Tags give the ability to mark specific points in history as being important
  • v3.2.35
    174d031c · FIX: err reference (Auth) ·
    [mysql] resolve_site_from_database- given a database[/table] format, resolve to site.
    [pgsql] resolve_site_from_database- given a database[/table] format, resolve to site.
    [php] pool_version_from_path- resolve PHP pool version from path.
    [argos] list_monitored requires backend elevation.
    [Bootstrapper] Explicit version sorting on CentOS 8 kernel selects incorrect default kernel on multiple majors.
    [Bootstrapper] Mitogen detection in CentOS 8.
    [Digitalocean] Follow pagination results.
    [Digitalocean] CAA record normalization.
    [Dovecot] Corrupt mtab in vfs prevents quota reporting.
    [Hetzner] Normalize long TXT records.
    [Metrics] TimescaleDB v2 metrics deletion.
    [Opcenter] Activating a site from plan edit yields ghosted session.
    [Redis] TCP binding attempted in unixsocket-only mode.
    [rspamd] "daemonize yes" breaks Redis v6, cf redis/redis#7217.
    [SSL] Quota overage inhibits installation.
    [UI] Timezone configuration always reports UTC.
    [upcp] Existent ssh-agent process killed at end of update.
    [Users] Malformed branch permits uppercase characters after initial 2 chars.
    [Versioning] Non-seequential versioning.
    [Backend] Lambda functions introduce memory leak over backend lifetime. Enable opcache to optimize out potential memory leaks in recurrent evaluation.
    [Bootstrapper] Add support zipped PECL modules.
    [Bootstrapper] PECL module discovery will now follow redirects.
    [email] set-webmail-location() setting null resets webmail to system default.
    [Internal] Convert MySQL connectivity issues into mysqli_sql_exception, improve robustness of starting backend during downed MySQL event.
    [Joomla] Bump Joomlatools to 2.0. Enhance support for 4.x.
    [Linode] Reinstate CAA flags parameter.
    [Nextcloud] Custom version label.
    [node] install() reports installed version for flexible versioning, e.g. 3.5 will return 3.5.7.
    [Opcenter] Force-close connection upon database deletion to ensure all references to database discarded. Race condition encountered during unit testing with PHP 7.4/MariaDB 10.5.
    [PHP] Use account timezone.
    [PHP] Utilize larger temporary swap on PHP8+ builds to satisfy compiler requirements.
    [PowerDNS] dns.powerdns-version may be set to "true" to default to ApisCP default.
    [Quota] Restrict accidentally triggering a change to diskquota,quota or diskquota,fquota fields that would result in immediate overage.
    [ruby] get_available()- returns all versions. Previously only each respective MAJ.MIN release was listed.
    [ruby] install() reports installed version for flexible versioning, e.g. 3.5 will return 3.5.7.
    [Screenshots] Disable feature in headless mode.
    [UI] Filter webmail redirect subdomains.
    [Anvil] Expotential backoff algorithm. Original intention to thwart password timing attacks. password_verify() provides sufficient entropy during hash verification.
    [Ghost] Block v5 until MySQL 8 requirement is resolved. Ref: https://forum.ghost.org/t/mariadb-support/33880
  • v3.2.34.1
    Note: moving to hotfix instead of retag to prevent temporary upcp failure on 3.2.33 downgrade.
    [DNS] Bulk record update inherits default TTL value resulting in mismatch when required by API driver.
    [file] symlink()- existing symlink reports referent than symlink as existent file.
    [SSL Certificates] Incorporate missing mail subdomain hostnames.
    [Subdomains] Duplicate subdomain remap results in confusing error message.
  • v3.2.34
    [.htaccess Manager] Search applet.
    [Argos] systemd-resolved monitoring.
    [Auth] Add [auth] => server_key support for extended cp-proxy usage. See apisnetworks/cp-api repository.
    [Cron]  [crond] => autostart controls automatic startup of crond process when crontab,enabled=1.
    [dns] dns:flush()- empty authoritative cache if supported. Only PowerDNS is supported at this time.
    [dns] dns:empty_zone()- delete all records in a zone. dns:reset()- call empty_zone() then provision zone with default records.
    [DNS] dns.powerdns-version scope. Set PowerDNS daemon version on server.
    [DNS] Dns\Record::add(). Similar to merge, except properties are only set if unset.
    [Lararia] route/view dynamic namespaces. Path resolution determined at call-time, caching for the remainder of the request lifecycle. Additional dynamic namespaces @NAMESPACE-NAME(PARAMETER) may be registered against Lararia\Routing\NamespacedRouteCollection or Lararia\View\NamespacedViewFinder. Corresponding bindings are superceded by these classes.
    [Laravel] Lumen subtype dection.
    [Metrics] metrics.enabled scope. Toggles metrics support, including purge on disablement.
    [php] php:pool-name()- get pool name from path.
    [PHP] ionCube v12 support. Supports PHP 8.1. 8.0 is not included from vendor.
    [PHP] SourceGuardian support. Activated when php_install_sourceguardian is true.
    [Rampart] Speculative whitelisting. When an IP is unbanned, the address is temporarily added to ignorelist for [rampart] => speculative_whitelist seconds. See docs/FIREWALL.md
    [UI] Relocate Web App compact display to shared view, master::shared.compact.
