Skip to content

Tags

Tags give the ability to mark specific points in history as being important

  • v3.2.48.1

    908e8a14 · CHG: bump (migrations) · 
    CHANGED:
[Let's Encrypt] If an intermediate subject key ID is unknown - new intermediates rotated in - perform a deeper inspection along the trustline to verify it came from X1/X2
    Unverified

  • v3.2.48

    daed3b83 · CHG: bump (migrations) · 
    NEW:
[D-Bus] search by service parameters.
[HTTP] mod_shield WAF, an enhanced successor to mod_evasive. Supports LRU auto-eviction, auto-expiry, and early short-circuit processing on blocked IPs. HTTP response status and response times are scorable dimensions. See Shield.md for further information.
[NSS] Rewrite PAM + NSS C handlers. NSS translations support user@siteXX and uid@siteXX lookups. NSS module is now re-entrant and thread-safe. PAM module handles jailing but old NSS jailing behavior may be induced by passing a non-null _NSS_AUTOJAIL environment variable.

FIXED:
[apnscpd] Spurious "apnscp" connection errors logged to MySQL.
[Diskquota] Resolve "DEFAULT" value for uninitialized diskquota,group configuration.
[Error Reporter] Chained exceptions mask faulty line.
[mapCheck] Call to protected constructor during database sweep.
[Metrics] System controller logged as next free site ID instead of null.
[MySQL] Parsing special characters - specifically "()" - in password field.
[upcp] Presence of edge lock file short-circuits remote history fetch thus sticking panel in commit purgatory.
[Web Apps] Graceful handling for apps that do not export plugin version metadata.

CHANGED:
[License] Treat truncated domainmap.tch as if it were non-existent. Previously license check balked during domain check routine if supported by license feature.
[Telemetry] metrics() supports optional $extended: bool flag to show extended metric label/type.
[UI] Activate session multipath support.

REMOVED:
[Dovecot] IMAP COMPRESS protocol. Inhibits client hibernation.
    Unverified

  • v3.2.47.1

    f27a16f2 · FIX: call to protected constructor during database sweep (mapCheck.php) · 
    FIXED:
[mapCheck] Filesystem checks during dangling database sweeps.

CHANGED:
[Opcenter] Resolve "DEFAULT" value for uninitialized diskquota,group configurations.
    Unverified

  • v3.2.47

    dc17cacc · CHG: update X1 licenses as needed (migrations) · 
    NEW:
[Dovecot] IMAP protocol compression (RFC 4978).
[Opcenter] Site Administrator may change to an existing user on the account. Web files will continue to be owned by the previous user until ownership is changed under Web > Web Apps.

FIXED:
[Cloudflare] Off-by-one error in apex zone records.
[D-Bus] Service interaction may require privilege escalation blocked by voluntary privilege dropping in artisan. Attempt to retry call if possible with elevated privileges.
[Flarum] .env unreadable in install routine when alternative user is selected.
[PHP] Impossible to unset custom PHP pool version.
[Task Scheduler] "Last"/"Next run" calculation with 0/7 DOW value in timezones that cross DST boundaries throws "Impossible CRON expression".
[UI] Modal component displays literal content in MySQL Manager, PostgreSQL Manager. "component()" is now "aliasComponent()".
[upcp] --reset references root upstream/branch inconsistent with individual submodule tracking upstreams.

CHANGED:
[Argos] Purge pending notification queue upon restart. Assumption that Monit is durable and restarting monitor is under extreme conditions, so any amelioration phase shall be honored.
[Internal] Exceptions that occur within serial() forward originating stack.
[Opcenter] Report service parameters that accept a default-nullable marker ("DEFAULT").
[Vanilla] Restrict 2024.012+ to PHP 8.0.2+.
[WordPress] Retain database if duplicating site would remove source database upon uninstall.
[WordPress] When cloning a site, apply database transformation immediately to ensure appropriate configuration on uninstall.

REMOVED:
[user] takeover_user() may be used elsewhere besides "/" and directories owned by account, e.g. "/etc".
    Unverified

