With the recent brisk pace of FreePBX security improvements, we are seeing increased reports in our community forums and elsewhere from users who are encountering issues when modules won’t upgrade to the latest version or stop working in subtle ways because of out-of-date third-party pseudo-mirrors.
This new SAML module makes it easier than ever to integrate your FreePBX and PBXact systems with your existing single sign-on solutions, enhancing security and simplifying access for your team.
This article discusses meta-issues surrounding security fixes in FreePBX, investigates vulnerability scoring tools, and offers some ideas for improvements. System Administrators should walk away with a better understanding of terms like CVE, CWE, CVSS (including the differences between Base and other metrics), and EPSS.
Summary: Ensure that all FreePBX/PBXact modules are up to date Always monitor and follow up on security notifications from your PBX Ensure that you are on supported FreePBX/PBXact version 15 or greater EOL versions of FreePBX/PBXact (14 or older) do not get security updates or bug fixes! Security Vulnerability SEC-2023-001 Hello all. By now, administrators
This past week saw two noteworthy threads posted to the FreePBX community forum separated by a few days; independent reports of a “Tampered File Warning” showing up in the FreePBX dashboard. This warning is connected to a core security feature of FreePBX. In FreePBX (and PBXact) each module is published with a signature, and in