7.1.0 Release Candidate 1
diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbd0189..5e2e5c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,11 +3,42 @@
Licensed under Apache License 2.0 - http://www.apache.org/licenses/LICENSE-2.0
See https://issues.apache.org/jira/browse/OPENMEETINGS-* (where * is the number of the issue below)
-See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-* (where * is the number of CVE below)
+See https://www.cve.org/CVERecord?id=CVE-* (where * is the number of CVE below)
+
+
+Release Notes - Openmeetings - Version 7.1.0
+================================================================================================================
+
+* Vulnerability
+ * CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash
+ * CVE-2023-29032: Apache OpenMeetings: allows bypass authentication
+ * CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection
+
+* Bug
+ * [OPENMEETINGS-2760] - Room name overlap on menu in RTL
+ * [OPENMEETINGS-2763] - Turn server is not being set
+ * [OPENMEETINGS-2764] - Permissions are incorrectly being set
+ * [OPENMEETINGS-2765] - Paths should be verified in configuration
+ * [OPENMEETINGS-2767] - WebRTC connection is not established in FF
+ * [OPENMEETINGS-2768] - Save button is hidden
+ * [OPENMEETINGS-2769] - Ask permission confirmation pops out event when it shouldn't
+
+* Improvement
+ * [OPENMEETINGS-2761] - Missing German Translations for new OTP-dialogs
+ * [OPENMEETINGS-2762] - Invitation hash check should be more strict
+
+* Task
+ * [OPENMEETINGS-2757] - (7.1.0) Libraries should be updated
+ * [OPENMEETINGS-2758] - (7.1.0) Sonar issues need to be addressed
+ * [OPENMEETINGS-2759] - (7.1.0) All translations from PoEditor should be synced
+
Release Notes - Openmeetings - Version 7.0.0
================================================================================================================
+* Vulnerability
+ * CVE-2023-28326: Apache OpenMeetings: allows user impersonation
+
* Bug
* [OPENMEETINGS-2253] - Interruption of a video session when the microphone is turned on / off
* [OPENMEETINGS-2471] - Invitation email format
diff --git a/README.md b/README.md
index 8ee345d..9dfdead 100644
--- a/README.md
+++ b/README.md
@@ -56,9 +56,30 @@
see [CHANGELOG.md](/CHANGELOG.md) file for detailed log
+
+7.1.0
+-----
+[Release 7.1.0](https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0), provides following improvements:
+
+IMPORTANT: Java 17 and KMS 6.18.0+ are required
+
+Security:
+* Invitation hash check made strict
+* Set of user permissions is fixed
+* Paths entered in Admin->Config are being verified
+* All dependencies are updated with most recent versions
+
+Stability:
+* TURN server config is passed to the client
+
+***3 security vulnerabilities were addressed***
+
+Some other fixes and improvements, 12 issues were addressed
+
+
7.0.0
-----
-[Release 7.0.0](https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0), provides following improvements:
+[Release 7.0.0](https://archive.apache.org/dist/openmeetings/7.0.0), provides following improvements:
IMPORTANT: Java 17 is required
diff --git a/openmeetings-core/pom.xml b/openmeetings-core/pom.xml
index 2f7f727..491a9b1 100644
--- a/openmeetings-core/pom.xml
+++ b/openmeetings-core/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-core</artifactId>
diff --git a/openmeetings-db/pom.xml b/openmeetings-db/pom.xml
index c720b99..5599c8b 100644
--- a/openmeetings-db/pom.xml
+++ b/openmeetings-db/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-db</artifactId>
diff --git a/openmeetings-install/pom.xml b/openmeetings-install/pom.xml
index a513435..68d89d4 100644
--- a/openmeetings-install/pom.xml
+++ b/openmeetings-install/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-install</artifactId>
diff --git a/openmeetings-mediaserver/pom.xml b/openmeetings-mediaserver/pom.xml
index 07acb44..7913efb 100644
--- a/openmeetings-mediaserver/pom.xml
+++ b/openmeetings-mediaserver/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-mediaserver</artifactId>
diff --git a/openmeetings-screenshare/pom.xml b/openmeetings-screenshare/pom.xml
index 88b453f..343fa3e 100644
--- a/openmeetings-screenshare/pom.xml
+++ b/openmeetings-screenshare/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-screenshare</artifactId>
diff --git a/openmeetings-server/pom.xml b/openmeetings-server/pom.xml
index 4fb9172..966e7cc 100644
