Use new, smart CAPTCHA alternative – a Turnstile widget by Cloudflare, now integrated with HostBill! In today’s release we’re also introducing bulk cancellation requests. Read on for details!Continue Reading
A lot of news this week! Three new modules to start with: Seafile provisioning module to sell Seafile accounts, Phone.com notification module and hCaptcha plugin. Read on to find out more!Continue Reading
We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.
To apply security update please download and update HostBill to the lateste 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.
Upgrading to new version: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491585/Upgrading+to+new+version
Using auto upgrade plugin: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491588/Auto-Upgrade+plugin
We believe that this vulnerability is not known to the public. Its severity depends on admin area protection.
KBKP Software always encourages our clients to take extra steps for protection:
Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.
In the last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:
For manual patch apply please extract archive contents in main HostBill directory.
We strongly recommend upgrading to the latest HostBill version (4.6.4 – archive also contains patched files)
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.
Patch was introduced immediately for auto-upgrade feature.
We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration. We cannot leave our users at risk – we take security very seriously.
Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)
Please extract this patch in main HostBill directory. It is also available in auto-update plugin.
Version 4.6.0 available in downloads section has also been patched, so if you’re using older version it’s advised to upgrade to the latest version.