You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2018/02/24 15:52:37 UTC
[openmeetings] branch 4.0.x updated: Documentation update: 4.0.2
release
This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch 4.0.x
in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/4.0.x by this push:
new 667e8ce Documentation update: 4.0.2 release
667e8ce is described below
commit 667e8ce5affbc57fac258d5674029acc7d66e885
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Sat Feb 24 22:52:27 2018 +0700
Documentation update: 4.0.2 release
---
CHANGELOG | 96 ++++++++++++++++------
LICENSE | 14 ++--
README | 28 ++++++-
openmeetings-server/src/site/xdoc/NewsArchive.xml | 25 ++++++
openmeetings-server/src/site/xdoc/ReleaseGuide.xml | 14 +---
openmeetings-server/src/site/xdoc/downloads.xml | 36 ++++----
openmeetings-server/src/site/xdoc/index.xml | 39 ++++++---
openmeetings-server/src/site/xdoc/security.xml | 23 ++++++
8 files changed, 203 insertions(+), 72 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 0ea9f68..7229be5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,7 +3,55 @@ Apache OpenMeetings Change Log
See http://issues.apache.org/jira/browse/OPENMEETINGS-* (where * is the number of the issue below)
See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-* (where * is the number of CVE below)
-Release Notes - Openmeetings - Version 4.0.1
+Release Notes - OpenMeetings - Version 4.0.2
+================================================================================================================
+
+** Vulnerability
+ * CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG editor
+ * CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls
+
+** Bug
+ * [OPENMEETINGS-1775] - Send on Enter/Ctrl+Enter should be added
+ * [OPENMEETINGS-1776] - Deleted recording is played on whiteboard
+ * [OPENMEETINGS-1778] - all messages will be deleted in a&a using autoclean-function
+ * [OPENMEETINGS-1779] - whiteboard zoom on uploaded document
+ * [OPENMEETINGS-1781] - Invited guest's name shows as null null in chat
+ * [OPENMEETINGS-1784] - Download as PDF is broken
+ * [OPENMEETINGS-1785] - User's video frame is not resized for other participants when user change video settings
+ * [OPENMEETINGS-1786] - After re-entering My conference room on demo-server I meet quite another interface with not working widgets and whiteboard
+ * [OPENMEETINGS-1799] - Tab for global chat is displayed in room if global chat is OFF
+ * [OPENMEETINGS-1801] - Users sometimes are being duplicated in room
+ * [OPENMEETINGS-1802] - Group delete is broken
+ * [OPENMEETINGS-1807] - encoding on dashboard
+ * [OPENMEETINGS-1809] - Presenter is not marked as having WB permission
+ * [OPENMEETINGS-1817] - Link Feature in Chat doesn't work as expected
+ * [OPENMEETINGS-1820] - rendering of smilies in chat doesn't work as expected
+ * [OPENMEETINGS-1827] - Error Creating new Group
+ * [OPENMEETINGS-1829] - Audio is being translated to room after room exit
+ * [OPENMEETINGS-1832] - File Info will be generated underneath a&a
+
+** New Feature
+ * [OPENMEETINGS-1815] - Show number of users in the room
+
+** Improvement
+ * [OPENMEETINGS-1780] - save and restore also custom.css while backup & restore
+ * [OPENMEETINGS-1783] - Mathematical formulas on WB
+ * [OPENMEETINGS-1790] - Translations need to be improved
+ * [OPENMEETINGS-1805] - There should be possibility to allow rest calls from specific addresses
+ * [OPENMEETINGS-1808] - Optional conversion operations should not display errors
