Security Advisory
A security issue affecting Blesta versions 4.0.0 through 5.11.3 has been identified.
A path traversal vulnerability has been discovered, though the vulnerability does not allow the disclosure of Blesta configuration files. We recommend applying the appropriate patch for your release, or upgrading to version 5.11.4 as soon as possible. We give this an impact rating of High.
More information about how we rate vulnerabilities can be found on our Security Advisories page.
Always back up your files and database prior to upgrading and be sure to run /admin/upgrade in your browser after uploading either a patch or full release. Patch releases may only be applied to the minor release to which it belongs, so download the appropriate patch for your minor version. If you are running a version of Blesta between 4.0 and 5.11, upgrade to 5.11.4.
Downloads
Download 5.11.4 Patch Download 5.11.4 Full
% blesta-5.11.4.zip
6003fcf0caadc255b7b43e0a504b130e0a0f8751e22d270e9fd126299e018548
% blesta-5.11.0-5.11.4.zip
353996300dd83ceb91b887691aa1956b2be97dd5c481cd5acf290db51d5078f2
% blesta-5.10.0-5.10.4.zip
37c102ac7f539a039d2b39354f60c5e504c617e32037a228a15b84009a097018
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
Resolution
- If you are running version 5.11.x, apply the 5.11.4 patch above.
- If you are running version 5.10.x, apply the 5.10.4 patch above.
- If you are running version 4.0.x through 5.11.x, upgrade to 5.11.4 Full.
Mitigation
It is best to upgrade to 5.11.4 or apply the appropriate patch. However, if you are running an affected unsupported version of Blesta (version 4.0 through 5.9), and you need more time to upgrade, it is possible to mitigate. We are not publishing mitigation steps now due to nature of the vulnerability. For mitigation steps, open a ticket from within your account and provide your license key as well as the version of Blesta you are running along with the reason you are not able to upgrade.
Credits
This issue was reported by a customer in accordance with our Responsible Disclosure Policy.
Blesta 5.11.3 Patch Released
We are pleased to announce the released of Blesta 5.11.3, which addresses bugs discovered in the 5.11 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!
The release notes are available at https://docs.blesta.com/display/support/5.11.3.
Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.11.0, 5.11.1, or 5.11.2. If you are running an earlier version, you must download the full release.
Download 5.11.3 Patch Download 5.11.3 Full
SHA256 Sum
% blesta-5.11.3.zip
3dcd9e67e43ff9df563dc5a099f8436d5b03aa4d60bff1a3975c030f0bb8b498
% blesta-5.11.0-5.11.3.zip
4a275432739d9b92e1f1c066d089518e69f9a3cf212d4ac2c6d2f7944f708811
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
Related Tags:
Blesta 5.11.2 Patch Released
We are pleased to announce the released of Blesta 5.11.2, which addresses bugs discovered in the 5.11 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!
The release notes are available at https://docs.blesta.com/display/support/5.11.2.
Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.11.0, or 5.11.1. If you are running an earlier version, you must download the full release.
Download 5.11.2 Patch Download 5.11.2 Full
SHA256 Sum
% blesta-5.11.2.zip
968a4720f07c73e4d38ff5fd28afb9e493ec23161f85a06f013d0d4c6b40d647
% blesta-5.11.0-5.11.2.zip
1f2457a8d73c631ff1599d01154b65a82ca3244f360216c2de91cdbad8520fc1
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
Related Tags:
Blesta 5.11.1 Patch Released
We are pleased to announce the released of Blesta 5.11.1, which addresses bugs discovered in the 5.11 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!
The release notes are available at https://docs.blesta.com/display/support/5.11.1.
Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.11.0. If you are running an earlier version, you must download the full release.
Download 5.11.1 Patch Download 5.11.1 Full
SHA256 Sum
% blesta-5.11.1.zip
1939d748f852c47e30116784f19df29aa153b4946932a242d38e848fabcc8370
% blesta-5.11.0-5.11.1.zip
94a9b8212c7ae56028053133c61e4e8da1d8fca1fab172bade06601ae5ded363
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.
Related Tags:
Blesta 5.10.3 Patch Released
We are pleased to announce the released of Blesta 5.10.3, which addresses bugs discovered in the 5.10 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!
The release notes are available at https://docs.blesta.com/display/support/5.10.3.
Always run /admin/upgrade in your browser or via CLI after updating the files for your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply this patch if you are running 5.10.0, 5.10.1, or 5.10.2. If you are running an earlier version, you must download the full release.
Download 5.10.3 Patch Download 5.10.3 Full
SHA256 Sum
% blesta-5.10.3.zip
46b4f10cb27304bd2fc34cf2c3c3104f1e1a4317079f0e4f004ab2f370ec48c0
% blesta-5.10.0-5.10.3.zip
18248c5d15534e68c27d0c0be7c30979eda987f2cabc75cc03eea30f297e1ed9
To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.