    [UI] Sticky session tracking. When IP restrictions are enabled for a user, track the most recent login automatically adding the IP if detected. Requires enablement under Settings.
    [UI] Content security reporting support. Configured in [frontend] => content_security_policy_report_only.
    [upcp] Add -f/--force flag. Applies --extra-vars=force=yes to Bootstrapper invocation as well as upcp --reset prior to codebase updates.
    [upcp] Add -v/-vv/-vvv flags. Controls verbosity of migrations and Bootstrapper usage.
    [WordPress] Add "language" reconfigurable to set default WordPress language. May be hooked into wordpress:install() to override default language after setup.
    [Aliases] Calling aliases:add-domain() after removing a domain before aliases:synchronize-changes() blocks on bad assertion (related #e4959bb3).
    [Bootstrapper] Workaround for Ansible filtering localized "No packages match".
    [Cloudflare] Origin marker usage mandatory.
    [Cloudflare] Soft-deletion compatibility. Zones deleted are now retained within Cloudflare's system for an extended duration. Zones recreated during this time are subject to dns:reset().
    [Cron] Starting virtualcron in at least one persistent environment resulted in invalid "failed" state.
    [Database Backups] Pipeline non-zero exit treats corrupted database backup as success.
    [DNS] Bulk updates fail on subsequent matches in same zone.
    [Domains] Addon domain creation in user home blocks o+x applicatin when PHP-FPM enabled.
    [Email] Mailbox restoration during provider change from null to builtin improperly tried to restore mailbox backup.
    [File Manager] ASCII encoding preferred over UTF-8 when UTF-8 best candidate.
    [Internal] Expired afi instance sends invalid ghosted session.
    [Internal] Difficulty arises during deserialization when the context isn't known at object instantiation; an ephemeral function broker is created to replace the session. Function broker's ID is replaced with this ID while the global auth context is preserved causing a mismatch in Preferences sanity check.
    [Mail] Expose additional environment variables to maildrop: $SENDER, $EXTENSION, $RECIPIENT, $NEXTHOP, $SENDER. See docs/admin/LDA.md
    [Mail] maildrop unconditionally queries authlib per compile-time settings. Introduce new flag, -x, to bypass authlib lookup when mail_enabled=0.
    [Metrics] Wrap monotonic values exceeding 2^31-1.
    [MySQL] Tables with non-alphanumeric characters fails rename.
    [Nextcloud] config_is_read_only enforced in occ usage. Implement direct parser to lock/unlock before occ invocation.
    [Node] Ignore exit code 3 in software/nvm role when no Node versions installed on system.
    [NSS] CentOS Stream introduces new directive usage.
    [PHP] Permissions block enumerating multiPHP versions from UI.
    [PowerDNS] Canonicalize SOA RNAME. Required in 4.6+.
    [PostgreSQL Manager] Database prefix lists mysql,dbaseprefix.
    [Proxy] mod_remoteip presence in cp-proxy documentation replaces remote address IP with X-Forwarded-For when remote address matches proxy address. Various checks always assume X-Forwarded-For is valid but can be poisoned if supplied in addition to mod_remoteip usage. Check loaded modules to determine whether X-Forwarded-For is a safe header when [core] => http_trusted_forward is set.
    [Scopes] Observe explicit quotes in cp.config.
    [Scopes] mail.enabled must trigger software/haproxy to update monitoring.
    [Setup Instructions] FTP login references ftp,ftpserver.
    [SpamAssassin] sa-compile idempotency check in mail/spamassasin.
    [SSL Certificates] Primary domain deauthorized from handling mail deselects all mail-related subdomains from other domains.
    [SSL Certificates] Mail domains omitted from SSL selection when primary domain is delisted from Mail Routing.
    [Subdomains]  "user ownership" setting has no effect on document root.
    [Traceroute] Use positional arguments in traceroute address to ensure appropriate escaping as reported by cmg.
    [UI] Security key usage in Terminal, rspamd may expire before it is rolled over. Bad logic checks makes retrieval from master httpd process impossible in /proc/PID/environ.
    [Webapps] CLI installation ignores app-specific reconfigurables.
    [WordPress] Renaming a site to a directory whose source name contained part of the target directory incorrectly detected as nested.
    [ApisCP] Change default mutex from posixsem to pthread. On posixsem, semaphore ownership is not recovered in a thread in the process holding the mutex segfaults resulting in a hang. With pthread, C7+ implements pthread_mutexattr_setrobust_np(). If the thread dies it passes onto the next owner with EOWNERDEAD.
    [ApisCP] Reduce RSS usage by moving OPCache to file-cache.
    [Backend] TSTP/CONT signals are forwarded to job runner service from apnscpd process.
    [Backend] Unlink apnscp.sock on shutdown, avoid conflict with hydration.
    [Bootstrapper] Apply migrations occuring after image marked for hydration.
    [Bootstrapper] Removing packages from filesystem template triggers fsmount reload.
    [cgroups] Allow group to write its pids to tasks, including Dovecot mail processes. Once a group is bound it can only migrate to a new group. Permissions on other groups prevent migration locking a PID to a controller taskset.
