Blesta 3.1: Beta Released
We’re excited to announce that Blesta 3.1 beta 1 has been released. If you didn’t receive the announcement email, you can view it online here. The release notes are also available here.
We’ve been working on 3.1 for a while now, and it’s time for a beta! Betas are open to direct customers, and the download is available now within the client area. Login at https://account.blesta.com/client/login/, click “Downloads”, then “Betas”, then 3.1.0-b1 download.
During installation, select to start a 30-day free trial unless you have another license available, such as a development license. If you need help, please open a ticket.
If you don’t have a Blesta license yet, you can still get into the Beta. Now’s a good time to buy!
Once you get the beta installed, head on over to the forums and let us know what you think. Your feedback is very important to us, and will help us get to a final release as quickly as possible.
Related Tags:
Security Advisory - Cross-site scripting vulnerabilities
Affected Versions
Versions 3.0.0 through 3.0.6 are affected.
Description
Some content may be rendered in the client and admin interfaces, as well as through the Support plugin without proper sanitization, possibly making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.7 corrects these vulnerabilities.
Resolution
Upgrade to version 3.0.7, or uninstall the affected plugins. Related tasks:
- CORE-877
- CORE-931
- CORE-932
Credits
CORE-931 was discovered by Clifford Trigo (@mrtrizaeron) and Evan Ricafort (@robinhood0x00). CORE-877 and CORE-932 were discovered by the Blesta Development Team.
Related Tags:
Blesta 3.0.6 Patch Released
A patch has been released for Blesta that addresses bugs discovered since 3.0.5 was released. As usual, a big thanks to everyone who reported and confirmed these bugs on our forums, we appreciate your help.
You can read more information about this patch, including the release notes, on our forums at http://www.blesta.com/forums/index.php?/topic/1467-release-306/
Download Link
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
Blesta 3.0.5 Patch Released
A patch has been released for Blesta that addresses bugs discovered since 3.0.4 was released. It also contains two security fixes discovered in house as part of our review process. For more information about these fixes, please see the advisory. We strongly recommend upgrading to 3.0.5.
You can read more information about this patch, including the release notes, on our forums at http://www.blesta.com/forums/index.php?/topic/1285-release-305/
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
Security Advisory - Plugin vulnerabilities
Affected Versions
Versions 3.0.0 through 3.0.4 are affected.
Description
Some content may be rendered in both the System Overview and Feed Reader plugins without proper sanitization, making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.5 corrects these vulnerabilities. Uninstalling the affected plugins will also mitigate any potential attacks.
Resolution
Upgrade to version 3.0.5, or uninstall the affected plugins. Related tasks:
- CORE-829
- CORE-830
Credits
These issues were discovered by the Blesta Development Team.