7.1.0 Release Candidate 1

CHANGELOG.md

@@ -3,11 +3,42 @@ Apache OpenMeetings Change Log
 Licensed under Apache License 2.0 - http://www.apache.org/licenses/LICENSE-2.0
 
 See https://issues.apache.org/jira/browse/OPENMEETINGS-* (where * is the number of the issue below)
-See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-* (where * is the number of CVE below)
+See https://www.cve.org/CVERecord?id=CVE-* (where * is the number of CVE below)
+
+
+Release Notes - Openmeetings - Version 7.1.0
+================================================================================================================
+
+* Vulnerability
+ * CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash
+ * CVE-2023-29032: Apache OpenMeetings: allows bypass authentication
+ * CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection
+
+* Bug
+ * [OPENMEETINGS-2760] - Room name overlap on menu in RTL
+ * [OPENMEETINGS-2763] - Turn server is not being set
+ * [OPENMEETINGS-2764] - Permissions are incorrectly being set
+ * [OPENMEETINGS-2765] - Paths should be verified in configuration
+ * [OPENMEETINGS-2767] - WebRTC connection is not established in FF
+ * [OPENMEETINGS-2768] - Save button is hidden
+ * [OPENMEETINGS-2769] - Ask permission confirmation pops out event when it shouldn't
+
+* Improvement
+ * [OPENMEETINGS-2761] - Missing German Translations for new OTP-dialogs
+ * [OPENMEETINGS-2762] - Invitation hash check should be more strict
+
+* Task
+ * [OPENMEETINGS-2757] - (7.1.0) Libraries should be updated
+ * [OPENMEETINGS-2758] - (7.1.0) Sonar issues need to be addressed
+ * [OPENMEETINGS-2759] - (7.1.0) All translations from PoEditor should be synced
+
 
 Release Notes - Openmeetings - Version 7.0.0
 ================================================================================================================
 
+* Vulnerability
+ * CVE-2023-28326: Apache OpenMeetings: allows user impersonation
+
 * Bug
  * [OPENMEETINGS-2253] - Interruption of a video session when the microphone is turned on / off
  * [OPENMEETINGS-2471] - Invitation email format

README.md

@@ -56,9 +56,30 @@ Release Notes
 
 see [CHANGELOG.md](/CHANGELOG.md) file for detailed log
 
+
+7.1.0
+-----
+[Release 7.1.0](https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0), provides following improvements:
+
+IMPORTANT: Java 17 and KMS 6.18.0+ are required
+
+Security:
+* Invitation hash check made strict
+* Set of user permissions is fixed
+* Paths entered in Admin->Config are being verified
+* All dependencies are updated with most recent versions
+
+Stability:
+* TURN server config is passed to the client
+
+***3 security vulnerabilities were addressed***
+
+Some other fixes and improvements, 12 issues were addressed
+
+
 7.0.0
 -----
-[Release 7.0.0](https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0), provides following improvements:
+[Release 7.0.0](https://archive.apache.org/dist/openmeetings/7.0.0), provides following improvements:
 
 IMPORTANT: Java 17 is required
 

openmeetings-core/pom.xml

@@ -22,7 +22,7 @@
  <parent>
  <groupId>org.apache.openmeetings</groupId>
  <artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
  <relativePath>..</relativePath>
  </parent>
  <artifactId>openmeetings-core</artifactId>

openmeetings-db/pom.xml

@@ -22,7 +22,7 @@
  <parent>
  <groupId>org.apache.openmeetings</groupId>
  <artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
  <relativePath>..</relativePath>
  </parent>
  <artifactId>openmeetings-db</artifactId>

openmeetings-install/pom.xml

@@ -22,7 +22,7 @@
  <parent>
  <groupId>org.apache.openmeetings</groupId>
  <artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
  <relativePath>..</relativePath>
  </parent>
  <artifactId>openmeetings-install</artifactId>

