Tags give the ability to mark specific points in history as being important
  • v3.2.30   NEW: [Backend] Suspend/resume of Cronus. [Daphnie] TimescaleDB v2 support. Compression changes reduces storage requirements by ~57%. Site deletion now possible without decompressing metrics. [Ghost] v4 compatibility. [Opcenter] metrics service class. "enabled" controls API usage as well as metrics logging. Disabled for epehemeral accounts. [Process] environment()- parse a process' environment variables. all()- list all processes optionally matching a closure. [telemetry] histograms. Create data constructs over even intervals for arbitrary windows with metrics. FIXED: [Bootstrapper] Account creation assertion fails on low-memory servers. [Change Information] Reactivating a suspended model presents change option without corresponding input. [Database] Removing a database without a corresponding backup task generates an error. [File Manager] Fragment ("#") usage in filename breaks various features. [Opcenter] A single fatal() in a DeleteDomain batch aborts chain. [Opcenter] apache,jail must always be enabled on non-FPM servers. [Opcenter] Re-enabling pgsql or mysql service blocks on duplicate dbaseadmin check. [PHP-FPM] Deleting a domain attempts to update PHP-FPM log ownership. [pman] get_processes() returns empty process list if empty controller previously populated. [rspamd] Disabling rspamd support persists Argos monitoring profile. [UI] Processes overview reports no active processes when freezer cgroup enabled. [UI] Route invocation with implicit Page binding creates a new app instance without parsing metadata. Reuse the fully instantiated object during parameter resolution [UI] Secure Access Key rotation determined by cron TTL instead of Redis TTL. CHANGED: [Auth] API method "whitelisted" changed to "trusted" to indicate role in forwarded address verification. [Auth] Honor [auth] => min_pw_length in password checks. [Bootstrapper] Purge RPM cache after install. [Cloudflare] Bump API timeout to 10 seconds. [Daphnie] Raise shared locks as needed by TimescaleDB during intense operations. Lock count is approximately 2 * chunk count. [Daphnie] Restrict logging via metrics,enabled service parameter. [Discourse] Propagate nvm PATH shimming to rake subprocess. [FTP] Force vsftpd restart on glibc update. vsftpd may hold onto old copies of glibc that conflict with PAM. [HTML Kit] absolute_url() generates a URL matching the browser environment. Move old code into separate function, canonical_url(), which will always return a URL formed with the server name. [misc] list_commands() matches modules, e.g. cpcmd -lmisc. Previous usage required an explicit wildcard. [Network] Negative trust anchors on ip6.arpa PTR lookups. [Process] Add GID matching in addition to group name. [Scripts] mapCheck.php inspects orphaned database entries. Yield appldb.siteinfo records to filesystem metadata on mismatch. [telemetry] metrics() now available to Site Administrator. [UI] phpMyAdmin, phpPgAdmin follow "Use external opener" option. [Web Apps] Tolerate corrupted fortify metadata. Older sites migrated may have unusable options set. When reapplying Fortification profile from metadata the value is improperly interpreted as "" instead of its intended mode. REMOVED: [Daphnie] Boundary alignment detection.
  • v3.2.29   FIXED: [Apnscp] Cover edge case if redis.conf maxmemory directive below used_memory. Such a situation could occur if regenerating redis.conf from template that has already increased its memory limit. [Cgroup] freezer, cpuset controllers always applied to cgrules.conf. [Cloudflare] Parameterized records send without attributes. [Crontab] virtualcron.service fails to initialize on race condition with apnscp.service. To avoid polluting mount table, cgroup controllers are bind mounted based on platform requirements. cgroupv2 uses a single hierarchy which obviates this requirement; however platform is still on v1. Add workaround by restarting virtualcron service after cgroup controllers are mounted into FST. [Migrations] proxyaddr/proxy6addr retained on target server. [Migrations] Overrides referencing an array are logged as "Array". [UI] Static resource key that protects third-party apps forgotten after extended duration without panel restart (> 4 days). CHANGED: [Cgroup] Use rbind for controller mount into shared r/w path (/.socket) when unified hierarchy detected. [dns] export() will polyfill NS records from dns:get-hosting-nameservers when absent in export. [Drupal] Minimum installable version is now 7.33 [Drupal] Query drupal/drupal Github repository for versioning. [Migrations] Clone DNS when migrating site to new server with disjoint nameservers. Prior behavior lost all prior records on new server. [PowerDNS] Fallback on RPM schema if playbook-supplied schema is absent. [Web Apps] Support version pagination on Github. Match MAJOR.MINOR versioning. [WordPress] SSO no longer requires dispatcher presence.
