Blog

Blesta 4.12.1 Patch Released

October 14, 2020 | Posted by Paul


We are pleased to announce the released of Blesta 4.12.1, which addresses bugs discovered in the 4.12.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.12.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.12.0. If you are running an earlier version, you must download the full release.

Download 4.12.1 Patch Download 4.12.1 Full

SHA256 Sum

% blesta-4.12.1.zip
f73cbe3bbef97793b44a6626f6a5ec84b136c023dda50201104b249e0c0e8ae2

% blesta-4.12.0-4.12.1.zip
806c2721f7a52fa7fc1714b3e93811173f9d422f9ab4f2d82fc78708ab03a729

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.11.2 Patch Released

August 25, 2020 | Posted by Paul


We are pleased to announce the released of Blesta 4.11.2, which addresses bugs discovered in the 4.11.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.11.2.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.11.0 or 4.11.1. If you are running an earlier version, you must download the full release.

Download 4.11.2 Patch Download 4.11.2 Full

SHA256 Sum

% blesta-4.11.2.zip
998d4e15b74d6d6d2d16452c4b2c40b946f82ed48ec0314bd215a725483870e0

% blesta-4.11.0-4.11.2.zip
211539b5d3c509cd657ec49395e7de120b22c5500be6fb8196b6af8308924f65

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.11.1 Patch Released

August 11, 2020 | Posted by Paul


We are pleased to announce the released of Blesta 4.11.1, which addresses bugs discovered in the 4.11.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.11.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.11.0. If you are running an earlier version, you must download the full release.

Download 4.11.1 Patch Download 4.11.1 Full

SHA256 Sum

% blesta-4.11.1.zip
0b0bbcaf16dfc2a903c264a81ff738a1411056be873c94fddcfbae4ad77ab6f5

% blesta-4.11.0-4.11.1.zip
179b778ea596f71caff95130b326ef4e2d6f9c31a77865ff7addc60b6d62727f

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Blesta 4.10.2 Patch Released

June 30, 2020 | Posted by Paul


We are pleased to announce the released of Blesta 4.10.2, which addresses bugs discovered in the 4.10.0 branch. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.10.2.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0, or 4.10.1. If you are running an earlier version, you must download the full release.

Download 4.10.2 Patch Download 4.10.2 Full

SHA256 Sum

% blesta-4.10.2.zip
fbe1ec9e7467331e96ccab8a50254437d120469ff8b7a0938deb5f93ce2f402d

% blesta-4.10.0-4.10.2.zip
103dc130237a4d47f669db4cafdcadc6a0f39c7db7db6deb34242efa17f483ac

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Security Advisory - Blesta 4.10.1 Patch Released

June 10, 2020 | Posted by Paul


Blesta 4.10.1 has been released, which addresses two bugs discovered in the 4.10.0 branch, including one security issue affecting the Order Manager with an impact rating of Moderate. More information about how we rate vulnerabilities can be found on our Security Advisories page. A big thanks to everyone who participated in helping to make Blesta better by reporting and confirming bugs on our forums and discord chat, we appreciate your help!

The release notes are available at https://docs.blesta.com/display/support/4.10.1.

Always run /admin/upgrade in your browser after patching or upgrading your installation. Patch releases may only be applied to the minor release to which it belongs. Only apply the patch if you are running 4.10.0. If you are running an earlier version, you must download the full release.

Download 4.10.1 Patch Download 4.10.1 Full

SHA256 Sum

% blesta-4.10.1.zip
9065d52c3d916efe73474687d116fc2ec7673160e8f288fa6b53568a6e0267fa

% blesta-4.10.0-4.10.1.zip
b64ccf68814951441c4d716d1648687376bee29d0650774f1f14d3bb22c258db

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Affected Versions

All versions of the Order Manager plugin are affected.

Description

This update addresses one security concern:

  1. An XSS flaw that affects the order system under certain circumstances.

Resolution

If running 4.10.0, apply the patch for 4.10.1. If running a version earlier than 4.10.0, upgrade to the full 4.10.1 release. See below for mitigation for older supported releases.

Mitigation

It is best to upgrade to 4.10.1, however, if you are running a supported version of Blesta (version 4.6, 4.7, 4.8, or 4.9) you may overwrite the following files from the 4.10.1 patch:

  • /blesta/plugins/order/views/templates/ajax/config.pdt
  • /blesta/plugins/order/views/templates/standard/config.pdt
  • /blesta/plugins/order/views/templates/wizard/config.pdt

Credits

This item was reported by Abdellah nadi in accordance with our Responsible Disclosure Policy.