This 2.6 iteration includes a couple of security patches. The latest locale changes have also been included. We also updated a couple dependencies tagged as containing vulnerabilities.
Important: We removed support for POST requests on join
endpoint and also Content-Type headers are now required
In BigBlueButton 2.6.18/2.7.8 POST requests are no longer allowed for the join
endpoint. To ensure they are validated properly, a Content-Type
header must also be provided for POST requests that contain data in the request body. Endpoints now support a limited set of content types that includes text/xml
, application/xml
, application/x-www-form-url-encoded
, and multipart/form-data
. By default each endpoint only supports application/x-www-form-urlencoded
and multipart/form-data
, but individual endpoints can override this and define their own set of supported content types. The create
endpoint supports all of the four previously listed content types while insertDocument
supports only text/xml
and application/xml
. Any requests with a content type that differs from the set supported by the target endpoint will be rejected with a new unsupportedContentType
error.
Link to installation command / instructions / features : https://docs.bigbluebutton.org/2.6/new
Big THANK YOU to all community members who helped for this release - both through sending pull requests and through reporting bugs or requesting enhancements! 🎊
HTML5 client
- Updates for file bigbluebutton-html5/public/locales/en.json in fr by @transifex-integration in #19817
- Updates for file bigbluebutton-html5/public/locales/en.json in tr by @transifex-integration in #19864
- Updates for file bigbluebutton-html5/public/locales/en.json in zh_TW by @transifex-integration in #19980
- Updates for file bigbluebutton-html5/public/locales/en.json in el_GR by @transifex-integration in #20053
Core
- fix(sec): fix(sec): API fix duplicates GHSA-4m48-49h7-f3c4 by @paultrudel in a9d436a security advisory will be published not earlier than May 31, 2024 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4m48-49h7-f3c4
Record and playback
- [Snyk] Fix for 1 vulnerabilities by @jfederico in #19962
build
- build(sec): set permissions for resque files [2.6] by @antobinary in f4502e4 security advisory will be published not earlier than May 31, 2024 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5966-9hw8-q96q
docs
- docs: drop plugin @cmfcmf/docusaurus-search-local [2.6] by @antobinary in #20227
Full Changelog: v2.6.17...v2.6.18
Release name
Passing -v focal-260
to bbb-install-2.6.sh
will always install the latest released BigBlueButton 2.6 version.
If for some reason you would like to install this specific release, pass -v focal-260-2.6.18
.
We still recommend using -v focal-260
as this repository is continually updated with each BigBlueButton 2.6 release.