A lot of news this week! Three new modules to start with: Seafile provisioning module to sell Seafile accounts, Phone.com notification module and hCaptcha plugin. Read on to find out more!Continue Reading
We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.
To apply security update please download and update HostBill to the lateste 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.
Upgrading to new version: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491585/Upgrading+to+new+version
Using auto upgrade plugin: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491588/Auto-Upgrade+plugin
We believe that this vulnerability is not known to the public. Its severity depends on admin area protection.
KBKP Software always encourages our clients to take extra steps for protection:
Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.
In the last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:
For manual patch apply please extract archive contents in main HostBill directory.
We strongly recommend upgrading to the latest HostBill version (4.6.4 – archive also contains patched files)
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.
Patch was introduced immediately for auto-upgrade feature.
We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration. We cannot leave our users at risk – we take security very seriously.
Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)
Please extract this patch in main HostBill directory. It is also available in auto-update plugin.
Version 4.6.0 available in downloads section has also been patched, so if you’re using older version it’s advised to upgrade to the latest version.
As scheduled – week passed and the new HostBill version is ready: 4.1.4 with multiple improvements and bug fixes is available for download.
Client signup captcha
Spambots now seem to attack even billing systems – there is no better way to prevent it than implementing captcha. By default new client signups require captcha confirmation (you can disable captcha field in Clients->Registration fields)
Client profile files
You can now upload files directly in client profile, so it can be accessible only by this client, or staff members visiting client profile.
Fixed invoice data
When using EU invoicing, you can prevent client details edits appearing on invoices by simply enabling one option in admin config. Learn more
BitPay.com payment gateway
BitCoin digital currency gains popularity, start accepting payments in BitCoins now with BitPay payment gateway for HostBill. Learn more.
Full changelog available at http://hostbillapp.com/changelog