8.0.0 Release: documentation and versions

CHANGELOG.md

@@ -6,6 +6,23 @@ See https://issues.apache.org/jira/browse/OPENMEETINGS-* (where * is the number
 See https://www.cve.org/CVERecord?id=CVE-* (where * is the number of CVE below)
 
 
+Release Notes - Openmeetings - Version 8.0.0
+================================================================================================================
+
+* Vulnerability
+    * CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode
+
+* Task
+    * [OPENMEETINGS-2756] - Migration to Jakarta
+    * [OPENMEETINGS-2780] - (8.0.0) Libraries should be updated
+    * [OPENMEETINGS-2781] - Third-party licenses must be correctly listed in LICENSE file
+    * [OPENMEETINGS-2783] - (8.0.0) Sonar issues need to be addressed
+    * [OPENMEETINGS-2784] - Migrate to FullCalendar v6
+    * [OPENMEETINGS-2785] - (8.0.0) All translations from PoEditor should be synced
+    * [OPENMEETINGS-2786] - SBOM generation should be added to the build
+    * [OPENMEETINGS-2787] - Startup script and clustering instructions need to be updated
+
+
 Release Notes - Openmeetings - Version 7.2.0
 ================================================================================================================
 

README.md

@@ -57,12 +57,30 @@ See the [CHANGELOG.md](/CHANGELOG.md) file for a detailed log.
 
 ### Recent Releases
 
+<details>
+	<summary>Release 8.0.0 - Security updates, switching to Tomcat 11 and Jakarta stack.</summary>
+
+8.0.0
+-----
+[Release 8.0.0](https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0), provides following improvements:
+
+Security:
+* OM is moved to Jakarta stack
+* All libraries are updated to most recent versions
+
+UI:
+* Fullcalendar v6 is used
+
+***1 security vulnerability was addressed***
+
+Some other fixes and improvements, 8 issues were addressed
+</details>
 <details>
 	<summary>Release 7.2.0 - Java 17 and KMS 6.18.0+ required. Includes security, UI, and other improvements.</summary>
 
 7.2.0
 -----
-[Release 7.2.0](https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0), provides following improvements:
+[Release 7.2.0](https://www.apache.org/dist/openmeetings/7.2.0), provides following improvements:
 
 IMPORTANT: Java 17 and KMS 6.18.0+ are required
 
@@ -101,7 +119,7 @@ Stability:
 Some other fixes and improvements, 12 issues were addressed
 </details>
 <details>
-	<summary>Release 7.0.0 - Improved UI, 2-factor authentication, and more.</summary>
+	<summary>Older Releases Details:</summary>
 
 7.0.0
 -----
@@ -118,9 +136,7 @@ UI and Security:
 * Libraries are updated with most recent versions
 
 Some other fixes and improvements, 28 issues were addressed
-</details>
-<details>
-	<summary>Older Releases Details:</summary>
+
 
 6.3.0
 -----

openmeetings-core/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-core</artifactId>

openmeetings-db/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-db</artifactId>

openmeetings-install/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-install</artifactId>

openmeetings-mediaserver/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-mediaserver</artifactId>

openmeetings-screenshare/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-screenshare</artifactId>

openmeetings-server/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-server</artifactId>
@@ -46,7 +46,7 @@
 	<scm>
 		<connection>scm:git:https://github.com/apache/openmeetings.git</connection>
 		<developerConnection>scm:git:https://github.com/apache/openmeetings.git</developerConnection>
-		<url>https://github.com/apache/openmeetings</url>
+		<url>https://github.com/apache/openmeetings/tree/8.0.0</url>
 		<tag>HEAD</tag>
 	</scm>
 	<profiles>

