Planned security patch release 3.0.24 on Monday, April 13, 2026

Anton Georgiev

unread,

Apr 9, 2026, 5:59:30 PM (16 hours ago) Apr 9

to BigBlueButton-dev

Hi everyone!

We intend on releasing a security-fixes-only BigBlueButton 3.0.24 iteration on Monday, April 13. We are looking at patching 3 issues with the highest severity estimated at 6.5/10.

The work you may have seen tagged for BigBlueButton 3.0.24 will instead be tracked as 3.0.25.

Anton and team

Fred Dixon

unread,

Apr 9, 2026, 7:56:27 PM (14 hours ago) Apr 9

to bigblueb...@googlegroups.com

Hi Anton,

Thanks for all the hard work to you and the BigBlueButton development team.

We've benefited greatly from the hunters at YesWeHack who have been digging deeply into the BigBlueButton source code and ethically disclosing previously undiscovered vulnerabilities.

Their disclosures, combined with the rapid response of the BigBlueButton development team, have significantly hardened BigBlueButton over the past three months.

I recommend any organization running BigBlueButton to leverage their work and keep your servers up-to-date. With the recent advances in LLMs to find vulnerabilities, we will keep hardening BigBlueButton.

If you think you've found a vulnerability, you can disclose it to secu...@bigbluebutton.org. We give preference to those disclosures that are reviewed by a human (i.e. not completely generated by a LLM) and provide code to enable the BigBlueButton team to validate the vulnerability.

Regards,... Fred

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bigbluebutton-dev/8119dda6-6cc2-4ccb-b1c4-433543ae8ac2n%40googlegroups.com.

--

Co-founder BigBlueButton

https://bigbluebutton.com/