Hello, We've just released FOSSBilling version 0.5.0 which includes roughly 20 bug-fixes and numerous security fixes. Important things to note We have changed the way update patches are performed. After updating, you MUST manually login to the administrator panel, navigate to the updater, and then use the "Apply Patches & Update Configuration" button. this will be automated going forward, but must be done manually with this update. There have also been some changes that are not backwards compatible and as such we highly recommend reading the full release notes if you are using any module that is not included within FOSSBilling. Modules on the extension store will need to be manually updated as it does not automatically perform updates. Highlighted changes Security Resolved an issue with the "Downloadable" product type that allowed orders to be downloadable without being activated. ( Report on Huntr.dev ) Currently the description for this report is inaccurate, we are working with the security researcher and Huntr.dev administrators to get it updated. Additional checks have been added to prevent add-ons from being ordered by themselves or for a product they are not valid for. ( Report #1 and report #2 ) Prevented an issue that allowed disabled products from being ordered. ( Huntr.dev report ) New Features Introduced support for our "Central Alerts" system, allowing FOSSBilling to retrieve and display warnings associated with the currently running version. We've introduced the usage of Monolog, splitting logging out into a handful of files to help keep logs more organized. Our GitHub repository now runs automated spellchecks against changes to help prevent accidental spelling mistakes from being introduced into the application. The old error page has been completely replaced and errors can now be assigned helpful links to help aid in debugging. The API wrapper will now display a "spinner" on the page while waiting on an API request to complete, giving a visual indication that an action is being performed. To use this, your custom theme will need to have a spinner-border class that implements the spinner animation. The API wrapper will automatic center it for you. You can see this spinner in action inside of the administrator panel. Breaking Changes Box_Di has been removed in favor of just using \Pimple\Container for typehints. All FOSSBilling classes have been moved to the FOSSBilling namespace, removed the FOSSBilling_ prefix from the class name. FOSSBilling classes now enable strict types. Box\InjectionAwareInterface has been replaced with \FOSSBilling\InjectionAwareInterface . Almost ALL custom modules will be broken unless they are updated to reflect this change. As always, you can find the complete changelog on our website.

FOSSBilling Version 0.5.0 has been released with security fixes

Hello,

We've just released FOSSBilling version 0.5.0 which includes roughly 20 bug-fixes and numerous security fixes.

We have changed the way update patches are performed. After updating, you MUST manually login to the administrator panel, navigate to the updater, and then use the "Apply Patches & Update Configuration" button. this will be automated going forward, but must be done manually with this update.
There have also been some changes that are not backwards compatible and as such we highly recommend reading the full release notes if you are using any module that is not included within FOSSBilling.
Modules on the extension store will need to be manually updated as it does not automatically perform updates.

Resolved an issue with the "Downloadable" product type that allowed orders to be downloadable without being activated. (Report on Huntr.dev)
- Currently the description for this report is inaccurate, we are working with the security researcher and Huntr.dev administrators to get it updated.
Additional checks have been added to prevent add-ons from being ordered by themselves or for a product they are not valid for. (Report #1 and report #2)
Prevented an issue that allowed disabled products from being ordered. (Huntr.dev report)

Introduced support for our "Central Alerts" system, allowing FOSSBilling to retrieve and display warnings associated with the currently running version.
We've introduced the usage of Monolog, splitting logging out into a handful of files to help keep logs more organized.
Our GitHub repository now runs automated spellchecks against changes to help prevent accidental spelling mistakes from being introduced into the application.
The old error page has been completely replaced and errors can now be assigned helpful links to help aid in debugging.
The API wrapper will now display a "spinner" on the page while waiting on an API request to complete, giving a visual indication that an action is being performed.
- To use this, your custom theme will need to have a spinner-border class that implements the spinner animation. The API wrapper will automatic center it for you.
- You can see this spinner in action inside of the administrator panel.

Box_Di has been removed in favor of just using \Pimple\Container for typehints.
All FOSSBilling classes have been moved to the FOSSBilling namespace, removed the FOSSBilling_ prefix from the class name.
FOSSBilling classes now enable strict types.
Box\InjectionAwareInterface has been replaced with \FOSSBilling\InjectionAwareInterface. Almost ALL custom modules will be broken unless they are updated to reflect this change.

As always, you can find the complete changelog on our website.

A great release and thanks as always to @BelleNottelling and everyone who contributed to this release.