+ * [OPENMEETINGS-1810] - A&A should be reworked
+ * [OPENMEETINGS-1812] - Admin password should be checked while creating/modifying user with high privileges
+ * [OPENMEETINGS-1818] - Hover should be removed from chat
+ * [OPENMEETINGS-1821] - Default WB tool settings should be enhanced
+ * [OPENMEETINGS-1824] - There should be the way to set WB text font
+ * [OPENMEETINGS-1825] - Chat issues and improvements
+
+** Task
+ * [OPENMEETINGS-1777] - Library versions should be updated
+ * [OPENMEETINGS-1803] - Sonar issues need to be addressed
+
+
+Release Notes - OpenMeetings - Version 4.0.1
================================================================================================================
** Bug
@@ -58,7 +106,7 @@ Release Notes - Openmeetings - Version 4.0.1
* [OPENMEETINGS-1738] - Library versions should be updated
-Release Notes - Openmeetings - Version 4.0.0
+Release Notes - OpenMeetings - Version 4.0.0
================================================================================================================
** Sub-task
@@ -591,7 +639,7 @@ Release Notes - Openmeetings - Version 4.0.0
* [OPENMEETINGS-1214] - LDAP import AD groups
-Release Notes - Openmeetings - Version 3.3.2
+Release Notes - OpenMeetings - Version 3.3.2
================================================================================================================
** Bug
* [OPENMEETINGS-1688] - Selected icon tool is not availble after Undo
@@ -606,7 +654,7 @@ Release Notes - Openmeetings - Version 3.3.2
* [OPENMEETINGS-1008] - New Setting: Can user create rooms
-Release Notes - Openmeetings - Version 3.3.1
+Release Notes - OpenMeetings - Version 3.3.1
================================================================================================================
** Bug
* [OPENMEETINGS-1660] - UserWebService.add method is broken
@@ -634,7 +682,7 @@ Release Notes - Openmeetings - Version 3.3.1
* [OPENMEETINGS-1678] - Eraser tool need to be added to WB
-Release Notes - Openmeetings - Version 3.3.0
+Release Notes - OpenMeetings - Version 3.3.0
================================================================================================================
** Vulnerability
* CVE-2017-7663 - Apache OpenMeetings XSS in chat
@@ -675,7 +723,7 @@ Release Notes - Openmeetings - Version 3.3.0
* [OPENMEETINGS-1650] - Make Audio Alerts Configurable
-Release Notes - Openmeetings - Version 3.2.1
+Release Notes - OpenMeetings - Version 3.2.1
================================================================================================================
** Bug
* [OPENMEETINGS-571] - Chat area does not resize when resizing browser window
@@ -733,7 +781,7 @@ Release Notes - Openmeetings - Version 3.2.1
* [OPENMEETINGS-573] - Audio notification for new chat message
-Release Notes - Openmeetings - Version 3.2.0
+Release Notes - OpenMeetings - Version 3.2.0
================================================================================================================
** Sub-task
* [OPENMEETINGS-896] - Basic room layout should be created
@@ -878,7 +926,7 @@ Release Notes - Openmeetings - Version 3.2.0
* [OPENMEETINGS-853] - temporary uploaded files
-Release Notes - Openmeetings - Version 3.1.5
+Release Notes - OpenMeetings - Version 3.1.5
================================================================================================================
** Bug
* [OPENMEETINGS-863] - Video Problem
@@ -896,7 +944,7 @@ Release Notes - Openmeetings - Version 3.1.5