    [CLI] rmspam purges matching pattern in maildrop queue.
    [Composer] Prefer reading version from composer.lock.
    [Composer] Use PHP wrapper assigned for path if multiPHP present.
    [Config] Blacklist directives in config.ini support partial matching such as foo* or !foo*.
    [DAPHNIE] Deleting time-ordered data deletes underlying chunks.
    [Database Backups] Attempt automatic repair of corrupted databases.
    [Discourse] Switch Ruby versions on demand if available during upgrade.
    [DNS] gethostbyname_t(), gethostbyaddr_t() report failing nameserver. Both API functions follow timeout defined in [dns] => lookup_timeout.
    [DNS] Implement get_server_from_domain(), get_all_domains(), get_parent_domain(), domain_hosted(), domain_on_account() in multi-server setups.
    [Hooks] Multiple hooks may be registered to an API call.
    [Hooks] Fill omitted arguments on callback.
    [Let's Encrypt] Trigger SSL bootstrap only on domain addition. Previously deletions were included.
    [Manage Users] Apply username input validation on entry.
    [Map] Harden map symlink checks.
    [Miscellaneous] Update AlmaLinux, Rocky Linux conversion scripts.
    [MySQL] Process condition in which MySQL database rename destination is to empty directory.
    [node] installed()- value return changed from boolean to null|string, value that matches version filter if found.
    [Opcenter] Report pid when global lock held.
    [Opcenter] Resolve multiple typing errors when changing plans from one deleted directly in the filesystem. artisan opcenter:plan --delete should be used for sanity checks prior to deletion. Fallback to system default, then apply hard reset (--reset) against new plan.
    [php] version() reports PHP-FPM pool version instead of system version.
    [PHP] Extensions downloads from pecl.php.net observe transient network outages.
    [PHP] Ignore Remi presence when php_enabled is set to false. Implied when has_dns_only enabled.
    [PHP Pools] Catch connection errors on cache inspection.
    [PowerDNS] Downgrade duplicate record to warning. PowerDNS utilizes both negative and positive query caches with different TTL values (60/20 default). Querying for a record, adding, then querying again responds with NXDOMAIN resulting in potential duplicate operation. In future these lookups should be made directly against the master - whether hidden or exposed.
    [PowerDNS] Reduce client instantiations.
    [Rampart] Prevent direct management of named ipset or iptables lists in [rampart] => blacklist.
    [Rampart] Reimplement entry parser as line parser. Approximate 50% speedup in entry processing.
    [ruby] installed()- value return changed from boolean to null|string, value that matches version filter if found.
    [Scopes] Changing timezone resarts rsyslog/systemd-journald, see fail2ban/fail2ban#1986.
    [Scopes] dns.ip4-proxy and dns.ip6-proxy may now be set "null" to clear value.
    [Subdomains] Link subdomain into all_subdomains/ inside respective useer home.
    [upcp] ANSIBLE_STDOUT_CALLBACK may be overwritten from environment.
    [vsftpd] Define tcp_wrappers depending upon CentOS release. Clears potential in-place upgrade from 7 -> 8 in which tcpwrapper support is disabled.
    [Webapps] API improvements. WebappUtilities::getAuthContextFromDocroot() creates a new context based on document root ownership. DatabaseGenerator::connect() creates PDO connection using sourced credentials from webapp::db_config(). Separate PhpWrapper/ComposerWrapper utility classes.
    [WordPress] Toggle WP_AUTO_UPDATE_CORE when same-user and panel autoupdates disabled or unprivileged and autoupdates enables.
    [ClamAV] freshclam cronjob superseded by clamav-update systemd timer.
    [Cloudflare] Host app. Officially abandoned by Cloudflare.
    [Lararia] jenssegers/blade package replaced with in-house implementation.
    [Filesystem Template] sudo remained accessible in virtual environments provisioned between Feburary 7 and July 14.
  • v3.2.33.1
    [Mail] courier-authlib relinks systemd script.
  • benchmark
    ApisCP benchmark
    See https://github.com/apisnetworks/apnscp-bootstrapper#benchmarking-providers
  • v3.2.33
    [crontab] stop(), start(), restart() wrapper methods for toggle_status().
    [crontab] match_job()- return jobs whose command matches regex pattern.
    [Filesystem] whiteout/opaque layer utility class.
    [scope] diff()- report changes in a given Bootstrapper role. Example: diff("clamav/setup") reports all configuration changes that override variables in clamav/setup.
    [telemetry] collect()- trigger statistics collection.
    [telemetry] interval()- report data over evenly spaced intervals.
    [upcp] List available roles using -l flag.
    [user] resolve_uid() method translates UID to a site/user tuple.
    [webapp] get_meta()/set_meta()- interact with Web App metadata.
    [webapp] refresh_apps()- expunge cached webapp facts, used when developing Web Apps without restarting ApisCP.
    [webapp] removeJobs() internal helper removes existent tasks within a given document root.
    [wordpress] cli()- free-form WP-CLI access.
    [Argos] Weak "requests" dependency pulls down incompatible package on CentOS 7.
    [Backend] double-fork race condition.
