This is an automated email from the ASF dual-hosted git repository. solomax pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/openmeetings.git
commit 21e0ad5375b2a2f0610dbba0450dfdbce2b37749 Author: Maxim Solodovnik <[email protected]> AuthorDate: Thu Jan 2 13:33:29 2025 +0700 8.0.0 Release: documentation and versions --- CHANGELOG.md | 17 ++++++++++ README.md | 26 ++++++++++++--- openmeetings-core/pom.xml | 2 +- openmeetings-db/pom.xml | 2 +- openmeetings-install/pom.xml | 2 +- openmeetings-mediaserver/pom.xml | 2 +- openmeetings-screenshare/pom.xml | 2 +- openmeetings-server/pom.xml | 2 +- openmeetings-server/src/site/xdoc/NewsArchive.xml | 39 ++++++++++++++++++++++- openmeetings-server/src/site/xdoc/downloads.xml | 30 ++++++++--------- openmeetings-server/src/site/xdoc/index.xml | 30 ++++++++--------- openmeetings-server/src/site/xdoc/security.xml | 19 +++++++++++ openmeetings-service/pom.xml | 2 +- openmeetings-tests/pom.xml | 2 +- openmeetings-util/pom.xml | 2 +- openmeetings-web/pom.xml | 2 +- openmeetings-webservice/pom.xml | 2 +- pom.xml | 4 +-- 18 files changed, 138 insertions(+), 49 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 27101da6b..389fcfde5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,23 @@ See https://issues.apache.org/jira/browse/OPENMEETINGS-* (where * is the number See https://www.cve.org/CVERecord?id=CVE-* (where * is the number of CVE below) +Release Notes - Openmeetings - Version 8.0.0 +================================================================================================================ + +* Vulnerability + * CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode + +* Task + * [OPENMEETINGS-2756] - Migration to Jakarta + * [OPENMEETINGS-2780] - (8.0.0) Libraries should be updated + * [OPENMEETINGS-2781] - Third-party licenses must be correctly listed in LICENSE file + * [OPENMEETINGS-2783] - (8.0.0) Sonar issues need to be addressed + * [OPENMEETINGS-2784] - Migrate to FullCalendar v6 + * [OPENMEETINGS-2785] - (8.0.0) All translations from PoEditor should be synced + * [OPENMEETINGS-2786] - SBOM generation should be added to the build + * [OPENMEETINGS-2787] - Startup script and clustering instructions need to be updated + + Release Notes - Openmeetings - Version 7.2.0 ================================================================================================================ diff --git a/README.md b/README.md index 1ae342eec..ecbf167d6 100644 --- a/README.md +++ b/README.md @@ -57,12 +57,30 @@ See the [CHANGELOG.md](/CHANGELOG.md) file for a detailed log. ### Recent Releases +<details> + <summary>Release 8.0.0 - Security updates, switching to Tomcat 11 and Jakarta stack.</summary> + +8.0.0 +----- +[Release 8.0.0](https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0), provides following improvements: + +Security: +* OM is moved to Jakarta stack +* All libraries are updated to most recent versions + +UI: +* Fullcalendar v6 is used + +***1 security vulnerability was addressed*** + +Some other fixes and improvements, 8 issues were addressed +</details> <details> <summary>Release 7.2.0 - Java 17 and KMS 6.18.0+ required. Includes security, UI, and other improvements.</summary> 7.2.0 ----- -[Release 7.2.0](https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0), provides following improvements: +[Release 7.2.0](https://www.apache.org/dist/openmeetings/7.2.0), provides following improvements: IMPORTANT: Java 17 and KMS 6.18.0+ are required @@ -101,7 +119,7 @@ Stability: Some other fixes and improvements, 12 issues were addressed </details> <details> - <summary>Release 7.0.0 - Improved UI, 2-factor authentication, and more.