BigBlueButton 2.6.18 released!
26 views
Skip to first unread message
Anton Georgiev
May 16, 2024, 8:46:12 AMMay 16
to BigBlueButton-dev
We are pleased to announce BigBlueButton 2.6.18!
---
Link to installation command / instructions / features: https://docs.bigbluebutton.org/2.6/new
Big THANK YOU to all community members who helped for this release - both through sending pull requests and through reporting bugs or requesting enhancements!
The full release notes are here
https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.6.18
To try out 2.6.18, visit
https://test26.bigbluebutton.org/
Or, better yet, grab a Ubuntu 20.04 64-bit server and install the latest version yourself (it will take only a few minutes):
https://docs.bigbluebutton.org/2.6/new
If you want to report any potential security issues with BigBlueButton, please check https://github.com/bigbluebutton/bigbluebutton/security/policy#reporting-a-vulnerability
As always, we welcome feedback on this latest update.
Anton and team
This 2.6 iteration includes a couple of security patches. The latest locale changes have also been included. We also updated a couple dependencies tagged as containing vulnerabilities.
Important: We removed support for POST requests on join endpoint and also Content-Type headers are now required
In BigBlueButton 2.6.18/2.7.8 POST requests are no longer allowed for the join endpoint. To ensure they are validated properly, a Content-Type header must also be provided for POST requests that contain data in the request body. Endpoints now support a limited set of content types that includes text/xml, application/xml, application/x-www-form-url-encoded, and multipart/form-data. By default each endpoint only supports application/x-www-form-urlencoded and multipart/form-data, but individual endpoints can override this and define their own set of supported content types. The create endpoint supports all of the four previously listed content types while insertDocument supports only text/xml and application/xml. Any requests with a content type that differs from the set supported by the target endpoint will be rejected with a new unsupportedContentType error.
Important: We removed support for POST requests on join endpoint and also Content-Type headers are now required
In BigBlueButton 2.6.18/2.7.8 POST requests are no longer allowed for the join endpoint. To ensure they are validated properly, a Content-Type header must also be provided for POST requests that contain data in the request body. Endpoints now support a limited set of content types that includes text/xml, application/xml, application/x-www-form-url-encoded, and multipart/form-data. By default each endpoint only supports application/x-www-form-urlencoded and multipart/form-data, but individual endpoints can override this and define their own set of supported content types. The create endpoint supports all of the four previously listed content types while insertDocument supports only text/xml and application/xml. Any requests with a content type that differs from the set supported by the target endpoint will be rejected with a new unsupportedContentType error.
---
Link to installation command / instructions / features: https://docs.bigbluebutton.org/2.6/new
Big THANK YOU to all community members who helped for this release - both through sending pull requests and through reporting bugs or requesting enhancements!
The full release notes are here
https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.6.18
To try out 2.6.18, visit
https://test26.bigbluebutton.org/
Or, better yet, grab a Ubuntu 20.04 64-bit server and install the latest version yourself (it will take only a few minutes):
https://docs.bigbluebutton.org/2.6/new
If you want to report any potential security issues with BigBlueButton, please check https://github.com/bigbluebutton/bigbluebutton/security/policy#reporting-a-vulnerability
As always, we welcome feedback on this latest update.
Anton and team
Reply all
Reply to author
Forward
0 new messages