We are pleased to announce the released of Blesta 4.11.1, which addresses bugs discovered in the 4.11.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.11.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.11.0. If you are running an earlier version, you must download the full release.

Download 4.11.1 Patch Download 4.11.1 Full

SHA256 Sum

% blesta-4.11.1.zip
0b0bbcaf16dfc2a903c264a81ff738a1411056be873c94fddcfbae4ad77ab6f5

% blesta-4.11.0-4.11.1.zip
179b778ea596f71caff95130b326ef4e2d6f9c31a77865ff7addc60b6d62727f

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.11 is now available! Launch your own affiliate system, add and customize client cards in the client area, try the new transaction filters, and optionally force client usernames to match their email address. We also added a new ISPManager module, added Interworx support for the Softaculous plugin, and so much more!

SHA256 Sum

5355ab477cb10df455098e861ed602a2b628da73f593f2fc50838f8f3a9e81a4

See the documentation for details on how to install or upgrade.

What’s new in 4.11?

• Affiliate System (Activate under Clients > Affiliates).
• Client Cards system for displaying additional information on client dashboard.
• IP Unblocker Plugin with support for cPanel and Directadmin.
• Order history available to clients.
• Cancellation reason field when cancelling services.
• Drag and drop of attachments for the ticket system.
• A forgot username option for clients.
• New transaction filter options.
• A setting for forcing usernames to use the client’s email address.
• Added Interworx support to the Auto Soft Installer Softaculous plugin.
• Added a new ISPManager module. (See docs.)
• Added new email tags to the Pterodactyl module for username and password. (See docs.)

See our beta announcement for more and the release notes for everything.

Sponsored Development

Sponsored development is a good way to support Blesta and get a shout out for your company! Interested? Reach out and say hello.

Stay Connected!

Like our Facebook page, join our Facebook group, follow us on Twitter, and join us in Discord.

We are pleased to announce that Blesta 4.11.0 BETA 1 has been released!

Can I participate in the beta?

If you have an owned or monthly license with us directly, you may download blesta-4.11.0-b1.zip in the client area now (Login Required). If you obtained your license from a reseller or distributor, you may be able to participate. Contact your reseller to find out. As with any beta, this release is for non-production use only and is unsupported. During installation, choose to start a free trial, open a ticket to request a trial key, or use your dev license if you have one.

Once you are up and running, head to the forums to report any issues and let us know what you think! If you have a license and are verified or become verified on our Discord chat, you’ll have access to a license holder only beta forum.

Visit the Beta Forums! Visit Discord Chat!

So what is new in 4.11?

Blesta version 4.11 includes an affiliate system, configurable client cards, a new ISPManager module, an IP unblocker plugin, an option to force emails as usernames, and much more.

New Extensions

These extensions are new with Blesta 4.11.

• ISPManager Module.
• IP Unblocker Plugin (Supports cPanel and Directadmin servers running CSF).
• Client Cards plugin (Adds service and invoice cards).

Updated Extensions

• Order Manager updated to include a new affiliate system.
• Order Manager updated to show order history to clients.
• Order Manager updated to create an orders client card.
• Import Manager updated to improve importing from WHMCS, and import of affiliate data.
• Added Interworx support to the Auto Soft Installer Softaculous plugin.
• Support Manager updated to allow drag and drop of attachments.
• Support Manager updated to create a tickets client card.
• Pterodactyl module updated to include username and password tags for welcome emails.

Changes to the Core

• Added a new client cards system for displaying information cards on a client’s dashboard.
• Added a forgot username option for clients.
• Added a cancellation reason field when cancelling services.
• Added an option to force emails as usernames.
• Added new transaction filters.

Changes for Developers

• Plugins can now create client cards.

Client Template Changes

• /app/views/client/bootstrap/client_login.pdt updated
• /app/views/client/bootstrap/client_login_forgot.pdt new
• /app/views/client/bootstrap/client_main.pdt updated
• /app/views/client/bootstrap/client_main_card.pdt new
• /app/views/client/bootstrap/client_services_cancel.pdt updated
• /app/views/client/bootstrap/client_services_serviceinfo.pdt updated

Note Regarding Hotfixes

Blesta now ships with bundled encoded files that support PHP 5.4 through PHP 7.3 out of the box. This means that you should not need to upload any hotfixes unless you are running a version of Ioncube loaders older than version 10.1. If you are running old Ioncube loaders, upgrade Ioncube or apply the following hotfix based on your PHP version:

• PHP version >= 7.1.0 - use /hotfix-php71/blesta/
• PHP version >= 5.6.0 and < 7.1.0 - use /hotfix-php7/blesta/
• PHP version >= 5.4.0 and < 5.6.0 - use /hotfix-php54/blesta/

See the release notes for more details on this release.

Is there something you want to see in Blesta? Create a new feature request or upvote an existing one!

When is the final release?

Version 4.11 will be officially released after the beta phase has completed, which we expect to happen soon. Once we deem 4.11 stable for production, a final release will be issued. You can help speed things along by participating in the beta!

We are pleased to announce the released of Blesta 4.10.2, which addresses bugs discovered in the 4.10.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.10.2.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0, or 4.10.1. If you are running an earlier version, you must download the full release.

Download 4.10.2 Patch Download 4.10.2 Full

SHA256 Sum

% blesta-4.10.2.zip
fbe1ec9e7467331e96ccab8a50254437d120469ff8b7a0938deb5f93ce2f402d

% blesta-4.10.0-4.10.2.zip
103dc130237a4d47f669db4cafdcadc6a0f39c7db7db6deb34242efa17f483ac

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.10.1 has been released, which addresses two bugs discovered in the 4.10.0 branch, including one security issue affecting the Order Manager with an impact rating of Moderate. More information about how we rate vulnerabilities can be found on our Security Advisories page. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.10.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0. If you are running an earlier version, you must download the full release.

Download 4.10.1 Patch Download 4.10.1 Full

SHA256 Sum

% blesta-4.10.1.zip
9065d52c3d916efe73474687d116fc2ec7673160e8f288fa6b53568a6e0267fa

% blesta-4.10.0-4.10.1.zip
b64ccf68814951441c4d716d1648687376bee29d0650774f1f14d3bb22c258db

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Affected Versions

All versions of the Order Manager plugin are affected.

Description

This update addresses one security concern:

1. An XSS flaw that affects the order system under certain circumstances.

Resolution

If running 4.10.0, apply the patch for 4.10.1. If running a version earlier than 4.10.0, upgrade to the full 4.10.1 release. See below for mitigation for older supported releases.

Mitigation

It is best to upgrade to 4.10.1, however, if you are running a supported version of Blesta (version 4.6, 4.7, 4.8, or 4.9) you may overwrite the following files from the 4.10.1 patch:

• /blesta/plugins/order/views/templates/ajax/config.pdt
• /blesta/plugins/order/views/templates/standard/config.pdt
• /blesta/plugins/order/views/templates/wizard/config.pdt

Credits

This item was reported by Abdellah nadi in accordance with our Responsible Disclosure Policy.