</summary> + <summary>Older Releases Details:</summary> 7.0.0 ----- @@ -118,9 +136,7 @@ UI and Security: * Libraries are updated with most recent versions Some other fixes and improvements, 28 issues were addressed -</details> -<details> - <summary>Older Releases Details:</summary> + 6.3.0 ----- diff --git a/openmeetings-core/pom.xml b/openmeetings-core/pom.xml index dbfc52c3f..fa4130923 100644 --- a/openmeetings-core/pom.xml +++ b/openmeetings-core/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-core</artifactId> diff --git a/openmeetings-db/pom.xml b/openmeetings-db/pom.xml index 37792b6af..c7c5e68b2 100644 --- a/openmeetings-db/pom.xml +++ b/openmeetings-db/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-db</artifactId> diff --git a/openmeetings-install/pom.xml b/openmeetings-install/pom.xml index 4b563bab0..171dd3711 100644 --- a/openmeetings-install/pom.xml +++ b/openmeetings-install/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-install</artifactId> diff --git a/openmeetings-mediaserver/pom.xml b/openmeetings-mediaserver/pom.xml index 1a2758a1d..6e3ffe289 100644 --- a/openmeetings-mediaserver/pom.xml +++ b/openmeetings-mediaserver/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-mediaserver</artifactId> diff --git a/openmeetings-screenshare/pom.xml b/openmeetings-screenshare/pom.xml index a36ccdac5..75d229a1b 100644 --- a/openmeetings-screenshare/pom.xml +++ b/openmeetings-screenshare/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-screenshare</artifactId> diff --git a/openmeetings-server/pom.xml b/openmeetings-server/pom.xml index e56f3c043..34f67eceb 100644 --- a/openmeetings-server/pom.xml +++ b/openmeetings-server/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-server</artifactId> diff --git a/openmeetings-server/src/site/xdoc/NewsArchive.xml b/openmeetings-server/src/site/xdoc/NewsArchive.xml index 335c251eb..e88c50ac8 100644 --- a/openmeetings-server/src/site/xdoc/NewsArchive.xml +++ b/openmeetings-server/src/site/xdoc/NewsArchive.xml @@ -20,8 +20,45 @@ </properties> <body> + <section name="Release 7.2.0"> + <div class="bd-callout bd-callout-info"> + <div class="h4">Version 7.2.0 released!</div> + <div>Release 7.2.0, provides following improvements:<br/> + <div class="bd-callout bd-callout-info"> + <br/> + IMPORTANT: Java 17 and KMS 6.18.0+ are required + </div> + + Security: + <ul> + <li>Login/email are now processed in case insensitive mode</li> + <li>Messages and contacts: message folders are not shared between users</li> + <li>All dependencies are updated with most recent versions</li> + </ul> + + UI: + <ul> + <li>Too big profile pictures are now resized</li> + <li>Room looks better in RTL mode</li> + <li>Email messages looks better</li> + </ul> + <br/> + <br/> + Other fixes and improvements + </div> + <br/> + + <span> + 10 issues are fixed please check <br/> + <a href="https://www.apache.org/dist/openmeetings/7.2.0/CHANGELOG.md";>CHANGELOG</a> and + <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12353202";>Detailed list</a> + </span> + <span> See <a href="https://archive.apache.org/dist/openmeetings/7.2.0";>Archived download</a>.</span> + <span class="date">(2023-12-23)</span> + </div> + </section> <section name="Release 7.1.0"> - <div class="bd-callout bd-callout-danger"> + <div class="bd-callout bd-callout-info"> <div class="h4">Version 7.1.0 released!</div> <div>Release 7.1.0, provides following improvements:<br/> <div class="bd-callout bd-callout-info"> diff --git a/openmeetings-server/src/site/xdoc/downloads.xml b/openmeetings-server/src/site/xdoc/downloads.xml index 5bcb0dde0..ad505250d 100644 --- a/openmeetings-server/src/site/xdoc/downloads.xml +++ b/openmeetings-server/src/site/xdoc/downloads.xml @@ -32,21 +32,21 @@ </p> <subsection name="Latest Official WebRTC Release"> <p> - Apache OpenMeetings 7.2.0 + Apache OpenMeetings 8.0.0 </p> <ul> <li> Binaries: <ul> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.zip";>apache-openmeetings-7.2.0.zip</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.zip.asc";>[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.zip.sha512";>[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.zip";>apache-openmeetings-8.0.0.zip</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.zip.asc";>[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.zip.sha512";>[SHA512]</a> </li> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.tar.gz";>apache-openmeetings-7.2.0.tar.gz</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.tar.gz.asc";>[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.tar.gz.sha512";>[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.tar.gz";>apache-openmeetings-8.0.0.tar.gz</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.tar.gz.asc";>[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.tar.gz.sha512";>[SHA512]</a> </li> </ul> </li> @@ -54,22 +54,22 @@ Sources: <ul> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.zip";>apache-openmeetings-7.2.0-src.zip</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.zip.asc";>[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.zip.sha512";>[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.zip";>apache-openmeetings-8.0.0-src.zip</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.zip.asc";>[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.zip.sha512";>[SHA512]</a> </li> <li> - <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.tar.gz";>apache-openmeetings-7.2.0-src.tar.gz</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.tar.gz.asc";>[SIG]</a> - <a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.tar.gz.sha512";>[SHA512]</a> + <a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.tar.gz";>apache-openmeetings-8.0.0-src.tar.gz</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.tar.gz.asc";>[SIG]</a> + <a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.tar.gz.sha512";>[SHA512]</a> </li> </ul> </li> <li> - Changes: <a href="https://downloads.apache.org/openmeetings/7.2.0/CHANGELOG.md";>CHANGELOG.md</a>. + Changes: <a href="https://downloads.apache.org/openmeetings/8.0.0/CHANGELOG.md";>CHANGELOG.md</a>. </li> <li> - Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/7.2.0";>https://github.com/openmeetings/openmeetings-docker/tree/7.2.0</a> + Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/8.0.0";>https://github.com/openmeetings/openmeetings-docker/tree/8.0.0</a> </li> <li> <a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu";>Live OM iso images by Alvaro</a> diff --git a/openmeetings-server/src/site/xdoc/index.xml b/openmeetings-server/src/site/xdoc/index.xml index daeef7aec..38485dd16 100644 --- a/openmeetings-server/src/site/xdoc/index.xml +++ b/openmeetings-server/src/site/xdoc/index.xml @@ -69,25 +69,25 @@ </section> <section name="News"> <div class="bd-callout bd-callout-danger"> - <div class="h4">Version 7.2.0 released!</div> - <div>Release 7.2.0, provides following improvements:<br/> - <div class="bd-callout bd-callout-info"> - <br/> - IMPORTANT: Java 17 and KMS 6.18.0+ are required + <div class="h4">Version 8.0.0 released!</div> + <div>Release 8.0.0, provides following improvements:<br/> + <div class="bd-callout bd-callout-danger"> + Security vulnerability <b>CVE-2024-54676 - Apache OpenMeetings: Deserialisation of untrusted data in cluster mode</b> was fixed, + please check <a href="security.html">Security Page</a><br/> </div> + <br/> + Other fixes<br/> + <br/> Security: <ul> - <li>Login/email are now processed in case insensitive mode</li> - <li>Messages and contacts: message folders are not shared between users</li> - <li>All dependencies are updated with most recent versions</li> + <li>OM is moved to Jakarta stack</li> + <li>All libraries are updated to most recent versions</li> </ul> UI: <ul> - <li>Too big profile pictures are now resized</li> - <li>Room looks better in RTL mode</li> - <li>Email messages looks better</li> + <li>Fullcalendar v6 is used</li> </ul> <br/> <br/> @@ -96,12 +96,12 @@ <br/> <span> - 10 issues are fixed please check <br/> - <a href="https://www.apache.org/dist/openmeetings/7.2.0/CHANGELOG.md";>CHANGELOG</a> and - <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12353202";>Detailed list</a> + 8 issues are fixed please check <br/> + <a href="https://www.apache.org/dist/openmeetings/8.0.0/CHANGELOG.md";>CHANGELOG</a> and + <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12354067";>Detailed list</a> </span> <span> See <a href="downloads.html">Downloads page</a>.