Tags give the ability to mark specific points in history as being important
  • v3.2.22.1   FIXED: [Filesystem] high level bytes stripped from devices. [WordPress] enabling SSL at install immediately fires a URL rewrite hook that must be deferred until install. CHANGED: [FST] update libmaxminddb dig dependency on CentOS 8. [PHP] clean extension directory when moving PHP version from system to multiPHP. [Web Apps] "pending install" semantics are now consistent with UI.
  • v3.2.22   SECURITY: [DNS] zone permission checks missing in multiple add_record()/remove_record() implementations. NEW: [common] set-preference(), set a single preference value using dot notation. [UI] Onboarding tours (see Customizing.md). FIXED: [DNS] provisioning fails on incomplete DKIM setup. [Let's Encrypt] incorrect hostname variant appended if absent during requests and [letsencrypt] => alternative_form enabled. [Login] "password" field position reverts after password entry. [Metrics] TimescaleDB v2 loader conflicts with version detection. [UI] Layout method (_layout()) called twice during page render. [Web Apps] options serialized as object always return "true" for auto-update policy. CHANGED: [apnscpd] convert service type to sd_notify, which allows for cgroup controllers to be mounted within each account prior to virtualcron service. [DNS] add double-throw safety switch, require setting dns,enabled=0 + dns,provider=null to remove a zone on edit. [Reseller] rewrite subordinate <=> parent relationship. billing.parentmap now contains a 1:1 association of subordinates to parents instead of invoices to subordinate sites. [Scopes] dns.ip4-pool, dns.ip6-pool- cap max namebased IPs to 64. [Web Apps] always reapply reconfigurables during install if a Web App were previously located.
  • v3.2.21   SECURITY: [user] generate_quota_list() could be leveraged via symlink attack to overwrite an arbitrary system file within the account. NEW: [File Manager] block critical directories from browsing. Behavior may be adjusted via Account > Settings > App Settings. [PostgreSQL] v13/TimescaleDB v2 support. FIXED: [DNS Manager] cloning a domain persists old entries for 1 page refresh. [Horizon] deserialization errors in UI. [License] replacing an expired license may result in a misleading panel status. [phpMyAdmin] self-signed certificate error reporting. [phpPgAdmin] self-signed certificate error reporting. [rspamd] cleanup self-scan/low-memory mode. Prior implementation launched a Redis instance as well as improperly configured sqlite backends. Note sqlite is deprecated in rspamd 2. [user] generate_quota_list()- accept PANEL_BRAND values with spaces. [user] rename_user()- refers to old username in Manage Mailboxes. [web] add_subdomain()- address condition in which a badly formed symlink could result in changing /home recursively to account admin on subdomain creation. [Web Apps] a known parented docroot blocks display of children. CHANGED: [API] extend server_name column length to match cp-proxy. [apnscp.js] wrap apnscp.cmd() in JSON. [Dovecot] Archive folder may now be created on the fly by enabling dovecot_remote_archive in Bootstrapper. [EditDomain] cancel storage amnesty reset if diskquota modified while under amnesty. [Mail] pass null driver reload request to parent driver. [Postfix] cleanup various inheritence parameters in main.cf. [Scopes] dns.ip4-pool + dns.ip6-pool expand CIDR notation. [Server Information] report "available" memory. [Setup Instructions] prefer service value settings over domain name. [Summary] ignore cumulative CPU usage when telemetry is disabled. [UI] add second style link for links that open in-situ to disambiguate from links that open in new tab. [UI] all assets for an app may be overridden individually, including application.yml, by creating the file within config/custom/apps. [web] www.subdomain DNS record creation may be controlled via [dns] => subdomain_implicit_www [Web Apps] add "Flush Cache" option. [Web Apps] ad hoc (manifest-based) web apps honor database configuration if specified for snapshot/export support. [Web Apps] hide app meta from unprovisioned site. REMOVED: [Subdomains] stack preselections.
  • v3.2.20.1   FIXED: [Metrics] specify timescale extension as v1 now pulls in v2 dependencies. [MySQL] 10.5.8 -> 10.5.9 "ALL" permission loses value in bitmask. CHANGED: [cgroup] revert previous group naming (without ".slice"). systemd management resets cgroup parameters on each reload requiring explicit declaration of parameters via slice unit file. [cgroup] delegate management to Dovecot/vsftpd/Passenger services. [fail2ban] replace backend with pyinotify on CentOS 8/Stream. [MySQL] increase max packet size to 50 MB. NextCloud upgrade compatibility. [PHP] stat presence of php-fpm to weed out pending builds. [PostgreSQL] improve durability of transient connection errors. [Tasks] stagger upcp/platform scrubs to avoid concurrent runs on same machine. REMOVED: [Summary] apisnetworks.com references.