--- a/openmeetings-server/pom.xml
+++ b/openmeetings-server/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-server</artifactId>
@@ -46,7 +46,7 @@
<scm>
<connection>scm:git:https://github.com/apache/openmeetings.git</connection>
<developerConnection>scm:git:https://github.com/apache/openmeetings.git</developerConnection>
- <url>https://github.com/apache/openmeetings.git</url>
+ <url>https://github.com/apache/openmeetings/tree/7.1.0</url>
<tag>HEAD</tag>
</scm>
<profiles>
diff --git a/openmeetings-server/src/site/xdoc/NewsArchive.xml b/openmeetings-server/src/site/xdoc/NewsArchive.xml
index cec59e0..caf242b 100644
--- a/openmeetings-server/src/site/xdoc/NewsArchive.xml
+++ b/openmeetings-server/src/site/xdoc/NewsArchive.xml
@@ -20,6 +20,40 @@
</properties>
<body>
+ <section name="Release 7.0.0">
+ <div class="bd-callout bd-callout-info">
+ <div class="h4">Version 7.0.0 released!</div>
+ <div>Release 7.0.0, provides following improvements:<br/>
+ <div class="bd-callout bd-callout-info">
+ <br/>
+ IMPORTANT: Java 17 is required
+ </div>
+
+ UI and Security:
+ <ul>
+ <li>Microphone on/off doesn't interrupt the streaming</li>
+ <li>Stability fix at Safari</li>
+ <li>Full screen mode for WB</li>
+ <li>Redo tool for WB</li>
+ <li>2-factor authentication</li>
+ <li>Libraries are updated with most recent versions</li>
+ </ul>
+ <br/>
+ <div class="bd-callout bd-callout-danger">1 security vulnerability was addressed</div>
+ <br/>
+ Other fixes and improvements
+ </div>
+ <br/>
+
+ <span>
+ 28 issues are fixed please check <br/>
+ <a href="https://www.apache.org/dist/openmeetings/7.0.0/CHANGELOG.md">CHANGELOG</a> and
+ <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12350648">Detailed list</a>
+ </span>
+ <span> See <a href="https://archive.apache.org/dist/openmeetings/7.0.0">Archived download</a>.</span>
+ <span class="date">(2023-02-11)</span>
+ </div>
+ </section>
<section name="Release 6.3.0">
<div class="bd-callout bd-callout-info">
<div class="h4">Version 6.3.0 released!</div>
diff --git a/openmeetings-server/src/site/xdoc/downloads.xml b/openmeetings-server/src/site/xdoc/downloads.xml
index a0720cc..e591352 100644
--- a/openmeetings-server/src/site/xdoc/downloads.xml
+++ b/openmeetings-server/src/site/xdoc/downloads.xml
@@ -32,21 +32,21 @@
</p>
<subsection name="Latest Official WebRTC Release">
<p>
- Apache OpenMeetings 7.0.0
+ Apache OpenMeetings 7.1.0
</p>
<ul>
<li>
Binaries:
<ul>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.zip">apache-openmeetings-7.0.0.zip</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.zip.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.zip.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.zip">apache-openmeetings-7.1.0.zip</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.zip.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.zip.sha512">[SHA512]</a>
</li>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.tar.gz">apache-openmeetings-7.0.0.tar.gz</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.tar.gz.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.tar.gz.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.tar.gz">apache-openmeetings-7.1.0.tar.gz</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.tar.gz.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.tar.gz.sha512">[SHA512]</a>
</li>
</ul>
</li>
@@ -54,22 +54,22 @@
Sources:
<ul>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.zip">apache-openmeetings-7.0.0-src.zip</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.zip.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.zip.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.zip">apache-openmeetings-7.1.0-src.zip</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.zip.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.zip.sha512">[SHA512]</a>
</li>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.tar.gz">apache-openmeetings-7.0.0-src.tar.gz</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.tar.gz.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.tar.gz.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.tar.gz">apache-openmeetings-7.1.0-src.tar.gz</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.tar.gz.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.tar.gz.sha512">[SHA512]</a>
</li>
</ul>
</li>
<li>
- Changes: <a href="https://downloads.apache.org/openmeetings/7.0.0/CHANGELOG.md">CHANGELOG.md</a>.