  • v3.2.46

    70acfa65 · FIX: Chrome v133+ uses "goog:" namespace. Resolves "session not created" error (Service) · 
    NEW:
[Auth] Time-based one-time password authentication factor. Requires 2FA app such as Authy, Google Authenticator, or YubiKey. See Authentication.md.
[Cockpit] Cockpit integration. Requires TOTP enabled for admin. SSO is available as well. See Cockpit.md.
[HTTP] HTTP Strict Transport Security header may be set for all websites under Account > Settings > SSL. Server defaults set in [httpd] => hsts_mode. Corresponding API methods  into web:list_ssl, ssl_set, and ssl_remove.
[Internal] Accounts logged in with TOTP include an "extended auth" flag. A new permission class, PRIVILEGE_EXTAUTH, is introduced to validate API permission against this mode.
[pgsql] get_table_sizes()- report relation sizes within a database.
[PHP] ionCube, SourceGuardian PHP 8.4 support.
[Plans] "opcenter plan:edit". See Plans.md.
[Postfix] New "maintenance" transport. Domains with a maintenance destination are temporarily deferred until removed. See Postfix.md.
[PostgreSQL] v17 support.
[Scopes] mysql.big-selects, control max_join_size enforcement in MariaDB.
[UI] Inline SVG icons within menu items as 4th parameter.
[UI] Session multipath. Supports several thousand concurrent sessions in same browser instance. Requires setting [frontend] => multipath_length to a non-zero integer. This represents the session id characters used in url generation.
[upcp] Staggered updates are now possible. cp.update-offset Scope sets a duration in hours for release pipeline to remain clean to treat the release as "cured" and thus deployable.
[WordPress] Language support. New API calls, {un,in}stall_language, language_status.

FIXED:
[API] General euid privilege de-escalation fixups.
[Cloudflare] 2024-11-30, "Zone information in individual DNS records" deprecation.
[Discourse] Various. Bump minimum v18 Node to 18.20. MaxMind API key new format. restart() assumes launched by Passenger.
[file] purge() retains translated path cache.
[Laravel] .env values containing a space require quotes.
[Mail] Catch-all delivery for non-addon subdomains relies on irresolvable hostname. Refer to primary domain in siteinfo to generate username.
[Manage Users] "Reset Password" user option has no effect.
[PostgreSQL] socket peer authentication ignores effective UID.
[Screenshots] Cloudflare Turnstile can force client to compute interminable code. Introduce a timeout ([screenshots] => request_timeout) to abort page render if encountered.
[Storage Usage] Sites with over 1 million files may exhaust memory during file list generation.
[Web Apps] App pending install reports future version path in event of docroot relink.
[Web Apps] An overrode app type in a Manifest still reports initial app.

CHANGED:
[API] php:pool_set_policy() collapses multidimensional arrays if the PHP directive contains a dot. Note that nested settings prevail if a similar directive exists unnested.
[API] Rename get_autoload_class_from_module() to simply get_class_from_module(). Addresses confusing scenario in which code would load internal module instead of surrogate during housekeeping routines.
[Auth] Session cache duration matches logout limit.
[Bootstrapper] Throttle concurrent make jobs if per-core load exceeds 125%.
[Bootstrapper] Run mysql_upgrade if MariaDB were upgraded from a previous version during password recovery.
[Laravel] Update Laravel to v7, Horizon to v4 for future OAuth2 support. Horizon upgrade will pose no potential breaking changes. Laravel v7 may introduce minor changes with custom applications. See https://laravel.com/docs/7.x/upgrade
[Letsencrypt] Gracefully handle unlikely scenario record-exists() + remove-record() both repeatedly return true in certain scenarios like a wildcard CNAME in which the target also contains TXT records.
[Logging] Forward exception stack. Requires passing original exception as final parameter to error()/warning()/info() macro.
[Map] Possible to create ini, unbounded json, and textfile maps from strings.
[Monit] Switch daemon from TCP to UDS. Workaround for firewall-cmd --panic-on scenarios that arise during firewalld reload if a list contains overlapping entries (cf. firewalld/firewalld#1343).
[Opcenter] Rename reseller,reseller_id => reseller,id. A migration is included to perform this on the server.
[PHP] pool_set_state() no longer restarts a deactivated pool pending socket activation.
[Postfix] SMTP smuggling protection is always active.
[Python] Move pyenv to apisnetworks/pyenv repository to patch out "pyenv rehash" usage until RHEL-22464 resolves.
[Rampart] rampart.fail2ban-whitelist supports multiple IP addresses.
[Subdomains] Creating a local subdomain creates all ancestors.
[Subdomains] Restrict adding a global subdomain if its parent path is unresolvable.
[UI] Logging out from a subordinate (hijacked) account destroys all parent sessions as well.
[UI] Report if a quota is dynamic (project quota, see Resource enforcement.md), cgroup memory/CPU/proclimit dynamic (nested cgroup), and OOM events in Dashboard.
[UI] Site Administrator may now be disenrolled from all services except panel login. Combine with TOTP/PHP privilege separation to boost security of an account.
[web] rename_subdomain() preserve DNS settings on path rename. Refer to forums post #700.
[Web Apps] Failure/success callback order is non-deterministic when shared in same PHP array.
[WordPress] Changing user now updates FTP_USER.