  • v3.2.28   NEW: [cgroup] cpuset support. Allocate a site to a specific CPU or set of CPUs. Controlled via cgroup,cpupin service attribute. [cgroup] freezer support. Suspend any CPU processing for site. Corresponding API call cgroup:freeze likewise to unfreeze call cgroup:thaw. [DNS] SVCB RR support in Cloudflare. SMIMEA RR support in PowerDNS. [Joomla] 4.x support. [PostgreSQL] v14 support. [Setup Instructions] FTP configuration profiles. [UI] Declare entry application besides "dashboard" application. See Customizing.md for further information. [upcp] -l/--list shows available tags to run in conjunction with upcp -b. [User Defaults] %u and ~ expression in FTP jail path default. %u expands to USERNAME, ~ expands to /home/%u. FIXED: [cpcmd] Specifying a filter to -l/--list-commands is silently ignored. [Databases] Deleting a custom database without prefix namespace does not discard backup task on site deletion. Revise lookup algorithm to update database to prefix + database composite, failing if that delete query cannot be resolved. [DNS Manager] Reset DNS to defaults skips local subdomain entries. [email] add_virtual_transport()- add UUID check before provisioning MX records. Corrects condition in which server-to-server migration using same nameservers duplicates MX records prior to migration complete. [file] chown() forces remount in process where direct write occurs to fully release file handle thus updating stat metadata. Resolves ghosting issues with custom FTP jail directory. [Joomla] Take head on multiple branch updates such as 3.x and 4.x update pathways. [Let's Encrypt] RFC 6125 rule matching. A wildcard matches a label but does not match additional labels. Secondary subdomains will not be filtered by a wildcard subdomain. [Logs] --reconfig overwrites /etc/logrotate.conf. Abstain from regenerating this file unless missing. [Migration] Web App metadata lost on transfer. [Opcenter] Performing a shallow import of an authentication context breaks getServiceValue() usage. Merge old into cur to preserve behavior when SiteConfiguration is instantiated during Opcenter task (edit, delete, add domain). [PHP-FPM] Dependency ordering loop on PHP-FPM sockets occurs in default assignment of basic.target. CentOS 8 negotiates sysinit.target to pull in .socket services. Dependency assignment makes .service subordinate to .socket, but permits restarting of socket activation by .service directly. On boot with a basic.target assignment, sockets.target is implicitly included in all .socket services that must run before basic.target resulting in a cyclic graph. [Process] "sgid" option looks for named user instead of group. [Scopes] Disabling PHP build from UI sends incorrect command to backend. [Scopes] list() shows original index numbers. [UI] Cleanup ephemeral accounts after theme inventory. Cleanup dangling .test domains from platform. [UI] Duplicate gauge id attributes. [User Defaults] Defaults not reflected immediately following postback. [User Defaults] Ternary precedence inhibits checked attributes on disk quota. [Web Apps] Crash in Chromium 94.0.4606.61 on C8. A full stderr buffer that is closed at runtime results in crash leaving screenshots in a persistent pending state. CHANGED: [Bandwidth] Squelch invalid domains during tabulation. [Bootstrapper] Cap Mitogen version to ^0.2. [Core] Library update. [DNS] Bulk update helpers add()/remove() follow replace() behavior in which a record is only skipped if the closure returns boolean false. [DNS] Use API error message on invalid Cloudflare key. [DNS Manager] Permit restoring naked zones. [Dovecot] mail_max_userip_connections extracted to Bootstrapper setting. [file] Optimize chown() performance, filesystem caches are only updated once on recursive chown. [file] Optimize filesystem flush, use syscalls directly instead of calling helper script. [Joomla] Upgrade Joomlatools to 1.6.0. [License] Clarify mismatched gateway reason. [License] license.php helper includes validation status. [MySQL] "Big selects" now toggleable in Bootstrapper (mysql/install role). Enabling big selects implies max_join_size=2^64. Setting max_join_size implies sql_big_selects=0. [Network] Emergency patch when no nameservers are detected in /etc/resolv.conf such as can occur if NetworkManager goes rogue. [Network] Disable DNSSEC for PTR records (in-addr.arpa zones). PTR has a very limited incentive to poison. Certain published zones of legitimate mail are unsigned resulting in FCrDNS failure during lookup by Postfix. This value may be reverted to previous configuration by overwriting Bootstrapper var "negative_trust_anchor_template" in common/update-config. [Opcenter] Bypass admin_user rollback on no-op. [Opcenter] Ephemeral accounts are now prefixed "apiscp-int-" to disambiguate origin. [Opcenter] Permit setting siteinfo,plan=None. When set to None a site no longer has plan affinity [PHP-FPM] Add check to determine if system is capable of PHP-FPM when apache,jail=1. [PHP-FPM] Defer daemonization to systemd thus making it behave similar to Remi implementation. [PHP-FPM] sockets.target no longer default target for php-fpm-MAIN.service. Implied part of php-fpm.service. [Setup Instructions] Add IMAP path prefix. REMOVED: [DNS] DNSKEY RR support on Cloudflare. [Migration] Skip ownership update on migration. uidmap/gidmap flags handle this during rsync.
  • v3.2.27.2   FIXED: [Apache] force htrebuild for Apache 2.4.50 release. Add missing strace packages for C8.
  • v3.2.27.1   FIXED: [Opcenter] .test TLDs infinitely created in low-memory mode for impossible screenshot inventory. CHANGED: [Cronus] Advance cron.tasks timer irrespective outcome.