+ Changes: <a href="https://downloads.apache.org/openmeetings/7.1.0/CHANGELOG.md">CHANGELOG.md</a>.
</li>
<li>
- Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/7.0.0">https://github.com/openmeetings/openmeetings-docker/tree/7.0.0</a>
+ Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/7.1.0">https://github.com/openmeetings/openmeetings-docker/tree/7.1.0</a>
</li>
<li>
<a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu">Live OM iso images by Alvaro</a>
diff --git a/openmeetings-server/src/site/xdoc/index.xml b/openmeetings-server/src/site/xdoc/index.xml
index 2cbfeca..8280bb6 100644
--- a/openmeetings-server/src/site/xdoc/index.xml
+++ b/openmeetings-server/src/site/xdoc/index.xml
@@ -69,34 +69,39 @@
</section>
<section name="News">
<div class="bd-callout bd-callout-danger">
- <div class="h4">Version 7.0.0 released!</div>
- <div>Release 7.0.0, provides following improvements:<br/>
+ <div class="h4">Version 7.1.0 released!</div>
+ <div>Release 7.1.0, provides following improvements:<br/>
<div class="bd-callout bd-callout-info">
<br/>
- IMPORTANT: Java 17 is required
+ IMPORTANT: Java 17 and KMS 6.18.0+ are required
</div>
- UI and Security:
+ Security:
<ul>
- <li>Microphone on/off doesn't interrupt the streaming</li>
- <li>Stability fix at Safari</li>
- <li>Full screen mode for WB</li>
- <li>Redo tool for WB</li>
- <li>2-factor authentication</li>
- <li>Libraries are updated with most recent versions</li>
+ <li>Invitation hash check made strict</li>
+ <li>Set of user permissions is fixed</li>
+ <li>Paths entered in Admin->Config are being verified</li>
+ <li>All dependencies are updated with most recent versions</li>
</ul>
+
+ Stability:
+ <ul>
+ <li>TURN server config is passed to the client</li>
+ </ul>
+ <br/>
+ <div class="bd-callout bd-callout-danger">3 security vulnerabilities were addressed</div>
<br/>
Other fixes and improvements
</div>
<br/>
<span>
- 28 issues are fixed please check <br/>
- <a href="https://www.apache.org/dist/openmeetings/7.0.0/CHANGELOG.md">CHANGELOG</a> and
- <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12350648">Detailed list</a>
+ 12 issues are fixed please check <br/>
+ <a href="https://www.apache.org/dist/openmeetings/7.1.0/CHANGELOG.md">CHANGELOG</a> and
+ <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12352896">Detailed list</a>
</span>
<span> See <a href="downloads.html">Downloads page</a>.</span>
- <span class="date">(2023-02-11)</span>
+ <span class="date">(2023-05-09)</span>
</div>
<div class="bd-callout bd-callout-info">
<span class="date"><a href="NewsArchive.html">You can find older news here</a></span>
diff --git a/openmeetings-server/src/site/xdoc/security.xml b/openmeetings-server/src/site/xdoc/security.xml
index e210ccf..db681a6 100644
--- a/openmeetings-server/src/site/xdoc/security.xml
+++ b/openmeetings-server/src/site/xdoc/security.xml
@@ -45,12 +45,45 @@
Please NOTE: only security issues should be reported to this list.