  • v3.2.20   NEW: [cgroup] reset_peak_memory()- reset peak memory usage in memory controller. [DNS] bulk DNS framework. Batch record updates with checks (see DNS.md in docs) [FTP] SSL-only logins via vsftpd_ssl_only Bootstrapper setting. Controlled in vsftpd/configure role. [Jobs] closure support. [letsencrypt] use_mechanism(), mechanism() sets mechanism affinity for given hostnames (see SSL.md in docs) [Mail] DKIM signing, key rolls with rspamd (see rspamd.md in docs) [Mail] SPF, DMARC policies extracted to config.ini (see Mail.md in docs) [Pagespeed] per-site caching via [httpd] => pagespeed_persite. Pagespeed will prefer offline cleanup via tmpfiles. May be controlled using pagespeed_offline_cleanup in apache/modpagespeed. [PHP] PHP-FPM process manager governor types in policy (Http\Php) [Setup] setup portal for new clients within Help category. [UI] [frontend] => external_opener, force conversion of all external links to new tabs. [upcp] -w wait for background Bootstrapper tasks to complete (see UPGRADING.md in docs) FIXED: [aliases] add_domain()- improper translation on descend/self metasequences (".."/".") could translate into a descend sequence. This is not exploitable given user/uid checks in add_domain_backend; however, is sufficient concern. [ApisCP] clean web server PID file on boot. In rare situations, HTTP PID could match ApisCP HTTP PID thus inhibiting start. [ApisCP] HTTP server cannot negotiate using EC key. [Bootstrapper] Mitogen unavailable on Python 3. [CLI] previously edited site may not be immediately replayed without modifying another site or failing. [Datastream] connection interrupted by asynchronous SIGCHLD signal. [Discourse] 2.5+ triggers virtual memory exhaustion bug in V8. (nodejs/node #25933) [DNS] strip TXT record quotes from Cloudflare, Linode modules. [EditDomain] empty domainmap.tch results in fatal error. [Horde] unsupported EC encryption keys. [License] issue verification fails if old license expired. [Login] render fails if [misc] => sys_status down. [Mail] switching from SpamAssassin to rspamd does not update [mail] => rspamd_present. [Mail] disabling spam filter also disables rspamd when DKIM disabled. [mail] email address rename on user rename busted logic. [MySQL Manager] #2a42e72b elongated backup name to include h/m/s time. Update pattern to match this format. [Opcenter] dns,proxy6addr parsed as array. [Opcenter] storage amnesty may be granted multiple times. [PostgreSQL] CLI usage requires password. [Rampart] fail2ban/whitelist-self never fully implemented. [Task Schedule] gid/uid applied as uid/gid to spool after removing a job. Minute always incorrect. [UI] ticking "Administrator" box saves domain field. [UI] interpolation of templated expressions within application.yml. [upcp] platform migrations run against server inventory. [upcp] APNSCP_UPDATE_POLICY="" defaults to edge. [upcp] "minor" update policy cannot update past fractional release, e.g. => 3.2.19 CHANGED: [Apache] relink configuration if potential domain conflict detected in ordering. This change will not relink custom ordering (see Apache.md#troubleshooting in docs) [ApisCP] sessions moved to PostgreSQL to remove dependency on MySQL. Eventually provides an opportunity to self-heal from a cyclic database crash when over quota. [ApisCP] platform scrub, upcp moved to systemd timers. Schedule may be set using a systemd calendar type for apnscp_platform_scrub/apnscp_nightly_update respectively. [Bootstrapper] network resiliency added on package removal in packages/install. [cgroup] rename groups to systemd-compliant format, which involves simply suffixing the cgroup as ".slice". [CLI] suggest similar API methods on invalid method invocation. [DeleteDomain] --force ignores zone removal errors. [Discourse] update installation to mirror current Docker practices. [DNS] provision_zone() optionally performs record check upon request. Previous behavior unconditionally queried records before provisioning a zone; on an empty zone this is unnecessary overhead. [FST] relocate gconv libraries, which ghost on glibc updates becoming difficult to fully release as a normal daemon dependency. [Ghost] increase verbosity on installation failure. [Let's Encrypt] report acquisition errors in UI. [Mail] update webmail packages when mail support disabled. [misc] notify of pending trial expiration. [MySQL] apply [mysql] => concurrency_limit to newly-created accounts. [Opcenter] uid/gid always saved in