  • v3.2.27   NEW: [MariaDB] 10.6 support. FIXED: [Cache] Prefix overwrite on nested calls among different cache implementations. [CLI] "Session corruption" errors. [Migration] strict typing check prevents unit inference during cPanel import. [Migration] --drop-forwarded-catchall preempts [mail] => forwarded_catchall + [mail] => disabled_forwared settings. [PHP-FPM] Changing apache,webuser lingers old PHP-FPM process pool. [pyenv] update_pyenv_pythons job updates wrong branch resulting in static Python version list. [Redis] Move memory check to housekeeping. Remedies Horizon endlessly restarting due to OOM conditions. CHANGED: [apnscpd] Flush error log on each cron iteration. [Ephemeral] Accounts are always force-deleted now. [Migration] Skip non-namespaced database users that do not match admin user. [SQL] Backup API methods (add/edit/delete) prepend prefix as needed. [Transfer] Report when no migration targets found.
  • v3.2.26   NEW: [ClamAV] Malware scans may be bypassed using an environment marker. See ModSecurity.md. [DNS] Bulk record replacement. Arguments can take the form of a closure or bare Record object to replace individual parameters or record entirely. See PowerDNS.md and DNS.md docs. [OS] AlmaLinux + Rocky Linux support. Convert using cpcmd scope:set system.distro alma or cpcmd scope:set system.distro rocky [PowerDNS] SOA bulk updates. [stats] release()- OS identification. FIXED: [apnscpd] foreground launch fails when launched without systemd. [Laravel] database may not be available on rollback. [Nexus] Deselecting boolean always defaults to true. [Opcenter] Switching apache,webuser leaves resident prior user processes. Preserve non-system user. [Process] preserve 0/1/2 file descriptors. POSIX guarantees these FDs exist, but not how it's rendered. Restore former flags after execution. [Quota] Incorrect strict type comparison in amnesty mode. [PHP-FPM] Ownership change doesn't restart pool. [Webapps] Early gc_collect_cycles() call results in callback execution prior to metadata commit. [Webapps] Reindexed numeric global subdomains. [WordPress] y/n prompt re-enabling SSO defaults to N. CHANGED: [Auth] Forward authenticated() call to respective auth handler. Override authenticated() method for CLI auth module. All commands are implicitly authenticated. Possibly resolves session ghosting errors that occur when switching roles and \Auth::authenticated() attempts to resume the session created at invocation. [Auth] Unauthenticated AJAX requests return 403. 403 has confers the intended effect of halting further AJAX requests in the timeout loop. [Filesystem] Add glibc-langpack-en for non-English installs. [ClamAV] Whitelist foxhole signatures that result in a high rate of false positives: JS_Zip_19, JS_Zip_21, JS_Zip_23, JS_Zip_24. [DigitalOcean] Skip broken SOA record. [dns] get_records_external()- graceful error if no viable resolvers could be used [Majordomo] Flip default action to subscription management. [Majordomo] Rewrite From: address on mailing list submission such that DKIM/DMARC policies are preserved. This requires majordomo 1.94.5-2 available in apnscp-updates repo. [Opcenter] expose CLI configuration in validator option "runtime". [PHP-FPM] Bypass PHP-FPM regeneration unless --reconfig is specified or service class changes. [pman] run() uses "runuser" instead of su for faster invocation. [Process] killUser() accepts second parameter, $gid, to further restrict process by gid. [Rampart] blocking a connection sends a RST packet to force a connection hang-up. [Scopes] trim cp.config strings. [Setup Instructions] Add DKIM DNS record. [Utility] strip 1 layer of quotes on type inference. Cleans up UI presentation in cp.config. [Webapps] Fortification removed from Passenger-based apps. [Webapps] .gitignore accepts per-app overrides. [WordPress] duplicating a site now copies snapshot settings.
  • v3.2.25.2   SECURITY: [Util] pman_run() leaks descriptors to child processes. PHP provides no native way to flag a FD as FD_CLOEXEC, which flags a descriptor to close on exec() syscall. Use FFI to mark descriptors as close-on-exec in sudo invocation. FIXED: [Composer] composer/composer #9986 package naming. [Let's Encrypt] DNS solver method attempted for server certificate. [Setup] hostname check incorrectly reports to use SSL for addon domains. CHANGED: [cpcmd] -l/--list-commands accepts optional filter spec as with misc:list-commands(). [ssh] root pubkey-only authentication controllable via sshd_root_pubkey_only setting. [Util] failed proc_open() on resource limit reports 254 exit code. [Web Apps] send no-cache headers during Update Assurance checks.
  • v3.2.25.1   FIXED: [Auth] Resetting password generates internal server error. [Login] Update email template references. [MySQL] Orphaned databases cannot be removed despite listing in mysql:list-databases(). Add extra check if grant missing for respective database.