</p>
</section>
+ <section name="CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash">
+ <p>Severity: Critical</p>
+ <p>Vendor: The Apache Software Foundation</p>
+ <p>Versions Affected: from 2.0.0 before 7.1.0</p>
+ <p>Description: Attacker can access arbitrary recording/room<br/>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2023-28936">CVE-2023-28936</a>
+ </p>
+ <p>The issue was fixed in 7.1.0<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 7.1.0</p>
+ <p>Credit: This issue was identified by Stefan Schiller</p>
+ </section>
+ <section name="CVE-2023-29032: Apache OpenMeetings: allows bypass authentication">
+ <p>Severity: Important</p>
+ <p>Vendor: The Apache Software Foundation</p>
+ <p>Versions Affected: from 3.1.3 before 7.1.0</p>
+ <p>Description: An attacker that has gained access to certain private information can use this to act as other user.<br/>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2023-29032">CVE-2023-29032</a>
+ </p>
+ <p>The issue was fixed in 7.1.0<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 7.1.0</p>
+ <p>Credit: This issue was identified by Stefan Schiller</p>
+ </section>
+ <section name="CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection">
+ <p>Severity: Important</p>
+ <p>Vendor: The Apache Software Foundation</p>
+ <p>Versions Affected: from 2.0.0 before 7.0.0</p>
+ <p>Description: An attacker who has gained access to an admin account can perform RCE via null-byte injection<br/>
+ <a href="https://www.cve.org/CVERecord?id=2023-29246">2023-29246</a>
+ </p>
+ <p>The issue was fixed in 7.1.0<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 7.1.0</p>
+ <p>Credit: This issue was identified by Stefan Schiller</p>
+ </section>
<section name="CVE-2023-28326: Apache OpenMeetings: allows user impersonation">
<p>Severity: Critical</p>
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: from 2.0.0 before 7.0.0</p>
<p>Description: Attacker can elevate their privileges in any room<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28326">CVE-2023-28326</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2023-28326">CVE-2023-28326</a>
</p>
<p>The issue was fixed in 7.0.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 7.0.0</p>
@@ -61,7 +94,7 @@
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: from 4.0.0 before 6.0.0</p>
<p>Description: NetTest web service can be used to overload the bandwidth of the server<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27576">CVE-2021-27576</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2021-27576">CVE-2021-27576</a>
</p>
<p>The issue was fixed in 6.0.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 6.0.0</p>
@@ -72,7 +105,7 @@
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: from 4.0.0 before 5.0.1</p>
<p>Description: NetTest web service can be used to perform Denial of Service attack<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13951">CVE-2020-13951</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2020-13951">CVE-2020-13951</a>
</p>
<p>The issue was fixed in 5.0.1<br/>
All users are recommended to upgrade to Apache OpenMeetings 5.0.1</p>
@@ -83,7 +116,7 @@
<p>Vendor: wicket-jquery-ui</p>
<p>Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1</p>
<p>Description: JS code created in WYSIWYG editor will be executed on display<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1325">CVE-2018-1325</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2018-1325">CVE-2018-1325</a>
</p>
<p>The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2<br/>
All users are recommended to upgrade to Apache OpenMeetings 4.0.3</p>
@@ -94,7 +127,7 @@
<p>Vendor: wicket-jquery-ui</p>
<p>Versions Affected: <= 6.28.0, <= 7.9.1, <= 8.0.0-M8</p>
<p>Description: Attacker can submit arbitrary JS code to WYSIWYG editor<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15719">CVE-2017-15719</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-15719">CVE-2017-15719</a>
</p>
<p>The issue was fixed in 6.28.1, 7.9.2, 8.0.0-M8.1<br/>
All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p>
@@ -106,7 +139,7 @@
<p>Versions Affected: from 3.0.0 before 4.0.2</p>
<p>Description: CRUD operations on privileged users are not password protected allowing an authenticated attacker
to deny service for privileged users.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1286">CVE-2018-1286</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2018-1286">CVE-2018-1286</a>
</p>
<p>The issue was fixed in 4.0.2<br/>
All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p>
@@ -117,7 +150,7 @@
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: 3.2.0</p>