    [Bootstrapper] Idempotency violation in mail/spamassassin.
    [CLI] non-CLI input format destructures array.
    [CLI] Numeric flag argument raises strict type error.
    [Composer] CVE-2022-24828 Composer Command Injection hotfix.
    [Filesystem] 0:0 valid device.
    [letsencrypt] Calling append() to non-existent certificate fails.
    [Nexus] Plans outside system charset are silently ignored.
    [Opcenter] Early termination suppresses other regitered callbacks.
    [Opcenter] DTSS activation orphans dbaseadmin, dbaseprefix values on account deletion. Apply AlwaysRun attribute to dbaseprefix. Change intention of AlwaysRun to always run even during deletion if service class "enabled" is false.
    [Opcenter] Prefixing "www." to a domain fails post-creation callbacks.
    [Opcenter] *.end event processing in Activate/SuspendDomain.
    [PHP] Reconfiguring PHP-FPM logging if logs,enabled=0 chmod's vfs root to 640.
    [PHP] SourceGuardian support. Set php_install_sourceguardian to "true" in cp.bootstrapper Scope, run upcp after.
    [Route53] Records created as weighted, closes issue #48.
    [Route53] Long records require label split.
    [rspamd] IPv6 MX records report MX_INVALID.
    [upcp] Hotfixes revert edge-major policy.
    [Users] Changing username could result in crash during notification.
    [Users] Usernames that begin with a number yet contain a valid character mask.
    [Backend] Squelch spurious same-mount warning early in installation.
    [Bootstrapper] Workaround on platforms in which /etc/selinux/config is marked with immutable attribute.
    [cgroup] Move to cgconfig.d/ usage. cgconfig is a oneshot task on boot that has a tendency to become unwieldy with parsing larger configurations. Each cgroup configuration is named after the site for easier management.
    [Cgroup] Cleanup internal API usage. Group name no longer required where Controller object is used.
    [Discourse] Add support for 2.8+.
    [DNS] Exporting corrupt/invalid zone fails gracefully.
    [Filesystem] Spam retention in ~/Mail/.Spam adjustable in software/tmpfiles.
    [Ghost] Support 4.5+.
    [Internal] Merge config/custom Composer dependencies into autoloader.
    [Laravel] Use pool version in determining installation requirements.
    [Metrics] Delete data older than 1 year, apply aggressive compression policy for metrics older than 2 days.
    [Opcenter] Block reducing bandwidth threshold that will result in immediate account suspension.
    [Opcenter] Rename Procfs helper class to Sysctl.
    [PHP] Disabling Apache service terminates PHP-FPM processes.
    [PostgreSQL] postgresql.conf values may be overridden in Bootstrapper as "pgsql_custom_config".
    [rampart] temp() may be used by admin.
    [Scopes] Suggest alternative scopes on invalid reference.
    [Subdomain] Removing a subdomain whose data directory is incorrectly located in /var/subdomain will remove the directory now.
    [Task Scheduler] Downgrade duplicate job to warning.
    [Task Scheduler] Task Scheduler (crontab) may operate independently from SSH when [ssh] => crontab_link is set to false. Doing so still allows a cron process to open a shell for a user to login to the account. This is intended as a simpler approach to creating a custom plan named nossh as referenced in Plans.md#complex-plan-usage.
    [upcp] Improve permission healing.
    [Watchdog] Delay on boot via watchdog_boot_delay Bootstrapper setting. Intended for heavy startups that spike load momentarily.
    [web] rename_subdomain() implicitly coerces local format to global.
    [Bootstrapper] Account creation role on DNS-only builds.
    [PowerDNS] Web server feature disabled by default.
    [UI] Nexus on DNS-only installs.
  • v3.2.32.2
    [Cloudflare] Modifying DNS record in proxy mode strips proxy behavior.
    [Packages] ImageMagick-perl built against Perl 5.23 appstream.
  • v3.2.32.1
    2dff744b · CHG: bump (migrations) ·
    [Nexus] "Hide in welcome email" displays password.
    [PHP] PECL helper script executed as PHP script.
    [PHP] Recompile imagick extension to make use of new MagickWand API.
  • v3.2.32
    [apnscpd] Report last fatal error in systemd status field.
    [DNS] Changing IPv4, IPv6 pools through dns.ip4-proxy/dns.ip6-proxy performs a batch update on managed zones.
    [Migration] --do=, --list-components= for staged reapplication from a backup. In most situations --no-create --no-scan --no-bootstrap should be included to prevent post-migration hooks from running once the components are processed. --do may be listed multiple times.
    [MongoDB] 5.x support.
    [redis] system_info()- send INFO command to ApisCP Redis instance.
    [PHP] Add "php_enabled" Bootstrapper setting to control presence of PHP on node. Implied when has_dns_only is enabled.
    [upcp] -m|--migration flag runs specified migrations. glob-style wildcards are supported. Results are not logged to migrations database. Intended primarily for development purposes to test migrations without specifying the full name.
    [WordPress] AST walker constant retrieval.
    [WordPress] debug reconfigurable, toggles debug mode.
    [apnscpd] systemd culls control-group on direct process restart.
    [Apps] application manifest "vars" key uninitialized in production.