* [OPENMEETINGS-1531] - 3.1.5 - Library versions should be updated
-Release Notes - Openmeetings - Version 3.1.4
+Release Notes - OpenMeetings - Version 3.1.4
================================================================================================================
** Bug
* [OPENMEETINGS-827] - Video play/stop event acceptable one time in all tab
@@ -956,7 +1004,7 @@ Release Notes - Openmeetings - Version 3.1.4
* [OPENMEETINGS-1516] - Users are kicked off the rooms and participant list is incomplete
-Release Notes - Openmeetings - Version 3.1.3
+Release Notes - OpenMeetings - Version 3.1.3
================================================================================================================
** Bug
* [OPENMEETINGS-508] - Network testing page is not localized
@@ -986,7 +1034,7 @@ Release Notes - Openmeetings - Version 3.1.3
* [OPENMEETINGS-1453] - Provision for getting OpenMeetings version from SOAP/REST api
-Release Notes - Openmeetings - Version 3.1.2
+Release Notes - OpenMeetings - Version 3.1.2
================================================================================================================
** Vulnerability
* CVE-2016-3089 - Apache Openmeetings XSS in SWF panel
@@ -1055,7 +1103,7 @@ Release Notes - Openmeetings - Version 3.1.2
* [OPENMEETINGS-853] - temporary uploaded files
-Release Notes - Openmeetings - Version 3.1.1
+Release Notes - OpenMeetings - Version 3.1.1
================================================================================================================
** Vulnerability
* CVE-2016-0783 - Predictable password reset token
@@ -1079,7 +1127,7 @@ Release Notes - Openmeetings - Version 3.1.1
* [OPENMEETINGS-1337] - Library versions should be updated (3.1.1)
-Release Notes - Openmeetings - Version 3.1.0
+Release Notes - OpenMeetings - Version 3.1.0
================================================================================================================
** Sub-task
* [OPENMEETINGS-1118] - SOAP/REST methods need to be implemented using CXF
@@ -1169,7 +1217,7 @@ Release Notes - Openmeetings - Version 3.1.0
* [OPENMEETINGS-1315] - build code sucess, but run red5.bat happen error
-Release Notes - Openmeetings - Version 3.0.7
+Release Notes - OpenMeetings - Version 3.0.7
================================================================================================================
** Bug
* [OPENMEETINGS-1211] - the use of icons in users tab is illogical
@@ -1198,7 +1246,7 @@ Release Notes - Openmeetings - Version 3.0.7
* [OPENMEETINGS-1214] - LDAP import AD groups
-Release Notes - Openmeetings - Version 3.0.6
+Release Notes - OpenMeetings - Version 3.0.6
================================================================================================================
** Bug
* [OPENMEETINGS-1202] - Send Invitation error with moodle
@@ -1212,7 +1260,7 @@ Release Notes - Openmeetings - Version 3.0.6
* [OPENMEETINGS-1206] - Room service should be updated to be able to generate invitation hash with first and last name
-Release Notes - Openmeetings - Version 3.0.5
+Release Notes - OpenMeetings - Version 3.0.5
================================================================================================================
** Bug
* [OPENMEETINGS-889] - "Upload new image" button should have the same style with other buttons
@@ -1237,7 +1285,7 @@ Release Notes - Openmeetings - Version 3.0.5
* [OPENMEETINGS-1198] - Simplify Database Install
-Release Notes - Openmeetings - Version 3.0.4
+Release Notes - OpenMeetings - Version 3.0.4
