This is an automated email from the ASF dual-hosted git repository. solomax pushed a commit to branch 4.0.x in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/4.0.x by this push: new 651addb Release preparation: documentation update 651addb is described below commit 651addb2160b6bfe4c45b1e7a71c5d86002dc237 Author: Maxim Solodovnik <solomax...@gmail.com> AuthorDate: Tue Apr 10 22:37:42 2018 +0700 Release preparation: documentation update --- CHANGELOG | 26 ++++++++++++++++ README | 17 ++++++++++ openmeetings-server/src/site/xdoc/NewsArchive.xml | 38 +++++++++++++++++++++++ openmeetings-server/src/site/xdoc/downloads.xml | 36 ++++++++++----------- openmeetings-server/src/site/xdoc/index.xml | 35 +++++++-------------- openmeetings-server/src/site/xdoc/security.xml | 11 +++++++ 6 files changed, 122 insertions(+), 41 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 7229be5..ca5f9fe 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,32 @@ Apache OpenMeetings Change Log See http://issues.apache.org/jira/browse/OPENMEETINGS-* (where * is the number of the issue below) See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-* (where * is the number of CVE below) +Release Notes - Openmeetings - Version 4.0.3 +================================================================================================================ + +** Vulnerability + * CVE-2018-1325 - Wicket Jquery UI: XSS while displaying value in WYSIWYG editor + +** Bug + * [OPENMEETINGS-1836] - Performance degradation + * [OPENMEETINGS-1837] - Audio isn't recording but the video is ok + * [OPENMEETINGS-1840] - Add Group in Room + * [OPENMEETINGS-1841] - List Of All Groups and Group is not Deleted + * [OPENMEETINGS-1849] - WhiteBoard tab needed to broadcast cam/audio + * [OPENMEETINGS-1852] - Impossible to set/change password of privileged user + * [OPENMEETINGS-1853] - Closed Room redirect link causes error + * [OPENMEETINGS-1857] - RoomWebService hash method is broken + +** Improvement + * [OPENMEETINGS-1791] - Quick response within a session + * [OPENMEETINGS-1863] - Red5sip Log-files - add a command to VoIP tutorial (chown nobody) + +** Task + * [OPENMEETINGS-1848] - Library versions need to be updated (4.0.3) + * [OPENMEETINGS-1862] - Apache mailing list RSS is not loaded + * [OPENMEETINGS-1866] - Entity enums should be annotated with different namespaces + + Release Notes - OpenMeetings - Version 4.0.2 ================================================================================================================ diff --git a/README b/README index 40299ca..8af64ea 100644 --- a/README +++ b/README @@ -8,6 +8,23 @@ Apache OpenMeetings provides video conferencing, instant messaging, white board, collaborative document editing and other groupware tools using API functions of the Red5 Streaming Server for Remoting and Streaming. +Release Notes 4.0.3 +============= +see CHANGELOG file for detailed log + +Release 4.0.3, provides following improvements: + +Security fix in Calendar + +Room: +* Performance was improved +* Issues with audio/video were fixed +* Quick poll was added + +Multiple improvements in web services + +Other fixes and improvements, 13 issues were fixed + Release Notes 4.0.2 ============= see CHANGELOG file for detailed log diff --git a/openmeetings-server/src/site/xdoc/NewsArchive.xml b/openmeetings-server/src/site/xdoc/NewsArchive.xml index 8ca31db..b0ab7aa 100644 --- a/openmeetings-server/src/site/xdoc/NewsArchive.xml +++ b/openmeetings-server/src/site/xdoc/NewsArchive.xml @@ -22,6 +22,44 @@ <body> <section name="News"> <div class="bs-callout bs-callout-info"> + <b>Version 4.0.2 released!</b> + <div>Release 4.0.2, provides following improvements:<br/> + <div class="bs-callout bs-callout-danger">Security fixes in Chat</div> + <br/> + Chat:<br/> + <ul> + <li>Send on Enter/Ctrl+Enter</li> + <li>Invited guest's name displayed as expected</li> + <li>Turned OFF global chat is not displayed</li> + <li>Link works as expected</li> + <li>Smiles works as expected</li> + <li>Hover removed from chat</li> + </ul> + <br/> + Room:<br/> + <ul> + <li>Download as PDF</li> + <li>Download/screen-sharing application in IE</li> + <li>No duplicated users</li> + <li>Activities&Actions improved</li> + <li>Number of users is displayed in the room</li> + <li>Mathematical formulas on WB</li> + </ul> + <br/> + Other fixes and improvements + <div class="bs-callout bs-callout-info">Please update to this release from any previous OpenMeetings release</div> + </div> + <br/> + + <span> + 32 issues are fixed please check <br/> + <a href="https://www.apache.org/dist/openmeetings/4.0.2/CHANGELOG">CHANGELOG</a> and + <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12342276">Detailed list</a> + </span> + <span> See <a href="downloads.html">Downloads page</a>.