    [Argos] Disabling rspamd monitoring by mail feature.
    [Bootstrapper] git:// protocol suspended on Github.
    [CLI] % in service values, e.g. auth,tpasswd=, treated as variable placeholder.
    [DNS] Promoting addon domain to primary domain removes zone.
    [Filesystem] Declaring /sys/fs/cgroup -> /.socket/cgroup as slave mount loses propagation rights when /.socket mounted as slave. Corrects window between apnscp and cgconfig initialization in which PHP-FPM could startup failing on postexec cgclassify step.
    [Let's Encrypt] Callback arguments violate strict typing when [letsencrypt] => auto_bootstrap enabled.
    [Opcenter] Deleting a site lingers queued jobs in atd. Rewrite Util_Process_Schedule to optionally tag job IDs with site identifier. These jobs will be removed at account deletion.
    [PHP-FPM] Delayed cgroup rbind into vfs results in failed PHP-FPM startup when cgroup,enabled=1 on busy sites.
    [PostSRSd] Spaces in /etc/default/postsrsd treated as command.
    [Preference] Context derivation on domain change.
    [rampart] bans_since()- null dereference prior to initialization.
    [Settings] Cancelling confirm dialog still processes removal.
    [Subdomains] index.html missing in newly created subdomains.
    [Task Scheduler] Setting MAILTO= without an active job.
    [Whitelist] Cancelling confirm dialog still processes removal.
    [WordPress] Missing .htacess results in corrupted SSO link.
    [Aliases] Restore previous behavior introduced in 3.2.31, a domain deleted yet not committed via aliases:synchronize-changes may be added. Perform additional check in pending configuration.
    [apnscpd] Move \ListenerServiceCommon to \ListenerService\Daemon.
    [auth] change_cpassword() permits locked indicator, !!. A locked account may not login but may change its password.
    [Bootstrapper] software/argos role variable "state" accepts "disabled"/"enabled" in addition to false/true.
    [Distro] Update AlmaLinux, Rocky Linux migration scripts.
    [imagick] Bump extension to 3.7.0.
    [Laravel] Cap Laravel 8 to non-PHP 8 setups.
    [Migration] Drop unsupported IP stacks on target machine.
    [MySQL] Relink /var/lib/mysql/mysql.sock as needed after installation.
    [Node] Cleanup Node versions on upgrade. Change default behavior to not install system-wide Node. Controllable via node_system_install (bool) and node_prune_system_upgrades (bool).
    [PHP-FPM] Increase 100ms retry on failed service to 750ms defensively against future misconfigured service dependency ordering.
    [Regex] Permit punycoded email domains.
    [rspamd] Rework remote Redis configuration (see rspamd.md).
    [Screenshots] Purge saved screenshots when a domain/subdomain is added.
    [Screenshots] User namespaces can be disabled entirely as mitigation for CVE-2022-0185 and general hardening. Disabling namespaces disables sandboxing in Chrome, which is designed to isolate tabs from malicious code exploiting a vulnerability. When disabled sandboxing must be disabled as well. [screenshots] => sandbox_fallback controls this behavior.
    [UI] Reduce scope of external opener decorator to any rel="external" attribute.
    [UI] Trim space from search input.
    [WordPress] update_plugins()/update_themes()- Extend plugin/theme argument to accept $force (default: false) that bypasses skiplist rules. Available only when $plugins is formatted as a complex list.
    [WordPress] Specifying hold:1 as an option during install preserves structure in event of failure.
    [Mail] courier-authlib when mail feature disabled.
    [Settings] Konami easter egg for non-Site Administrators.
  • v3.2.31.2
    [haproxy] nbproc. No longer present in haproxy v2+. PostgreSQL repository may pull in haproxy v2 during update on Alma/Rocky/C8 machines. haproxy_worker_count moved to nbthread on v1.8+.
  • v3.2.31.1
    [Postfix] Spamhaus flags Cloudflare as public resolver. Postfix DNSBL codes work on first non-zero result rather than specificity. Expand non-error statuses to avoid flagging mail as spam.
  • v3.2.31
    [apnscp.js] cmd() queueing.
    [DNS] --all flag applies DNS changes to all sites on server via scripts/change_dns.php.
    [Dovecot] dovecot_utf8_mailboxes, enable support for UTF-8 named mailboxes. Mailboxes containing ampersand do not require a following hyphen in UTF-8 mode. mUTF-7 is default mode.
    [Opcenter] OOB file descriptor reporting in --fd=X.
    [php] pool_owner: report pool owner for named pool.
    [WordPress] Plugin updates.
    [afi] Prefer session ID over authenticated context in singleton instantiation to avoid infinite recursion that occurs between authorization and the implicit account initilization. Likewise this was triggered in the opcenter/ test suite.
    [ajax] Invalid invocations returned normal results.
    [Apache] Rollback results in infinite loop on missing apache group.
    [Auth] Revert changes introduced in 3c361e77 whereby preferences are not loaded until after login. Postponement forces tautology in IP 2FA.
    [Backend] Potential race condition may occur when an asynchronous signal is received, e.g. SIGCHLD, during worker resumption resulting in selected worker being incorrectly terminated.