================================================================================================================
** Bug
* [OPENMEETINGS-878] - Sign Web-Start application with trusted root cert
@@ -1315,7 +1363,7 @@ Release Notes - Openmeetings - Version 3.0.4
* [OPENMEETINGS-1065] - add ability to minimize screen-sharing video
-Release Notes - Openmeetings - Version 3.0.3
+Release Notes - OpenMeetings - Version 3.0.3
================================================================================================================
** Bug
* [OPENMEETINGS-270] - MemoryLeak / Dead-Lock in FlvRecorderConverter
@@ -1398,7 +1446,7 @@ Release Notes - Openmeetings - Version 3.0.3
* [OPENMEETINGS-1066] - re-order fields on screen-sharing applet
-Release Notes - Openmeetings - Version 3.0.2
+Release Notes - OpenMeetings - Version 3.0.2
================================================================================================================
** Bug
* [OPENMEETINGS-604] - Pop up message remain same after quitting the room created by Book conference room option in the email
@@ -1419,7 +1467,7 @@ Release Notes - Openmeetings - Version 3.0.2
* [OPENMEETINGS-982] - ApplicationContext recreation should be avoided
-Release Notes - Openmeetings - Version 3.0.1
+Release Notes - OpenMeetings - Version 3.0.1
================================================================================================================
** Sub-task
* [OPENMEETINGS-937] - Screen sharing application should create recordings with size multiple by 16
@@ -1453,7 +1501,7 @@ Release Notes - Openmeetings - Version 3.0.1
* [OPENMEETINGS-939] - Not ready recordings should have special icon
-Release Notes - Openmeetings - Version 3.0.0
+Release Notes - OpenMeetings - Version 3.0.0
================================================================================================================
** Sub-task
* [OPENMEETINGS-746] - Replace OmTimeZone in User Entity with String tz and fix all dependencies
@@ -1736,7 +1784,7 @@ Release Notes - Openmeetings - Version 3.0.0
* [OPENMEETINGS-622] - Removing the menu items and customizing dashboard
-Release Notes - Openmeetings - Version 2.2.0 Apache Release
+Release Notes - OpenMeetings - Version 2.2.0 Apache Release
================================================================================================================
** Bug
* [OPENMEETINGS-671] - Calendar is shown incompletely when book conference room
@@ -1769,7 +1817,7 @@ Release Notes - Openmeetings - Version 2.2.0 Apache Release
* [OPENMEETINGS-790] - Red5 version in 2.x branch should be bumped
-Release Notes - Openmeetings - Version 2.1.1 Apache Release
+Release Notes - OpenMeetings - Version 2.1.1 Apache Release
================================================================================================================
** Bug
* [OPENMEETINGS-432] - video only room is coming with white board also
@@ -1795,7 +1843,7 @@ Release Notes - Openmeetings - Version 2.1.1 Apache Release
* [OPENMEETINGS-589] - Configurable hot key for Mute/Unmute should be added
-Release Notes - Openmeetings - Version 2.1 Apache Release
+Release Notes - OpenMeetings - Version 2.1 Apache Release
================================================================================================================
** Sub-task
* [OPENMEETINGS-448] - Test and fix latest trunk to be able to import all old download zip's
diff --git a/LICENSE b/LICENSE
index 96ca94a..ceab504 100644
--- a/LICENSE
+++ b/LICENSE
@@ -260,19 +260,19 @@ webapps/root/WEB-INF/web.xml
