This is an automated email from the ASF dual-hosted git repository. solomax pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push: new 493444d Release preparation: documentation is updated 493444d is described below commit 493444d44a8c2d7f70f4efab6fd2e3d327c21455 Author: Maxim Solodovnik <solomax...@gmail.com> AuthorDate: Sat Sep 19 11:45:46 2020 +0700 Release preparation: documentation is updated --- CHANGELOG.md | 33 ++++++++++ README.md | 43 ++++++++++-- openmeetings-server/src/site/xdoc/NewsArchive.xml | 70 ++++++++++++++++++++ openmeetings-server/src/site/xdoc/ReleaseGuide.xml | 58 ++++++++--------- openmeetings-server/src/site/xdoc/downloads.xml | 76 +++++----------------- openmeetings-server/src/site/xdoc/index.xml | 63 ++++-------------- openmeetings-server/src/site/xdoc/security.xml | 11 ++++ 7 files changed, 209 insertions(+), 145 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7e4676..b291f99 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,39 @@ See https://issues.apache.org/jira/browse/OPENMEETINGS-* (where * is the number See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-* (where * is the number of CVE below) +Release Notes - Openmeetings - Version 5.0.1 +================================================================================================================ + +* Vulnerability + * CVE-2020-13951 - Apache Openmeetings: DoS via public web service + +* Bug + * [OPENMEETINGS-2402] - Server Lost Connection + * [OPENMEETINGS-2421] - NPE can happen during calendar panel unload + * [OPENMEETINGS-2423] - Group files are being restored to wrong group + * [OPENMEETINGS-2424] - Issues with "wait for moderator" room + * [OPENMEETINGS-2425] - Translation to Arabic need to be improved + * [OPENMEETINGS-2426] - Multiple UI issues + * [OPENMEETINGS-2428] - User profile looks wrong in RTL language + * [OPENMEETINGS-2429] - (My rooms) label in the dashboard + * [OPENMEETINGS-2433] - Settings->SearchUsers show some users more than once + * [OPENMEETINGS-2438] - Buttons in "Activities and actions" not really visible + * [OPENMEETINGS-2442] - volume slider very "small" + +* Improvement + * [OPENMEETINGS-2297] - It should be possible to create room hash by externalId/type + * [OPENMEETINGS-2422] - It should be possible to share KMS server between multiple OM instances + * [OPENMEETINGS-2432] - Rate limit should be checked for network test web service + * [OPENMEETINGS-2434] - minor improvement DATA_DIR + * [OPENMEETINGS-2444] - Screen-sharing is disabled in some browsers + +* Task + * [OPENMEETINGS-2418] - (5.0.1) Label contributions from https://poeditor.com should be merged back + * [OPENMEETINGS-2419] - Library versions need to be updated (5.0.1) + * [OPENMEETINGS-2427] - Sonar issues need to be addressed (5.0.1) + * [OPENMEETINGS-2443] - Easing password for Arabic users + + Release Notes - Openmeetings - Version 5.0.0 ================================================================================================================ diff --git a/README.md b/README.md index de902a8..4fcfdc1 100644 --- a/README.md +++ b/README.md @@ -56,9 +56,30 @@ Release Notes see [CHANGELOG.md](/CHANGELOG.md) file for detailed log +5.0.1 +----- +[Release 5.0.1](https://www.apache.org/dyn/closer.lua/openmeetings/5.0.1), provides following improvements: + +This release provides WebRTC audio/video/screen-sharing in the Room + +Security: +* Rate limit is checked for network test web service +* Libraries are updated to latest versions +* Password complexity can be fine-tuned + +Backup/Restore: +* Group files/recordings might be restored to wrong group + +UI: +* Translations and support of RTL languages are improved +* Dashboard widgets and personal room are always displayed in current user language + +Some other fixes and improvements, 21 issues were addressed + + 5.0.0 ----- -[Release 5.0.0](https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0), provides following improvements: +[Release 