    [Cache] All Redis cache types extend MProxy, which locks up a Redis connection for each profile scope as a static member. When the authentication context changes or spawning a new backend worker, the connection is refreshed. Garbage collection runs manually in backend to optimize usage patterns resulting in situations in which phpredis extension could write to an invalid descriptor. Check if gc is disabled then explicitly invokve a cycle to ensure fds are properly deinitialized.
    [cpcmd] multi command mode reports last command following output changes.
    [DNS] SRV records application.
    [Dovecot] 2.3 no longer implicitly trusts for plain-text authentication.
    [File Manager] non-ASCII files result in garbled output. Refactor zip implemementation to ZipArchive.
    [MySQL] Changing mysql,dbaseadmin leaves behind old admin.
    [Opcenter] Deleting a site attempts SSL acquisition when [letsencrypt] => auto_bootstrap enabled.
    [Opcenter] Domains attached directly via aliases,aliases report as non-existent. Change aliases:domain-exists() and web:list-domains, web:split-doc-root to report these direct additions as aliases to /var/www/html.
    [Opcenter] Error() generated within validation routine reports incorrect module.
    [Opcenter] Potential race condition in /proc/self/mount query.
    [Opcenter] Rollback on addition before apache service proccesses results in recursive loop due to missing apache group.
    [Opcenter] Expiring a site from within a contexted authentication may invalidate the global authentication session. An example occurs during rampart_get_jails() called by DAPHNIE using the global authentication context to query available jails after editing a site.
    [SSL] Unlink certificate chain configuration when a newly imported certificate lacks a chain/intermediate.
    [Synchronizer] Validate PID process name during lock check.
    [upcp] Perform .git/ write check as update user.
    [Bootstrapper] Enhance grub.cfg rootflags= matching to reflect last listed directive.
    [Dev] clean.sh interactively prompts for features when preparing an image. Installed Mitogen version is preferred.
    [Dovecot] Update ciphers. Disable cipher downgrade by client.
    [letsencrypt]  renew(), append()- prune orphaned domains from certificate bundle.
    [node] make_default()- accept non-specific versions, e.g. v12 or "12".
    [personality] scan()- unparseable .htaccess file shall return false, not NULL.
    [PHP] Create PHP runtime configuration directory as needed.
    [Postfix] Smart-host via mail.smart-host no longer requires password.
    [Quotas] Convert XFS features in filesystem/make-mounts role to list. Features may be overridden with "xfs_quota_features".
    [rspamd] Update rspamd DMARC, reputation configuration. Older installs may contain literal templated key expressions that cannot parse from limitations in Jinja. These may report spurious "unknown backend" warnings. Likewise reporting is now a configuration section in 3.0+.
    [Scopes] net.ip4 flush namebased_ip_addrs on update.
    [Scopes] net.ip6 flush namebased_ip6_addrs on update.
    [Session] Expire cached afi instances on session invalidation.
    [Setup Instructions] Graceful downgrade for unprivileged users.
    [SSL] Enabling [letsencrypt] => auto_bootstrap
    [UI] Resume quota caching.
    [UI] Secure Access Key checks refresh key TTL in Redis. Key rolling moved to a separate cron task.
    [vfs] Add wget cyrpto-policies dependency.
    [WordPress] PHP 8.1 compatibility (see wp-cli/wp-cli#5586).
    [WordPress] Add "hold=" option to withhold failed installation.
    [Yum] Downgrade reinstalling existing package into vfs as warning
    [Yum] apnscp/initialize-dependencies accepts additional include_dependencies= var to denote implicit package installation.
    [Filesystem] Rename FILESYSTEMTEMPLATE references in release annotations to "vfs": virtual filesystem. "fst" will continue to refer to /home/virtual/FILESYSTEMTEMPLATE components. "vfs" refers to composite filesystem after all layers merged up.
  • v3.2.30.3
    [OS] CVE 2021-4034 hotfix, polkit/pkexec vulnerability on C8.
  • v3.2.30.2
    [Migrations] assert protobuf-c, json-c, fstrm packages available before applying October migration.
    [Bootstrapper] Package scripts may pass "yum_transaction_hook" variable to inform Bootstrapper if scripts are running from within Yum transaction. Resolves a potential deadlock if an included tag calls yum during transaction.
    [PHP] Automate recovery if apache,webuser system user is missing from /etc/password.
    [UI] "Use External Opener" feature always appends to URLs that match ^http.
  • v3.2.30.1
    [afi] Anonymous module initialization pulls in global authentication context instead of scoped context.
    [UI] Absolute URL matching for proxied layouts.
    [afi] Lazy-load account metadata. Direct access to "conf" property is now via getAccount() method.
    [Cache] Enable compression using zstd.
    [Cache] OOM check may also throw RedisException.
    [Mail] Dovecot 2.3 support.
    [multiPHP] Remove /etc/phpXX.d from filesystem upon removal of multiPHP version.
    [Opcenter] --force always calls depopulate() on disabled services.
    [Opcenter] Permit 253-character domains, the maximum permitted label length.
    [UI] Disable crawling.
    [VirtualCron] 2 minute timeout on service start.
  • v3.2.30
    [Backend] Suspend/resume of Cronus.
