Skip to content

BigBlueButton 2.3.18

Compare
Choose a tag to compare
@antobinary antobinary released this 09 Feb 21:40
0bcb8c2

This 2.3.x release includes security/permissions improvements (backported from 2.4).

We thank Nico Heitmann, Sven Hebrok, and Juraj Somorovsky from Paderborn University who examined the BigBlueButton code base and responsibly disclosed a number of privacy and security issues that were fixed in this release.

HTML5 client

  • chore: update to fix npm package vulnerabilities #14278
  • fix: external video info leak #14265 (backport of #13788) improved security
  • refactor: Client authentication #14294 (backport of #13601) improved security
  • chore: Pulled the latest 2.3 HTML5 locales from Transifex #14299

Core

  • chore: add legacy checkAuthorization endpoint #13946 (backport of #13941)
  • fix(webcams): add stream ID to broadcast check, better lock setting enforcement #14270 (backport of #14269) improved permissions
  • fix: Remove Grace Period for locked user in chat #14265 (backport of #13850) improved permissions
  • fix: Constraint viewer capability of request breakout url #14265 (backport of #13117) improved permissions
  • refactor: Improved annotation permissions #14265 (backport of #13803) improved permissions
  • fix(screenshare): add state sync, akka-apps|webrtc-sfu broadcast stop sys msg #14245 (backport of #14076 and #14091)

Recording

  • fix(recording): Generate thumbnails from uploaded file (backport) #9570 (backport of #9837) Thanks @hiroshisuga

bbb-libreoffice

  • chore(bbb-libreoffice): Update to Libreoffice 7.2 #14318

Build

bbb-webrtc-sfu

Release name

In case an administrator does not want to update to the latest bionic-230 version. Use as substitute to the -v argument in bbb-install.sh command
bionic-230-2.3.18
We still recommend using -v bionic-230.

Client build: 1871