From Freeside
Jump to: navigation, search


This is the changelog for the 2.3.5 release.

For a more detailed, raw log of changes, see the git log

XSS (Cross-site scripting) issues

  • Company name and address in the backoffice -- possibly high impact if running self-service and allowing address changes, end-customers might be able to XSS the browser of an employee
  • Package definitions, billing events and phone devices in backoffice -- low impact, admins who can edit those things can already do many things worse than XSS other employees
  • View usage and change package in self-service -- low impact. end-customers XSSing themselves is not really a problem

Billing events

  • New conditions: "Package Reason Type" / "Package Not Reason Type"
  • New actions: "Unsuspend all of this customer's suspended packages" / "Unsuspend this package"


  • Integrated ticketing updated to RT version 3.8.15


  • Mac addresses for svc_broadband now show on the customer package screen


  • Overage billing with per-day caps


  • New Windstream CDR format