webapps/openmeetings/WEB-INF/lib/animal-sniffer-annotations-1.14.jar
webapps/openmeetings/WEB-INF/lib/api-all-*.jar
-webapps/openmeetings/WEB-INF/lib/asterisk-java-1.0.0-final.jar
-webapps/openmeetings/WEB-INF/lib/cache-api-1.0.0.jar
+webapps/openmeetings/WEB-INF/lib/asterisk-java-2.0.2.jar
webapps/openmeetings/WEB-INF/lib/caldav4j-*.jar
webapps/openmeetings/WEB-INF/lib/commons-*.jar
webapps/openmeetings/WEB-INF/lib/cxf-*.jar
webapps/openmeetings/WEB-INF/lib/derby*.jar
webapps/openmeetings/WEB-INF/lib/dom4j-2.1.0.jar
+webapps/openmeetings/WEB-INF/lib/fontbox-2.0.8.jar
webapps/openmeetings/WEB-INF/lib/geronimo-jms_1.1_spec-1.1.1.jar
webapps/openmeetings/WEB-INF/lib/geronimo-jta_1.1_spec-1.1.1.jar
webapps/openmeetings/WEB-INF/lib/gson-2.8.2.jar
webapps/openmeetings/WEB-INF/lib/hazelcast-*.jar
webapps/openmeetings/WEB-INF/lib/httpcore-*.jar
-webapps/openmeetings/WEB-INF/lib/jackrabbit-webdav-2.12.1.jar
+webapps/openmeetings/WEB-INF/lib/jackrabbit-webdav-2.13.5.jar
webapps/openmeetings/WEB-INF/lib/jettison-1.3.8.jar
webapps/openmeetings/WEB-INF/lib/jodconverter-core-3.0.1-om.jar
webapps/openmeetings/WEB-INF/lib/jqplot4java-1.3.3.jar
@@ -282,12 +282,13 @@ webapps/openmeetings/WEB-INF/lib/jsr305-1.3.9.jar
webapps/openmeetings/WEB-INF/lib/juh-4.1.2.jar
webapps/openmeetings/WEB-INF/lib/jurt-4.1.2.jar
webapps/openmeetings/WEB-INF/lib/log4j-1.2.17.jar
-webapps/openmeetings/WEB-INF/lib/neethi-3.1.0.jar
+webapps/openmeetings/WEB-INF/lib/neethi-3.1.1.jar
webapps/openmeetings/WEB-INF/lib/openjpa-2.4.2.jar
webapps/openmeetings/WEB-INF/lib/openjson-1.0.8.jar
webapps/openmeetings/WEB-INF/lib/org.apache.servicemix.bundles.antlr-2.7.7_5.jar
webapps/openmeetings/WEB-INF/lib/org.apache.servicemix.bundles.dom4j-1.6.1_5.jar
webapps/openmeetings/WEB-INF/lib/org.apache.servicemix.bundles.xpp3-1.1.4c_7.jar
+webapps/openmeetings/WEB-INF/lib/owasp-java-html-sanitizer-20171016.1.jar
webapps/openmeetings/WEB-INF/lib/pdfbox-*.jar
webapps/openmeetings/WEB-INF/lib/ridl-4.1.2.jar
webapps/openmeetings/WEB-INF/lib/simple-xml-2.7.1.jar
@@ -301,7 +302,7 @@ webapps/openmeetings/WEB-INF/lib/wsdl4j-1.6.3.jar
webapps/openmeetings/WEB-INF/lib/xbean-asm5-shaded-3.17.jar
webapps/openmeetings/WEB-INF/lib/xml-apis-*.jar
webapps/openmeetings/WEB-INF/lib/xml-resolver-1.2.jar
-webapps/openmeetings/WEB-INF/lib/xmlschema-core-2.2.2.jar
+webapps/openmeetings/WEB-INF/lib/xmlschema-core-2.2.3.jar
webapps/openmeetings/screenshare/openmeetings-screenshare-*.jar
@@ -1396,7 +1397,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
======================================================================================================================
iCal4j - License
-webapps/openmeetings/WEB-INF/lib/ical4j-2.0.4.jar
+webapps/openmeetings/WEB-INF/lib/ical4j-2.1.5.jar
======================================================================================================================
@@ -2562,6 +2563,7 @@ EXHIBIT A -Mozilla Public License.
=======================================================================================
+webapps/openmeetings/WEB-INF/lib/checker-compat-qual-2.0.0.jar
webapps/openmeetings/WEB-INF/lib/jdk-serializable-functional-1.8.3.jar
The MIT License (MIT)
diff --git a/README b/README
index 3bd9616..40299ca 100644
--- a/README
+++ b/README
@@ -8,7 +8,33 @@ Apache OpenMeetings provides video conferencing, instant messaging, white board,
collaborative document editing and other groupware tools using API functions of
the Red5 Streaming Server for Remoting and Streaming.