5.0.0](https://archive.apache.org/dist/openmeetings/5.0.0), provides following improvements: This release provides WebRTC audio/video/screen-sharing in the Room @@ -88,9 +109,21 @@ Audio/Video: Some other fixes and improvements, 74 issues were addressed +4.0.11 +----- +[Release 4.0.11](https://archive.apache.org/dist/openmeetings/4.0.11), provides following improvements: + +Security: +* 3rd-party libraries are updated to latest versions +* Email sending via SSL is added +* User email addresses are hidden + +Other fixes and improvements, 11 issues were addressed + + 5.0.0-M4 ----- -[Release 5.0.0-M4](https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0-M4), provides following improvements: +[Release 5.0.0-M4](https://archive.apache.org/dist/openmeetings/5.0.0-M4), provides following improvements: This release provides WebRTC audio/video/screen-sharing in the Room @@ -127,7 +160,7 @@ Some other fixes and improvements, 56 issues were addressed 5.0.0-M3 ----- -[Release 5.0.0-M3](https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0-M3), provides following improvements: +[Release 5.0.0-M3](https://archive.apache.org/dist/openmeetings/5.0.0-M3), provides following improvements: This release provides WebRTC audio/video/screen-sharing in the Room @@ -158,7 +191,7 @@ Some other fixes and improvements, 36 issues were addressed 5.0.0-M2 ----- -[Release 5.0.0-M2](https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0-M2), provides following improvements: +[Release 5.0.0-M2](https://archive.apache.org/dist/openmeetings/5.0.0-M2), provides following improvements: This release provides WebRTC audio/video/screen-sharing in the Room @@ -186,7 +219,7 @@ Some other fixes and improvements, 18 issues were addressed 4.0.9 ----- -[Release 4.0.9](https://www.apache.org/dyn/closer.lua/openmeetings/4.0.9), provides following improvements: +[Release 4.0.9](https://archive.apache.org/dist/openmeetings/4.0.9), provides following improvements: Backup/Restore: * Recordings of deleted users were restored as public diff --git a/openmeetings-server/src/site/xdoc/NewsArchive.xml b/openmeetings-server/src/site/xdoc/NewsArchive.xml index 98ac552..5cd26cc 100644 --- a/openmeetings-server/src/site/xdoc/NewsArchive.xml +++ b/openmeetings-server/src/site/xdoc/NewsArchive.xml @@ -20,6 +20,76 @@ </properties> <body> + <section name="Release 5.0.0"> + <div class="bd-callout bd-callout-info"> + <h4>Version 5.0.0 released!</h4> + <div>Release 5.0.0, provides following improvements:<br/> + This release provides WebRTC audio/video/screen-sharing in the Room + <div class="bd-callout bd-callout-info">Flash plugin is no longer required in the browser<br/> + <br/> + IMPORTANT: Java 11 is required + </div> + Security: + <ul> + <li>Libraries are updated to latest versions</li> + <li>More strict CSP is implemented</li> + <li>User accounts are hidden for regular users</li> + <li>User email addresses are hidden</li> + </ul> + UI: + <ul> + <li>Support for touch events is added (mobiles, tablets)</li> + <li>Better support for new MS Edge browser</li> + <li>Direct link for entering the room with room name (not ID)</li> + <li>Front camera is used by default</li> + <li>User avatar is editable at Admin->Users</li> + </ul> + Audio/Video: + <ul> + <li>Stability is improved</li> + <li>Connection to KMS is auto-recovering</li> + <li>Camera resolution changes take effect immediately</li> + <li>Multiple client-side JS errors are fixed</li> + </ul> + <br/> + Other fixes and improvements + </div> + <br/> + + <span> + 74 issues are fixed please check <br/> + <a href="https://www.apache.org/dist/openmeetings/5.0.0/CHANGELOG.md">CHANGELOG</a> and + <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12348040">Detailed list</a> + </span> + <span> See <a href="https://archive.apache.org/dist/openmeetings/5.0.0">Archived download</a>.</span> + <span class="date">(2020-08-21)</span> + </div> + </section> + <section name="Release 4.0.11"> + <div class="bd-callout bd-callout-info"> + <h4>Version 4.0.11 released!