OpenMeetings 3.1.2 released
Release v3.1.2 contains 55 enhancements and fixes and 1 patch for a security vulnerability.
Security Fix: CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel
Other security relevant updates:
- XSS in Chat window leading to DOS
- MD5 should not be used for password encryption
- OpenMeetings is vulnerable to session fixation
- Private recording files were available to all users
Additionally a signed Screen-Sharing application with a valid certificate from the Apache Foundation is available since this release. Please update to this release from any previous OpenMeetings release. A detailed documentation on how to migration from older versions is available on the project website see: http://openmeetings.apache.org/Upgrade.html.
Other fixes in admin, localisation, installer, invitations, room etc.
For a complete list of changes, see: https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG
Downloads and documentation is available from our project website:
OpenMeetings modules are now also available individually as Maven dependencies, see: https://repository.apache.org/#nexus-search;quick~openmeetings
The sync to http://repo1.maven.org/maven2/org/apache/ should be available within the next 24hours.