-Release Notes 4.0.0
+Release Notes 4.0.2
+=============
+see CHANGELOG file for detailed log
+
+Release 4.0.2, provides following improvements:
+
+Security fixes in Chat and Admin
+
+Chat:
+* Send on Enter/Ctrl+Enter
+* Invited guest's name displayed as expected
+* Turned OFF global chat is not displayed
+* Link works as expected
+* Smiles works as expected
+* Hover removed from chat
+
+Room:
+* Download as PDF
+* Download/screen-sharing application in IE
+* No duplicated users
+* Activities&Actions improved
+* Number of users is displayed in the room
+* Mathematical formulas on WB
+
+Other fixes and improvements, 32 issues were fixed
+
+Release Notes 4.0.1
=============
see CHANGELOG file for detailed log
diff --git a/openmeetings-server/src/site/xdoc/NewsArchive.xml b/openmeetings-server/src/site/xdoc/NewsArchive.xml
index 9573deb..8ca31db 100644
--- a/openmeetings-server/src/site/xdoc/NewsArchive.xml
+++ b/openmeetings-server/src/site/xdoc/NewsArchive.xml
@@ -22,6 +22,31 @@
<body>
<section name="News">
<div class="bs-callout bs-callout-info">
+ <b>Version 4.0.1 released!</b>
+ <div>Release 4.0.1, provides following improvements:<br/>
+ <ul>
+ <li>Openlaszlo code is removed</li>
+ <li>Login via OAuth is improved</li>
+ <li>External video source is room is fixed</li>
+ <li>Multiple improvements of White-board</li>
+ <li>Multiple improvements of Chat</li>
+ <li>JS/CSS files are minified and merged to reduce load time</li>
+ <li>Overall stability is improved</li>
+ </ul>
+ Other fixes and improvements
+ <div class="bs-callout bs-callout-info">Please update to this release from any previous OpenMeetings release</div>
+ </div>
+ <br/>
+
+ <span>
+ 43 issues are fixed please check <br/>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.1/CHANGELOG">CHANGELOG</a> and
+ <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12342042">Detailed list</a>
+ </span>
+ <span> See <a href="downloads.html">Downloads page</a>.</span>
+ <span class="date">(2017-12-09)</span>
+ </div>
+ <div class="bs-callout bs-callout-info">
<b>Version 4.0.0 released!</b>
<div>Release 4.0.0, provides following improvements:<br/>
<ul>
diff --git a/openmeetings-server/src/site/xdoc/ReleaseGuide.xml b/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
index 9d4bf03..4a027c1 100644
--- a/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
+++ b/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
@@ -131,19 +131,13 @@ git tag -s 4.0.0RC1 -m "4.0.0 Release Candidate 1 tag"
git push origin 4.0.0RC1
</source>
</li>
- <li>Deploy release artifacts to Maven
- <ul>
- <li>
- <source>
-mvn clean
-mvn deploy -Pdeploy,rc
- </source>
- </li>
- </ul>
+ <li>
+ <p>Deploy release artifacts to Maven</p>
+ <source>mvn clean && mvn deploy -Pdeploy,rc</source>
</li>
<li>
<p>Run the command: </p>
- <source>mvn clean install -P allModules,rc</source>
+ <source>mvn clean && mvn install -P allModules,rc</source>
</li>
<li>
<p>Test building the source on windows and OSx or Linux</p>
diff --git a/openmeetings-server/src/site/xdoc/downloads.xml b/openmeetings-server/src/site/xdoc/downloads.xml
index bd400a8..e54174a 100644
--- a/openmeetings-server/src/site/xdoc/downloads.xml
+++ b/openmeetings-server/src/site/xdoc/downloads.xml
@@ -24,31 +24,31 @@
<section name="Downloads">
<p>
All downloads should be verified using the Apache OpenMeetings code
- signing <a href="https://www.apache.org/dist/openmeetings/4.0.1/KEYS">KEYS</a>, <br/>
+ signing <a href="https://www.apache.org/dist/openmeetings/4.0.2/KEYS">KEYS</a>, <br/>
Here are <a href="https://www.apache.org/dyn/closer.cgi#verify">the instructions</a><br/>
<br/>
- changes: <a href="https://www.apache.org/dist/openmeetings/4.0.1/CHANGELOG">CHANGELOG</a>.
+ changes: <a href="https://www.apache.org/dist/openmeetings/4.0.2/CHANGELOG">CHANGELOG</a>.
</p>
<p>
All versions are available for download as source and binary.