</span> + <span class="date">(2018-02-24)</span> + </div> + <div class="bs-callout bs-callout-info"> <b>Version 4.0.1 released!</b> <div>Release 4.0.1, provides following improvements:<br/> <ul> diff --git a/openmeetings-server/src/site/xdoc/downloads.xml b/openmeetings-server/src/site/xdoc/downloads.xml index e54174a..5a22178 100644 --- a/openmeetings-server/src/site/xdoc/downloads.xml +++ b/openmeetings-server/src/site/xdoc/downloads.xml @@ -24,31 +24,31 @@ <section name="Downloads"> <p> All downloads should be verified using the Apache OpenMeetings code - signing <a href="https://www.apache.org/dist/openmeetings/4.0.2/KEYS">KEYS</a>, <br/> + signing <a href="https://www.apache.org/dist/openmeetings/4.0.3/KEYS">KEYS</a>, <br/> Here are <a href="https://www.apache.org/dyn/closer.cgi#verify">the instructions</a><br/> <br/> - changes: <a href="https://www.apache.org/dist/openmeetings/4.0.2/CHANGELOG">CHANGELOG</a>. + changes: <a href="https://www.apache.org/dist/openmeetings/4.0.3/CHANGELOG">CHANGELOG</a>. </p> <p> All versions are available for download as source and binary. </p> <subsection name="Latest Official Release"> <p> - Apache OpenMeetings 4.0.2 + Apache OpenMeetings 4.0.3 </p> <ul> <li> Binaries: <ul> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.zip">apache-openmeetings-4.0.2.zip</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.zip.asc">[SIG]</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.zip.sha256">[SHA256]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.3/bin/apache-openmeetings-4.0.3.zip">apache-openmeetings-4.0.3.zip</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/bin/apache-openmeetings-4.0.3.zip.asc">[SIG]</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/bin/apache-openmeetings-4.0.3.zip.sha256">[SHA256]</a> </li> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.tar.gz">apache-openmeetings-4.0.2.tar.gz</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.tar.gz.asc">[SIG]</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.tar.gz.sha256">[SHA256]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.3/bin/apache-openmeetings-4.0.3.tar.gz">apache-openmeetings-4.0.3.tar.gz</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/bin/apache-openmeetings-4.0.3.tar.gz.asc">[SIG]</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/bin/apache-openmeetings-4.0.3.tar.gz.sha256">[SHA256]</a> </li> </ul> </li> @@ -56,22 +56,22 @@ Sources: <ul> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.zip">apache-openmeetings-4.0.2-src.zip</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.zip.asc">[SIG]</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.zip.sha256">[SHA256]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.3/src/apache-openmeetings-4.0.3-src.zip">apache-openmeetings-4.0.3-src.zip</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/src/apache-openmeetings-4.0.3-src.zip.asc">[SIG]</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/src/apache-openmeetings-4.0.3-src.zip.sha256">[SHA256]</a> </li> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.tar.gz">apache-openmeetings-4.0.2-src.tar.gz</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.tar.gz.asc">[SIG]</a> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.tar.gz.sha256">[SHA256]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.3/src/apache-openmeetings-4.0.3-src.tar.gz">apache-openmeetings-4.0.3-src.tar.gz</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/src/apache-openmeetings-4.0.3-src.tar.gz.asc">[SIG]</a> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/src/apache-openmeetings-4.0.3-src.tar.gz.sha256">[SHA256]</a> </li> </ul> </li> <li> - Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/4.0.2">https://github.com/openmeetings/openmeetings-docker/tree/4.0.2</a> + Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/4.0.3">https://github.com/openmeetings/openmeetings-docker/tree/4.0.3</a> </li> <li> - ISO: <a href="https://om.alteametasoft.com/om_4.0.2.qcow2">https://om.alteametasoft.com/om_4.0.2.qcow2</a> (QEMU qcow2 format) + ISO: <a href="https://om.alteametasoft.com/om_4.0.3.qcow2">https://om.alteametasoft.com/om_4.0.3.qcow2</a> (QEMU qcow2 format) <source> <![CDATA[ ####### PLEASE CHANGE ALL PASSWORDS !! @@ -85,7 +85,7 @@ OM: om_admin/1Q2w3e4r5t^y # run # memory ==: "-m 2G" # number of cores ==: "-smp 1" -qemu-system-x86_64 -boot d -smp 1 -m 2G -drive format=qcow2,file=om_4.0.2.qcow2 -net user,hostfwd=tcp::10022-:22,hostfwd=tcp::15080-:5080 -net nic +qemu-system-x86_64 -boot d -smp 1 -m 2G -drive format=qcow2,file=om_4.0.3.qcow2 -net user,hostfwd=tcp::10022-:22,hostfwd=tcp::15080-:5080 -net nic # connect ssh om_admin@localhost -p10022 diff --git a/openmeetings-server/src/site/xdoc/index.xml b/openmeetings-server/src/site/xdoc/index.xml index 9ccbe11..39f464a 100644 --- a/openmeetings-server/src/site/xdoc/index.xml +++ b/openmeetings-server/src/site/xdoc/index.xml @@ -69,42 +69,31 @@ </section> <section name="News"> <div class="bs-callout bs-callout-danger"> - <b>Version 4.0.2 released!</b> - <div>Release 4.0.2, provides following improvements:<br/> - <div class="bs-callout bs-callout-danger">Security fixes in Chat</div> - <br/> - Chat:<br/> - <ul> - <li>Send on Enter/Ctrl+Enter</li> - <li>Invited guest's name displayed as expected</li> - <li>Turned OFF global chat is not displayed</li> - <li>Link works as expected</li> - <li>Smiles works as expected</li> - <li>Hover removed from chat</li> - </ul> + <b>Version 4.0.3 released!</b> + <div>Release 4.0.3, provides following improvements:<br/> + <div class="bs-callout bs-callout-danger">Security fix in Calendar</div> <br/> Room:<br/> <ul> - <li>Download as PDF</li> - <li>Download/screen-sharing application in IE</li> - <li>No duplicated users</li> - <li>Activities&Actions improved</li> - <li>Number of users is displayed in the room</li> - <li>Mathematical formulas on WB</li> + <li>Performance was improved</li> + <li>Issues with audio/video were fixed</li> + <li>Quick poll was added</li> </ul> <br/> + Multiple improvements in web services + <br/> Other fixes and improvements <div class="bs-callout bs-callout-info">Please update to this release from any previous OpenMeetings release</div> </div> <br/> <span> - 32 issues are fixed please check <br/> - <a href="https://www.apache.org/dist/openmeetings/4.0.2/CHANGELOG">CHANGELOG</a> and - <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12342276">Detailed list</a> + 13 issues are fixed please check <br/> + <a href="https://www.apache.org/dist/openmeetings/4.0.3/CHANGELOG">CHANGELOG</a> and + <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12342829">Detailed list</a> </span> <span> See <a href="downloads.html">Downloads page</a>.</span> - <span class="date">(2017-02-24)</span> + <span class="date">(2018-04-13)</span> </div> <div class="bs-callout bs-callout-info"> <span class="date"><a href="NewsArchive.html">You can find older news here</a></span> diff --git a/openmeetings-server/src/site/xdoc/security.xml b/openmeetings-server/src/site/xdoc/security.xml index 5749072..afdbb76 100644 --- a/openmeetings-server/src/site/xdoc/security.xml +++ b/openmeetings-server/src/site/xdoc/security.xml @@ -45,6 +45,17 @@ Please NOTE: only security issues should be reported to this list. </p> </section> + <section name="CVE-2018-1325 - Wicket Jquery UI: XSS while displaying value in WYSIWYG editor"> + <p>Severity: High</p> + <p>Vendor: wicket-jquery-ui</p> + <p>Versions Affected: <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1</p> + <p>Description: JS code created in WYSIWYG editor will be executed on display<br/> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1325">CVE-2018-1325</a> + </p> + <p>The issue was fixed in 6.29.1, 7.10.2, 8.0.0-M9.2<br/> + All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p> + <p>Credit: This issue was identified by Kamil Sevi</p> + </section> <section name="CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG editor"> <p>Severity: High</p> <p>Vendor: wicket-jquery-ui</p> -- To stop receiving notification emails like this one, please contact solo...@apache.org.