  • v3.2.25   NEW: [auth] reset_password()- generate a new random password for specified user or site administrator. UI equivalents available in Nexus and Manage Users. [auth] Password change flushes Dovecot auth cache. [Net] family()- IP address is of specified v4/v6 family or valid family, a single address or CIDR range. [PHP] Add privatetmp setting to PHP policy and [httpd] => fpm_privatetmp in config.ini to control per-site/global usage of PrivateTmp= in systemd. Presently there is no means to specify a different TMPDIR location in systemd parlance. When disabled, defaults to siteXX/fst/tmp that in enforced by quota restrictions but loses the speed boost from tmpfs usage. [site] kill_user()- terminate all processes belonging to named user. [ssl] server_certificate()- fetch server's SSL certificate. FIXED: [Argos] Force ruamel.yaml.clib < 0.2.3 on CentOS 7. [Bandwidth] Creeping/trampoline rollover periods. Any rollover outside 28 days can bypass a rollover period by 30 days or move up gradually thus skipping a month. Take the minimum between rollover day and days in month as that prescribed rollover. [Cgroup] "Error: failed to parse the configuration rules" error when cgroup,enabled=0. [Discourse] Various compatibility updates with Discourse 2.6+ [file] copy() skips dot files on recursive copy. [FST] PostgreSQL relocation set "postgres" ownership on /.socket. [Transfer] siteXX/fst => siteXX/shadow transformation in path calculation. [Transfer] --no-suspend option ignored. [Vultr] Workaround for "ANY" query type. [Web Apps] Changing owner of Web App changes referent only. Change referrer as well for FollowSymLinkIfOwnerMatch compatibility. CHANGED: [ApisCP] HTTP configuration in httpd-custom.conf converted to protected block. [common] Preferences return an empty set when authentication is disabled. [Core] INCLUDE_PATH must be an absolute path. Path arithmetic may fail when relative locations are used. [Database] Accept "1" for email parameter in database backups. Frontend modifications are disabled and now default to bool. [DNS Manager] SOA records may be modified directly with supported backend, presently only PowerDNS. [Let's Encrypt] Disable DNS challenge mechanism for server certificate. [Migrations] Fail if database control user lacks password. [Migrations] Import from non-standard /home locations. [MySQL] Halve query cache size that can result in significant lock contention on boot on large servers. [Packages] Explicitly pull in apr-util-bdb package. [Perl] Add CPAN/CGI packages into FST. [PHP] Bump imagick extension to 3.5.0. [PHP-FPM] Gracefully handle gibberish cache response. [Process] matchUser()- accepts UID argument. [Rampart] Accept IPv6 CIDR ranges. [Reseller] Allow parent_id value to change. [Scopes] net.hostname, prefer system_hostname bootstrapper setting over system hostname for situations in which admin changes hostname through OS commands. [Templates] Deprecate apnscp-template usage for mail. All generated mail uses resources/views/email/html/message.blade.php (or markdown/message.blade.php). Affects mail dispatched from transfersite.php, domain addition when [domains] => notify true, and account credential changes (password, username, domain). [Transfer] Cover case where site creation on dest uses different nameservers + DNS template differs in CNAME/A usage. [Transfer] --stage=N override affects addon domains. [Transfer] Relay site creation errors as ApisCP error messages. [UI] Trust self-signed server certificate during internal checks. [webapp] Alias detect() to discover() following UI semantics. [Web Apps] Expire UI cache on removal. [Yum] Wait for synchronizer lock. Prior it was possible for Yum Synchronizer to run concurrently resulting in last run's termination. REMOVED: [Traceroute] AddHandler artifact.
  • v3.2.24   NEW: [Opcenter] Add [opcenter] => site_id_offset setting that sets site ID origin when creating new sites. Must remain below 32767. [Opcenter] procfs abstraction library. [Scopes] mongodb.enabled, enable MongoDB support. [Scopes] net.ip6-enabled, perform reconfiguration when adding IPv6 support to server. FIXED: [mysql] Always escape underscores on database creation. [MySQL Manager] Disabling database backups skips import. [MySQL Manager] "write" permission is not checked when enabled. [phpMyAdmin] dead SSL URL. [phpPgAdmin] dead SSL URL. [PostgreSQL Manager] Disabling database backups skips import. [Redis] Base conversion float return breaks strict typing enforcement during Redis memory detection routine. [Spam Filter] Delivery threshold, settings lost on adjustment. [Yum] Missing package triggers for PostgreSQL v13. [Web Apps] failed reconfiguration on install leaves behind .git/, .gitignore. CHANGED: [Argos] Check backend property before application. Previously, modifying a property on a new backend without updating the backend elicited crash. [Anvil] Improve brute-force tracking. Add new tuneables, [anvil] => request_limit and request_limit_window that control how many requests may occur over a window in seconds. Only non-static requests are tracked. Change also covers cPanel brute-force attacks that have been noted across a variety of servers. [Backend] Always run housekeeping/cron in debug mode. Original intention was for development, but private usage keeps this mode activated to the detriment of routine SSL renewals and miscellany. [cron] Hide "No such file or directory" messages generated during web ownership updates. [Ghost] Disambiguate next leg of upgrade process on major changes. [rbenv] Update HEAD. [Web Apps] Catch garbage HTTP statuses during Update Assurance initialization. [WordPress] Streamline SSO installation/activation into single process.
