FOSSBilling publishes release notes and tagged versions on GitHub. Use the links below to review new features, fixes, and upgrade notes before you update.
GitHub Releases
View all FOSSBilling releases with detailed changelogs on GitHub Releases.
Version History
Browse the complete commit history to see all changes.
Latest Release
Section titled “Latest Release”For the latest changes, start with the most recent release.
Version 0.8.3
Section titled “Version 0.8.3”| Area | Summary |
|---|---|
| Breaking: Public Tickets | Public (guest) tickets unified with client tickets — same endpoints, templates, emails, and event hooks. Eight deprecated ticket hooks removed; replaced by shared client ticket hooks. Old email links redirect automatically. Custom modules/themes referencing the old hooks, templates, or endpoints need updating. |
| Security | Invoice hash self-healing — missing hashes are regenerated automatically; database patch backfills hashes for existing invoices |
| Admin UX | Persistent light/dark theme toggle with dark-mode logo support on login pages |
| Orders & Transactions | Order list/details use batch API retrieval; marking invoice as paid correctly records transaction; admin order templates handle null service data gracefully |
| Payment Gateways | Failed transactions marked as errored with retry support; SQL claim queries use correct IN grouping; Stripe type hints and appearance enhancements |
| Huraga Theme | Client dashboard widget slots; pagination tab redirects; fb_api_link usage for API actions instead of custom event listeners |
| Cron | is_cron flag for context awareness; admin-level fallback during cron runs now restricted |
| Templates | Twig strict-variables fixes across activity logs, tickets, invoices, payment gateways, and domain registrars; staff password reset emails now use correct recipient; client order page shows product add-ons for restricted categories |
| Bug Fixes | Currency settings crash when exchange rate data missing; stale unpaid_invoice references corrected; getCell returns proper types; legacy BoxBilling IPN params (bb_*, bb-ipn.php) redirect to standard endpoint |
| Frontend | Legacy PNG/font icons replaced with SVG; icon sprite xlink:href → href refactor with shared builder; Coloris color picker replaced with native input type="color" |
| Development | Product models migrating to Doctrine; promo code redemption compensates correctly on checkout failure; esbuild helpers refactored with JS checker and asset optimization |
| Dependencies | DiceBear core v10.3.0 / styles v10.2.0; esbuild v0.28.1; Sass v1.101.0; Sentry v4.28.0; guzzlehttp/psr7 v2.12.1; Docker base tag v1.25 |
View the full 0.8.3 release notes for the complete list of changes.
Version 0.8.2
Section titled “Version 0.8.2”| Area | Summary |
|---|---|
| Security | Rate limiting on guest invoice, PDF, and payment APIs with per-hash and per-IP limits; invoice hash format validated (30–60 hex chars) and hashes expire after configurable period; guest cron endpoint now requires security hash; extension uninstall paths validated against directory traversal; fixed reverse tabnabbing vulnerability in Theme service; password values no longer echoed in login templates |
| Rate Limiting | New invoice_get_ip, invoice_get_hash, invoice_pdf_ip, invoice_pdf_hash policies; invoice hashes expire by default after 90 days (invoice_hash_lifetime_days) |
| Email Templates | Built-in syntax validation with error tracking in admin panel; new last_error / error_checked_at columns for tracking rendering failures; bulk actions and batch delete |
| Payment Gateways | One-time payment enforcement per gateway; gateway keys required based on operating mode; update readiness checks in gateway settings UI |
| Performance | Doctrine ORM metadata now cached on filesystem |
| Updates | Pre-flight filesystem permission checks before applying updates |
| Widgets | Login forms now support widget slots for extension injection |
| Maintenance | Leftover Paidsupport and Servicemembership module files fully cleaned from disk |
View the full 0.8.2 release notes for the complete list of changes.
Version 0.8.1
Section titled “Version 0.8.1”| Area | Summary |
|---|---|
| Security | Sanitized admin ticket replies, validated downloadable stored filenames, hardened license doc links, prevented subdomain override, refreshed OPcache after config preservation, hardened UpdatePatcher SQL safety |
| Hosting | Free subdomain option with duplicate protection |
| Anti-spam | reCAPTCHA v3 score-based bot detection on public forms |
| Client signup | Auto-login after registration; separate last name field |
| Updates | Two-phase update finalization process (install then finalize patches); maintenance mode enabled during updates |
| Proxy | Pre-config proxy detection and admin proxy candidate settings UI for reverse proxy setups |
| Downloadable | stored_filename attribute for safer file tracking and orphan cleanup |
| Admin | Active menu highlighting, Massmailer autocomplete test client selector, tab-targeted redirects |
View the full 0.8.1 release notes for the complete list of changes.
For older releases, browse the full release history on GitHub.
Breaking Changes
Section titled “Breaking Changes”Before updating, review the release notes for any breaking changes or manual follow-up steps. We call these out in each release whenever they apply.
Security Updates
Section titled “Security Updates”Security-related changes are also published through our GitHub security advisories. If you run FOSSBilling in production, subscribe to release notifications and security alerts.