FreePBX 12 Release and Astricon

HI Folks!

I’m sitting in the McCarran International Airport in Las Vegas about to head back home to attend a wedding from a wonderful Astricon which is still going (until Friday!). Just wanted to send you all a quick note that today we finalized FreePBX 12 with the release of Framework 12.0.2. This means we are officially certifying it “stable”. Bug reports are always welcome and can be filed at http://issues.freepbx.org.

It’s been a long couple of weeks (with lots of hair pulling) leading up this to announcement and with over 12,000 people already using FreePBX 12 we decided it was time to go stable. I can’t wait to work with all of you on FreePBX 12 and in the future. It’s a great release and FreePBX has come very far (technology wise) with it (and if you don’t know what we’ve done then scroll down to check it out). I’m proud of what we’ve accomplished and the community seems proud as well:

 

If you didn’t see my full break down when we released beta you should go check it out right now, otherwise I’ve broken down the important points here: http://community.freepbx.org/t/freepbx-12-beta-1-and-some-really-cool-stuff/22782/1

FreePBX 12

A few of the features included in the FreePBX 12 release are:

Asterisk 12 Support Allow a system to run both chan_sip and pjsip

Allow Extensions to be able to be switched between the two – Added an Asterisk Rest Interface Manager module to add users to be able to utilize Asterisk’s new Rest Interface New User Control Panel that replaces ARI

UCP (Please check online and download the module *after* upgrading to FreePBX 12)

– Presence
– Call History
– Widgets/RSS Feeds
– Modular design allows FreePBX hook into UCP
– Settings
– Find Me/Follow Me, VmX Locator, Call Waiting, Call Forwarding, Do Not Disturb
– Voicemail
– WebRTC
– Conference Pro
– Fax Pro
– SMS Support in UCP for SIPStation customers 

Brand New DashboardUpdates to Module adminCDR Reports now support html5 playback, no need to have quicktime player Parking now supports direct slot parking (Meaning you can transfer a call directly into a slot) Secure Module Signing (http://wiki.freepbx.org/display/F2/Module+Signing) The full list of features can be viewed here: http://wiki.freepbx.org/display/DC/12+Planned+Changes+and+Features

The requirements for FreePBX 12 are simple:

– Asterisk 1.8 through 13
– PHP 5.3.3 or higher

 

Upgrade and Download Plans

The easiest way to get access to the Release Candidate is by downloading the FreePBX Distro at http://schmoozecom.com/distro-download.php and following the steps in http://wiki.freepbx.org/display/HTGS/1.+Install+FreePBX. You can also download the tarball of just FreePBX manually from http://www.freepbx.org/download-freepbx and run through the setup processes documented in http://wiki.freepbx.org/display/HTGS/Version+12.0+Installation.

Whats Next?

So where do we go from here? What’s in the woodwork for FreePBX 13 and above? There are a few things we’ve all hashed around but nothing is set in stone yet, hopefully in the next few weeks we can start working with you on what will be included in FreePBX 13. One last thing, something that is important to me that I think we need to do more of is community blogging. Perhaps going over features or giving you more updates about what we are doing internally along the same lines as what Philippe did in years past. I’d like to engage more with you and get opinions and ideas about what you’d like to see in future versions of FreePBX. Remember that feature requests are always welcome at http://issues.freepbx.org. So won’t you join me on this crazy ride we call VoIP?

Andrew – On Behalf of the FreePBX Team!

FreePBX joins forces with Bria Cloud to let freedom ring anywhere

A guest blog from Jim O’Brien, Vice President of Server Engineering for CounterPath.

A little while ago, we got together with our friends at Schmoozecom and hatched a plan.

The goal was clear: Let’s make it very simple and straightforward for FreePBX end users to communicate with Bria clients on any device using their company’s phone system.

And what was born was a brand new capability we are offering to Bria Cloud Solutions customers, effectively bringing enterprise mobility to millions of FreePBX users worldwide.

Behind the scenes, Schmoozecom and CounterPath have worked together to make our products and services very complimentary. By making it simple for managers of FreePBX systems to connect their systems to Bria Cloud Services, they can provision users into FreePBX and for these users to be auto-magically provisioned into Bria Cloud Services.

So what does this mean for SMBs and enterprises using FreePBX? It means employees can communicate on any device they may have access to at any time, from any location.

