96e68a6

% blesta-5.9.0-5.9.3.zip
a851746218377c6e9ca0be76471a8d6a7f92c8156ff9d75d53a00355f398466c

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Security Advisory

February 8, 2024 | Posted by Paul


Several security issues affecting Blesta versions 5.0.0 through 5.9.1 have been identified. There is no evidence to suggest that these vulnerabilities are publicly known or being exploited, but you should take action now.

A path traversal vulnerability may lead to account compromise and RCE (Remote Code Execution) through vulnerability chaining. We recommend applying the appropriate patch for your release as soon as possible, or by upgrading to version 5.9.2. Given the compounding nature of these vulnerabilies, we give this an impact rating of Critical.

More information about how we rate vulnerabilities can be found on our Security Advisories page.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs, so download the appropriate patch for your minor version. If you are running a version of Blesta between 5.0 and 5.6, upgrade to 5.9.2.

Downloads

Download 5.9.2 Patch Download 5.9.2 Full

% blesta-5.9.2.zip
27f59fd3bc7a30dd6dc40ae619447fc5be049f2f3cd811ac5a6fc59b6d643b02

% blesta-5.9.0-5.9.2.zip
a4626ab2a8fe3f28010c368cc54b704cade6ac2fc299b7d48a3daec3ef9837e3

Download 5.8.3 Patch

% blesta-5.8.0-5.8.3.zip
5f5463e8590b837c76b1aa1c3f89b07e50efce477606b8f6b7f49543b2e9e828

Download 5.7.2 Patch

% blesta-5.7.0-5.7.2.zip
3f06d2a2a08f196725389e69db0cc3dc1ac05ba48f3a473b01ecc3d2caa3fa8f

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Resolution

  • If you are running version 5.7.x, apply the 5.7.2 patch above.
  • If you are running version 5.8.x, apply the 5.8.3 patch above.
  • If you are running version 5.9.x, apply the 5.9.2 patch above.
  • If you are running version 5.0.x through 5.6.x, upgrade to 5.9.2 Full.

Mitigation

It is best to upgrade to 5.9.2 or apply the appropriate patch. However, if you are running an affected unsupported version of Blesta (version 5.0 through 5.6), or you need more time to upgrade, you may take the following immediate steps to mitigate.

  • Visit Settings > System > General and note the location of your “Uploads Directory”.
  • Assuming your uploads directory is “/path/to/uploads/” check the directory for your company ID (typically “1”) and see if you have a “themes” directory. If the directory exists, delete the directory. Example locations for this directory are: “/path/to/uploads/1/themes”, “/path/to/uploads/2/themes”, etc. Only users with addon-companies will have any directories other than “1” within the uploads directory. Ensure “themes” is deleted from each.

If your logo dissappears, you may need to visit Settings > Company > Look and Feel > Customize and set your logo using “Set Logo URL”, not “Upload Logo”. NOTE that this may result in the “themes” directory being re-created. If you perform this step, check for and delete the “themes” directory again.

We would also highly recommend ensuring that Two-Factor Authentication is enabled for all Staff accounts. Staff can set up Two-Factor Authentication under “My Info” using a token like Google Authenticator (for iOS/Android).

Credits

These issues were reported to us by Emre Hampolat in accordance with our Responsible Disclosure Policy.

Blesta 5.9.1 Patch Released

January 25, 2024 | Posted by Paul


We are pleased to announce the released of Blesta 5.9.1, which addresses bugs discovered in the 5.9 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.9.1.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.9.0. If you are running an earlier version, you must download the full release.

Download 5.9.1 Patch Download 5.9.1 Full

SHA256 Sum

% blesta-5.9.1.zip
90706ef493651791ac0fe43ef503f20010a7e260bc045d21df1e7d8c9edeb832

% blesta-5.9.0-5.9.1.zip
f75e9b4237d8ce341ec04ea6aa53b12e9f146fcec383974e3b2eedb9197b8879

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 5.9 Released

January 16, 2024 | Posted by Paul


Blesta 5.9 is now available! Registering domains as an admin has been improved as well as other updates to domains, including a new OpenProvider registrar module. We added an option to ban IPs (CIDR) and Emails (Wildcard), the ability to regenerate and send welcome emails, split invoices, require manual service activation for services that are not automatically provisioned, and more!

Download 5.9

SHA256 Sum

835da2d20ce9f603559be3bd36a2707a0bce65624af8ceba055f2e5a2e80d130

If upgrading from a release prior to 5.0, please review the version 5.0 announcement prior to upgrading. 5.0 was a major release and increased system requirements. ALWAYS BACKUP YOUR FILES + DATABASE PRIOR TO UPGRADING.

See the documentation for details on how to install or upgrade.

What’s new in 5.9?

  • Added a new section for searching and registering or transfering domains for a client as an admin.
  • Added the ability to ban IP addresses (CIDR), and email addresses (wildcard), for login, orders, and support.
  • Added a bulk option to re-generate and send welcome emails to clients.
  • Added a Package option to disable automatic provisioning of paid pending services to allow staff to manually provision services that require it.
  • Added new settings to space out module renewal attempts should they fail.
  • Added a new payment gateway for Indonesia called Duitku.
  • Added a new domain registrar module for Openprovider.
  • Added an option to split invoices. Selected line items can be split to a new invoice on edit.
  • Added an option for clients to add a recovery email address that receives password reset emails.
  • Added a bulk delete option for configurable options and configurable option groups.
  • Added additional info logging for new and updated contacts and managers.
  • Updated the OpenSRS registrar module to add support for TLD import and price sync.
  • Updated contact and manager permissions to add a permission for Quotations.
  • Updated the PayUMoney payment gateway to add support for webhooks.
  • Updated the Universal Module to allow customization of the expand area for client and staff.
  • Updated the Domain Manager to include a bulk “Unparent” option within the domains widget.
  • Updated the payment gateway Stripe Payments to make several improvements.
  • Added support for PHP 8.2 with Ioncube.

See our beta announcement for more and the release notes for everything.

Developers

  • Reminder: If you are a developer, we recommend updating your extensions to support PHP 8, including PHP 8.2 if they don’t already.

A big shout out to the following companies for sponsoring development for one or more items in this release. Show them some love.

Sponsored development is a good way to support Blesta and get a shout out for your company! Interested? Reach out and say hello.

Stay Connected!

Like our Facebook page, join our Facebook group and Subreddit, follow us on Twitter, and join us in Discord.

Tags: