Blesta 4.10.1 has been released, which addresses two bugs discovered in the 4.10.0 branch, including one security issue affecting the Order Manager with an impact rating of Moderate. More information about how we rate vulnerabilities can be found on our Security Advisories page. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.10.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0. If you are running an earlier version, you must download the full release.

Download 4.10.1 Patch Download 4.10.1 Full

SHA256 Sum

% blesta-4.10.1.zip
9065d52c3d916efe73474687d116fc2ec7673160e8f288fa6b53568a6e0267fa

% blesta-4.10.0-4.10.1.zip
b64ccf68814951441c4d716d1648687376bee29d0650774f1f14d3bb22c258db

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Affected Versions

All versions of the Order Manager plugin are affected.

Description

This update addresses one security concern:

1. An XSS flaw that affects the order system under certain circumstances.

Resolution

If running 4.10.0, apply the patch for 4.10.1. If running a version earlier than 4.10.0, upgrade to the full 4.10.1 release. See below for mitigation for older supported releases.

Mitigation

It is best to upgrade to 4.10.1, however, if you are running a supported version of Blesta (version 4.6, 4.7, 4.8, or 4.9) you may overwrite the following files from the 4.10.1 patch:

• /blesta/plugins/order/views/templates/ajax/config.pdt
• /blesta/plugins/order/views/templates/standard/config.pdt
• /blesta/plugins/order/views/templates/wizard/config.pdt

Credits

This item was reported by Abdellah nadi in accordance with our Responsible Disclosure Policy.

Blesta 4.10 is now available! You can now charge late fees, filter clients, packages, invoices, services, transactions, and tickets. You can now use an internally generated captcha, adjust smart search criteria, and send an email to clients when their services are scheduled for cancellation. We also added a new Namesilo module, Cornerstone gateway, and much more!

SHA256 Sum

f0b2d7982492f929b4a1942800da36c9de578bf3a80a2be918c680fe69e2ca2b

See the documentation for details on how to install or upgrade.

What’s new in 4.10?

• Late fees.
• Filtering options have been added for clients, packages, invoices, services, transactions, and tickets.
• Human verification options moved to company settings and added a new internal captcha option.
• Clients can now receive an email when their services are scheduled for cancellation.
• Reference ID is now included in transaction searches.
• Packages can now be deleted if they have no associated active services.
• The language can be specified in the URL of order forms and client pages.
• Smart search criteria can now be set.
• Added a new Namesilo domain registration module.
• Added a new Cornerstone payment gateway. (See docs.)

See our beta announcement for more and the release notes for everything.

Sponsored Development

A big shout out to the following companies for sponsoring development for one or more items in this release.

• KnownHost
• Altha Technology

Sponsored development is a good way to support Blesta and get a shout out for your company! Interested? Reach out and say hello.

Stay Connected!

Like our Facebook page, join our Facebook group, follow us on Twitter, and join us in Discord.

We are pleased to announce that Blesta 4.10.0 BETA 1 has been released!

Can I participate in the beta?

If you have an owned or monthly license with us directly, you may download blesta-4.10.0-b1.zip in the client area now (Login Required). If you obtained your license from a reseller or distributor, you may be able to participate. Contact your reseller to find out. As with any beta, this release is for non-production use only and is unsupported. During installation, choose to start a free trial, open a ticket to request a trial key, or use your dev license if you have one.

Once you are up and running, head to the forums to report any issues and let us know what you think! If you have a license and are verified or become verified on our Discord chat, you’ll have access to a license holder only beta forum.

Visit the Beta Forums! Visit Discord Chat!

So what is new in 4.10?

Blesta version 4.10 includes a new Cornerstone payment gateway, NameSilo module, support for charging late fees, filtering for most widgets, and much more.

New Extensions

These extensions are new with Blesta 4.10.

• Namesilo Module
• Cornerstone Payment Gateway

Updated Extensions

• Order - The language can now be specified in the URL. (See docs.)
• Order - Human verification for orders has been moved to Settings > Company > General > Human Verification.

