| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| FOSSBilling-0.8.1.zip | 2026-05-30 | 31.1 MB | |
| 0.8.1 source code.tar.gz | 2026-05-30 | 10.0 MB | |
| 0.8.1 source code.zip | 2026-05-30 | 10.6 MB | |
| README.md | 2026-05-30 | 3.4 kB | |
| Totals: 4 Items | 51.7 MB | 0 | |
0.8.1 (2026-05-30)
FOSSBilling 0.8.0 included fixes for multiple security vulnerabilities, including higher-impact issues. We are continuing to provide a short upgrade window before publishing the full advisory set.
Alongside 0.8.1, we are publishing a small early batch of low-impact advisories where practical exploitability is limited. The remaining advisories fixed in 0.8.0 are still scheduled for publication after a short upgrade window.
Users should upgrade to 0.8.1 where practical. Installations that have not yet upgraded from older releases should treat 0.8.0 or newer as a priority security baseline.
🔐 Security
- Sanitized admin support ticket reply content to prevent potential injection. (#3669)
- Validated stored filenames for downloadable products to restrict unauthorized file access. (#3676)
- Refreshed OPcache after preserving the config cache during updates to avoid stale configuration exposure. (#3662)
- Hardened UpdatePatcher SQL safety to prevent unsafe database operations during updates, along with Antispam and Massmailer correctness fixes. (#3685)
📈 Enhancements
- Added a free subdomain option for hosting products. (#3667)
- Implemented reCAPTCHA v3 for score-based bot detection on public forms. (#3655)
- Clients are now automatically logged in after successful registration. (#3664)
- Added active menu highlighting in both the Admin and Huraga client themes. (#3654)
- Introduced an update finalization process that prevents issues during database patches. (#3639)
- Signup forms now display a separate last name field. (#3653)
- Added pre-configuration proxy detection so forwarded headers are handled before the application fully boots. (#3663)
- Added a proxy candidate settings UI and system URL support to improve reverse proxy compatibility. (#3674)
- The admin Massmailer test client selector now uses autocomplete search and displays the client email. (#3681)
🐛 Bug Fixes
- Fixed a checkout crash caused by a type mismatch on support ticket counts. (#3643)
- Fixed license order details crashing when
pinged_atwas null. (#3644) - Improved the admin dashboard alert layout for better readability. (#3646)
- Fixed the installer page not applying dark mode correctly. (#3647)
- Redirecting to the correct tab after creating product categories and after API form submissions. (#3648, [#3649])
- Stopped displaying service-specific configuration partials for inactive orders. (#3650)
- Restored the domain check button when domain input changes after an initial check. (#3645)
- Prevented deleting a domain registrar that is assigned to active TLDs. (#3660)
- Port values are now validated and normalized across the configuration to prevent connection errors. (#3659)
- Applied template correctness, internationalization, and accessibility fixes across multiple modules. (#3661)
- Fixed downloadable file replacement cleanup so orphaned stored files are properly removed, and corrected streamed download behavior. (#3678)
- Fixed UpdatePatcher table handling and Massmailer admin filtering. (#3686)
📝 Changes
- Added a
stored_filenameattribute for downloadable files to enable safer file reference tracking and orphan cleanup. (#3670) - Improved license validation form accessibility and consistency. (#3673)
- Added in-app links to Anti-Spam and License documentation. (#3657, [#3668])