database now. Resolves missing quota statistics for users who have mail disabled or use a third-party provider on the account. [phpMyAdmin] report incomplete SSL configuration. [phpPgAdmin] report incomplete SSL configuration. [PostgreSQL] PostGIS may be enabled from API now (pgsql:add-extension). [PHP Pools] phpinfo() can be opened in a new tab. [Preferences] write-access now implicitly set. Multidimensional writes are properly tracked no longer requiring an explicit sync() call after updating. [Reseller] dependency cycle tracking in billing,parent_invoice. [Syslog] suppress noisy syslog. [Telemetry] database tuning values are now always MB. [Transfer] use groupmap/usermap in rsync to bypass additional filesystem passes on uid/gid translation. [UI] page vars supports nesting. [UI] loading indicators, now as SVG. [UI] deemphasize Argos/Scope naming. [UI] enabling system.sshd-pubkey-only disables embedded terminal. [upcp] database migrations now come before platform migrations. [user] delete()- optional second parameter $force added. Bypasses subdomain/addon domain checks prior to removal. Downgrade DNS errors to warnings. [user] usermod_driver()- user cache always purged before hooks ran. Third parameter to _edit_user() is original pwd. [Vultr] update API to v2. [Web Apps] custom webmail subdomains excluded from list. REMOVED: [FST] sudo package. [PHP-FPM] manual cgroup binding on start. Amplifies thundering herd on boot, obsoleted by .slice cgroup rename.
  • v3.2.19   SECURITY: [sudo] CVE-2021-3156 mitigation. Privilege escalation via command line argument parsing. Remove this version from FST, which will provide adequate protection from user invocation until updated packages are available. NEW: [admin] create_from_meta()- generate a duplicate of the site from its metadata. [Bandwidth Stats] add daily/monthly views when appropriate. [MySQL] SSL server support. [Web Apps] "empty directory" option before installation. [WordPress] SSO plugin. Must be installed account-wide first via Web Apps before per-site activation. FIXED: [Auth] unauthenticated logins would redirect to /dashboard, then /login resulting in being doubly counted against anvil. [cgroups] memory.limit_in_bytes unlimited previously encoded as NULL that becomes PHP_INT_MAX when multiplied that creates an overflow error in kernel. Update value to -1. [DAPHNIE] illegal offset 'ranges'. [Ghost] update login information for Ghost 2.x installs. [File Manager] extract option ignored in Download & Extract feature. [Manage Mailboxes] vacation responder cache misses. [Modules] session logic mismatch error on CLI resumption. If session cannot resume automatically, import from database. [Scopes] virus-scanner.signature-whitelist, correctly handle "UNOFFICIAL" signatures. [Versioning] version comparison inherits first version's digits if missing. [Web Apps] per-app overrides in config/custom/webapps/ could never take precedence. CHANGED: [argos] monitoring is reset on backend boot. [dns] disable native TLSA lookups in PHP. [dns] parented domains on provision will properly set DNS records on parent. [EditDomain] improve EditDomain durability in mass edits, handle fatal() calls. [file] set_acls()- allow UID usage. [file] reimplement expose() algorithm to use ACLs. Changing ownership of a hardlink changes the original inode. This behavior was unintended and could result in loss of access to file after expose() as with PHP-FPM logs. [File Manager] json files now editable. [Jobs] squelch duplicate emails when admin and site admin are same address. [Migrations] sessions no longer required. Add database checks after each platform migration to catch MySQL restarts. [Nexus] cache services. [Opcenter] reject potentially destructive changes such as lowering a quota below what's presently in use without --force flag. [PHP Pools] relay phpinfo() errors to UI. [PHP-FPM] either ExecStart= or ExecStop= is required for a simple service to be valid. ExecStart=/bin/true can lead to residual processes on a mass restart. Move the required Exec* to stop, which is less likely to yield subsequent tasks. [Scopes] add "FORWARDED" property to determine whether a scope provides a purpose or merely forwards to another scope. [Web Apps] add modal confirmation before invoking Recovery Mode. [Web Apps] updates blocked by version locking will report this cause. [Web Apps] additional docroot ghosting checks. Docroots that were relocated or orphaned are now masked.