<p>Description: Both global and Room chat are vulnerable to XSS attack<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7663">CVE-2017-7663</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7663">CVE-2017-7663</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -128,7 +161,7 @@
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: from 3.1.0 before 3.3.0</p>
<p>Description: Uploaded XML documents were not correctly validated<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7664">CVE-2017-7664</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7664">CVE-2017-7664</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -140,7 +173,7 @@
<p>Versions Affected: from 1.0.0 before 3.3.0</p>
<p>Description: Apache Openmeetings is vulnerable to Cross-Site Request Forgery (CSRF)
attacks, XSS attacks, click-jacking, and MIME based attacks<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7666">CVE-2017-7666</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7666">CVE-2017-7666</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -153,7 +186,7 @@
<p>Description: Apache OpenMeetings uses not very strong cryptographic storage,
captcha is not used in registration and forget password dialogs and auth forms
missing brute force protection<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7673">CVE-2017-7673</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7673">CVE-2017-7673</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -166,7 +199,7 @@
<p>Description: Apache OpenMeetings has an overly permissive
crossdomain.xml file. This allows for flash content to be loaded
from untrusted domains.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7680">CVE-2017-7680</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7680">CVE-2017-7680</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -180,7 +213,7 @@
This allows authenticated users to modify the structure of the existing
query and leak the structure of other queries being made by the
application in the back-end<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7681">CVE-2017-7681</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7681">CVE-2017-7681</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -192,7 +225,7 @@
<p>Versions Affected: 3.2.0</p>
<p>Description: Apache OpenMeetings is vulnerable to parameter manipulation
attacks, as a result attacker has access to restricted areas.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7682">CVE-2017-7682</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7682">CVE-2017-7682</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -204,7 +237,7 @@
<p>Versions Affected: from 1.0.0 before 3.3.0</p>
<p>Description: Apache OpenMeetings displays Tomcat version and
detailed error stack trace which is not secure.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7683">CVE-2017-7683</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7683">CVE-2017-7683</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -217,7 +250,7 @@
<p>Description: Apache OpenMeetings doesn't check contents of files
being uploaded. An attacker can cause a denial of service by
uploading multiple large files to the server<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7684">CVE-2017-7684</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7684">CVE-2017-7684</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -229,7 +262,7 @@
<p>Versions Affected: from 1.0.0 before 3.3.0</p>
<p>Description: Apache OpenMeetingsrespond to the following insecure HTTP
Methods: PUT, DELETE, HEAD, and PATCH.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7685">CVE-2017-7685</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7685">CVE-2017-7685</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -240,7 +273,7 @@
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: from 1.0.0 before 3.3.0</p>
<p>Description: Apache OpenMeetings updates user password in insecure manner.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7688">CVE-2017-7688</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-7688">CVE-2017-7688</a>
</p>
<p>The issue was fixed in 3.3.0<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.3.0</p>
@@ -253,7 +286,7 @@
<p>Description: The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the
classes for which it performs deserialization, which allows remote attackers to execute
arbitrary code via crafted serialized Java data.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5878">CVE-2017-5878</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2017-5878">CVE-2017-5878</a>
</p>
<p>The issue was fixed in 3.1.4<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.1.4</p>
