BigBlueButton 2.2.34 was released!

[Anton Georgiev]

Hi Everyone,

We are pleased to announce BigBlueButton 2.2.34.

This release of BigBlueButton 2.2 brings in some security fixes and packages improvements.

The full release notes are here

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.2.34

To install/upgrade, see

http://docs.bigbluebutton.org/2.2/install.html

To try out the latest release, visit  https://test.bigbluebutton.org/

If you want to report any potential security issues with BigBlueButton, please e-mail us at secu...@bigbluebutton.org

Regards,

Anton

[Sakis]

Hello,

I have set up a server with bbb 2.2.33 and greenlight and I have customized greenlight according this.

Now if I run the script to update bbb what will happen with customizations?

Would be better to update just by sudo apt-get update?

[Tobias Fiebig]

Heho,

I just rolled this out, and it seems like downloading pads is broken (using the pad in the room still works).

 

Looking at #11535 I am not entirely sure if there was maybe a change forgotten? The change to bbb-web.nginx is in, but pad downloads still give me a 401.

 

Met vriendelijke groet,

 

Dr.-Ing. Tobias Fiebig

Assistant Professor / Universitair Docent

TU Delft - Faculty of Technology, Policy and Management (TBM)

 

T +31 (0)15 27 85700

E  t.fi...@tudelft.nl

 

My working day may not be your working day. Please do not feel obliged to reply to this email outside of your normal working hours.

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/48a5153a-2fa3-4cda-bb9b-bfbe499ccdd6n%40googlegroups.com.

[Tobias Fiebig]

Followup:

Removing auth indeed makes downloads work again; Still think that this is not really how it should look like. 😉

 

16     #auth_request /bigbluebutton/connection/validatePad;                       

17     #auth_request_set $auth_status $upstream_status; 

 

Met vriendelijke groet,

 

Dr.-Ing. Tobias Fiebig

Assistant Professor / Universitair Docent

TU Delft - Faculty of Technology, Policy and Management (TBM)

 

T +31 (0)15 27 85700

E  t.fi...@tudelft.nl

 

My working day may not be your working day. Please do not feel obliged to reply to this email outside of your normal working hours.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/9cdcb8e849404e509721494f32c8d92d%40tudelft.nl.

[Tobias Fiebig]

And the same holds for reverting to:

 

16     auth_request /bigbluebutton/connection/checkAuthorization;                 

17     auth_request_set $auth_status $upstream_status;

 

Which, according to the change in #11535 to UrlMappings.groovy should not work anymore? Furthermore, it seems like the commit is not adding an endpoint for validatePad?

 

Lemme file a ticket…

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/97abf0a0d0904383b29ca59c6484db6c%40tudelft.nl.

[Tobias Fiebig]

Ok, filed #11545, sorry for rubberducking the ML.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/a7888e7005124991994507cfda7eb21d%40tudelft.nl.

[Paulo Lanzarin]

> Which, according to the change in #11535 to UrlMappings.groovy should not work anymore? Furthermore, it seems like the commit is not adding an endpoint for validatePad?

Hey,

checkAuthorization and validatePad are internal routes, so they don't need to be in UrlMappings. So they still work as expected.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/771d8cfbf7be455388104a7ae5e5ef83%40tudelft.nl.

[Tobias Fiebig]

Ok, good to know, thanks; I am not too deep in the codebase.

 

Should also reduce the potential sec. impact of my hotfix (and explains why it worked 😉).

 

Met vriendelijke groet,

 

Dr.-Ing. Tobias Fiebig

Assistant Professor / Universitair Docent

TU Delft - Faculty of Technology, Policy and Management (TBM)

 

T +31 (0)15 27 85700

E  t.fi...@tudelft.nl

 

My working day may not be your working day. Please do not feel obliged to reply to this email outside of your normal working hours.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/CADG0wOCffedcJTTHbTUn8YJRBgcWR5c-zXeH4h2kTD94L2FVEg%40mail.gmail.com.

[Fred Dixon]

Hi Tobias,

Thanks for finding the issue so quickly.  We can reproduce it on our end and we've got a fix merged in that we are testing now

  https://github.com/bigbluebutton/bigbluebutton/pull/11547

Regards,... Fred

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/cd3b516f76aa4c9ebb47e749642e2c5a%40tudelft.nl.

--

BigBlueButton Developer

http://bigbluebutton.org/

Like BigBlueButton?  Tweet us at @bigbluebutton

[Tobias Fiebig]

Awesome, thanks. Is it worth it to stay awake for 2.2.35? 😉

 

Met vriendelijke groet,

 

Dr.-Ing. Tobias Fiebig

Assistant Professor / Universitair Docent

TU Delft - Faculty of Technology, Policy and Management (TBM)

 

T +31 (0)15 27 85700

E  t.fi...@tudelft.nl

 

My working day may not be your working day. Please do not feel obliged to reply to this email outside of your normal working hours.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/CAOeuy5O5neO1MzuS72EQx33_3TrH%2BBPp75i%2BJi6%3DcZT%2B9C5jmA%40mail.gmail.com.

[Fred Dixon]

We should have it for you when you wake up tomorrow AM!

Regards,... Fred

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/f678b98dd95f4bcfa6a1647063db4ec4%40tudelft.nl.