Browse Tag: security

Security Advisory – HostBill version 2013-12-14

We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.

Applying update
To apply security update please download latest and update HostBill to 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.

Upgrading to new version: http://wiki.hostbillapp.com/index.php?title=Upgrading_to_new_version
Using auto upgrade plugin: http://wiki.hostbillapp.com/index.php?title=Auto-Upgrade_plugin

We believe that this vulnerability is not known to the public, its severity depends on adminarea protection.
KBKP Software always encourages our clients to take extra steps for protection:
http://wiki.hostbillapp.com/index.php?title=Additional_security_steps

Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.

Security Advisory – HostBill versions 4.x

In last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:

https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.4_4347.zip

For manual patch apply please extract archive contents in main HostBill dir.
We strongly recommend upgrading to latest HostBill version (4.6.4 – archive also contains patched files)

Patched vulnerability
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.

Patch was introduced immediately for auto-upgrade feature

Important Security Patch Released

We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration we cannot leave our users at risk – we take security very seriously.

Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)

Please extract this patch in main HostBill directory. It is also available in auto-update plugin.

Version 4.6.0 available in downloads section has also been patched, so if you’re using older version its advised to upgrade to latest version.

HostBill 4.1.4 Release

As scheduled – week passed and new HostBill version is ready: 4.1.4 with multiple improvements and bug fixes is available for download.
Whats new:

Client signup captcha
Spambots now seem to attack even billing systems – there is no better way to prevent it than implementing captcha. By default new client signups require captcha confirmation (you can disable captcha field in Clients->Registration fields)

Client profile files
You can now upload files directly in client profile, so it can be accessible only by this client, or staff members visiting client profile.

Fixed invoice data
When using EU invoicing, you can prevent client details edits appearing on invoices by simply enabling one option in admin config. Learn more

BitPay.com payment gateway
BitCoin digital currency gains popularity, start accepting payments in BitCoins now with BitPay payment gateway for HostBill. Learn more.

Full changelog available at http://hostbillapp.com/changelog

Important Security Update & HostBill 4.0 Release

Within last few hours we’ve been notified by external auditor about SQL Injection vulnerability found in current HostBill releases.

As 4.0 version is ready it also includes patch for this problem. Please update at your earliest convenience, before vulnerability details become widely known. We recommend using auto-upgrade plugin, to make sure you’re always up-to-date with recent updates/patches.


So whats new in HostBill 4.0.0 ?

Reports in HostBill
HostBill always had nice-looking and insightful graphical statistics, but we realize that sometimes numbers looks better printed, or are even required in this representation. Make sure to check flexible new reports, allowing for drag & drop output adjustments, multiple output formats (HTML,CSV,PDF,TXT & more) & easy report criteria modification in HostBill 4.0
Learn more at http://blog.hostbillapp.com/

New Orderpage: Smart Wizard
Created to sell more with each well-designed step this orderpage is another amazing item on our rich collection

Check this, and another available orderpages at http://hostbillapp.com/features/order-pages.php

Full changelog available at: http://hostbillapp.com/changelog/

HostBill Security Patch

Within last few hours we’ve been notified about potential LFD security threat that affects HostBill installations, caused by one of used libraries.
Although its severity really depends on server configuration we cannot leave our users at risk – we take security very seriously.

Download patch from here: http://hostbillapp.com/clientarea/patches/hostbill_patch3.8.0_3426.zip (for version 3.8).

Patching process is simple – extract archive contents in main HostBill directory, no db updates/install is required.

HostBill 3.8.0 archive available in our clientarea has also been patched, please upgrade to latest version if you’re using < 3.8

HostBill 3.1.2 Released – Important security update

Whats new in HostBill 3.1.2 ?
Translation tags – simple yet powerful tool to make your favourite billing system 100% multilingual – learn more

OnApp Cloud selector – if you have more than one cloud installation – HostBill is right billing system for you! Now you can give your customers ability to select cloud during checkout with automatic provisioning still working – learn more

Note: We’ve decided to release HostBill 3.1.2 sooner than expected (by exactly 2 days), as a result of potential security issue detected. Problem may apply to HostBills not secured after initial installation and using built-in HostBill ticketing system.

We apologize for the inconvenience – please upgrade.

 

Full changelog:
hostbillapp.com/changelog/

Install / upgrade:
wiki.hostbillapp.com/index.php?title=Main_Page

  • 1
  • 2