    [Daphnie] TimescaleDB v2 support. Compression changes reduces storage requirements by ~57%. Site deletion now possible without decompressing metrics.
    [Ghost] v4 compatibility.
    [Opcenter] metrics service class. "enabled" controls API usage as well as metrics logging. Disabled for epehemeral accounts.
    [Process] environment()- parse a process' environment variables. all()- list all processes optionally matching a closure.
    [telemetry] histograms. Create data constructs over even intervals for arbitrary windows with metrics.
    [Bootstrapper] Account creation assertion fails on low-memory servers.
    [Change Information] Reactivating a suspended model presents change option without corresponding input.
    [Database] Removing a database without a corresponding backup task generates an error.
    [File Manager] Fragment ("#") usage in filename breaks various features.
    [Opcenter] A single fatal() in a DeleteDomain batch aborts chain.
    [Opcenter] apache,jail must always be enabled on non-FPM servers.
    [Opcenter] Re-enabling pgsql or mysql service blocks on duplicate dbaseadmin check.
    [PHP-FPM] Deleting a domain attempts to update PHP-FPM log ownership.
    [pman] get_processes() returns empty process list if empty controller previously populated.
    [rspamd] Disabling rspamd support persists Argos monitoring profile.
    [UI] Processes overview reports no active processes when freezer cgroup enabled.
    [UI] Route invocation with implicit Page binding creates a new app instance without parsing metadata. Reuse the fully instantiated object during parameter resolution
    [UI] Secure Access Key rotation determined by cron TTL instead of Redis TTL.
    [Auth] API method "whitelisted" changed to "trusted" to indicate role in forwarded address verification.
    [Auth] Honor [auth] => min_pw_length in password checks.
    [Bootstrapper] Purge RPM cache after install.
    [Cloudflare] Bump API timeout to 10 seconds.
    [Daphnie] Raise shared locks as needed by TimescaleDB during intense operations. Lock count is approximately 2 * chunk count.
    [Daphnie] Restrict logging via metrics,enabled service parameter.
    [Discourse] Propagate nvm PATH shimming to rake subprocess.
    [FTP] Force vsftpd restart on glibc update. vsftpd may hold onto old copies of glibc that conflict with PAM.
    [HTML Kit] absolute_url() generates a URL matching the browser environment. Move old code into separate function, canonical_url(), which will always return a URL formed with the server name.
    [misc] list_commands() matches modules, e.g. cpcmd -lmisc. Previous usage required an explicit wildcard.
    [Network] Negative trust anchors on ip6.arpa PTR lookups.
    [Process] Add GID matching in addition to group name.
    [Scripts] mapCheck.php inspects orphaned database entries. Yield appldb.siteinfo records to filesystem metadata on mismatch.
    [telemetry] metrics() now available to Site Administrator.
    [UI] phpMyAdmin, phpPgAdmin follow "Use external opener" option.
    [Web Apps] Tolerate corrupted fortify metadata. Older sites migrated may have unusable options set. When reapplying Fortification profile from metadata the value is improperly interpreted as "" instead of its intended mode.
    [Daphnie] Boundary alignment detection.
  • v3.2.29
    [Apnscp] Cover edge case if redis.conf maxmemory directive below used_memory. Such a situation could occur if regenerating redis.conf from template that has already increased its memory limit.
    [Cgroup] freezer, cpuset controllers always applied to cgrules.conf.
    [Cloudflare] Parameterized records send without attributes.
    [Crontab] virtualcron.service fails to initialize on race condition with apnscp.service. To avoid polluting mount table, cgroup controllers are bind mounted based on platform requirements. cgroupv2 uses a single hierarchy which obviates this requirement; however platform is still on v1. Add workaround by restarting virtualcron service after cgroup controllers are mounted into FST.
    [Migrations] proxyaddr/proxy6addr retained on target server.
    [Migrations] Overrides referencing an array are logged as "Array".
    [UI] Static resource key that protects third-party apps forgotten after extended duration without panel restart (> 4 days).
    [Cgroup] Use rbind for controller mount into shared r/w path (/.socket) when unified hierarchy detected.
    [dns] export() will polyfill NS records from dns:get-hosting-nameservers when absent in export.
    [Drupal] Minimum installable version is now 7.33
    [Drupal] Query drupal/drupal Github repository for versioning.
    [Migrations] Clone DNS when migrating site to new server with disjoint nameservers. Prior behavior lost all prior records on new server.
    [PowerDNS] Fallback on RPM schema if playbook-supplied schema is absent.
    [Web Apps] Support version pagination on Github. Match MAJOR.MINOR versioning.
    [WordPress] SSO no longer requires dispatcher presence.
  • v3.2.28
    [cgroup] cpuset support. Allocate a site to a specific CPU or set of CPUs. Controlled via cgroup,cpupin service attribute.
    [cgroup] freezer support. Suspend any CPU processing for site. Corresponding API call cgroup:freeze likewise to unfreeze call cgroup:thaw.
    [DNS] SVCB RR support in Cloudflare. SMIMEA RR support in PowerDNS.
    [Joomla] 4.x support.
    [PostgreSQL] v14 support.