    3546102d · CHG: dangling commit ·
  • v3.2.23   SECURITY: [Composer] CVE-2021-29472 command injection vulnerability. NEW: [admin] collect() now accepts domains for $site parameter. [Bootstrapper] sshd_permit_root_login, fine tune always permitting or rejecting root login. [cgroup] CPU pinning via cpupin service variable. [cgroup] Freezer support, cgroup:freeze($anything). Freezing a site immediately suspends any userspace code for the affected site. Compare with suspending an account, which allows userspace code to complete but does not permit further logins or site interactivity. [Dashboard] User Administrators may now unban selves when [rampart] => user_discovery=true (default=True). [Nexus] Resource sorting. [Settings] "external opener" feature now configurable under Account > Settings > Theme. [Web Apps] Default update notification policy configurable via [webapps] => notify_update. FIXED: [Aliases] Removing a domain from aliases,aliasesd preserves the domain in the account's domainmap. [apnscpd] Backend boundary writes result in hang. [Argos] ruamel incompatibility on CentOS 7. [Bootstrapper] Dormant IPv4/6 configuration. [Datastream] Incomplete writes on transitional buffers that would result in a hang. [email] Renaming an inbox for a non-numeric destination performs an incorrect default substitution. [PageSpeed] TTFB response variable renamed. [PHP] Creating a site without a dedicated webuser prevents switching to one later. [rspamd] Dictionary key interpolation breaks resulting in literal templated key writes. [Scopes] apache.system-directive strips surrounding whitespace. [UI] invalid null coalescence check break comparison. [Web Apps] Circular references restrict snapshot intake. [Web Apps] Busted transient property check. [Web Apps] Bogus index checks results in duplicate listings. [Web Apps] Various transient property checks. CHANGED: [apnscp] Additional checks to confirm frontend responsiveness on restart via cp.restart. [apnscp] Apply restart synchronously. [apnscp.js] apnscp.highlight() supports live binding events. [build] disable apnscp repos at dessication stage. Prevents false alarms during image checks from unreachable repos. [Dovecot] 2.3 compatibility [helpers] deferred() is now queue-based working off an SplStack-derived class, \Deferred. [FTP] user_enabled() checks [ftp] => enabled. [Metrics] TimescaleDB v2 compatibility. [multiPHP] Prevent multiPHP builds that duplicate system_php_version. [Network] my_ip()- cleanup output when multiple records are returned from NAT'd interface. [Nexus] memory usage normalized to site configuration in Nexus. [rampart] User Administrators may now query is_banned(). Corresponding Dashboard feature added. [Storage Usage] include /tmp in storage list. [Theme] @lang macro is now reserved. [UI] Improve "Select" verbiage. [WordPress] Raise WP-CLI memory limit from 128 => 256 (constrained by cgroup usage) to allow large WooCommerce catalogs to update. [WordPress] wp-content/cache/ fortified in max mode. Create directory automatically to facilitate usage REMOVED: [cgroup] Cleanup API requirement of passing afi instance on account import. [Dispatcher] Handling of svg/css/js/png requests, ~25% speedup. [file] Top-level pollution courtesy a naieve caching strategy.
  • v3.2.22.1   FIXED: [Filesystem] high level bytes stripped from devices. [WordPress] enabling SSL at install immediately fires a URL rewrite hook that must be deferred until install. CHANGED: [FST] update libmaxminddb dig dependency on CentOS 8. [PHP] clean extension directory when moving PHP version from system to multiPHP. [Web Apps] "pending install" semantics are now consistent with UI.
  • v3.2.22   SECURITY: [DNS] zone permission checks missing in multiple add_record()/remove_record() implementations. NEW: [common] set-preference(), set a single preference value using dot notation. [UI] Onboarding tours (see Customizing.md). FIXED: [DNS] provisioning fails on incomplete DKIM setup. [Let's Encrypt] incorrect hostname variant appended if absent during requests and [letsencrypt] => alternative_form enabled. [Login] "password" field position reverts after password entry. [Metrics] TimescaleDB v2 loader conflicts with version detection. [UI] Layout method (_layout()) called twice during page render. [Web Apps] options serialized as object always return "true" for auto-update policy. CHANGED: [apnscpd] convert service type to sd_notify, which allows for cgroup controllers to be mounted within each account prior to virtualcron service. [DNS] add double-throw safety switch, require setting dns,enabled=0 + dns,provider=null to remove a zone on edit. [Reseller] rewrite subordinate <=> parent relationship. billing.parentmap now contains a 1:1 association of subordinates to parents instead of invoices to subordinate sites. [Scopes] dns.ip4-pool, dns.ip6-pool- cap max namebased IPs to 64. [Web Apps] always reapply reconfigurables during install if a Web App were previously located.