openmeetings-mediaserver/pom.xml

@@ -22,7 +22,7 @@
  <parent>
  <groupId>org.apache.openmeetings</groupId>
  <artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
  <relativePath>..</relativePath>
  </parent>
  <artifactId>openmeetings-mediaserver</artifactId>

openmeetings-screenshare/pom.xml

@@ -22,7 +22,7 @@
  <parent>
  <groupId>org.apache.openmeetings</groupId>
  <artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
  <relativePath>..</relativePath>
  </parent>
  <artifactId>openmeetings-screenshare</artifactId>

openmeetings-server/pom.xml

@@ -22,7 +22,7 @@
  <parent>
  <groupId>org.apache.openmeetings</groupId>
  <artifactId>openmeetings-parent</artifactId>
- <version>7.1.0-SNAPSHOT</version>
+ <version>7.1.0</version>
  <relativePath>..</relativePath>
  </parent>
  <artifactId>openmeetings-server</artifactId>
@@ -46,7 +46,7 @@
  <scm>
  <connection>scm:git:https://github.com/apache/openmeetings.git</connection>
  <developerConnection>scm:git:https://github.com/apache/openmeetings.git</developerConnection>
- <url>https://github.com/apache/openmeetings.git</url>
+ <url>https://github.com/apache/openmeetings/tree/7.1.0</url>
  <tag>HEAD</tag>
  </scm>
  <profiles>

openmeetings-server/src/site/xdoc/NewsArchive.xml

@@ -20,6 +20,40 @@
  </properties>
 
  <body>
+ <section name="Release 7.0.0">
+ <div class="bd-callout bd-callout-info">
+ <div class="h4">Version 7.0.0 released!</div>
+ <div>Release 7.0.0, provides following improvements:<br/>
+ <div class="bd-callout bd-callout-info">
+ <br/>
+ IMPORTANT: Java 17 is required
+ </div>
+
+ UI and Security:
+ <ul>
+ <li>Microphone on/off doesn't interrupt the streaming</li>
+ <li>Stability fix at Safari</li>
+ <li>Full screen mode for WB</li>
+ <li>Redo tool for WB</li>
+ <li>2-factor authentication</li>
+ <li>Libraries are updated with most recent versions</li>
+ </ul>
+ <br/>
+ <div class="bd-callout bd-callout-danger">1 security vulnerability was addressed</div>
+ <br/>
+ Other fixes and improvements
+ </div>
+ <br/>
+
+ <span>
+ 28 issues are fixed please check <br/>
+ <a href="https://www.apache.org/dist/openmeetings/7.0.0/CHANGELOG.md">CHANGELOG</a> and
+ <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&amp;version=12350648">Detailed list</a>
+ </span>
+ <span> See <a href="https://archive.apache.org/dist/openmeetings/7.0.0">Archived download</a>.</span>
+ <span class="date">(2023-02-11)</span>
+ </div>
+ </section>
  <section name="Release 6.3.0">
  <div class="bd-callout bd-callout-info">
  <div class="h4">Version 6.3.0 released!</div>