</p>
<subsection name="Latest Official Release">
<p>
- Apache Openmeetings 4.0.1
+ Apache OpenMeetings 4.0.2
</p>
<ul>
<li>
Binaries:
<ul>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.1/bin/apache-openmeetings-4.0.1.zip">apache-openmeetings-4.0.1.zip</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/bin/apache-openmeetings-4.0.1.zip.asc">[SIG]</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/bin/apache-openmeetings-4.0.1.zip.sha256">[SHA256]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.zip">apache-openmeetings-4.0.2.zip</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.zip.asc">[SIG]</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.zip.sha256">[SHA256]</a>
</li>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.1/bin/apache-openmeetings-4.0.1.tar.gz">apache-openmeetings-4.0.1.tar.gz</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/bin/apache-openmeetings-4.0.1.tar.gz.asc">[SIG]</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/bin/apache-openmeetings-4.0.1.tar.gz.sha256">[SHA256]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.tar.gz">apache-openmeetings-4.0.2.tar.gz</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.tar.gz.asc">[SIG]</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/bin/apache-openmeetings-4.0.2.tar.gz.sha256">[SHA256]</a>
</li>
</ul>
</li>
@@ -56,22 +56,22 @@
Sources:
<ul>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.1/src/apache-openmeetings-4.0.1-src.zip">apache-openmeetings-4.0.1-src.zip</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/src/apache-openmeetings-4.0.1-src.zip.asc">[SIG]</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/src/apache-openmeetings-4.0.1-src.zip.sha256">[SHA256]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.zip">apache-openmeetings-4.0.2-src.zip</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.zip.asc">[SIG]</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.zip.sha256">[SHA256]</a>
</li>
<li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.1/src/apache-openmeetings-4.0.1-src.tar.gz">apache-openmeetings-4.0.1-src.tar.gz</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/src/apache-openmeetings-4.0.1-src.tar.gz.asc">[SIG]</a>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/src/apache-openmeetings-4.0.1-src.tar.gz.sha256">[SHA256]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.tar.gz">apache-openmeetings-4.0.2-src.tar.gz</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.tar.gz.asc">[SIG]</a>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/src/apache-openmeetings-4.0.2-src.tar.gz.sha256">[SHA256]</a>
</li>
</ul>
</li>
<li>
- Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/4.0.1">https://github.com/openmeetings/openmeetings-docker/tree/4.0.1</a>
+ Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/4.0.2">https://github.com/openmeetings/openmeetings-docker/tree/4.0.2</a>
</li>
<li>
- ISO: <a href="https://om.alteametasoft.com/om_4.0.1.qcow2">https://om.alteametasoft.com/om_4.0.1.qcow2</a> (QEMU qcow2 format)
+ ISO: <a href="https://om.alteametasoft.com/om_4.0.2.qcow2">https://om.alteametasoft.com/om_4.0.2.qcow2</a> (QEMU qcow2 format)
<source>
<![CDATA[
####### PLEASE CHANGE ALL PASSWORDS !!
@@ -85,7 +85,7 @@ OM: om_admin/1Q2w3e4r5t^y
# run
# memory ==: "-m 2G"
# number of cores ==: "-smp 1"
-qemu-system-x86_64 -boot d -smp 1 -m 2G -drive format=qcow2,file=om_4.0.1.qcow2 -net user,hostfwd=tcp::10022-:22,hostfwd=tcp::15080-:5080 -net nic
+qemu-system-x86_64 -boot d -smp 1 -m 2G -drive format=qcow2,file=om_4.0.2.qcow2 -net user,hostfwd=tcp::10022-:22,hostfwd=tcp::15080-:5080 -net nic
# connect
ssh om_admin@localhost -p10022
diff --git a/openmeetings-server/src/site/xdoc/index.xml b/openmeetings-server/src/site/xdoc/index.xml
index 2131b8f..9ccbe11 100644
--- a/openmeetings-server/src/site/xdoc/index.xml
+++ b/openmeetings-server/src/site/xdoc/index.xml
@@ -69,29 +69,42 @@
