Browse Tag: security

HostBill 4.1.4 Release

As scheduled – week passed and the new HostBill version is ready: 4.1.4 with multiple improvements and bug fixes is available for download.
What’s new:

Client signup captcha
Spambots now seem to attack even billing systems – there is no better way to prevent it than implementing captcha. By default new client signups require captcha confirmation (you can disable captcha field in Clients->Registration fields)

Client profile files
You can now upload files directly in client profile, so it can be accessible only by this client, or staff members visiting client profile.

Fixed invoice data
When using EU invoicing, you can prevent client details edits appearing on invoices by simply enabling one option in admin config. Learn more

BitPay.com payment gateway
BitCoin digital currency gains popularity, start accepting payments in BitCoins now with BitPay payment gateway for HostBill. Learn more.

Full changelog available at http://hostbillapp.com/changelog

Important Security Update & HostBill 4.0 Release

Within the last few hours we’ve been notified by external auditor about SQL Injection vulnerability found in current HostBill releases.

As 4.0 version is ready it also includes patch for this problem. Please update at your earliest convenience, before vulnerability details become widely known. We recommend using auto-upgrade plugin, to make sure you’re always up-to-date with recent updates/patches.


So whats new in HostBill 4.0.0 ?

Reports in HostBill
HostBill always had nice-looking and insightful graphical statistics, but we realize that sometimes numbers looks better printed, or are even required in this representation. Make sure to check flexible new reports, allowing for drag & drop output adjustments, multiple output formats (HTML, CSV, PDF, TXT & more) & easy report criteria modification in HostBill 4.0
Learn more at http://blog.hostbillapp.com/

New Orderpage: Smart Wizard
Created to sell more with each well-designed step this orderpage is another amazing item on our rich collection

Check this, and another available orderpages at http://hostbillapp.com/features/order-pages.php

Full changelog available at: http://hostbillapp.com/changelog/

HostBill Security Patch

Within last few hours we’ve been notified about potential LFD security threat that affects HostBill installations, caused by one of used libraries.
Although its severity really depends on server configuration we cannot leave our users at risk – we take security very seriously.

Download patch from here: http://hostbillapp.com/clientarea/patches/hostbill_patch3.8.0_3426.zip (for version 3.8).

Patching process is simple – extract archive contents in main HostBill directory, no db updates/install is required.

HostBill 3.8.0 archive available in our client area has also been patched, please upgrade to latest version if you’re using < 3.8

HostBill 3.1.2 Released – Important security update

Whats new in HostBill 3.1.2 ?
Translation tags – simple yet powerful tool to make your favourite billing system 100% multilingual – learn more.

OnApp Cloud selector – if you have more than one cloud installation – HostBill is the right billing system for you! Now you can give your customers the ability to select cloud during checkout with automatic provisioning still working – learn more.

Note: We’ve decided to release HostBill 3.1.2 sooner than expected (by exactly 2 days), as a result of potential security issue detected. Problem may apply to HostBills not secured after initial installation and using built-in HostBill ticketing system.

We apologize for the inconvenience – please upgrade.

Full changelog:
hostbillapp.com/changelog/

Install / upgrade:
https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491526/HostBill+Install+Upgrade

HostBill Security Patch for 2.X: Critical Security Issue

Dear Clients!
HostBill 2.x security patch.
Last night one of our clients notified us about potential security threat affecting HostBill versions 2.x, which may allow to access admin area with previously stolen session cookie.

Please download this patch as soon as possible: https://hostbillapp.com/clientarea/index.php?cmd=module&module=downloads&file=11
To apply patch please extract archive contents in your HostBill directory, or upload its contents directly to your install (there is only one file that requires overwriting).

We’re not aware of any installation compromised other than reported last night.
If you have questions or any concerns please feel free to contact us. We do apologize for any inconvenience.

Note: 2.8 version download package contains this patch by default from now on, 2.9 version that is scheduled to release next week will also contain it.

  • 1
  • 2