8.1.0
Security relevant
Security fixes
- CVE-2025-7962 — SMTP Injection vulnerability fixed by sanitizing \r and \n UTF-8 characters.
Full changelog
Release 8.1.0, provides following improvements:
Security:
- All libraries are updated to most recent versions
WB:
- Whiteboard video player controls are fixed
Some other fixes and improvements, 9 issues were addressed
=====================================
IMPORTANT!
Apache OpenMeetings prior to 8.1.0 are vulnerable to CVE-2025-7962 [1]
"SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages."
The issue was found by b1u3r and 1ue
All users should upgrade to OM 8.1.0 ASAP!