  • v3.2.18.1   NEW: [file] temp()- generate a temporary file. [PHP Pools] phpinfo() section. [UI] clear(), exists() helper methods in menu to empty/check entries in menu templates (see Customizing.md). FIXED: [DNS] removing similar records dumps record cache. [Filesystem] disable project quotas if XFS features cannot support concurrent group + project quotas. [misc] notify-installed() always uses IP address. [Opcenter] deletion blocked by missing "apache" user. [Opcenter] double-parsing "null" is converted to null literal for provider default. CHANGED: [Ansible] apply 2.9.16 hotfix for C7 platforms. [apnscp.js] preserve hash keys for future compatibility with named argument invocation. [DNS] bypass uneditable NS apex records. [FST] relocate p11-kit into siteinfo for imagick dependency. [Let's Encrypt] admin can toggle between EC/RSA server certificate. [UI] check for plan-specific menus.
  • v3.2.18   NEW: [admin] get_site_id_from_admin()- efficient lookup to determine which site has specified siteinfo,admin_user value. [Backups] backup_dbs.php helper now accepts --keep, --force flags to retain existing database backups and skip backup schedule. [DNS] show apex NS records. Must be enabled via Account > Settings > App Settings > DNS Manager. [PHP] PHP-FPM version selection now available under PHP Pools. [PHP] expose recent log in PHP Pools. [PHP] policy maps. Set a variety of PHP-FPM values administratively. See PHP-FPM.md. [UI] Add [frontend] configuration, https_only restricts access to HTTPS endpoints. content_security_policy= sets a default CSP. Sample CSP supplied in config.ini. FIXED: [apnscpd] exporting LC_ALL to backend breaks float formatting, such as in multiPHP. Limit numeric localization to authentication context. [Bootstrapper] CentOS Stream workaround for #1853736, "systemctl show" emits "Invalid argument" in property trailer. [DNS] always encapsulate TXT records in quotes. [EditDomain] exceptions lose stack. [EditDomain] delayed journaling causes a flood of logging messages at shutdown. [misc] command_info() an incomplete docblock creates a null dereferencing exception. [upcp] Composer timestamp check ineffective. [Web Apps] use app pretty name in presentation. Always show primary domain name. CHANGED: [Auth] add domainmap.tch size validation on boot. [Backups] backup_dbs.php may be manually triggered. Set manual_database_backups=true in Bootstrapper, then run apnscp/crons role. [Bootstrapper] allow MySQL overrides via mysql_custom_config. [DNS] changing providers performs zone provision. [DNS] honor [dns] => default_ttl value for new records. [EditDomain] allow null/None values in plan definitions to update on --reset. Previously any None value is skipped such as apache,subnum. [Network] bypass hairpin check if IP address exists on interface. [PHP] relocate Remi to /.socket/php/multiphp. [PostgreSQL] use named socket to connect instead of for connectivity. Designed for interoperability when PrivateNetworking=yes in cp-proxy configuration. [PowerDNS] listen on on CentOS 8+/PowerDNS 4.3+ builds. Previously changed from to accommodate systemd-resolved. On basic setups; however, with a local nameserver configuration, cannot return an authoritative response. [Rampart] an "ignorelist" delegated whitelisting target has been added, which applies all firewall rules but ignores brute-force blocks for these IPs. Previously the target was "whitelist" which absolutely permits access before other rules. "ignorelist" rules only affect whitelisting done by Site Administrators. rampart:whitelist by Appliance Administrator still places the IP address in "whitelist". Policy may be changed by setting [rampart] => delegation_set. [Scripts] mapCheck rebuild TokyoCabinet database before performing reverse sweep. REMOVED: [dns] remove_zone() no longer accessible directy by Site Administrator. [dns] authoritative-only flag causes hang in multiple DNS providers. Rely on setting recursion=0 to validate successful provisioning. [PowerDNS] PowerDNS 4.3/CentOS 8 limitation. MySQL backend driver RPM no longer depends on MySQL 8.
  • v3.2.17.1   NEW: [Scopes] mail.rspamd-piggyback, set rspamd in piggyback mode. FIXED: [Ansible] #72985 hotfix. [Login] invalid admin username causes white screen. [PHP] FPM service group missing from php-fpm service wants. [PHP] 8.0 version setting parsed as "8" in UI. [Powerdns] TXT concatenation changes introduced in 3.2.17 resulted in an off-by-one error for TXT records. [Scopes] renamed scopes, such as apache.php-version => php.version do not load view overrides when accessed from prior name.