</section>
<section name="News">
<div class="bs-callout bs-callout-danger">
- <b>Version 4.0.1 released!</b>
- <div>Release 4.0.1, provides following improvements:<br/>
+ <b>Version 4.0.2 released!</b>
+ <div>Release 4.0.2, provides following improvements:<br/>
+ <div class="bs-callout bs-callout-danger">Security fixes in Chat</div>
+ <br/>
+ Chat:<br/>
<ul>
- <li>Openlaszlo code is removed</li>
- <li>Login via OAuth is improved</li>
- <li>External video source is room is fixed</li>
- <li>Multiple improvements of White-board</li>
- <li>Multiple improvements of Chat</li>
- <li>JS/CSS files are minified and merged to reduce load time</li>
- <li>Overall stability is improved</li>
+ <li>Send on Enter/Ctrl+Enter</li>
+ <li>Invited guest's name displayed as expected</li>
+ <li>Turned OFF global chat is not displayed</li>
+ <li>Link works as expected</li>
+ <li>Smiles works as expected</li>
+ <li>Hover removed from chat</li>
</ul>
+ <br/>
+ Room:<br/>
+ <ul>
+ <li>Download as PDF</li>
+ <li>Download/screen-sharing application in IE</li>
+ <li>No duplicated users</li>
+ <li>Activities&Actions improved</li>
+ <li>Number of users is displayed in the room</li>
+ <li>Mathematical formulas on WB</li>
+ </ul>
+ <br/>
Other fixes and improvements
<div class="bs-callout bs-callout-info">Please update to this release from any previous OpenMeetings release</div>
</div>
<br/>
<span>
- 43 issues are fixed please check <br/>
- <a href="https://www.apache.org/dist/openmeetings/4.0.1/CHANGELOG">CHANGELOG</a> and
- <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12342042">Detailed list</a>
+ 32 issues are fixed please check <br/>
+ <a href="https://www.apache.org/dist/openmeetings/4.0.2/CHANGELOG">CHANGELOG</a> and
+ <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&version=12342276">Detailed list</a>
</span>
<span> See <a href="downloads.html">Downloads page</a>.</span>
- <span class="date">(2017-12-09)</span>
+ <span class="date">(2017-02-24)</span>
</div>
<div class="bs-callout bs-callout-info">
<span class="date"><a href="NewsArchive.html">You can find older news here</a></span>
diff --git a/openmeetings-server/src/site/xdoc/security.xml b/openmeetings-server/src/site/xdoc/security.xml
index cc09e75..2f9516b 100644
--- a/openmeetings-server/src/site/xdoc/security.xml
+++ b/openmeetings-server/src/site/xdoc/security.xml
@@ -39,6 +39,29 @@
Please NOTE: only security issues should be reported to this list.
</p>
</section>
+ <section name="CVE-2017-15719 - Wicket jQuery UI: XSS in WYSIWYG editor">
+ <p>Severity: High</p>
+ <p>Vendor: wicket-jquery-ui</p>
+ <p>Versions Affected: <= 6.28.0, <= 7.9.1, <= 8.0.0-M8</p>
+ <p>Description: Attacker can submit arbitrary JS code to WYSIWYG editor<br/>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15719">CVE-2017-15719</a>
+ </p>
+ <p>The issue was fixed in 6.28.1, 7.9.2, 8.0.0-M8.1<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p>
+ <p>Credit: This issue was identified by Sahil Dhar of Security Innovation Inc</p>
+ </section>
+ <section name="CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls">
+ <p>Severity: Medium</p>
+ <p>Vendor: The Apache Software Foundation</p>
+ <p>Versions Affected: Apache OpenMeetings 3.0.0</p>
+ <p>Description: CRUD operations on privileged users are not password protected allowing an authenticated attacker
+ to deny service for privileged users.<br/>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1286">CVE-2018-1286</a>
+ </p>
+ <p>The issue was fixed in 4.0.2<br/>
+ All users are recommended to upgrade to Apache OpenMeetings 4.0.2</p>
+ <p>Credit: This issue was identified by Sahil Dhar of Security Innovation Inc</p>
+ </section>
<section name="CVE-2017-7663 - Apache OpenMeetings - XSS in chat">
<p>Severity: High</p>
<p>Vendor: The Apache Software Foundation</p>
--
To stop receiving notification emails like this one, please contact
solomax@apache.org.