Do you generally work from the office? Load Bria on your office computer. Going on a road trip? Load Bria on your smartphone. Working from the beach? Load it on your tablet. With FreePBX and Bria, employees can stay connected like never before.

Now, I’m a technical guy, so I can’t talk about this without going into a bit of detail. In a nutshell, the solution comprises:

  • FreePBX has a new module called Bria Cloud Solutions.
  • CounterPath has released a Provisioning Interface (based on our Stretto Platform) to the Bria Cloud Service for this FreePBX Module.
  • This module supports an Application Programming Interface (API) that allows FreePBX to provision users into CounterPath’s Cloud Service.
  • IT Managers [or System resellers or even Normal Humans J ] running their own FreePBX phone system add this new module to their FreePBX installation.
  • IT Managers then purchase subscriptions to Bria Cloud services for clients their organization will use (or purchase some and add more later).

The great part about this is, though, that end users see none of the above.

They are told “Go download the red Bria client and install it on your device (from iTunes for iPhone/iPad, from GooglePlay for Android smartphones/tablets, from BlackBerry World for Blackberry 10, and from CounterPath for Windows and Mac). Then login with a username and password that matches your FreePBX credentials.”

And it’s as easy as that!

The solution is also an IT manager’s dream. IT managers can see the usage of devices across their population and purchase more subscriptions. They can set limits for users and if someone gets a new computer or phone, the IT manager can remove an old device and the employee can then use Bria on their new device.

Another key feature is that the IT manager controls the configuration of the device(s). End users have access to preferences, but not the real settings that connect their Bria clients back to Free PBX for Voice or Voice, Video, Presence and Instant Messaging. The normal end user will have a much harder time breaking things, which means less time spent supporting end user configuration issues and typos, etc.

We hope that this first collaboration with the FreePBX team provides value to our mutual and newly-mutual customers.

For more information please check out our Press release, our Product Page, our Knowledge Base, and the Free PBX wiki.

This post originally appeared on blog.counterpath.com

About Jim O’Brien

Jim O’Brien is the Vice President of Server Engineering for CounterPath and directs his team in architecting, building and supporting server solutions that work closely with CounterPath softphone applications. Jim designed, launched, and supported wholesale and enterprise VoIP networks for GTE, Genuity, and Level(3). Jim joined CounterPath with the acquisition of BridgePort Networks in 2008.

Latest News From FreePBX: FreePBX 12/OTTS Training, AstriCon, FreePBXhosting.co.uk, Mitel and Stable FreePBX 12 News!

FreePBX Training

 Open Telephony Training Seminar- Milwaukee, Wisconsin!

Tuesday, November 18 – Friday, November 21, 2014 (Optional Packer’s Football Day Nov. 16th!) EARLY BIRD PRICING AVAILABLE UNTIL OCTOBER 31st!

Register Now

Who Should Attend– These sessions are usually attended by participants wanting to utilize FreePBX to get their part of the billion dollar open source telephony market, as well as end users wanting to further their knowledge of FreePBX and the FreePBX EcoSystem. You will attend sessions with FreePBX Integrators, Resellers and those using FreePBX or PBXact within their business or call center environments.

Learning & Course Objectives– This instructor lead four day course will be taught utilizing the latest and greatest version of our software FreePBX 12 and will provide advanced training and in depth labs on everything from initial FreePBX configuration to advanced sessions on various components of FreePBX. We will teach advanced topics to market, sell, deploy, troubleshoot, customize and administer Open Source Telephony Solutions based on FreePBX. The labs are designed to progressively provide a base of technical knowledge and telephony know-how.

What to Bring – Some basic Linux knowledge, and a laptop.

What to Take Away– A fully loaded FreePBX Demo Kit, which includes a Classic 50 Appliance, a Digium D70 and licensing for all FreePBX commercial modules and most importantly Certification on the World’s Most Popular Open Source PBX platform FreePBX!

(Optional) Packer Football Special – November 16th, 2014 is a Green Bay Packer home game against the Eagles. Schmooze has access to a handful of Packer tickets at a price of $250-$400.00 per ticket for anyone interested in joining us at the game that Sunday. Green Bay is only a 1.5 hour drive from Milwaukee and historic Lambeau Field is a place all die hard NFL fans need to visit once in their lifetime. Call us at (920) 486-6301 for more information on attending the game.

