This iteration of BigBlueButton 2.7 contains a couple of security patches. Several client fixes and dependency updates were also included.
Important: We removed support for POST requests on join endpoint and also Content-Type headers are now required
In BigBlueButton 2.6.18/2.7.8 POST requests are no longer allowed for the join endpoint. To ensure they are validated properly, a Content-Type header must also be provided for POST requests that contain data in the request body. Endpoints now support a limited set of content types that includes text/xml, application/xml, application/x-www-form-url-encoded, and multipart/form-data. By default each endpoint only supports application/x-www-form-urlencoded and multipart/form-data, but individual endpoints can override this and define their own set of supported content types. The create endpoint supports all of the four previously listed content types while insertDocument supports only text/xml and application/xml. Any requests with a content type that differs from the set supported by the target endpoint will be rejected with a new unsupportedContentType error.
We welcome any feedback about this release on our bigbluebutton-dev mailing list
Note that BigBlueButton 2.7 runs on Ubuntu Focal (20.04).
Link to installation command / instructions / features : https://docs.bigbluebutton.org/2.7/new-features
Big THANK YOU to all comminuty members who helped for this release - both through sending pull requests and through reporting bugs or requesting enhancements! 🎊
HTML5 client
- fix(whiteboard): Inconsistent Zoom Between Live Session And Recording by @KDSBrowne in #20222
- fix(whiteboard): Disable Duplication Shortcut Key While Drawing by @KDSBrowne in #20216
- Updates for project BigBlueButton v2.7 HTML5 client and language eu by @transifex-integration in #20177
Core
- fix(sec): fix(sec): API fix duplicates GHSA-4m48-49h7-f3c4 by @paultrudel in ea6e946 security advisory will be published not earlier than May 31, 2024 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4m48-49h7-f3c4
- refactor(bbb-web): Add message key to insertDocument responses by @paultrudel in #20213
build
- build(sec): set permissions for resque files [2.7] by @antobinary in 04e9167 security advisory will be published not earlier than May 31, 2024 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5966-9hw8-q96q
record-and-playback
- [Snyk] Fix for 1 vulnerabilities by @antobinary in #20042
test/chore
- test: [Snyk] Security upgrade jest from 27.5.1 to 29.0.0 by @jfederico in #20246
Docs
- docs: drop plugin @cmfcmf/docusaurus-search-local by @antobinary in #20226
Full Changelog: v2.7.7...v2.7.8
Release name
Passing -v focal-270 to https://raw.githubusercontent.com/bigbluebutton/bbb-install/v2.7.x-release/bbb-install.sh will always install the latest released BigBlueButton 2.7 version.
If for some reason you would like to install this specific release, pass -v focal-270-2.7.8.
We still recommend using -v focal-270 as this repository is continually updated with each BigBlueButton 2.7 release.
