Release v3.1.2 contains 55 enhancements and fixes and 1 patch for a security vulnerability.

Security Fix: CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel


Other security relevant updates:

  • XSS in Chat window leading to DOS
  • MD5 should not be used for password encryption
  • OpenMeetings is vulnerable to session fixation
  • Private recording files were available to all users


Additionally a signed Screen-Sharing application with a valid certificate from the Apache Foundation is available since this release. Please update to this release from any previous OpenMeetings release. A detailed documentation on how to migration from older versions is available on the project website see: http://openmeetings.apache.org/Upgrade.html.



Other fixes in admin, localisation, installer, invitations, room etc.



For a complete list of changes, see: https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG



Downloads and documentation is available from our project website:
http://openmeetings.apache.org/downloads.html



Update (15/08/2015)

OpenMeetings modules are now also available individually as Maven dependencies, see: https://repository.apache.org/#nexus-search;quick~openmeetings


For example:



org.apache.openmeetings

openmeetings-db

3.1.2





The sync to http://repo1.maven.org/maven2/org/apache/ should be available within the next 24hours.