openmeetings-server/src/site/xdoc/NewsArchive.xml

@@ -20,8 +20,45 @@
 	</properties>
 
 	<body>
+		<section name="Release 7.2.0">
+			<div class="bd-callout bd-callout-info">
+				<div class="h4">Version 7.2.0 released!</div>
+				<div>Release 7.2.0, provides following improvements:<br/>
+					<div class="bd-callout bd-callout-info">
+						<br/>
+						IMPORTANT: Java 17 and KMS 6.18.0+ are required
+					</div>
+
+					Security:
+					<ul>
+						<li>Login/email are now processed in case insensitive mode</li>
+						<li>Messages and contacts: message folders are not shared between users</li>
+						<li>All dependencies are updated with most recent versions</li>
+					</ul>
+
+					UI:
+					<ul>
+						<li>Too big profile pictures are now resized</li>
+						<li>Room looks better in RTL mode</li>
+						<li>Email messages looks better</li>
+					</ul>
+					<br/>
+					<br/>
+					Other fixes and improvements
+				</div>
+				<br/>
+
+				<span>
+					10 issues are fixed please check <br/>
+					<a href="https://www.apache.org/dist/openmeetings/7.2.0/CHANGELOG.md">CHANGELOG</a> and
+					<a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&amp;version=12353202">Detailed list</a>
+				</span>
+				<span> See <a href="https://archive.apache.org/dist/openmeetings/7.2.0">Archived download</a>.</span>
+				<span class="date">(2023-12-23)</span>
+			</div>
+		</section>
 		<section name="Release 7.1.0">
-			<div class="bd-callout bd-callout-danger">
+			<div class="bd-callout bd-callout-info">
 				<div class="h4">Version 7.1.0 released!</div>
 				<div>Release 7.1.0, provides following improvements:<br/>
 					<div class="bd-callout bd-callout-info">

openmeetings-server/src/site/xdoc/downloads.xml

@@ -32,44 +32,44 @@
 			</p>
 			<subsection name="Latest Official WebRTC Release">
 				<p>
-					Apache OpenMeetings 7.2.0
+					Apache OpenMeetings 8.0.0
 				</p>
 				<ul>
 					<li>
 						Binaries:
 						<ul>
 							<li>
-								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.zip">apache-openmeetings-7.2.0.zip</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.zip.asc">[SIG]</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.zip.sha512">[SHA512]</a>
+								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.zip">apache-openmeetings-8.0.0.zip</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.zip.asc">[SIG]</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.zip.sha512">[SHA512]</a>
 							</li>
 							<li>
-								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.tar.gz">apache-openmeetings-7.2.0.tar.gz</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.tar.gz.asc">[SIG]</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/bin/apache-openmeetings-7.2.0.tar.gz.sha512">[SHA512]</a>
+								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.tar.gz">apache-openmeetings-8.0.0.tar.gz</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.tar.gz.asc">[SIG]</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/bin/apache-openmeetings-8.0.0.tar.gz.sha512">[SHA512]</a>
 							</li>
 						</ul>
 					</li>
 					<li>
 						Sources:
 						<ul>
 							<li>
-								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.zip">apache-openmeetings-7.2.0-src.zip</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.zip.asc">[SIG]</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.zip.sha512">[SHA512]</a>
+								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.zip">apache-openmeetings-8.0.0-src.zip</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.zip.asc">[SIG]</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.zip.sha512">[SHA512]</a>
 							</li>
 							<li>
-								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.tar.gz">apache-openmeetings-7.2.0-src.tar.gz</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.tar.gz.asc">[SIG]</a>
-								<a href="https://downloads.apache.org/openmeetings/7.2.0/src/apache-openmeetings-7.2.0-src.tar.gz.sha512">[SHA512]</a>
+								<a href="https://www.apache.org/dyn/closer.lua/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.tar.gz">apache-openmeetings-8.0.0-src.tar.gz</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.tar.gz.asc">[SIG]</a>
+								<a href="https://downloads.apache.org/openmeetings/8.0.0/src/apache-openmeetings-8.0.0-src.tar.gz.sha512">[SHA512]</a>
 							</li>
 						</ul>
 					</li>
 					<li>
-						Changes: <a href="https://downloads.apache.org/openmeetings/7.2.0/CHANGELOG.md">CHANGELOG.md</a>.
+						Changes: <a href="https://downloads.apache.org/openmeetings/8.0.0/CHANGELOG.md">CHANGELOG.md</a>.
 					</li>
 					<li>
-						Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/7.2.0">https://github.com/openmeetings/openmeetings-docker/tree/7.2.0</a>
+						Docker image: <a href="https://github.com/openmeetings/openmeetings-docker/tree/8.0.0">https://github.com/openmeetings/openmeetings-docker/tree/8.0.0</a>
 					</li>
 					<li>
 						<a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu">Live OM iso images by Alvaro</a>