    [Setup Instructions] FTP configuration profiles.
    [UI] Declare entry application besides "dashboard" application. See Customizing.md for further information.
    [upcp] -l/--list shows available tags to run in conjunction with upcp -b.
    [User Defaults] %u and ~ expression in FTP jail path default. %u expands to USERNAME, ~ expands to /home/%u.
    [cpcmd] Specifying a filter to -l/--list-commands is silently ignored.
    [Databases] Deleting a custom database without prefix namespace does not discard backup task on site deletion. Revise lookup algorithm to update database to prefix + database composite, failing if that delete query cannot be resolved.
    [DNS Manager] Reset DNS to defaults skips local subdomain entries.
    [email] add_virtual_transport()- add UUID check before provisioning MX records. Corrects condition in which server-to-server migration using same nameservers duplicates MX records prior to migration complete.
    [file] chown() forces remount in process where direct write occurs to fully release file handle thus updating stat metadata. Resolves ghosting issues with custom FTP jail directory.
    [Joomla] Take head on multiple branch updates such as 3.x and 4.x update pathways.
    [Let's Encrypt] RFC 6125 rule matching. A wildcard matches a label but does not match additional labels. Secondary subdomains will not be filtered by a wildcard subdomain.
    [Logs] --reconfig overwrites /etc/logrotate.conf. Abstain from regenerating this file unless missing.
    [Migration] Web App metadata lost on transfer.
    [Opcenter] Performing a shallow import of an authentication context breaks getServiceValue() usage. Merge old into cur to preserve behavior when SiteConfiguration is instantiated during Opcenter task (edit, delete, add domain).
    [PHP-FPM] Dependency ordering loop on PHP-FPM sockets occurs in default assignment of basic.target. CentOS 8 negotiates sysinit.target to pull in .socket services. Dependency assignment makes .service subordinate to .socket, but permits restarting of socket activation by .service directly. On boot with a basic.target assignment, sockets.target is implicitly included in all .socket services that must run before basic.target resulting in a cyclic graph.
    [Process] "sgid" option looks for named user instead of group.
    [Scopes] Disabling PHP build from UI sends incorrect command to backend.
    [Scopes] list() shows original index numbers.
    [UI] Cleanup ephemeral accounts after theme inventory. Cleanup dangling .test domains from platform.
    [UI] Duplicate gauge id attributes.
    [User Defaults] Defaults not reflected immediately following postback.
    [User Defaults] Ternary precedence inhibits checked attributes on disk quota.
    [Web Apps] Crash in Chromium 94.0.4606.61 on C8. A full stderr buffer that is closed at runtime results in crash leaving screenshots in a persistent pending state.
    [Bandwidth] Squelch invalid domains during tabulation.
    [Bootstrapper] Cap Mitogen version to ^0.2.
    [Core] Library update.
    [DNS] Bulk update helpers add()/remove() follow replace() behavior in which a record is only skipped if the closure returns boolean false.
    [DNS] Use API error message on invalid Cloudflare key.
    [DNS Manager] Permit restoring naked zones.
    [Dovecot] mail_max_userip_connections extracted to Bootstrapper setting.
    [file] Optimize chown() performance, filesystem caches are only updated once on recursive chown.
    [file] Optimize filesystem flush, use syscalls directly instead of calling helper script.
    [Joomla] Upgrade Joomlatools to 1.6.0.
    [License] Clarify mismatched gateway reason.
    [License] license.php helper includes validation status.
    [MySQL] "Big selects" now toggleable in Bootstrapper (mysql/install role). Enabling big selects implies max_join_size=2^64. Setting max_join_size implies sql_big_selects=0.
    [Network] Emergency patch when no nameservers are detected in /etc/resolv.conf such as can occur if NetworkManager goes rogue.
    [Network] Disable DNSSEC for PTR records (in-addr.arpa zones). PTR has a very limited incentive to poison. Certain published zones of legitimate mail are unsigned resulting in FCrDNS failure during lookup by Postfix. This value may be reverted to previous configuration by overwriting Bootstrapper var "negative_trust_anchor_template" in common/update-config.
    [Opcenter] Bypass admin_user rollback on no-op.
    [Opcenter] Ephemeral accounts are now prefixed "apiscp-int-" to disambiguate origin.
    [Opcenter] Permit setting siteinfo,plan=None. When set to None a site no longer has plan affinity
    [PHP-FPM] Add check to determine if system is capable of PHP-FPM when apache,jail=1.
    [PHP-FPM] Defer daemonization to systemd thus making it behave similar to Remi implementation.
    [PHP-FPM] sockets.target no longer default target for php-fpm-MAIN.service. Implied part of php-fpm.service.
    [Setup Instructions] Add IMAP path prefix.
    [DNS] DNSKEY RR support on Cloudflare.
    [Migration] Skip ownership update on migration. uidmap/gidmap flags handle this during rsync.
  • v3.2.27.2
    [Apache] force htrebuild for Apache 2.4.50 release. Add missing strace packages for C8.
  • v3.2.27.1
    [Opcenter] .test TLDs infinitely created in low-memory mode for impossible screenshot inventory.
    [Cronus] Advance cron.tasks timer irrespective outcome.