Paul

CORE-1109 - This should be shipping with Blesta 3.2.

We already have a policy for security related issues. See http://docs.blesta.com/display/support/Responsible+Disclosure+Policy Emailing our security department automatically opens a ticket, and we review all reports right away. We do not currently have a bounty program though. We give credit but not monetary rewards for reporting security issues. We may offer bounties in the future but we have found that most people do not download and install Blesta and test it themselves.. they run automated penetration tests on our live systems and cause headaches for our infrastructure.

Haha, nice mock up. This would likely be its own plugin should we build it. Since nothing is ever as simple as it first seems, what features would be in this? Custom fields? Email to 1 or more addresses? (Enter addresses via the plugin, or select the staff members instead?)

No alpha, you will have access to the beta though. As usual, beta's are open to all customers.

Cody is working on finishing up the conversion of the order form to bootstrap. Then he is going to implement the new ajax order template that I created, which looks great btw. Then beta will start. The new order form has comparison boxes or a slider for package selection. I think most people will use the new one.

How would you like to see this work? A new icon on the portal page that takes you to a contact form?

Very nice, sounds like it's going to be out soon also.

Dennis is a great guy, had the pleasure of meeting him in person last year. Very down to earth, always a pleasure to read the WHT newsletters he sends out.

They think you're a shill? Our only association is that you're a customer, and we did not and never will ask you or anyone to post on WHT on our behalf. If our customers aren't allowed to post on WHT on their own accord, then we're being unfairly targeted. I don't know what you originally posted, but I suggest asking for the ticket to be escalated and reviewed by SoftwareReview. Sounds like you omitted some information that you should have included, but I don't believe it's shilling because you had nothing to gain, and you posted it on your own. A mistake? Probably. A clear shilling violation? I don't think so. EDIT: I feel like promoting the chat plugin you wrote now.

You can upgrade/downgrade services for a client from the Manage link for their service on their client profile page. As soon as proration is added, clients will be able to upgrade/downgrade from the client area. The upgrade/downgrade packages available are those packages that are in the same package group as the package they originally ordered.

The marketplace will be responsible for handling updates to extensions (modules, gateways, plugins) and the built in updater would update the core only. At least I think that's the plan. Whether extensions are updated automatically or not is a separate discussion, but we're starting with the core. Still, the good news about how the marketplace should work is that even if you upgrade an extension manually.. it should be as easy as clicking a button. Just for me, personally.. I'd prefer to manually update extensions by clicking the button in the marketplace. For the core, I'd want patches installed automatically and I'd like to click a button to upgrade a minor/major release.

If you haven't, I'd suggest opening a ticket in their helpdesk to contest it. If the banning moderator responds, ask for it to be escalated to SoftwareReview. A permanent ban for that post seems ridiculous, especially since you have nothing to gain monetarily. (It's a free plugin!!) Maybe you should have mentioned that you wrote the plugin for full disclosure, but a perma ban for that seems absurd.. unless there were other reasons involved in their decision. Here's my suggestion to everyone who participates on WHT: 1. Follow their rules. 2. If you feel you've been unjustly targeted or given an infraction because of a post, open a ticket in their helpdesk and contest it. (I have opened a ticket every time I received an infraction, and have had one reversed) 3. If you see other people self promoting or not following the rules, report those posts. (I have reported posts made by our competitors for self-promotion, and their posts have been removed) The moderators at WHT believe they are enforcing the rules fairly. In most cases, they probably are, but because of our competitions long history and position in the market they are favored. WHT even promoted a thread for one of our competitors beta release announcements. They have never given us the courtesy. Things are changing, but it takes time. We're going to do all we can do, and continue to make Blesta better. Don't be intimidated, if you have something to say, say it! Just make sure you follow the rules.

That's the important part of it.. the updates must be verified as being trusted. The default option would likely be not to update automatically, or to update with security patches only. We have discussed this internally at some length, but we have some other more critical features to implement first.

I've confirmed the quantity issue and created task CORE-1105 to address this. Bug reports should contain only one item per thread. However, to address your other question, the ability to add coupons to services after they have been created belongs to task CORE-1066 and you can track the issue there. Additionally, there is a price override option for services coming in a future release, per CORE-747 which may be of interest.

Is it public? Can you PM me the link? The options are sortable within option groups, not sure why they would appear randomly.. haven't had any other complaints about that as far as I know. The toggling of checkboxes I could see potentially happening if they have the same name as another field. That's where I would look. Happy to take a look at it if you want to send me a link though.

Awesome! Maybe we should do error checking on those pesky value fields..

It should show all three. Do you have a different value for each item in the drop down? Take a look at this screenshot, it's an example of a drop down for IP addresses which correctly shows 3 items in the drop down.

3.2 isn't out yet, but so far it has not been added. Do you guys think this plugin is useful enough in its current state to be included in our builds?

Nope Maybe in the future, but there are no plans to do that right now. It would take significantly longer than the client area.

By far most of the views are related to the admin area, which will remain the same. Only the client area has been updated to responsive bootstrap, and it's done. Yes, it was a fair amount of work but it was worth it.

Soon. It looks better than the screenshots.

Not sure what you mean exactly. Why do you want to change the customer ID, and how do client groups factor in?

The order system supports recaptcha and areyouhuman. Do you think both of these options should be available? It may make sense for us to move various human verification settings into the core, where plugins can take advantage of them. This way, you wouldn't have to provide account details in two places if you want recaptcha for both order and support.

You can edit the price on the package to make the change effective for everyone using the package. If you want to make the change affect only certain customers, I suggest creating a new restricted package with the new pricing. As long as it uses the same module, you'll be able to change the associated package for the customer to the new package by editing the service. If it's a restricted package though, you'll just need to make sure the customer has access to the package. You can grant access under their client profile page, Actions > Set Packages. Then, edit the service to change the package. This method won't add another line item on invoices to show the discount, but you could put that in the package name. The other method is the use of recurring coupons which would apply a recurring discount to the service. I believe this discount would appear as it's own line item on invoices. The issue here is that coupons cannot currently be edited/added after a service has already been created. There's a task for this though, CORE-1066, and it will be in a future release. The last method, which probably isn't ideal for this situation but is worth mentioning are price overrides, CORE-747. This one isn't available yet either but will be in a future release.

It sounds like you have tried setting up the SSH option via a Configurable Option, and also as an Addon. This should probably be a Configurable Option only, and not an Addon. If I understand right, the checkbox would toggle itself during checkout as a Configurable Option. This doesn't sound right, but it does make me wonder if the option is fully configured. Edit the Configurable Option under Package > Options > Options link. Within the Options section, there should be a Name and Value. Both of these must be configured, and a pricing term must be set, even if the price is 0.00. A price term must be set for your 1, 3, 6 month and 1 year terms in order for the option to be visible for each term. If you only want the SSH checkbox to appear for 1 year terms, you can just enter a 1 Year price for the option, for example. If that doesn't work, maybe you can post (or email me sales@) a screenshot of your configurable option settings for this item.