We are pleased to announce the released of Blesta 5.10.1, which addresses bugs discovered in the 5.10 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.10.1.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.10.0. If you are running an earlier version, you must download the full release.

Download 5.10.1 Patch Download 5.10.1 Full

SHA256 Sum

% blesta-5.10.1.zip
3c525b62a95f8c77914d41f195e708a506887dc86b531b6b424ca2e1e091f28b

% blesta-5.10.0-5.10.1.zip
ddb24cee3e50b5b6452765e499fe0e50ed3f42505988b28ba52c76458604d612

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 5.10 is now available!

Blesta now ships with 18 fully translated languages with more to come in a future update. More Domain Manager improvements including the ability for staff to change a domains registrar, registration date sync, and a new Nominet registrar module. We added a powerful new Webhooks system that ties into every event/hook. Coupon filtering, additional mapping files when importing from WHMCS, include attachments with any email template, and more!

SHA256 Sum

e7d7d3973147ca20de760ead1ac0360832379c7cfd98ad23837a8326310232dc

If upgrading from a release prior to 5.0, please review the version 5.0 announcement prior to upgrading. 5.0 was a major release and increased system requirements. ALWAYS BACKUP YOUR FILES + DATABASE PRIOR TO UPGRADING.

See the documentation for details on how to install or upgrade.

What’s new in 5.10?

• Added new languages. Blesta now ships with 18 complete language translations, including: English, Español, Français, Ελληνικά, Italiano, Deutsch, Československý, Nederlands, Polski, Svenska, Pyccĸий, Dansk, Português, Română, 中文, Indonesian, Yкраїнська, and Türkçe.
• Added an option to set a Package term/price to “default” so that it’s selected by default on order forms.
• Added the ability to add attachments to any email templates, which will be included in those emails.
• Added an option to set a favicon for both the client and staff areas under Look and Feel.
• Added a filter for coupons: Filter Code, Discount Type, Currency, Package Group, Status, and Internal Use.
• Added a new Nominet domain registrar module.
• Updated Configurable Option quantity fields to show both a slider and number format.
• Updated the CLI installer to make it fully scriptable, now supports staff user creation and licensing.
• Updated the Domain Manager to sync domain registration date, allow staff to change the registrar, and other performance improvements.
• Updated the Support Manager to allow priority restrictions by department, and a 1-minute interval option for polling POP/IMAP ticket emails.
• Updated Data Feeds to add new endpoints for service and domain counts.
• Updated service creation when appending to an existing invoice to select the most recent invoice by default.
• Updated all client email templates to escape tags with a filter.
• Updated the password reset system to improve the way password resets are handled.
• Updated MaxMind v2 integration to ignore address_2 if not supplied.
• Updated the Import Manager to include a new map file for Enom, Namesilo, and OpenSRS when importing from WHMCS.
• Updated the Import Manager to make it fully scriptable, all options can be included in a single command.

See our beta announcement for more and the release notes for everything.

Developers

• Plugins can now take advantage of 1-minute automation intervals.
• Reminder: If you are a developer, we recommend updating your extensions to support PHP 8, including PHP 8.2 if they don’t already.

Sponsored Development

Sponsored development is a good way to support Blesta and get a shout out for your company! Interested? Reach out and say hello.

Stay Connected!

Like our Facebook page, join our Facebook group and Subreddit, follow us on Twitter, and join us in Discord.

We are pleased to announce the released of Blesta 5.9.3, which addresses bugs discovered in the 5.9 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.9.3.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.9.0, 5.9.1, or 5.9.2. If you are running an earlier version, you must download the full release.

Download 5.9.3 Patch Download 5.9.3 Full

SHA256 Sum

% blesta-5.9.3.zip
bfed233dfcc2883a6c4408e1b4d8f20b771af07eb0e67dc8b8fa795dd96e68a6

% blesta-5.9.0-5.9.3.zip
a851746218377c6e9ca0be76471a8d6a7f92c8156ff9d75d53a00355f398466c

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Several security issues affecting Blesta versions 5.0.0 through 5.9.1 have been identified. There is no evidence to suggest that these vulnerabilities are publicly known or being exploited, but you should take action now.

A path traversal vulnerability may lead to account compromise and RCE (Remote Code Execution) through vulnerability chaining. We recommend applying the appropriate patch for your release as soon as possible, or by upgrading to version 5.9.2. Given the compounding nature of these vulnerabilies, we give this an impact rating of Critical.

More information about how we rate vulnerabilities can be found on our Security Advisories page.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs, so download the appropriate patch for your minor version. If you are running a version of Blesta between 5.0 and 5.6, upgrade to 5.9.2.

Downloads

Download 5.9.2 Patch Download 5.9.2 Full

% blesta-5.9.2.zip
27f59fd3bc7a30dd6dc40ae619447fc5be049f2f3cd811ac5a6fc59b6d643b02

% blesta-5.9.0-5.9.2.zip
a4626ab2a8fe3f28010c368cc54b704cade6ac2fc299b7d48a3daec3ef9837e3

Download 5.8.3 Patch

% blesta-5.8.0-5.8.3.zip
5f5463e8590b837c76b1aa1c3f89b07e50efce477606b8f6b7f49543b2e9e828

Download 5.7.2 Patch

% blesta-5.7.0-5.7.2.zip
3f06d2a2a08f196725389e69db0cc3dc1ac05ba48f3a473b01ecc3d2caa3fa8f

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Resolution

• If you are running version 5.7.x, apply the 5.7.2 patch above.
• If you are running version 5.8.x, apply the 5.8.3 patch above.
• If you are running version 5.9.x, apply the 5.9.2 patch above.
• If you are running version 5.0.x through 5.6.x, upgrade to 5.9.2 Full.

Mitigation

It is best to upgrade to 5.9.2 or apply the appropriate patch. However, if you are running an affected unsupported version of Blesta (version 5.0 through 5.6), or you need more time to upgrade, you may take the following immediate steps to mitigate.

• Visit Settings > System > General and note the location of your “Uploads Directory”.
• Assuming your uploads directory is “/path/to/uploads/” check the directory for your company ID (typically “1”) and see if you have a “themes” directory. If the directory exists, delete the directory. Example locations for this directory are: “/path/to/uploads/1/themes”, “/path/to/uploads/2/themes”, etc. Only users with addon-companies will have any directories other than “1” within the uploads directory. Ensure “themes” is deleted from each.

If your logo dissappears, you may need to visit Settings > Company > Look and Feel > Customize and set your logo using “Set Logo URL”, not “Upload Logo”. NOTE that this may result in the “themes” directory being re-created. If you perform this step, check for and delete the “themes” directory again.

We would also highly recommend ensuring that Two-Factor Authentication is enabled for all Staff accounts. Staff can set up Two-Factor Authentication under “My Info” using a token like Google Authenticator (for iOS/Android).

Credits

These issues were reported to us by Emre Hampolat in accordance with our Responsible Disclosure Policy.

We are pleased to announce the released of Blesta 5.9.1, which addresses bugs discovered in the 5.9 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/5.9.1.

Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.9.0. If you are running an earlier version, you must download the full release.

Download 5.9.1 Patch Download 5.9.1 Full

SHA256 Sum

% blesta-5.9.1.zip
90706ef493651791ac0fe43ef503f20010a7e260bc045d21df1e7d8c9edeb832

% blesta-5.9.0-5.9.1.zip
f75e9b4237d8ce341ec04ea6aa53b12e9f146fcec383974e3b2eedb9197b8879

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.