Leaderboard

We already have a policy for security related issues. See http://docs.blesta.com/display/support/Responsible+Disclosure+Policy Emailing our security department automatically opens a ticket, and we review all reports right away. We do not currently have a bounty program though. We give credit but not monetary rewards for reporting security issues. We may offer bounties in the future but we have found that most people do not download and install Blesta and test it themselves.. they run automated penetration tests on our live systems and cause headaches for our infrastructure.

We keep track of, respond to, and close bug threads once their complete on a per-thread basis. This helps to keep things on topic, and easy for everyone to follow. If you post 10 bugs in a thread, the topic gets out of hand and it's difficult for anyone to determine which, if any, have been fixed. Likewise, each module, plugin, gateway, and Blesta itself have different versions, and we can't assume all versions experience the same issues. This is part of the reason why it's pertinent to have as much information as possible as described in How to Report a Bug. While you've mentioned that the bug applies to 'all modules', I've given an example of a case where it does not (at least, not for me). And as much as we would like to fix any and all bugs that are reported, we can't look into each bug without enough information to duplicate it. Since you experience the bug, you are in the best position to convey how, what, when, and where the bug occurs.

If what you posted is true then this is ridiculous!

I'm lazy, I only post here if I know it will help others, but I don't technically look for bugs.

Yeah, I wouldn't put the word bounty in it, many people assume there is a monetary award. In theory the plugin sounds like a good idea, but don't forget that they first have to install it. Most people won't go through the effort.

We need more information as described in How to Report a Bug. e.g., version of Blesta, version of the module, steps to duplicate, etc. I don't experience this issue in v3.1.2 of Blesta for cPanel v1.1.0. There may be issues with some modules, like cPanel, not saving field changes on edit when Use Module is not checked, but this would be module-specific. If you're experiencing this with multiple modules, please create a new bug report for each one.

I personally think this would be pointless, just because I don't see why you need it, if it was for Plugin / modules / gateway developers to submit a easy list of their bug change report, that might be interesting.

CORE-1109 - This should be shipping with Blesta 3.2.

Blesta bumps the renew date when the invoice is created, and this is for a very good reason. Suppose you had a service that renewed every day, but you invoice 3 days in advance. On March 25 you invoice for March 28, On March 26 for March 29, etc. If the renew date didn't advance until the invoice is paid then the March 26 invoice couldn't be generated until after the March 25 invoice is paid. Moreover, if the user failed to pay within 24 hours then all future billing would be X days off (where X is the number of days the user took to pay the last invoice). I think you might be thinking about "renew date" in the wrong way. Renew date is when a service's NEXT invoice should be due. It is not when a service's current invoice should be due.

The post that I have posted on WebHostingTalk is on the #3 replay above as an image http://www.blesta.com/forums/uploads/monthly_03_2014/post-9426-0-86538000-1395426767.png Also you can see it on Google WebCache here: http://webcache.googleusercontent.com/search?q=cache:OYdfw2vqagIJ:www.webhostingtalk.com/showthread.php%3Ft%3D1347143%26perpage%3D2+&cd=1&hl=pt-PT&ct=clnk&gl=pt I will try to escalate the ticket to Dennis Johnson , but after what I have posted here, and Im sure the Bear as read it, I dont think I will never be able to have my member qlpqlp back A response to this forum from Bear would be great, to him defend imself and also to close this, because no one will win anything and only Bear can step foward. Fell free to do what you (all Blesta staff and owners) whant with Blesta Live Chat you have our permission Regards, PV

CORE-1074 fixed for 3.1.3.

They think you're a shill? Our only association is that you're a customer, and we did not and never will ask you or anyone to post on WHT on our behalf. If our customers aren't allowed to post on WHT on their own accord, then we're being unfairly targeted. I don't know what you originally posted, but I suggest asking for the ticket to be escalated and reviewed by SoftwareReview. Sounds like you omitted some information that you should have included, but I don't believe it's shilling because you had nothing to gain, and you posted it on your own. A mistake? Probably. A clear shilling violation? I don't think so. EDIT: I feel like promoting the chat plugin you wrote now.