FOSSBilling publishes release notes and tagged versions on GitHub. Use the links below to review new features, fixes, and upgrade notes before you update.
GitHub Releases
View all FOSSBilling releases with detailed changelogs on GitHub Releases.
Version History
Browse the complete commit history to see all changes.
Latest Release
Section titled “Latest Release”For the latest changes, start with the most recent release.
Version 0.8.2
Section titled “Version 0.8.2”| Area | Summary |
|---|---|
| Security | Rate limiting on guest invoice, PDF, and payment APIs with per-hash and per-IP limits; invoice hash format validated (30–60 hex chars) and hashes expire after configurable period; guest cron endpoint now requires security hash; extension uninstall paths validated against directory traversal; fixed reverse tabnabbing vulnerability in Theme service; password values no longer echoed in login templates |
| Rate Limiting | New invoice_get_ip, invoice_get_hash, invoice_pdf_ip, invoice_pdf_hash policies; invoice hashes expire by default after 90 days (invoice_hash_lifetime_days) |
| Email Templates | Built-in syntax validation with error tracking in admin panel; new last_error / error_checked_at columns for tracking rendering failures; bulk actions and batch delete |
| Payment Gateways | One-time payment enforcement per gateway; gateway keys required based on operating mode; update readiness checks in gateway settings UI |
| Performance | Doctrine ORM metadata now cached on filesystem |
| Updates | Pre-flight filesystem permission checks before applying updates |
| Widgets | Login forms now support widget slots for extension injection |
| Maintenance | Leftover Paidsupport and Servicemembership module files fully cleaned from disk |
View the full 0.8.2 release notes for the complete list of changes.
Version 0.8.1
Section titled “Version 0.8.1”| Area | Summary |
|---|---|
| Security | Sanitized admin ticket replies, validated downloadable stored filenames, hardened license doc links, prevented subdomain override, refreshed OPcache after config preservation, hardened UpdatePatcher SQL safety |
| Hosting | Free subdomain option with duplicate protection |
| Anti-spam | reCAPTCHA v3 score-based bot detection on public forms |
| Client signup | Auto-login after registration; separate last name field |
| Updates | Two-phase update finalization process (install then finalize patches); maintenance mode enabled during updates |
| Proxy | Pre-config proxy detection and admin proxy candidate settings UI for reverse proxy setups |
| Downloadable | stored_filename attribute for safer file tracking and orphan cleanup |
| Admin | Active menu highlighting, Massmailer autocomplete test client selector, tab-targeted redirects |
View the full 0.8.1 release notes for the complete list of changes.
For older releases, browse the full release history on GitHub.
Breaking Changes
Section titled “Breaking Changes”Before updating, review the release notes for any breaking changes or manual follow-up steps. We call these out in each release whenever they apply.
Security Updates
Section titled “Security Updates”Security-related changes are also published through our GitHub security advisories. If you run FOSSBilling in production, subscribe to release notifications and security alerts.