  • v3.2.21   SECURITY: [user] generate_quota_list() could be leveraged via symlink attack to overwrite an arbitrary system file within the account. NEW: [File Manager] block critical directories from browsing. Behavior may be adjusted via Account > Settings > App Settings. [PostgreSQL] v13/TimescaleDB v2 support. FIXED: [DNS Manager] cloning a domain persists old entries for 1 page refresh. [Horizon] deserialization errors in UI. [License] replacing an expired license may result in a misleading panel status. [phpMyAdmin] self-signed certificate error reporting. [phpPgAdmin] self-signed certificate error reporting. [rspamd] cleanup self-scan/low-memory mode. Prior implementation launched a Redis instance as well as improperly configured sqlite backends. Note sqlite is deprecated in rspamd 2. [user] generate_quota_list()- accept PANEL_BRAND values with spaces. [user] rename_user()- refers to old username in Manage Mailboxes. [web] add_subdomain()- address condition in which a badly formed symlink could result in changing /home recursively to account admin on subdomain creation. [Web Apps] a known parented docroot blocks display of children. CHANGED: [API] extend server_name column length to match cp-proxy. [apnscp.js] wrap apnscp.cmd() in JSON. [Dovecot] Archive folder may now be created on the fly by enabling dovecot_remote_archive in Bootstrapper. [EditDomain] cancel storage amnesty reset if diskquota modified while under amnesty. [Mail] pass null driver reload request to parent driver. [Postfix] cleanup various inheritence parameters in main.cf. [Scopes] dns.ip4-pool + dns.ip6-pool expand CIDR notation. [Server Information] report "available" memory. [Setup Instructions] prefer service value settings over domain name. [Summary] ignore cumulative CPU usage when telemetry is disabled. [UI] add second style link for links that open in-situ to disambiguate from links that open in new tab. [UI] all assets for an app may be overridden individually, including application.yml, by creating the file within config/custom/apps. [web] www.subdomain DNS record creation may be controlled via [dns] => subdomain_implicit_www [Web Apps] add "Flush Cache" option. [Web Apps] ad hoc (manifest-based) web apps honor database configuration if specified for snapshot/export support. [Web Apps] hide app meta from unprovisioned site. REMOVED: [Subdomains] stack preselections.
  • v3.2.20.1   FIXED: [Metrics] specify timescale extension as v1 now pulls in v2 dependencies. [MySQL] 10.5.8 -> 10.5.9 "ALL" permission loses value in bitmask. CHANGED: [cgroup] revert previous group naming (without ".slice"). systemd management resets cgroup parameters on each reload requiring explicit declaration of parameters via slice unit file. [cgroup] delegate management to Dovecot/vsftpd/Passenger services. [fail2ban] replace backend with pyinotify on CentOS 8/Stream. [MySQL] increase max packet size to 50 MB. NextCloud upgrade compatibility. [PHP] stat presence of php-fpm to weed out pending builds. [PostgreSQL] improve durability of transient connection errors. [Tasks] stagger upcp/platform scrubs to avoid concurrent runs on same machine. REMOVED: [Summary] apisnetworks.com references.
  • v3.2.20   NEW: [cgroup] reset_peak_memory()- reset peak memory usage in memory controller. [DNS] bulk DNS framework. Batch record updates with checks (see DNS.md in docs) [FTP] SSL-only logins via vsftpd_ssl_only Bootstrapper setting. Controlled in vsftpd/configure role. [Jobs] closure support. [letsencrypt] use_mechanism(), mechanism() sets mechanism affinity for given hostnames (see SSL.md in docs) [Mail] DKIM signing, key rolls with rspamd (see rspamd.md in docs) [Mail] SPF, DMARC policies extracted to config.ini (see Mail.md in docs) [Pagespeed] per-site caching via [httpd] => pagespeed_persite. Pagespeed will prefer offline cleanup via tmpfiles. May be controlled using pagespeed_offline_cleanup in apache/modpagespeed. [PHP] PHP-FPM process manager governor types in policy (Http\Php) [Setup] setup portal for new clients within Help category. [UI] [frontend] => external_opener, force conversion of all external links to new tabs. [upcp] -w wait for background Bootstrapper tasks to complete (see UPGRADING.md in docs) FIXED: [aliases] add_domain()- improper translation on descend/self metasequences (".."/".") could translate into a descend sequence. This is not exploitable given user/uid checks in add_domain_backend; however, is sufficient concern. [ApisCP] clean web server PID file on boot. In rare situations, HTTP PID could match ApisCP HTTP PID thus inhibiting start. [ApisCP] HTTP server cannot negotiate using EC key. [Bootstrapper] Mitogen unavailable on Python 3. [CLI] previously edited site may not be immediately replayed without modifying another site or failing. [Datastream] connection interrupted by asynchronous SIGCHLD signal. [Discourse] 2.5+ triggers virtual memory exhaustion bug in V8. (nodejs/node #25933) [DNS] strip TXT record quotes from Cloudflare, Linode modules. [EditDomain] empty domainmap.tch results in fatal error. [Horde] unsupported EC encryption keys. [License] issue verification fails if old license expired. [Login] render fails if [misc] => sys_status down. [Mail] switching from SpamAssassin to rspamd does not update [mail] => rspamd_present. [Mail] disabling spam filter also disables rspamd when DKIM disabled. [mail] email address rename on user rename busted logic. [MySQL Manager] #2a42e72b elongated backup name to include h/m/s time. Update pattern to match this format. [Opcenter] dns,proxy6addr parsed as array. [Opcenter] storage amnesty may be granted multiple times. [PostgreSQL] CLI usage requires password. [Rampart] fail2ban/whitelist-self never fully implemented. [Task Schedule] gid/uid applied as uid/gid to spool after removing a job. Minute always incorrect. [UI] ticking "Administrator" box saves domain field. [UI] interpolation of templated expressions within application.yml. [upcp] platform migrations run against server inventory. [upcp] APNSCP_UPDATE_POLICY="" defaults to