</span> - <span class="date">(2023-12-23)</span> + <span class="date">(2025-01-03)</span> </div> <div class="bd-callout bd-callout-info"> <span class="date"><a href="NewsArchive.html">You can find older news here</a></span> diff --git a/openmeetings-server/src/site/xdoc/security.xml b/openmeetings-server/src/site/xdoc/security.xml index 265744708..53bf8b701 100644 --- a/openmeetings-server/src/site/xdoc/security.xml +++ b/openmeetings-server/src/site/xdoc/security.xml @@ -45,6 +45,25 @@ Please NOTE: only security issues should be reported to this list. </p> </section> + <section name="CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode"> + <p>Severity: important</p> + <p>Vendor: The Apache Software Foundation</p> + <p>Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0</p> + <p>Description: Default clustering instructions at + <a href="https://openmeetings.apache.org/Clustering.html";>Clustering instructions</a> doesn't specify + white/black lists for OpenJPA this leads to possible deserialisation + of untrusted data.<br/> + Users are recommended to upgrade to version 8.0.0 and update their + startup scripts to include the relevant + <code>'openjpa.serialization.class.blacklist'</code> and + <code>'openjpa.serialization.class.whitelist'</code> configurations as shown in the + documentation.<br/> + <a href="https://www.cve.org/CVERecord?id=CVE-2024-54676";>CVE-2024-54676</a> + </p> + <p>The issue was fixed in 8.0.0<br/> + All users are recommended to upgrade to Apache OpenMeetings 8.0.0</p> + <p>Credit: This issue was identified by m0d9 from Tencent Yunding Lab</p> + </section> <section name="CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash"> <p>Severity: Critical</p> <p>Vendor: The Apache Software Foundation</p> diff --git a/openmeetings-service/pom.xml b/openmeetings-service/pom.xml index 4384c2e72..98d6aa3a3 100644 --- a/openmeetings-service/pom.xml +++ b/openmeetings-service/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-service</artifactId> diff --git a/openmeetings-tests/pom.xml b/openmeetings-tests/pom.xml index 0deadc56a..bcc59def4 100644 --- a/openmeetings-tests/pom.xml +++ b/openmeetings-tests/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-tests</artifactId> diff --git a/openmeetings-util/pom.xml b/openmeetings-util/pom.xml index 9261b12d5..16d0bae01 100644 --- a/openmeetings-util/pom.xml +++ b/openmeetings-util/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-util</artifactId> diff --git a/openmeetings-web/pom.xml b/openmeetings-web/pom.xml index ebc98ce95..c9baeca60 100644 --- a/openmeetings-web/pom.xml +++ b/openmeetings-web/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-web</artifactId> diff --git a/openmeetings-webservice/pom.xml b/openmeetings-webservice/pom.xml index 34409e16d..c8729e34e 100644 --- a/openmeetings-webservice/pom.xml +++ b/openmeetings-webservice/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <relativePath>..</relativePath> </parent> <artifactId>openmeetings-webservice</artifactId> diff --git a/pom.xml b/pom.xml index 064c13f4a..5ca01b054 100644 --- a/pom.xml +++ b/pom.xml @@ -26,13 +26,13 @@ </parent> <groupId>org.apache.openmeetings</groupId> <artifactId>openmeetings-parent</artifactId> - <version>8.0.0-SNAPSHOT</version> + <version>8.0.0</version> <packaging>pom</packaging> <name>Openmeetings</name> <description>Parent project for all OpenMeetings Maven modules. Required to hold general settings</description> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <project.build.outputTimestamp>2023-12-23T00:00:00Z</project.build.outputTimestamp> + <project.build.outputTimestamp>2024-12-29T09:00:00Z</project.build.outputTimestamp> <wicket.configuration>DEPLOYMENT</wicket.configuration> <om.quick.build>false</om.quick.build> <om.notquick.build>true</om.notquick.build>