</h4> + <div>Release 4.0.11, provides following improvements:<br/> + Security: + <ul> + <li>3rd-party libraries are updated to latest versions</li> + <li>Email sending via SSL is added</li> + <li>User email addresses are hidden</li> + </ul> + <br/> + Other fixes and improvements + <div class="bd-callout bd-callout-info">Please update to this release from any previous OpenMeetings release</div> + </div> + <br/> + + <span> + 11 issues are fixed please check <br/> + <a href="https://www.apache.org/dist/openmeetings/4.0.11/CHANGELOG.md">CHANGELOG</a> and + <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12346607">Detailed list</a> + </span> + <span> See <a href="https://archive.apache.org/dist/openmeetings/4.0.11">Archived download</a>.</span> + <span class="date">(2020-09-02)</span> + </div> + </section> <section name="Release 5.0.0-M4"> <div class="bd-callout bd-callout-info"> <h4>Version 5.0.0-M4 released!</h4> diff --git a/openmeetings-server/src/site/xdoc/ReleaseGuide.xml b/openmeetings-server/src/site/xdoc/ReleaseGuide.xml index 86a1eed..62b117e 100644 --- a/openmeetings-server/src/site/xdoc/ReleaseGuide.xml +++ b/openmeetings-server/src/site/xdoc/ReleaseGuide.xml @@ -105,7 +105,7 @@ </li> <li> Ensure All contributed translations are imported to our codebase<br/> - (More info and examples <a href="https://github.com/solomax/om-poeditor">is here</a>)) + (More info and examples <a href="https://github.com/solomax/om-poeditor">are here</a>)) </li> <li> Update following files in OM documentation:<br/> @@ -113,32 +113,32 @@ <tt>openmeetings-server/src/site/xdoc/NewsArchive.xml</tt><br/> <tt>openmeetings-server/src/site/xdoc/downloads.xml</tt><br/> <div class="bd-callout bd-callout-danger"> - <div class="h4">Download links in NewsArchive.xml should be updated</div> + <div class="h4">Download links in NewsArchive.xml and README.md should be updated</div> </div> </li> <li>Switch to the necessary branch: - <source>git checkout 4.0.x</source> + <source>git checkout master</source> </li> <li>Create temporary local branch - <source>git checkout -b release-4.0.0-RC1</source> + <source>git checkout -b release-5.0.1</source> </li> <li>Update versions of all modules - <source>mvn versions:set -DgenerateBackupPoms=false -DnewVersion=4.0.0</source> + <source>mvn versions:set -DgenerateBackupPoms=false -DnewVersion=5.0.1</source> </li> <li>Update final SCM URL located at <tt>pom.xml</tt> and <tt>openmeetings-server/pom.xml</tt> <source><![CDATA[ <scm> <url>https://github.com/apache/openmeetings.git</url> - SET https://github.com/apache/openmeetings/tree/4.0.0 + SET https://github.com/apache/openmeetings/tree/5.0.1 ]]></source> </li> <li> Create a TAG and commit it to the Git<br/> <source> -git commit -a -m "4.0.0 Release Candidate 1" -git tag -s 4.0.0-RC1 -m "4.0.0 Release Candidate 1 tag" -git push origin 4.0.0-RC1 +git commit -a -m "5.0.1 Release Candidate 1" +git tag -s 5.0.1-RC1 -m "5.0.1 Release Candidate 1 tag" +git push origin 5.0.1-RC1 </source> </li> <li> @@ -157,26 +157,26 @@ git push origin 4.0.0-RC1 <p> Commit artifacts you have created with KEYS file to the <tt>https://dist.apache.org/repos/dist/dev/openmeetings/</tt> - Proposed file structure for "Release Candidate 1" of 4.0.0 will be: + Proposed file structure for "Release Candidate 1" of 5.0.1 will be: </p> <source> -4.0.0 -4.0.0/rc1 -4.0.0/rc1/src -4.0.0/rc1/src/apache-openmeetings-4.0.0-src.zip -4.0.0/rc1/src/apache-openmeetings-4.0.0-src.tar.gz -4.0.0/rc1/src/apache-openmeetings-4.0.0-src.zip.sha -4.0.0/rc1/src/apache-openmeetings-4.0.0-src.zip.asc -4.0.0/rc1/src/apache-openmeetings-4.0.0-src.tar.gz.sha -4.0.0/rc1/src/apache-openmeetings-4.0.0-src.tar.gz.asc -4.0.0/rc1/bin -4.0.0/rc1/bin/apache-openmeetings-4.0.0.zip -4.0.0/rc1/bin/apache-openmeetings-4.0.0.tar.gz -4.0.0/rc1/bin/apache-openmeetings-4.0.0.zip.sha -4.0.0/rc1/bin/apache-openmeetings-4.0.0.zip.asc -4.0.0/rc1/bin/apache-openmeetings-4.0.0.tar.gz.sha -4.0.0/rc1/bin/apache-openmeetings-4.0.0.tar.gz.asc -4.0.0/rc1/CHANGELOG +5.0.1 +5.0.1/rc1 +5.0.1/rc1/src +5.0.1/rc1/src/apache-openmeetings-5.0.1-src.zip +5.0.1/rc1/src/apache-openmeetings-5.0.1-src.tar.gz +5.0.1/rc1/src/apache-openmeetings-5.0.1-src.zip.sha +5.0.1/rc1/src/apache-openmeetings-5.0.1-src.zip.asc +5.0.1/rc1/src/apache-openmeetings-5.0.1-src.tar.gz.sha +5.0.1/rc1/src/apache-openmeetings-5.0.1-src.tar.gz.asc +5.0.1/rc1/bin +5.0.1/rc1/bin/apache-openmeetings-5.0.1.zip +5.0.1/rc1/bin/apache-openmeetings-5.0.1.tar.gz +5.0.1/rc1/bin/apache-openmeetings-5.0.1.zip.sha +5.0.1/rc1/bin/apache-openmeetings-5.0.1.zip.asc +5.0.1/rc1/bin/apache-openmeetings-5.0.1.tar.gz.sha +5.0.1/rc1/bin/apache-openmeetings-5.0.1.tar.gz.asc +5.0.1/rc1/CHANGELOG </source> <p><b>NOTE</b> KEYS file is located at https://www.apache.org/dist/openmeetings/KEYS and should be just updated</p> </li> @@ -222,8 +222,8 @@ mvn clean install -Prc,release <li>Go to <a href="https://securesigning.pki.digicert.com/csportal">https://securesigning.pki.digicert.com/csportal</a></li> <li>Select "Signing Sets"</li> <li>Select "Add signing set"</li> - <li>Enter "Signing set name" (must include "Apache OpenMeetings" and version) for ex. "Apache OpenMeetings 4.0.0-RELEASE"</li> - <li>Enter "Version" for ex. "4.0.0-RELEASE"</li> + <li>Enter "Signing set name" (must include "Apache OpenMeetings" and version) for ex. "Apache OpenMeetings 5.0.1-RELEASE"</li> + <li>Enter "Version" for ex. "5.0.1-RELEASE"</li> <li>Select "Java Signing Sha256" as "Signing service"</li> <li>Select "Upload files" and add all <b>jar</b> files from <tt>target/jnlp</tt></li> <li>Select "Sign now"</li> diff --git a/openmeetings-server/src/site/xdoc/downloads.xml b/openmeetings-server/src/site/xdoc/downloads.xml index 1006a8a..e04e9fc 100644 --- a/openmeetings-server/src/site/xdoc/downloads.xml +++ b/openmeetings-server/src/site/xdoc/downloads.xml @@ -32,21 +32,21 @@ </p> <subsection name="Latest Official WebRTC Release"> <p> - Apache OpenMeetings 5.0.0 + Apache OpenMeetings 5.0.1 </p> <ul> <li> Binaries: <ul> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0/bin/apache-openmeetings-5.0.0.zip">apache-openmeetings-5.0.0.zip</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/bin/apache-openmeetings-5.0.0.zip.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/bin/apache-openmeetings-5.0.0.zip.sha512">[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.1/bin/apache-openmeetings-5.0.1.zip">apache-openmeetings-5.0.1.zip</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/bin/apache-openmeetings-5.0.1.zip.asc">[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/bin/apache-openmeetings-5.0.1.zip.sha512">[SHA512]</a> </li> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0/bin/apache-openmeetings-5.0.0.tar.gz">apache-openmeetings-5.0.0.tar.gz</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/bin/apache-openmeetings-5.0.0.tar.gz.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/bin/apache-openmeetings-5.0.0.tar.gz.sha512">[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.1/bin/apache-openmeetings-5.0.1.tar.gz">apache-openmeetings-5.0.1.tar.gz</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/bin/apache-openmeetings-5.0.1.tar.gz.asc">[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/bin/apache-openmeetings-5.0.1.tar.gz.sha512">[SHA512]</a> </li> </ul> </li> @@ -54,68 +54,22 @@ Sources: <ul> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0/src/apache-openmeetings-5.0.0-src.zip">apache-openmeetings-5.0.0-src.zip</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/src/apache-openmeetings-5.0.0-src.zip.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/src/apache-openmeetings-5.0.0-src.zip.sha512">[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.1/src/apache-openmeetings-5.0.1-src.zip">apache-openmeetings-5.0.1-src.zip</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/src/apache-openmeetings-5.0.1-src.zip.asc">[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/src/apache-openmeetings-5.0.1-src.zip.sha512">[SHA512]</a> </li> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.0/src/apache-openmeetings-5.0.0-src.tar.gz">apache-openmeetings-5.0.0-src.tar.gz</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/src/apache-openmeetings-5.0.0-src.tar.gz.