edge. [upcp] "minor" update policy cannot update past fractional release, e.g. 3.2.18.1 => 3.2.19 CHANGED: [Apache] relink configuration if potential domain conflict detected in ordering. This change will not relink custom ordering (see Apache.md#troubleshooting in docs) [ApisCP] sessions moved to PostgreSQL to remove dependency on MySQL. Eventually provides an opportunity to self-heal from a cyclic database crash when over quota. [ApisCP] platform scrub, upcp moved to systemd timers. Schedule may be set using a systemd calendar type for apnscp_platform_scrub/apnscp_nightly_update respectively. [Bootstrapper] network resiliency added on package removal in packages/install. [cgroup] rename groups to systemd-compliant format, which involves simply suffixing the cgroup as ".slice". [CLI] suggest similar API methods on invalid method invocation. [DeleteDomain] --force ignores zone removal errors. [Discourse] update installation to mirror current Docker practices. [DNS] provision_zone() optionally performs record check upon request. Previous behavior unconditionally queried records before provisioning a zone; on an empty zone this is unnecessary overhead. [FST] relocate gconv libraries, which ghost on glibc updates becoming difficult to fully release as a normal daemon dependency. [Ghost] increase verbosity on installation failure. [Let's Encrypt] report acquisition errors in UI. [Mail] update webmail packages when mail support disabled. [misc] notify of pending trial expiration. [MySQL] apply [mysql] => concurrency_limit to newly-created accounts. [Opcenter] uid/gid always saved in database now. Resolves missing quota statistics for users who have mail disabled or use a third-party provider on the account. [phpMyAdmin] report incomplete SSL configuration. [phpPgAdmin] report incomplete SSL configuration. [PostgreSQL] PostGIS may be enabled from API now (pgsql:add-extension). [PHP Pools] phpinfo() can be opened in a new tab. [Preferences] write-access now implicitly set. Multidimensional writes are properly tracked no longer requiring an explicit sync() call after updating. [Reseller] dependency cycle tracking in billing,parent_invoice. [Syslog] suppress noisy syslog. [Telemetry] database tuning values are now always MB. [Transfer] use groupmap/usermap in rsync to bypass additional filesystem passes on uid/gid translation. [UI] page vars supports nesting. [UI] loading indicators, now as SVG. [UI] deemphasize Argos/Scope naming. [UI] enabling system.sshd-pubkey-only disables embedded terminal. [upcp] database migrations now come before platform migrations. [user] delete()- optional second parameter $force added. Bypasses subdomain/addon domain checks prior to removal. Downgrade DNS errors to warnings. [user] usermod_driver()- user cache always purged before hooks ran. Third parameter to _edit_user() is original pwd. [Vultr] update API to v2. [Web Apps] custom webmail subdomains excluded from list. REMOVED: [FST] sudo package. [PHP-FPM] manual cgroup binding on start. Amplifies thundering herd on boot, obsoleted by .slice cgroup rename.
  • v3.2.19   SECURITY: [sudo] CVE-2021-3156 mitigation. Privilege escalation via command line argument parsing. Remove this version from FST, which will provide adequate protection from user invocation until updated packages are available. NEW: [admin] create_from_meta()- generate a duplicate of the site from its metadata. [Bandwidth Stats] add daily/monthly views when appropriate. [MySQL] SSL server support. [Web Apps] "empty directory" option before installation. [WordPress] SSO plugin. Must be installed account-wide first via Web Apps before per-site activation. FIXED: [Auth] unauthenticated logins would redirect to /dashboard, then /login resulting in being doubly counted against anvil. [cgroups] memory.limit_in_bytes unlimited previously encoded as NULL that becomes PHP_INT_MAX when multiplied that creates an overflow error in kernel. Update value to -1. [DAPHNIE] illegal offset 'ranges'. [Ghost] update login information for Ghost 2.x installs. [File Manager] extract option ignored in Download & Extract feature. [Manage Mailboxes] vacation responder cache misses. [Modules] session logic mismatch error on CLI resumption. If session cannot resume automatically, import from database. [Scopes] virus-scanner.signature-whitelist, correctly handle "UNOFFICIAL" signatures. [Versioning] version comparison inherits first version's digits if missing. [Web Apps] per-app overrides in config/custom/webapps/ could never take precedence. CHANGED: [argos] monitoring is reset on backend boot. [dns] disable native TLSA lookups in PHP. [dns] parented domains on provision will properly set DNS records on parent. [EditDomain] improve EditDomain durability in mass edits, handle fatal() calls. [file] set_acls()- allow UID usage. [file] reimplement expose() algorithm to use ACLs. Changing ownership of a hardlink changes the original inode. This behavior was unintended and could result in loss of access to file after expose() as with PHP-FPM logs. [File Manager] json files now editable. [Jobs] squelch duplicate emails when admin and site admin are same address. [Migrations] sessions no longer required. Add database checks after each platform migration to catch MySQL restarts. [Nexus] cache services. [Opcenter] reject potentially destructive changes such as lowering a quota below what's presently in use without --force flag. [PHP Pools] relay phpinfo() errors to UI. [PHP-FPM] either ExecStart= or ExecStop= is required for a simple service to be valid. ExecStart=/bin/true can lead to residual processes on a mass restart. Move the required Exec* to stop, which is less likely to yield subsequent tasks. [Scopes] add "FORWARDED" property to determine whether a scope provides a purpose or merely forwards to another scope. [Web Apps] add modal confirmation before invoking Recovery Mode. [Web Apps] updates blocked by version locking will report this cause. [Web Apps] additional docroot ghosting checks. Docroots that were relocated or orphaned are now masked.
