Blesta 3.1.3 Patch Released
A patch has been released for Blesta that addresses bugs discovered since 3.1.2 was released. As usual, a big thanks to everyone who reported and confirmed these bugs on our forums, we appreciate your help.
You can read more information about this patch, including the release notes, on our forums at http://www.blesta.com/forums/index.php?/topic/2168-release-313/ A patch has been released for Blesta that addresses bugs discovered since 3.1.2 was released. As usual, a big thanks to everyone who reported and confirmed these bugs on our forums, we appreciate your help.
You can read more information about this patch, including the release notes, on our forums at http://www.blesta.com/forums/index.php?/topic/2168-release-313/
Download Link
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
Blesta 3.1.2 & 3.0.10 Patch Released
A patch has been released for Blesta that addresses bugs discovered since 3.1.0 was released. This patch also addresses various staff permission issues that affect 3.0.0-3.0.9 and 3.1.0-3.1.1. Please see the advisory. If you have untrusted staff users, we strongly recommend patching your installation.
You can read more information about this patch, including the release notes, on our forums:
For 3.0.10 see http://www.blesta.com/forums/index.php?/topic/2035-release-3010/ A patch has been released for Blesta that addresses bugs discovered since 3.1.0 was released. This patch also addresses various staff permission issues that affect 3.0.0-3.0.9 and 3.1.0-3.1.1. Please see the advisory. If you have untrusted staff users, we strongly recommend patching your installation.
You can read more information about this patch, including the release notes, on our forums:
For 3.0.10 see http://www.blesta.com/forums/index.php?/topic/2035-release-3010/
For 3.1.2 see http://www.blesta.com/forums/index.php?/topic/2036-release-312/
Download Link
blesta-3.0.0-3.0.10.zip (3.0.10 patch)
blesta-3.1.0-3.1.2.zip (3.1.2 patch)
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual. Don’t forget to run /admin/upgrade in your browser.
Security Advisory – Various Staff Permission Issues
Affected Versions
Versions 3.0.0 through 3.0.9, and 3.1.0 through 3.1.1 are affected.
Description
Active and valid staff members may be able to access areas of the application without proper ACL permissions. Additionally, staff members may not be logged out immediately after being made inactive. These issues are classified as Moderate vulnerabilities. Patch release 3.0.10 and 3.1.2 correct these vulnerabilities.
Resolution
If you are running 3.0.x upgrade to version 3.0.10. If you are running 3.1.x upgrade to version 3.1.2.
Related tasks:
- CORE-1062
- CORE-1063
- CORE-1064
Credits
CORE-1062 was discovered by Nerijus Barauskas at NGnTC. CORE-1063 and CORE-1064 were discovered by the Blesta Development Team.
Related Tags:
Blesta 3.1.1 & 3.0.9 Patch Released
A patch has been released for Blesta that addresses bugs discovered since 3.1.0 was released. This patch also addresses a security vulnerability that affects 3.0.0-3.0.8 and 3.1.0. Please see the advisory. We strongly recommend patching your installation.
You can read more information about this patch, including the release notes, on our forums:
For 3.0.9 see http://www.blesta.com/forums/index.php?/topic/1950-release-309/[A patch has been released for Blesta that addresses bugs discovered since 3.1.0 was released. This patch also addresses a security vulnerability that affects 3.0.0-3.0.8 and 3.1.0. Please see the advisory. We strongly recommend patching your installation.
You can read more information about this patch, including the release notes, on our forums:
For 3.0.9 see http://www.blesta.com/forums/index.php?/topic/1950-release-309/]2
For 3.1.1 see http://www.blesta.com/forums/index.php?/topic/1951-release-311/
Download Link
blesta-3.0.0-3.0.9.zip (3.0.9 patch)
blesta-3.1.0-3.1.1.zip (3.1.1 patch)
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual. Don’t forget to run /admin/upgrade in your browser.
Security Advisory - Staff Permission Escalation
Affected Versions
Versions 3.0.0 through 3.0.8, and 3.1.0 are affected.
Description
Active and valid staff members may be able to gain additional permissions through crafted URLs. Because this issue requires that the user have an active and valid staff member account, this is classified as a Moderate vulnerability. Patch release 3.0.9 and 3.1.1 corrects this vulnerability.
Resolution
If you are running 3.0.x upgrade to version 3.0.9. If you are running 3.1.0 upgrade to version 3.1.1.
Related tasks:
- CORE-1045
Credits
CORE-1045 was discovered by Nerijus Barauskas at NGnTC.