Difference between revisions of "Freeside:2.3.5:Changelog"
From Freeside
(Created page with "=Notes= This is the changelog for the 2.3.5 release. For a more detailed, raw log of changes, see [http://freeside.biz/gitweb/?p=freeside.git;a=shortlog;h=refs/heads/FREESIDE_2…") |
(No difference)
|
Revision as of 23:12, 11 November 2012
Contents
Notes
This is the changelog for the 2.3.5 release.
For a more detailed, raw log of changes, see the git log
XSS (Cross-site scripting) issues
- Company name and address in the backoffice -- possibly high impact if running self-service and allowing address changes, end-customers might be able to XSS the browser of an employee
- Package definitions, billing events and phone devices in backoffice -- low impact, admins who can edit those things can already do many things worse than XSS employees)
- View usage and change package in self-service -- low impact. end-customers XSSing themselves is not really a problem)
Billing events
- New conditions: "Package Reason Type" / "Package Not Reason Type"
- New actions: "Unsuspend all of this customer's suspended packages" / "Unsuspend this package"
Ticketing
- Integrated ticketing updated to RT version 3.8.15
RADIUS
- Overage billing with per-day caps
VoIP
- Add Windstream CDR format
Misc
- The SQL injection reported in the Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities advistory was investigated and determined to be incorrect. Freeside is not vulnerable to an SQL injection via self-service.
