BigBlueButton 2.3.18
This 2.3.x release includes security/permissions improvements (backported from 2.4).
We thank Nico Heitmann, Sven Hebrok, and Juraj Somorovsky from Paderborn University who examined the BigBlueButton code base and responsibly disclosed a number of privacy and security issues that were fixed in this release.
HTML5 client
- chore: update to fix npm package vulnerabilities #14278
- fix: external video info leak #14265 (backport of #13788) improved security
- refactor: Client authentication #14294 (backport of #13601) improved security
- chore: Pulled the latest 2.3 HTML5 locales from Transifex #14299
Core
- chore: add legacy checkAuthorization endpoint #13946 (backport of #13941)
- fix(webcams): add stream ID to broadcast check, better lock setting enforcement #14270 (backport of #14269) improved permissions
- fix: Remove Grace Period for locked user in chat #14265 (backport of #13850) improved permissions
- fix: Constraint viewer capability of request breakout url #14265 (backport of #13117) improved permissions
- refactor: Improved annotation permissions #14265 (backport of #13803) improved permissions
- fix(screenshare): add state sync, akka-apps|webrtc-sfu broadcast stop sys msg #14245 (backport of #14076 and #14091)
Recording
- fix(recording): Generate thumbnails from uploaded file (backport) #9570 (backport of #9837) Thanks @hiroshisuga
bbb-libreoffice
- chore(bbb-libreoffice): Update to Libreoffice 7.2 #14318
Build
- Rebuilt
bbb-freeswitch-corewith @mariogasparoni 's patch signalwire/freeswitch#1531 Additional changes made to match e7562a3 - Applied to 2.3 packaging: fix: serve compressed Javascript and CSS #14239 Thanks @schrd
- Applied to 2.3 packaging: ensure services can't modify their code #14110 Thanks @schrd
- Applied to 2.3 packaging: fix missing directory error for etherpad installation #14181 Thanks @moonlies
bbb-webrtc-sfu
- Updated to 2.6.9
Release name
In case an administrator does not want to update to the latest bionic-230 version. Use as substitute to the -v argument in bbb-install.sh command
bionic-230-2.3.18
We still recommend using -v bionic-230.