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/5.0.0/src/apache-openmeetings-5.0.0-src.tar.gz.sha512">[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/5.0.1/src/apache-openmeetings-5.0.1-src.tar.gz">apache-openmeetings-5.0.1-src.tar.gz</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/src/apache-openmeetings-5.0.1-src.tar.gz.asc">[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/5.0.1/src/apache-openmeetings-5.0.1-src.tar.gz.sha512">[SHA512]</a> </li> </ul> </li> <li> - Changes: <a href="https://downloads.apache.org/openmeetings/5.0.0/CHANGELOG.md">CHANGELOG.md</a>. + Changes: <a href="https://downloads.apache.org/openmeetings/5.0.1/CHANGELOG.md">CHANGELOG.md</a>. </li> <li> - Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/5.0.0">https://github.com/openmeetings/openmeetings-docker/tree/5.0.0</a> - </li> - <li> - <a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu">Live OM iso images by Alvaro</a> - </li> - </ul> - </subsection> - <subsection name="Latest Official Release"> - <p> - Apache OpenMeetings 4.0.11 - </p> - <ul> - <li> - Binaries: - <ul> - <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.11/bin/apache-openmeetings-4.0.11.zip">apache-openmeetings-4.0.11.zip</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/bin/apache-openmeetings-4.0.11.zip.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/bin/apache-openmeetings-4.0.11.zip.sha512">[SHA512]</a> - </li> - <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.11/bin/apache-openmeetings-4.0.11.tar.gz">apache-openmeetings-4.0.11.tar.gz</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/bin/apache-openmeetings-4.0.11.tar.gz.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/bin/apache-openmeetings-4.0.11.tar.gz.sha512">[SHA512]</a> - </li> - </ul> - </li> - <li> - Sources: - <ul> - <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.11/src/apache-openmeetings-4.0.11-src.zip">apache-openmeetings-4.0.11-src.zip</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/src/apache-openmeetings-4.0.11-src.zip.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/src/apache-openmeetings-4.0.11-src.zip.sha512">[SHA512]</a> - </li> - <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.11/src/apache-openmeetings-4.0.11-src.tar.gz">apache-openmeetings-4.0.11-src.tar.gz</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/src/apache-openmeetings-4.0.11-src.tar.gz.asc">[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/4.0.11/src/apache-openmeetings-4.0.11-src.tar.gz.sha512">[SHA512]</a> - </li> - </ul> - </li> - <li> - Changes: <a href="https://downloads.apache.org/openmeetings/4.0.11/CHANGELOG.md">CHANGELOG.md</a>. - </li> - <li> - Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/4.0.11">https://github.com/openmeetings/openmeetings-docker/tree/4.0.11</a> + Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/5.0.1">https://github.com/openmeetings/openmeetings-docker/tree/5.0.1</a> </li> <li> <a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu">Live OM iso images by Alvaro</a> diff --git a/openmeetings-server/src/site/xdoc/index.xml b/openmeetings-server/src/site/xdoc/index.xml index cda2d6d..ba342fe 100644 --- a/openmeetings-server/src/site/xdoc/index.xml +++ b/openmeetings-server/src/site/xdoc/index.xml @@ -69,73 +69,36 @@ </section> <section name="News"> <div class="bd-callout bd-callout-danger"> - <h4>Version 5.0.0 released!</h4> - <div>Release 5.0.0, provides following improvements:<br/> + <h4>Version 5.0.1 released!