BigBlueButton 2.3.9
This 2.3.x release includes multiple fixes, several of which further restrict what set of information is accessible [programatically] to meeting participants. We strongly recommend trying out this release and upgrading.
Special thanks to @defnull and @hiroshisuga for submitting fixes and to community members for disclosing securily their vulnerability reports' findings!
HTML5 client
- fix: Add meetingId to chatIds selector #12861
- fix(breakouts): Do not allow users to obtain 'redirectToHtml5JoinURL' for others #12871
- fix(polls): Avoid viewer manually subscribing to current-poll #12872
- fix(guests): Propagate list of pending guests only to mods #12874
- fix: Stop dictation when swapping languages with the voice recognition on #12794 Thanks @hiroshisuga for the fix!
- fix(closed captions): this.recognition can be null #12831 Thanks @hiroshisuga for the fix!
- fix: ConnectionStatus - log info on 'warning' #12816
Core
- fix(common-web): Sub-processes hang if output buffers fill up #12842 Thanks @defnull for the report and fix!
Release name
In case an administrator does not want to update to the latest bionic-230 version. Use as substitute to the -v
argument in bbb-install.sh command
bionic-230-2.3.9
We still recommend using -v bionic-230
.