@@ -264,7 +297,7 @@
<p>Vendor: The Apache Software Foundation</p>
<p>Versions Affected: from 3.1.0 before 3.1.2</p>
<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8736">CVE-2016-8736</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2016-8736">CVE-2016-8736</a>
</p>
<p>The issue was fixed in 3.1.2<br/>
All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
@@ -276,7 +309,7 @@
<p>Versions Affected: from 3.1.0 before 3.1.2</p>
<p>Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without
being escaped, leading to the reflected XSS.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2016-3089">CVE-2016-3089</a>
</p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.2</p>
<p>Credit: This issue was identified by Matthew Daley</p>
@@ -289,7 +322,7 @@
name and the current system time, and then hashing it using MD5. This is highly predictable and
can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings
user.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0783">CVE-2016-0783</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2016-0783">CVE-2016-0783</a>
</p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
@@ -305,7 +338,7 @@
directory. This could be used to, for example, overwrite the /usr/bin/convert file (or any other 3 rd
party integrated executable) with a shell script, which would be executed the next time an image file
is uploaded and imagemagick is invoked.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0784">CVE-2016-0784</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2016-0784">CVE-2016-0784</a>
</p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
@@ -319,7 +352,7 @@
possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As
the link is placed within an <a> tag, the actual link is not visible to the end user which makes it hard
to tell if the link is legit or not.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2163">CVE-2016-2163</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2016-2163">CVE-2016-2163</a>
</p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
@@ -331,7 +364,7 @@
<p>Description: When attempting to upload a file via the API using the importFileByInternalUserId or importFile
methods in the FileService, it is possible to read arbitrary files from the system. This is due to that
Java's URL class is used without checking what protocol handler is specified in the API call.<br/>
- <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2164">CVE-2016-2164</a>
+ <a href="https://www.cve.org/CVERecord?id=CVE-2016-2164">CVE-2016-2164</a>
</p>
<p>All users are recommended to upgrade to Apache OpenMeetings 3.1.1</p>
<p>Credit: This issue was identified by Andreas Lindh</p>
diff --git a/openmeetings-service/pom.xml b/openmeetings-service/pom.xml
index 335bbc1..9bbc1dd 100644
--- a/openmeetings-service/pom.xml
+++ b/openmeetings-service/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-service</artifactId>
diff --git a/openmeetings-util/pom.xml b/openmeetings-util/pom.xml
index e826187..18143c2 100644
--- a/openmeetings-util/pom.xml
+++ b/openmeetings-util/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-util</artifactId>
diff --git a/openmeetings-web/pom.xml b/openmeetings-web/pom.xml
index 963359f..dd41f26 100644
--- a/openmeetings-web/pom.xml
+++ b/openmeetings-web/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-web</artifactId>
diff --git a/openmeetings-webservice/pom.xml b/openmeetings-webservice/pom.xml
index 2f9912f..e054a0c 100644
--- a/openmeetings-webservice/pom.xml
+++ b/openmeetings-webservice/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>openmeetings-webservice</artifactId>
diff --git a/pom.xml b/pom.xml
index 1abf56b..4220f46 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,12 +26,13 @@
</parent>
<groupId>org.apache.openmeetings</groupId>
<artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
<packaging>pom</packaging>
<name>Openmeetings</name>
<description>Parent project for all OpenMeetings Maven modules. Required to hold general settings</description>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.build.outputTimestamp>2023-05-05T03:25:03Z</project.build.outputTimestamp>
<wicket.configuration>DEPLOYMENT</wicket.configuration>
<om.quick.build>false</om.quick.build>
<om.notquick.build>true</om.notquick.build>
@@ -351,7 +352,7 @@
<scm>
<connection>scm:git:https://github.com/apache/openmeetings.git</connection>
<developerConnection>scm:git:https://github.com/apache/openmeetings.git</developerConnection>
- <url>https://github.com/apache/openmeetings.git</url>
+ <url>https://github.com/apache/openmeetings/tree/7.1.0</url>
<tag>HEAD</tag>
</scm>
<mailingLists>
