We are pleased to announce the released of Blesta 4.11.1, which addresses bugs discovered in the 4.11.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.11.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.11.0. If you are running an earlier version, you must download the full release.

Download 4.11.1 Patch Download 4.11.1 Full

SHA256 Sum

% blesta-4.11.1.zip
0b0bbcaf16dfc2a903c264a81ff738a1411056be873c94fddcfbae4ad77ab6f5

% blesta-4.11.0-4.11.1.zip
179b778ea596f71caff95130b326ef4e2d6f9c31a77865ff7addc60b6d62727f

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.11 is now available! Launch your own affiliate system, add and customize client cards in the client area, try the new transaction filters, and optionally force client usernames to match their email address. We also added a new ISPManager module, added Interworx support for the Softaculous plugin, and so much more!

SHA256 Sum

5355ab477cb10df455098e861ed602a2b628da73f593f2fc50838f8f3a9e81a4

See the documentation for details on how to install or upgrade.

What’s new in 4.11?

• Affiliate System (Activate under Clients > Affiliates).
• Client Cards system for displaying additional information on client dashboard.
• IP Unblocker Plugin with support for cPanel and Directadmin.
• Order history available to clients.
• Cancellation reason field when cancelling services.
• Drag and drop of attachments for the ticket system.
• A forgot username option for clients.
• New transaction filter options.
• A setting for forcing usernames to use the client’s email address.
• Added Interworx support to the Auto Soft Installer Softaculous plugin.
• Added a new ISPManager module. (See docs.)
• Added new email tags to the Pterodactyl module for username and password. (See docs.)

See our beta announcement for more and the release notes for everything.

Sponsored Development

Sponsored development is a good way to support Blesta and get a shout out for your company! Interested? Reach out and say hello.

Stay Connected!

Like our Facebook page, join our Facebook group, follow us on Twitter, and join us in Discord.

We are pleased to announce the released of Blesta 4.10.2, which addresses bugs discovered in the 4.10.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.10.2.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0, or 4.10.1. If you are running an earlier version, you must download the full release.

Download 4.10.2 Patch Download 4.10.2 Full

SHA256 Sum

% blesta-4.10.2.zip
fbe1ec9e7467331e96ccab8a50254437d120469ff8b7a0938deb5f93ce2f402d

% blesta-4.10.0-4.10.2.zip
103dc130237a4d47f669db4cafdcadc6a0f39c7db7db6deb34242efa17f483ac

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.10.1 has been released, which addresses two bugs discovered in the 4.10.0 branch, including one security issue affecting the Order Manager with an impact rating of Moderate. More information about how we rate vulnerabilities can be found on our Security Advisories page. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.10.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0. If you are running an earlier version, you must download the full release.

Download 4.10.1 Patch Download 4.10.1 Full

SHA256 Sum

% blesta-4.10.1.zip
9065d52c3d916efe73474687d116fc2ec7673160e8f288fa6b53568a6e0267fa

% blesta-4.10.0-4.10.1.zip
b64ccf68814951441c4d716d1648687376bee29d0650774f1f14d3bb22c258db

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Affected Versions

All versions of the Order Manager plugin are affected.

Description

This update addresses one security concern:

1. An XSS flaw that affects the order system under certain circumstances.

Resolution

If running 4.10.0, apply the patch for 4.10.1. If running a version earlier than 4.10.0, upgrade to the full 4.10.1 release. See below for mitigation for older supported releases.

Mitigation

It is best to upgrade to 4.10.1, however, if you are running a supported version of Blesta (version 4.6, 4.7, 4.8, or 4.9) you may overwrite the following files from the 4.10.1 patch:

• /blesta/plugins/order/views/templates/ajax/config.pdt
• /blesta/plugins/order/views/templates/standard/config.pdt
• /blesta/plugins/order/views/templates/wizard/config.pdt

Credits

This item was reported by Abdellah nadi in accordance with our Responsible Disclosure Policy.

Blesta 4.10 is now available! You can now charge late fees, filter clients, packages, invoices, services, transactions, and tickets. You can now use an internally generated captcha, adjust smart search criteria, and send an email to clients when their services are scheduled for cancellation. We also added a new Namesilo module, Cornerstone gateway, and much more!

SHA256 Sum

f0b2d7982492f929b4a1942800da36c9de578bf3a80a2be918c680fe69e2ca2b

See the documentation for details on how to install or upgrade.

What’s new in 4.10?

• Late fees.
• Filtering options have been added for clients, packages, invoices, services, transactions, and tickets.
• Human verification options moved to company settings and added a new internal captcha option.
• Clients can now receive an email when their services are scheduled for cancellation.
• Reference ID is now included in transaction searches.
• Packages can now be deleted if they have no associated active services.
• The language can be specified in the URL of order forms and client pages.
• Smart search criteria can now be set.
• Added a new Namesilo domain registration module.
• Added a new Cornerstone payment gateway. (See docs.)

See our beta announcement for more and the release notes for everything.

Sponsored Development

A big shout out to the following companies for sponsoring development for one or more items in this release.

• KnownHost
• Altha Technology

Sponsored development is a good way to support Blesta and get a shout out for your company! Interested? Reach out and say hello.

Stay Connected!

Like our Facebook page, join our Facebook group, follow us on Twitter, and join us in Discord.