Difference between revisions of "Freeside:2.3.5:Changelog"

From Freeside
Jump to: navigation, search
(Created page with "=Notes= This is the changelog for the 2.3.5 release. For a more detailed, raw log of changes, see [http://freeside.biz/gitweb/?p=freeside.git;a=shortlog;h=refs/heads/FREESIDE_2…")
 
(VoIP)
Line 26: Line 26:
 
= VoIP =
 
= VoIP =
  
* Add Windstream CDR format
+
* New Windstream CDR format
  
 
= Misc =
 
= Misc =
  
 
* The SQL injection reported in the [http://www.securityfocus.com/archive/1/523430/30/0/threaded Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities] advistory was investigated and determined to be incorrect.  Freeside is not vulnerable to an SQL injection via self-service.
 
* The SQL injection reported in the [http://www.securityfocus.com/archive/1/523430/30/0/threaded Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities] advistory was investigated and determined to be incorrect.  Freeside is not vulnerable to an SQL injection via self-service.

Revision as of 23:14, 11 November 2012

Notes

This is the changelog for the 2.3.5 release.

For a more detailed, raw log of changes, see the git log

XSS (Cross-site scripting) issues

  • Company name and address in the backoffice -- possibly high impact if running self-service and allowing address changes, end-customers might be able to XSS the browser of an employee
  • Package definitions, billing events and phone devices in backoffice -- low impact, admins who can edit those things can already do many things worse than XSS employees)
  • View usage and change package in self-service -- low impact. end-customers XSSing themselves is not really a problem)

Billing events

  • New conditions: "Package Reason Type" / "Package Not Reason Type"
  • New actions: "Unsuspend all of this customer's suspended packages" / "Unsuspend this package"

Ticketing

  • Integrated ticketing updated to RT version 3.8.15

RADIUS

  • Overage billing with per-day caps

VoIP

  • New Windstream CDR format

Misc