openmeetings-server/src/site/xdoc/downloads.xml

@@ -32,44 +32,44 @@
  </p>
  <subsection name="Latest Official WebRTC Release">
  <p>
- Apache OpenMeetings 7.0.0
+ Apache OpenMeetings 7.1.0
  </p>
  <ul>
  <li>
  Binaries:
  <ul>
  <li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.zip">apache-openmeetings-7.0.0.zip</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.zip.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.zip.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.zip">apache-openmeetings-7.1.0.zip</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.zip.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.zip.sha512">[SHA512]</a>
  </li>
  <li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.tar.gz">apache-openmeetings-7.0.0.tar.gz</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.tar.gz.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/bin/apache-openmeetings-7.0.0.tar.gz.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.tar.gz">apache-openmeetings-7.1.0.tar.gz</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.tar.gz.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/bin/apache-openmeetings-7.1.0.tar.gz.sha512">[SHA512]</a>
  </li>
  </ul>
  </li>
  <li>
  Sources:
  <ul>
  <li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.zip">apache-openmeetings-7.0.0-src.zip</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.zip.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.zip.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.zip">apache-openmeetings-7.1.0-src.zip</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.zip.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.zip.sha512">[SHA512]</a>
  </li>
  <li>
- <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.tar.gz">apache-openmeetings-7.0.0-src.tar.gz</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.tar.gz.asc">[SIG]</a>
- <a href="https://downloads.apache.org/openmeetings/7.0.0/src/apache-openmeetings-7.0.0-src.tar.gz.sha512">[SHA512]</a>
+ <a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.tar.gz">apache-openmeetings-7.1.0-src.tar.gz</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.tar.gz.asc">[SIG]</a>
+ <a href="https://downloads.apache.org/openmeetings/7.1.0/src/apache-openmeetings-7.1.0-src.tar.gz.sha512">[SHA512]</a>
  </li>
  </ul>
  </li>
  <li>
- Changes: <a href="https://downloads.apache.org/openmeetings/7.0.0/CHANGELOG.md">CHANGELOG.md</a>.
+ Changes: <a href="https://downloads.apache.org/openmeetings/7.1.0/CHANGELOG.md">CHANGELOG.md</a>.
  </li>
  <li>
- Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/7.0.0">https://github.com/openmeetings/openmeetings-docker/tree/7.0.0</a>
+ Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/7.1.0">https://github.com/openmeetings/openmeetings-docker/tree/7.1.0</a>
  </li>
  <li>
  <a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu">Live OM iso images by Alvaro</a>

openmeetings-server/src/site/xdoc/index.xml

@@ -69,34 +69,39 @@
  </section>
  <section name="News">
  <div class="bd-callout bd-callout-danger">
- <div class="h4">Version 7.0.0 released!</div>
- <div>Release 7.0.0, provides following improvements:<br/>
+ <div class="h4">Version 7.1.0 released!</div>
+ <div>Release 7.1.0, provides following improvements:<br/>
  <div class="bd-callout bd-callout-info">
  <br/>
- IMPORTANT: Java 17 is required
+ IMPORTANT: Java 17 and KMS 6.18.0+ are required
  </div>
 
- UI and Security:
+ Security:
  <ul>
- <li>Microphone on/off doesn't interrupt the streaming</li>
- <li>Stability fix at Safari</li>
- <li>Full screen mode for WB</li>
- <li>Redo tool for WB</li>
- <li>2-factor authentication</li>
- <li>Libraries are updated with most recent versions</li>
+ <li>Invitation hash check made strict</li>
+ <li>Set of user permissions is fixed</li>
+ <li>Paths entered in Admin-&gt;Config are being verified</li>
+ <li>All dependencies are updated with most recent versions</li>
  </ul>
+
+ Stability:
+ <ul>
+ <li>TURN server config is passed to the client</li>
+ </ul>
+ <br/>
+ <div class="bd-callout bd-callout-danger">3 security vulnerabilities were addressed</div>
  <br/>
  Other fixes and improvements
  </div>
  <br/>
 
  <span>
- 28 issues are fixed please check <br/>
- <a href="https://www.apache.org/dist/openmeetings/7.0.0/CHANGELOG.md">CHANGELOG</a> and
- <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&amp;version=12350648">Detailed list</a>
+ 12 issues are fixed please check <br/>
+ <a href="https://www.apache.org/dist/openmeetings/7.1.0/CHANGELOG.md">CHANGELOG</a> and
+ <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&amp;version=12352896">Detailed list</a>
  </span>
  <span> See <a href="downloads.html">Downloads page</a>.</span>
- <span class="date">(2023-02-11)</span>
+ <span class="date">(2023-05-09)</span>
  </div>
  <div class="bd-callout bd-callout-info">
  <span class="date"><a href="NewsArchive.html">You can find older news here</a></span>