</h4> + <div>Release 5.0.1, provides following improvements:<br/> This release provides WebRTC audio/video/screen-sharing in the Room - <div class="bd-callout bd-callout-info">Flash plugin is no longer required in the browser<br/> - <br/> - IMPORTANT: Java 11 is required - </div> Security: <ul> + <li>Rate limit is checked for network test web service</li> <li>Libraries are updated to latest versions</li> - <li>More strict CSP is implemented</li> - <li>User accounts are hidden for regular users</li> - <li>User email addresses are hidden</li> + <li>Password complexity can be fine-tuned</li> </ul> - UI: + Backup/Restore: <ul> - <li>Support for touch events is added (mobiles, tablets)</li> - <li>Better support for new MS Edge browser</li> - <li>Direct link for entering the room with room name (not ID)</li> - <li>Front camera is used by default</li> - <li>User avatar is editable at Admin->Users</li> + <li>Group files/recordings might be restored to wrong group</li> </ul> - Audio/Video: - <ul> - <li>Stability is improved</li> - <li>Connection to KMS is auto-recovering</li> - <li>Camera resolution changes take effect immediately</li> - <li>Multiple client-side JS errors are fixed</li> - </ul> - <br/> - Other fixes and improvements - </div> - <br/> - - <span> - 74 issues are fixed please check <br/> - <a href="https://www.apache.org/dist/openmeetings/5.0.0/CHANGELOG.md">CHANGELOG</a> and - <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12348040">Detailed list</a> - </span> - <span> See <a href="downloads.html">Downloads page</a>.</span> - <span class="date">(2020-08-21)</span> - </div> - <div class="bd-callout bd-callout-danger"> - <h4>Version 4.0.11 released!</h4> - <div>Release 4.0.11, provides following improvements:<br/> - Security: + UI: <ul> - <li>3rd-party libraries are updated to latest versions</li> - <li>Email sending via SSL is added</li> - <li>User email addresses are hidden</li> + <li>Translations and support of RTL languages are improved</li> + <li>Dashboard widgets and personal room are always displayed in current user language</li> </ul> <br/> Other fixes and improvements - <div class="bd-callout bd-callout-info">Please update to this release from any previous OpenMeetings release</div> </div> <br/> <span> - 11 issues are fixed please check <br/> - <a href="https://www.apache.org/dist/openmeetings/4.0.11/CHANGELOG.md">CHANGELOG</a> and - <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12346607">Detailed list</a> + 21 issues are fixed please check <br/> + <a href="https://www.apache.org/dist/openmeetings/5.0.1/CHANGELOG.md">CHANGELOG</a> and + <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12348725">Detailed list</a> </span> <span> See <a href="downloads.html">Downloads page</a>.</span> - <span class="date">(2020-09-02)</span> - </div> - <div class="bd-callout bd-callout-info"> - <span class="date"><a href="NewsArchive.html">You can find older news here</a></span> + <span class="date">(2020-09-23)</span> </div> <div class="bd-callout bd-callout-info"> <span class="date"><a href="NewsArchive.html">You can find older news here</a></span> diff --git a/openmeetings-server/src/site/xdoc/security.xml b/openmeetings-server/src/site/xdoc/security.xml index 7abdc27..2fc406f 100644 --- a/openmeetings-server/src/site/xdoc/security.xml +++ b/openmeetings-server/src/site/xdoc/security.xml @@ -45,6 +45,17 @@ Please NOTE: only security issues should be reported to this list. </p> </section> + <section name="CVE-2020-13951 - Apache Openmeetings: DoS via public web service"> + <p>Severity: High</p> + <p>Vendor: The Apache Software Foundation</p> + <p>Versions Affected: 4.0.0 - 5.0.0</p> + <p>Description: NetTest web service can be used to perform Denial of Service attack<br/> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13951">CVE-2020-13951</a> + </p> + <p>The issue was fixed in 5.0.1<br/> + All users are recommended to upgrade to Apache OpenMeetings 5.0.1</p> + <p>Credit: This issue was identified by Trung Le, Chi Tran, Ngo Van Thien</p> + </section> <section name="CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor"> <p>Severity: High</p> <p>Vendor: wicket-jquery-ui</p>