 


 

  

 FreePBX 12 is a significant leap forward, providing huge internal upgrades, improved functionality and new features for years to come. We expect to announce the release of the stable version within the next week or two. In the above video, Andrew Nagy (Software Developer for Schmooze Com Inc./ FreePBX) explains What’s New in FreePBX 12 during his presentation at FreePBX World in Las Vegas.

New Features available in FreePBX 12:

  • Support for Asterisk 12 & 13
  • Support for extensions to switch between chan_sip and pjsip
  • Continued support for Asterisk 1.8, 10 and 11
  • Support for Asterisk Rest Interface Manager Module
  • Brand New Dashboard, with security notices, and realtime and historical FreePBX Statistics

Dashboard

  • Call Parking now supports direct slot parking, allowing you to transfer callers directly into individual slots
  • Secure module signing to protect the integrity of your system.
  • Call Detail Reports now support html5 playback of call recordings, (no need to have quicktime player installed.)
  • Updated Module Administration, allowing system administrators to choose between stable and beta versions of modules, and even roll back module updates if needed.

 

  • New User Control Panel “UCP” that replaces the legacy ARI (Asterisk Recording Interface)
  • UCP uses a modular design allowing features to be easily added as the product develops
  • UCP Presence
  • UCP Call History – with html5 recording playback
  • UCP Customizable Widgets/RSS Feeds
  • UCP Settings Management: Find Me/Follow Me, VmX Locator, Call Waiting, Call Forwarding, Do Not Disturb
  • UCP Visual Voicemail – with html5 recording playback, and in browser recording upload of messages and prompts
  • UCP WebRTC Softphone – plug-in free browser based softphone
  • UCP Conference Pro – full control of conference rooms
  • UCP Fax Pro- send new and view incoming faxes
  • SMS Support within UCP for SIPStation Customers
  • UCP XMPP Chat client for UCP

Install or upgrade your existing system to FreePBX 12 by visting freepbx.org!


 

FreePBX Hosting

Give your business the competitive edge without the expense of investing in a PBX server. Hosted FreePBX service can accommodate all business sizes, large and small.

FreePBX Hosting

At Schmooze our core focus is telephony and software development, we have partnered with the best data centers in the industry to provide you with world class FreePBX hosting services. Now with services available in the UK. Try FreePBX Hosting Risk Free for 30 Days by visiting one of our partners.

Optimal Projects

United Kingdom Provider of FreePBXHosting.co.uk

North American Provider of FreePBXhosting.com

View our recent interview with Adam Hobach, President of CyberLynk Network discussing FreePBXhosting.com.

 


 

Astricon2014

Schmooze is a Gold Sponsor of AstriCon 2014- Las Vegas 

Oct. 22-24, 2014 make plans to join us at the Red Rock Resort in Las Vegas, Nevada for three days of conferences, exhibits and new product announcements and demonstrations!  To see some things to look forward to at AstriCon please see our recent FreePBX World interview with Billy Chia from Digium.

Using the FreePBX EndPoint Manager– 11 am on the 22nd

FreePBX Phone Apps Presentation – 1:45 on the 22nd

FreePBX Yesterday, Today and Tomorrow– 3:30 on the 23rd

FreePBX High Availability – 10 am on the 24th

Elastix, FreePBX and Asterisk panel. 2:25 pm on the 24th

The FreePBX/Schmooze Com team will be available on the exhibit floor (Booth 27), networking events and by appointment please contact us to schedule a time to meet.


 

mitel

Product Discontinuance Notice: 675xi Phones 

Mitel has announced the discontinuance of all variants of the Aastra 675xi SIP phones.

Schmooze still has some stock on hand of the 6753i and the 6755i for those interested in acquiring these before they are gone.

The newly released 68xxi series of SIP phones are great alternatives to the 675xi models, providing significant improvements including enriched functionality, superior audio quality, and enhanced color LCD display.

For clients who wish to stay within the 67xxi family for similar form factor the 673xi series offers suitable substitutions as well.

These models and more are available in the Schmooze Portal for purchase at competitive prices.

Do your part: Purchasing hardware from Schmooze helps provide funding for the continued development of FreePBX!


 

Stay tuned to our blogs and forums for upcoming announcements about a new certified WIFI phone, FreePBX Integrated Cloud-Based Provisioning for desktop, tablets and smartphones and more exciting additions to the ever expanding FreePBX EcoSystem!