Changes to the Core

• Late fees can now be set under Settings > Company > Billing/Payment > Late Fees.
• Filtering options have been added for Clients, Packages, Invoices, Services, Transactions, and Tickets.
• Smart Search criteria can now be set under Settings > Company > General > Smart Search.
• An email can now be sent to the client when a service is scheduled for cancellation.
• Reference ID is now included in transaction searches.
• Packages can now be deleted if they have no associated active services.
• Added a new internally generated captcha option in addition to reCAPTCHA, and moved human verification options to company settings.

Changes for Developers

• Widgets now support filtering options.

Client Template Changes

• /app/views/client/bootstrap/client_invoices.pdt updated
• /app/views/client/bootstrap/client_services.pdt updated
• /app/views/client/bootstrap/client_transactions.pdt updated

Note Regarding Hotfixes

Blesta now ships with bundled encoded files that support PHP 5.4 through PHP 7.3 out of the box. This means that you should not need to upload any hotfixes unless you are running a version of Ioncube loaders older than version 10.1. If you are running old Ioncube loaders, upgrade Ioncube or apply the following hotfix based on your PHP version:

• PHP version >= 7.1.0 - use /hotfix-php71/blesta/
• PHP version >= 5.6.0 and < 7.1.0 - use /hotfix-php7/blesta/
• PHP version >= 5.4.0 and < 5.6.0 - use /hotfix-php54/blesta/

See the release notes for more details on this release.

Is there something you want to see in Blesta? Create a new feature request or upvote an existing one!

When is the final release?

Version 4.10 will be officially released after the beta phase has completed, which we expect to happen soon. Once we deem 4.10 stable for production, a final release will be issued. You can help speed things along by participating in the beta!

We are pleased to announce the released of Blesta 4.9.1, which addresses bugs discovered in the 4.9.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.9.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.9.0. If you are running an earlier version, you must download the full release.

Download 4.9.1 Patch Download 4.9.1 Full

SHA256 Sum

% blesta-4.9.1.zip
50b7734fb782cb5d9cbe6cb5e1f627322ad8bee43690c4ebed4942b8c8319a07

% blesta-4.9.0-4.9.1.zip
3fd55f932297f002575c9c49bfe408ec586709c29be0d7680b0cb1c139054f18

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.9 is now available! You can set client package limits, display the Orders and Billing at a Glance widgets on your Dashboard, and generate revenue reports that break down by revenue by package. We also added support for Directadmin to Softaculous, a new Razorpay gateway, and much more!

SHA256 Sum

1c7eda102a05f556df7c5ce490f9bf98fcab6e5db8faa428886a3f774ed591a4

See the documentation for details on how to install or upgrade.

What’s new in 4.9?

• Client limits for packages allow restricting each client to a maximum number of services using the package.
• A new package revenue report breaks down revenue by package over a period of time.
• Added a new ACH/CC payment method override setting to the order manager for new accounts.
• Added a Razorpay payment gateway. (See docs.)
• Updated the Softaculous plugin to add support for DirectAdmin. (See docs.)
• Updated the Vultr module to add support for IPv6 subnets.
• New plugin settings allow for granular control of plugin features. You can now disable the Knowledge Base!
• Client notes are now included in the smart and client searches.
• Modern WHMCS password hashes will now work after migrating to Blesta. (See docs.)
• Cancelled services can now optionally be deleted by staff.
• Clients can now access their email history log from the client area.
• Updated the Billing at a Glance, and Order widgets so they can be added to the Dashboard.
• Updated the System Overview, Feed Reader, and System Status widgets so they can be added to Billing Overview.

See our beta announcement for more and the release notes for everything.

Sponsored Development

A big shout out to the following companies for sponsoring development for one or more items in this release.

• KnownHost

Sponsored development is a good way to support Blesta and get a shout out for your company! Interested? Reach out and say hello.

Stay Connected!

Like our Facebook page, join our Facebook group, follow us on Twitter, and join us in Discord.