  • v3.2.17   NEW: [Bootstrapper] add has_proxy_only build type, provisions a server to act as a cp-proxy relay. See Panel proxy.md for further information. FIXED: [Backups] database backups may never terminate when the number of snapshots exceeds the number of preserved backups. [Bootstrapper] Node, PHP tarballs accounted under admin1. [Bootstrapper] sofware/passenger role from an interactive terminal in which Rake is installed suspends tty to background. [CentOS] version detection incorrect on 8+ paltforms resulting in invalid comparisons. [DNS] moving providers no longer automatically provisions DNS on the new provider. [Ghost] mail cannot deliver due to firewall restrictions on "direct" mail transport. CHANGED: [Auth] redirection DNS check now optional via [auth] => server_validity. Useful in cp-proxy installs with internal hostnames. [Auth] log attempts and Anvil blocks now logged to /var/log/secure. [Bootstrapper] always use local connection in panel [ClamAV] FreshClam usage dependent upon server mode. [Digitalocean] honor 30s minimum DNS TTL. [DNS] record names may be optionally split on 255 octet boundaries now. [File Manager] cleanup incomplete extractions. [mail] disable mailbox management for third-party mail providers.
  • v3.2.16.1   FIXED: [Opcenter] mail/dns provider list merged in Nexus [PHP-FPM] unlink stray php-fpm Wants= target from earlier efforts
  • v3.2.16   NEW: [Opcenter] registration of custom DNS, mail providers. See DNS.md. FIXED: [Bootstrapper] duplicate notifications generated for jobs. [Ghost] Fails to start on fresh install from missing interpreter. [Opcenter] apache,subnum off-by-one error. [PHP] move socket after PHP-FPM pool operation. During stop/start operations in Bootstrapper a rare race condition (<0.5%) was observed in which one or more pools may after the socket has been restarted thus inhibiting socket activation. [systemd] verify systemd-resolved enabled in local presets. Images provisioned with systemd-resolved enabled will lose this setting whenever systemd package updates per rules in /usr/lib/systemd/system-preset/90-default.preset. [upcp] always cleanup SSH agent directory. CHANGED: [Bootstrapper] SCL may be controlled individually via has_scl setting. [ClamAV] disable freshclam in client-only mode. [Network] enable bidirectional explicit congestion notification. This has been the default in iOS 11+ and network infrastructure sufficiently new since introduction 20 years ago. [Opcenter] aliases,max=0 disables end-user addon domain management while retaining administrative alias usage. [PHP] reset failed state on pool restart. [Scopes] cp.nightly-update- permit systemd.time(7)-style updates
    fbd9f7df · CHG: bump (migrations) ·
  • v3.2.15   FIXED: [DNS Manager] fetch all domains before dropping privileges as admin. [Filesystem] remove incorrect device-mapper block name from FST, which may block migrations from completing. [SSO] cookie helper does not replicate when /var is on its own mount-point. [upcp] restore git 2.2 behavior in overwriting tags if a tag moves during production.
  • v3.2.14   NEW: [OS] CentOS 8.3+ support. [upcp] Automatically log updates and report failures. FIXED: [Bootstrapper] job daemon authentication changes prevented email summaries from generating for Bootstrapper + integrity check emails. [cgroups] a mount change in 3.2.13 attempted to unmount the reference cgroup controller instead of bind-mounted controller within the filesystem template. [UI] downloaded files buffer in-memory potentially resulting in OOM conditions for larger files. [Web Apps] screenshots on CentOS 8 do not honor /etc/hosts restrictions. CHANGED: [Apache] apply 2 GB memory limit to control group slice intended to prevent runaway processes. [Let's Encrypt] disable renewal of SSL for suspended accounts. Move renewal to activation of suspended accounts. A minor change to suspend-rules template is added to allow /.well-known requests to succeed while a site is undergoing activation. [Let's Encrypt] honor global strict_mode/verify_ip settings under [letsencrypt] in config.ini. [Network] switch queueing algorithm to fq, which supports TCP pacing in pre-4.13 kernels necessary for BBR congestion control. [Nexus] report total accounts in addition to total domains. [PowerDNS] report connectivity errors. [Process] always inherit unshared mount's permissions. [UI] use Brotli compression. Periodically cull HTTP processes above resource watermark (195 MB). [Utilities] mapCheck will reverse populate appldb.siteinfo table with any missing domains.
