FreePBX Distro Update

We are working on a new Distro Install Process as we speak.

The plan is to let you go through the normal Centos Setup screens with a full Centos ISO and than we will prompt you with a payload/version option for what version of the Distro you want to install and it would pull down the packages it needs for the Distro like Asterisk, Dahdi, FreePBX and such so the amount of time it spends pulling down packages from the Internet should be about 1/4 of what it currently is with the Net Install only option that we have.

Which brings be to this Blog.

We are trying to come up with a better version number for the Distro mainly because lots of people equate the 1.8.2.x-x with that we are either using Asterisk 1.8.2 or FreePBX 1.8.

What I am thinking of is as followed.

asteriskversion.freepbxversion.centosversion-minor release number.

So for example the next release would be
1.85.29.55-1
This would equate to a Asterisk 8.5 with FreePBX 2.9 and Centos 5.5

We will also have a
1.85.29.60-1
Which would equate to Asterisk 8.5 with FreePBX 2.9 and Centos 6.0.

I would love feedback from everyone on what they would like to see in regards to version numbering so we can polish off the new Full ISO builds for everyone this week.

This will also allow you to wget the setup script from our webserver and just execute the script on any stock Centos Machine to turn it into a full fledge FreePBX Distro system.

SECURITY ADVISORY: web services (Aug. 11, 2011)

Aug. 11, 2011

The FreePBX development team has identified with some zero day security vulnerabilities related to httpd and php. These vulnerabilities may allow a remote user to gain full root control over a system, and are present in lots of popular asterisk-related distro’s.

The FreePBX development team strongly urges all user of the FreePBX Distro to immediately upgrade their systems and patch these vulnerabilities. Additionally, users are reminded never to keep their web port accessible to the internet.

To secure your system, please download the latest scripts found [url=http://www.freepbx.org/forum/freepbx-distro/distro-discussion-help/release-versions]here[/url]. Please remember that the upgrade scripts must be executed sequentially.

A big round of applause to my colleagues at [url=http://www.schmoozecom.com]Schmooze Com., Inc.[/url] for their tireless dedication to the community, for the sleepless nights they spent working on this (and many other!) issue, and for their swift response in releasing a patch to protect the users of the distro.

UPDATE: it seems this post has left a host of questions in its wake – please read the following replies to see if your questions have been answered yet, or reply with them if they havent been!