openmeetings-server/src/site/xdoc/index.xml

@@ -69,25 +69,25 @@
 		</section>
 		<section name="News">
 			<div class="bd-callout bd-callout-danger">
-				<div class="h4">Version 7.2.0 released!</div>
-				<div>Release 7.2.0, provides following improvements:<br/>
-					<div class="bd-callout bd-callout-info">
-						<br/>
-						IMPORTANT: Java 17 and KMS 6.18.0+ are required
+				<div class="h4">Version 8.0.0 released!</div>
+				<div>Release 8.0.0, provides following improvements:<br/>
+					<div class="bd-callout bd-callout-danger">
+						Security vulnerability <b>CVE-2024-54676 - Apache OpenMeetings: Deserialisation of untrusted data in cluster mode</b> was fixed,
+						please check <a href="security.html">Security Page</a><br/>
 					</div>
+					<br/>
+					Other fixes<br/>
+					<br/>
 
 					Security:
 					<ul>
-						<li>Login/email are now processed in case insensitive mode</li>
-						<li>Messages and contacts: message folders are not shared between users</li>
-						<li>All dependencies are updated with most recent versions</li>
+						<li>OM is moved to Jakarta stack</li>
+						<li>All libraries are updated to most recent versions</li>
 					</ul>
 
 					UI:
 					<ul>
-						<li>Too big profile pictures are now resized</li>
-						<li>Room looks better in RTL mode</li>
-						<li>Email messages looks better</li>
+						<li>Fullcalendar v6 is used</li>
 					</ul>
 					<br/>
 					<br/>
@@ -96,12 +96,12 @@
 				<br/>
 
 				<span>
-					10 issues are fixed please check <br/>
-					<a href="https://www.apache.org/dist/openmeetings/7.2.0/CHANGELOG.md">CHANGELOG</a> and
-					<a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&amp;version=12353202">Detailed list</a>
+					8 issues are fixed please check <br/>
+					<a href="https://www.apache.org/dist/openmeetings/8.0.0/CHANGELOG.md">CHANGELOG</a> and
+					<a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720&amp;version=12354067">Detailed list</a>
 				</span>
 				<span> See <a href="downloads.html">Downloads page</a>.</span>
-				<span class="date">(2023-12-23)</span>
+				<span class="date">(2025-01-03)</span>
 			</div>
 			<div class="bd-callout bd-callout-info">
 				<span class="date"><a href="NewsArchive.html">You can find older news here</a></span>

openmeetings-server/src/site/xdoc/security.xml

@@ -45,6 +45,25 @@
 				Please NOTE: only security issues should be reported to this list.
 			</p>
 		</section>
+		<section name="CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode">
+			<p>Severity: important</p>
+			<p>Vendor: The Apache Software Foundation</p>
+			<p>Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0</p>
+			<p>Description: Default clustering instructions at
+				<a href="https://openmeetings.apache.org/Clustering.html">Clustering instructions</a> doesn't specify
+				white/black lists for OpenJPA this leads to possible deserialisation
+				of untrusted data.<br/>
+				Users are recommended to upgrade to version 8.0.0 and update their
+				startup scripts to include the relevant
+				<code>'openjpa.serialization.class.blacklist'</code> and
+				<code>'openjpa.serialization.class.whitelist'</code> configurations as shown in the
+				documentation.<br/>
+				<a href="https://www.cve.org/CVERecord?id=CVE-2024-54676">CVE-2024-54676</a>
+			</p>
+			<p>The issue was fixed in 8.0.0<br/>
+				All users are recommended to upgrade to Apache OpenMeetings 8.0.0</p>
+			<p>Credit: This issue was identified by m0d9 from Tencent Yunding Lab</p>
+		</section>
 		<section name="CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash">
 			<p>Severity: Critical</p>
 			<p>Vendor: The Apache Software Foundation</p>

openmeetings-service/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-service</artifactId>

openmeetings-tests/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-tests</artifactId>

openmeetings-util/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-util</artifactId>

openmeetings-web/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-web</artifactId>

openmeetings-webservice/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.apache.openmeetings</groupId>
 		<artifactId>openmeetings-parent</artifactId>
-		<version>8.0.0-SNAPSHOT</version>
+		<version>8.0.0</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openmeetings-webservice</artifactId>