  • v3.2.18.1   NEW: [file] temp()- generate a temporary file. [PHP Pools] phpinfo() section. [UI] clear(), exists() helper methods in menu to empty/check entries in menu templates (see Customizing.md). FIXED: [DNS] removing similar records dumps record cache. [Filesystem] disable project quotas if XFS features cannot support concurrent group + project quotas. [misc] notify-installed() always uses IP address. [Opcenter] deletion blocked by missing "apache" user. [Opcenter] double-parsing "null" is converted to null literal for provider default. CHANGED: [Ansible] apply 2.9.16 hotfix for C7 platforms. [apnscp.js] preserve hash keys for future compatibility with named argument invocation. [DNS] bypass uneditable NS apex records. [FST] relocate p11-kit into siteinfo for imagick dependency. [Let's Encrypt] admin can toggle between EC/RSA server certificate. [UI] check for plan-specific menus.
  • v3.2.18   NEW: [admin] get_site_id_from_admin()- efficient lookup to determine which site has specified siteinfo,admin_user value. [Backups] backup_dbs.php helper now accepts --keep, --force flags to retain existing database backups and skip backup schedule. [DNS] show apex NS records. Must be enabled via Account > Settings > App Settings > DNS Manager. [PHP] PHP-FPM version selection now available under PHP Pools. [PHP] expose recent log in PHP Pools. [PHP] policy maps. Set a variety of PHP-FPM values administratively. See PHP-FPM.md. [UI] Add [frontend] configuration, https_only restricts access to HTTPS endpoints. content_security_policy= sets a default CSP. Sample CSP supplied in config.ini. FIXED: [apnscpd] exporting LC_ALL to backend breaks float formatting, such as in multiPHP. Limit numeric localization to authentication context. [Bootstrapper] CentOS Stream workaround for #1853736, "systemctl show" emits "Invalid argument" in property trailer. [DNS] always encapsulate TXT records in quotes. [EditDomain] exceptions lose stack. [EditDomain] delayed journaling causes a flood of logging messages at shutdown. [misc] command_info() an incomplete docblock creates a null dereferencing exception. [upcp] Composer timestamp check ineffective. [Web Apps] use app pretty name in presentation. Always show primary domain name. CHANGED: [Auth] add domainmap.tch size validation on boot. [Backups] backup_dbs.php may be manually triggered. Set manual_database_backups=true in Bootstrapper, then run apnscp/crons role. [Bootstrapper] allow MySQL overrides via mysql_custom_config. [DNS] changing providers performs zone provision. [DNS] honor [dns] => default_ttl value for new records. [EditDomain] allow null/None values in plan definitions to update on --reset. Previously any None value is skipped such as apache,subnum. [Network] bypass hairpin check if IP address exists on interface. [PHP] relocate Remi to /.socket/php/multiphp. [PostgreSQL] use named socket to connect instead of 127.0.0.1 for connectivity. Designed for interoperability when PrivateNetworking=yes in cp-proxy configuration. [PowerDNS] listen on 127.0.0.1 on CentOS 8+/PowerDNS 4.3+ builds. Previously changed from 0.0.0.0 to accommodate systemd-resolved. On basic setups; however, with a local nameserver configuration, 127.0.0.1 cannot return an authoritative response. [Rampart] an "ignorelist" delegated whitelisting target has been added, which applies all firewall rules but ignores brute-force blocks for these IPs. Previously the target was "whitelist" which absolutely permits access before other rules. "ignorelist" rules only affect whitelisting done by Site Administrators. rampart:whitelist by Appliance Administrator still places the IP address in "whitelist". Policy may be changed by setting [rampart] => delegation_set. [Scripts] mapCheck rebuild TokyoCabinet database before performing reverse sweep. REMOVED: [dns] remove_zone() no longer accessible directy by Site Administrator. [dns] authoritative-only flag causes hang in multiple DNS providers. Rely on setting recursion=0 to validate successful provisioning. [PowerDNS] PowerDNS 4.3/CentOS 8 limitation. MySQL backend driver RPM no longer depends on MySQL 8.