This iteration of BigBlueButton 3.0 contains security fixes only.
We strongly encourage administrators to update!
(note: if some of the advisories below are not yet loading, they are yet to be published)
Core
- fix: Block embeddable shape types in whiteboard annotations by @Tainan404 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h2rp-mcch-vgh9
- fix(bbb-web): Reject GET-Only Endpoint Requests With Request Bodies by @paultrudel https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-q8vx-4cgc-7w4w
- fix(playback): prevent stored XSS in recording playback by @germanocaumo https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-57p5-c888-74f9
- fix(akka-apps): Verify Meeting ID on Presentation Delete Message by @paultrudel
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-jxpq-r3h3-p75g
Full Changelog: v3.0.28...v3.0.29
Release name
Passing -v jammy-300 to https://github.com/bigbluebutton/bbb-install/blob/v3.0.x-release/bbb-install.sh will always install the latest released BigBlueButton 3.0 version.
If for some reason you would like to install this specific release, pass -v jammy-300-3.0.29.
We still recommend using -v jammy-300 as this repository is continually updated with each BigBlueButton 3.0 release.