  • benchmark   ApisCP benchmark See https://github.com/apisnetworks/apnscp-bootstrapper#benchmarking-providers
  • v3.2.13   NEW: [Bootstrapper] ARA builds. [Panel Proxy] support for a singular control panel URL. See @apisnetworks/cp-proxy or Panel proxy.md in the bundled documentation. [PHP] PHP8 support. Enabling PHP8 disables Horde webmail + ionCube features until supported. [PowerDNS] centralized DNS management within UI. Any DNS zone in a cluster may be managed from the UI now regardless of server. [Scopes] php.composer-autoupdate, manage Composer auto updates. virus-scanner.remote-scan, use a centralized ClamAV scanner (see ModSecurity.md). FIXED: [Bootstrapper] "php-fpm" service fires on each notify usage that can result in php-fpm-MAIN as well as other services from deactivating. [File Manager] uploads rejected when diskquota is disabled for site. [Pagespeed] disable gzip compression when Brotli support enabled. Corrects situation in which content compressed using gzip despite client wanting br [PHP-FPM] correct race condition in which PHP-FPM starts in parallel before cgconfig.service cgroup hierarchy is created. [upcp] builds ignored in edge-major. CHANGED: [Frontend] reduce memory usage. [Let's Encrypt] enhance registration reporting errors. Attempt dns-01 solver on root domain when self-check fails. [Let's Encrypt] detection of new R1 signing root. [License] enforce DNS-only domain checks early. [Opcenter] preserve file/inode quotas when diskquota,enabled is disabled. Allows temporary toggles to preserve previous quota settings. [Opcenter] apache,enabled may be disabled. [PHP] allow override of configure script location via "php_configure". [PHP-FPM] write cgroup task only to tracked cgroup controllers. [Scopes] rename apache.php-multi => php.multi, apache.php-version => php.version. Deprecated beginning 3.3 [UI] migrate all application.spec XML files to Yaml. REMOVED: [Postgresql] 9.6 support on CentOS 8. [System] sssd service.
  • v3.2.12.1   CHANGED: [systemd-resolved] Apply CentOS #16988 hotfix for missing PrivateTmp=/ProtectSystem= declarations resulting in 222/NAMESPACE failure [SysV] apply rc-compatibility changes to /etc/rc.d/rc.local
  • v3.2.12   NEW: [OS] Stream 8 support. [upcp] "edge-major" mode to set ApisCP on edge releases until next official release. [webapp] snapshot(), rollback() API helpers to facilitate app snapshots and rollbacks. API signature applies to all compatible Web Apps. FIXED: [Composer] specify "name" field on config/custom/composer.json creation. [git] commit() does not report failure reason. [Ghost] LTS version fails to set on pristine account. [MySQL] imports cannot read from backups that begin with a dot. [PHP] apply g+x to home directories when subdomains are located within if PHP-FPM is used. [PHP] socket activation may be disabled on boot. [Python] Python3 libraries missing on CentOS 8 platforms. [Settings] Cannot unset "Strict SSL" setting. CHANGED: [Bootstrapper] changing hostname in net.hostname update [dns] remove_zone() accepts optional $force parameter bypassing any sanity checks in removal. [Internal] Improve self-referential timeouts for misbehaving routers. [Laravel] db_config()- cache configuration if needed. [PHP] Increase default upload filesize limit. [PHP] Permit fpm-config-custom to override php_admin directives. [Rampart] reduce port ban on postfix-sasl violation to Postfix ports (25, 465, 587). [web] remove_subdomain()- add optional $keepdns parameter to retain DNS after a subdomain is removed.
  • v3.2.11   NEW: [Web Apps] prune() API method removes invalid document roots. FIXED: [PEAR] conflicting PEAR_Exception declaration triggered in specific setting where SMTP server sends mail and PEAR dependency had been previously included by a forced inclusion via require_once. Notably this situation was encountered on Let's Encrypt renewal where a certificate failed renewal and ApisCP configured to use an external SMTP service. CHANGED: [MySQL] Force update to November 9 security release for local privilege vulernability. [Terminal] backport IPv6 support
  • v3.2.10   FIXED: [MariaDB] "Malformed communication packet" error in PHP-linked PDO library present in 10.3.26. Force downgrade to 10.3.25 and version-lock until this bug is resolved upstream. [Panel] listen on IPv6 addresses. [Perl] add missing perl-interpreter package CHANGED: [File Manager] clipboard split button toggles clipboard dropdown. [MariaDB] missing libmariadb library from FST. [PHP] patch system, including OpenSSL fixes in PHP 5.6 on CentOS 8+ systems. [Web Apps] honor skip preferences before calculating update candidates.
    4cbbfd4d · CHG: bump (migrations) ·