Preston McNair follow @prestonmcnairPreston McNair(link is external) 
VP of Sales and Marketing 
FreePBX/Schmooze Com, Inc. 
Voice (920) 886-8130

Contact Us

 

 

 

 

Copyright © 2014, Schmooze Com, Inc. FreePBX is a Registered Trademark of Schmooze Com, Inc.
All Rights Reserved.  

Critical FreePBX RCE Vulnerability (ALL Versions)

CVE: 2014-7235
Date: 2014-09-30
Author: James Finstrom
Ticket: http://issues.freepbx.org/browse/FREEPBX-8070


We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)”. This affects any user who has installed FreePBX prior to version 12, and users who have updated to FreePBX 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.

This exploit allows users to bypass authentication and gain full “Administrator” access to the FreePBX server when the ARI module is present, which may then be used to grant the attacker full remote code execution access as the user running the Apache process.
We have released updates for users on FreePBX versions 2.9, 2.10, 2.11 and 12 per our security policy which covers releases that have come out over the last 3.5 years. Versions 2.8 and prior can be easily updated to 2.9 or higher through Module Admin which will remove the vulnerability. Versions 2.11 and 12 are the only officially supported versions of FreePBX but we always apply security patches to the two prior versions as well.

Users prior to FreePBX 12 should update FreePBX ARI Framework to version 2.11.1.5 immediately.

FreePBX 12 users should disable and uninstall the legacy FreePBX ARI Framework module and switch to the new User Control Panel, which is not to be confused with the previous ‘User Control Panel Tab’. 
Please note that indications of a compromised system include the presence of an “System Admin Dashboard” also called “admindashboard” module, the files c2.pl and/or c.sh.

 

If you are using the FreePBX Distro we have fixed this with upgrade scripts 5.211.65-19 and 6.12.65-18. As always review the wiki here on how to keep your FreePBX Distro system updated.

If these are present then your system has potentially been compromised. You should urgently remove this module via a system shell. 
Due to various differences between machines, your AMPWEBROOT may be in /var/www/admin,/var/www/html/admin, or potentially any other place.
To determine the location, if you are unaware, it is visible in the Advanced Settings page, as ‘FreePBX Web Root Dir’. FreePBX Distro based machines are set to ‘/var/www/html’
First, run the command:

 

rm -rf AMPWEBROOT/admin/modules/admindashboard

replacing the ‘AMPWEBROOT’ with the system setting.
Then run the following command to remove all traces of it from FreePBX

 

amportal a ma delete admindashboard

There will be an error output saying that uninstallation scripts failed to run, however this is expected, and is signifying that the module was removed successfully.

You must also remove any references to c2.pl or c.sh. which can be found by running the commands:

 

updatedb
locate c2.pl
locate c.sh

We have also noticed that additional Administrator users may have been created as part of a scripted attack. We urge you to verify that your machine does not have any additional unknown ‘Administrator’ users in the “Administrators” page.

Please note the FreePBX ARI Framework module used an independent authentication scheme and does not relate to the FreePBX authentication settings of none, database or web server.

Remember the best practice to avoid risk is to not expose your system to the public internet.

In FreePBX 12 we have implemented module signing which was a key element in identifying this issue. 


Users of FreePBX 12 should always take note of the tamper and/or unsigned module notices that show in their system.

 

Schmooze Com takes security of FreePBX and our other communications products seriously. In practice there are more eyes on the code in open source software than there are in closed source software, however the truth of the matter is security of any technological product is not determined by the method of distribution. This year’s earlier issues with the Heart-bleed Open SSL security defect brought to light not only how much of an impact open source software has on the entire Internet infrastructure, but emphasized the fact that we must continually improve the tools we provide our developers and community to review and scrutinize our codebase for potential security issues and bugs.

Since it’s inception FreePBX has had source and ticket management tools in place to provide transparency to our users. We continue to make huge investments in time, energy, and infrastructure to continually improve these tools. When security problems are found in open source software, the visibility of the code and ease of use provided by these new management tools allow diverse teams to collaborate and contribute code fixes. Bug and security fixes are often available within a matter of hours.

If you find a potential bug in FreePBX you can open a ticket at issues.freepbx.org

Or for potential security related issues, send an email to the security team at security@freepbx.org

CVSS Base Score - 9.4
Impact Subscore - 9.2
Exploitability Subscore - 10
CVSS Temporal Score  - 7.4
CVSS Environmental Score - 6
Modified Impact Subscore - 8
Overall CVSS Score - 6