WHMCS has announced the availability of WHMCS 5.3.9. WHMCS 5.3.9 has addressed few security issues reported by their security bounty program, or discovered internally by the WHMCS Development Team.
WHMCS has rated these updates as having a moderate to important security impact. Currently they have not released more details on security updates. Once the sufficient period is passed they will release more information. If you are unsure how to upgrade your installation, you can refer Upgrade WHMCS article.
Following are the changelog for WHMCS 5.3.9:
Security:
Case #2525 – Provide migration path to harden Admin & API cryptographic
Case #4177 – Mask sensitive passwords in admin interface
Case #4821 – Redacted
Case #4822 – Redacted
Case #4824 – Redacted
Case #4829 – Redacted
Case #4830 – Redacted
Case #4832 – Remove access to version information within server status script
Case #4886 – Redacted
Case #4923 – MoipApi Gateway Module: Remove file system log function
Case #4987 – Add Proxy Trust IP Configuration
Case #4988 – Redacted
Case #4989 – Redacted
Case #4990 – Redacted
Case #4991 – Hide license key in license error page notifications
Modules:
Case #3144 – CentovaCast: Fix resource usage syncing logic
Case #3178 – Nominet: Perform status sync for transferred domains
Case #3651 – RegisterCom: Fix US contact state handling
Case #3970 – KashFlow: Fix Currency sent on new client creation
Case #3978 – PayFlow Pro: Always send invoice number parameter
Case #4086 – InternetBS: Update variable names used in WHOIS update
Case #4157 – eNom: Do not send nameserver values when Use Defaults enabled
Case #4428 – Add e-onlinedata payment gateway module
Case #4442 – Garantibank: Correct API end point URL
Case #4724 – Project Management Addon: Preserve date format in tasks
Case #4823 – Drop support for the EOL Ensim Provisioning Module
Case #4870 – Drop support for the EOL E-Gold and PayOffline gateways
Case #4889 – OVH Registrar: Use white label option
Case #4969 – NameCheap: Add support for .UK domain additional fields
Case #5002 – NetRegistry: Update API end point URL
Maintenance:
Case #2840 – Correct Group Discount calculation with Inclusive Tax type
Case #3233 – Update Completed Transfer Sync to update expiry date pre email
Case #3245 – Resolve Kayako Loginshare failing when Two-Factor Auth is enabled
Case #3330 – Fix addon invoice line item type in pro-rata invoicing
Case #3886 – Prevent duplicate invoice generation during cron run
Case #3961 – Add additional hooks to client summary mass actions
Case #4118 – Fix missing parameter in add funds redirect
Case #4578 – Reset domain reminder field after due date change or renewal
Case #4662 – Ensure transaction rate is always a positive number
Case #4695 – Improve rounding logic with promotion codes
Case #4731 – Prevent placing upgrade orders when one in progress
Case #4845 – Fix license error message improperly reading error key
Case #4848 – Fix new customer report graph labels for current year
Case #4851 – Resolve fatal error occuring in reCAPTCHA validation routine
Case #4852 – Fix typo in the label tag of reports
Case #4880 – Ensure support and updates validity is enforced correctly
Case #4888 – Add contextual help link to System Cleanup
Case #4931 – Correct translation in French language file
Case #4945 – Correct incorrect links in the New Customers report
Case #4948 – Use Casual version numbering in XML API Response
Case #4976 – Ensure charts handle special characters appropriately