Blesta 4.10.1 has been released, which addresses two bugs discovered in the 4.10.0 branch, including one security issue affecting the Order Manager with an impact rating of Moderate. More information about how we rate vulnerabilities can be found on our Security Advisories page. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!
The release notes are available at https://docs.blesta.com/display/support/4.10.1.
Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0. If you are running an earlier version, you must download the full release.
Download 4.10.1 Patch Download 4.10.1 Full
% blesta-4.10.1.zip 9065d52c3d916efe73474687d116fc2ec7673160e8f288fa6b53568a6e0267fa % blesta-4.10.0-4.10.1.zip b64ccf68814951441c4d716d1648687376bee29d0650774f1f14d3bb22c258db
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
All versions of the Order Manager plugin are affected.
This update addresses one security concern:
- An XSS flaw that affects the order system under certain circumstances.
If running 4.10.0, apply the patch for 4.10.1. If running a version earlier than 4.10.0, upgrade to the full 4.10.1 release. See below for mitigation for older supported releases.
It is best to upgrade to 4.10.1, however, if you are running a supported version of Blesta (version 4.6, 4.7, 4.8, or 4.9) you may overwrite the following files from the 4.10.1 patch:
This item was reported by Abdellah nadi in accordance with our Responsible Disclosure Policy.