REMOVED:
[API] user_enabled() deprecated in favor of user_permitted(), a logical complement to permit_user()/deny_user() module calls.
[Auth] Explicit authentication prior to apnscpFunctionInterceptor instantiation unnecessary. afi creation will call Auth::handle() if needed using the registered handler for its active gate.
[Postfix] proxymap intermediary adds unnecessary latency in singleton services - tlsmgr + postscreen.
[Postfix] TLS server-side session cache obviated by session tickets. Introduce client-side session cache for smtp instances.
    Unverified

  • v3.2.45.2

    3ec2e788 · FIX: workaround for X1 intermediate CA expiry. Introduce a 1 in 10 lottery to... · 
    FIXED:
[License] Workaround for X1 intermediate CA expiry. Introduce a 1 in 10 lottery to perform a license renewal whenever an authority is within 30 days of expiration. Coordination policy has changed to introduce a new CA approximately 90 days of expiration. Next CA rotation, X2, will occur before on or before August 2, 2027. Licenses may be renewed before the automated license check using "bin/scripts/license.php renew --force" with ApisCP root.
    Unverified

  • v3.2.45.1

    18149118 · CHG: callback order cannot be determined. Perform validity self-check before... · 
    FIXED:
[Laravel] Derived classes perform version check.
[SSL Certificates] Null dereference.
[Web Apps] Callback order is non-deterministic when multiple callbacks exist in a hash table. Perform validity check during gc to ensure Web App has installed properly if attempting rollback.
[Web Apps] Pending install reports future relocated path.

CHANGED:
[PHP-FPM] Bypass reload call on pools pending socket activation.
    Unverified

  • v3.2.45

    b36a59c8 · CHG: perform second pass scrub on direct filesystem (reissueAllCertificates) · 
    NEW:
[Scopes] cp.role, turnkey setting panel specialization. See INSTALL.md.
[ssl] trust_endpoint(), import certificate in named uri into pki truststore.

FIXED:
[Argos] systemd-resolved monitoring always deactivated due to trailing markup in conditional expression.
[File Manager] Recursive chmod ignored.
[Hetzner] Weak record match generates type error.
[Keyring] Encrypted value cannot be decoded if it is also a default setting.
[Invoiceninja] Corrupted install throws unhandled exception on version check.
[Laravel] Installable version diverts from laravel/laravel versioning in 11.x.
[Let's Encrypt] Reissuing certificates issued after June would discard certificate from internal registry when strict mode is disabled.
[misc] flush_cp_version() flushes incorrect cache tier.
[Opcenter] Improper dependency ordering generates lookup error when pgsql,enabled.
[pgsql] edit_user() doubly encrypts an encrypted password. Add support for SCRAM.
[pgsql] import() errors unreported.
[PostgreSQL] Creating a database explicitly grants USAGE, CREATE on public schema with PostgreSQL v15. These permissions are no longer implicitly granted. Issue is nonreproducible on 16.
[Process] Device field reported in maps() as unsigned long.
[Rampart] Reloading firewalld purges fail2ban rules.
[Scopes] Fatal error setting Maxmind key in auth.geoip-key.
[Timezone] Select timezones, including Europe/Kyiv, are unsupported prior to ICU 72.
[Timezone] Timezone changes lost in concurrent writer situation.

CHANGED:
[Bootstrapper] multiphp_build is automatically set depending upon requested PHP version.
[Bootstrapper] Reorder installation process to clarify completion.
[Bootstrapper] Start services after firewall configured.
[ImageMagick] RPM hook for ImageMagick-libs update that forces a library refresh for resident libMagickCore handles.
[Let's Encrypt] Enhance debugging diagnostics.
[Let's Encrypt] Add R10, R11 fingerprints introduced in June.
[Logging] Filtered messages preserve caller order.
[mapCheck] Correct group within vfs.
[misc] release_fsghost() bypasses backend elevation if possible.
[Net] Report resolver in diagnostics.
[PostgreSQL] Permitted user extension list extracted to config.ini in [pgsql] => user_extensions.
[Quota] Soft quota, which triggers grace period flag, set too low at 99% resulting in mailbox disablement if an account straddles this threshold too long. Move soft quota to 1 MB below hard.
[Rampart] Reload of firewalld with overlapping rules may impair network connectivity. Perform a full restart to ensure network is available.
[Transfer] Disable peer name verification when target server is numeric. Enables usage if self-signed certificate is in pki truststore (see ssl:trust-endpoint).
[Web Apps] Deferred callbacks may be cancelled in event of failure.
[Web Apps] Inexact versions always take latest release.
    Unverified

  • v3.2.44

    dd6024bc · FIX: Remove all records when parameter omitted (PowerDNS) · 
    NEW:
[Accounts] Project quota support. A tertiary quota tier for grouping multiple accounts under a shared block/inode quota. Assignment done within diskquota,group service parameter. See Resource enforcement.md.
[Database] MariaDB and PostgreSQL listening IPs may be set using mysql.listening-ips and pgsql.listening-ips Scopes respectively.
[Mail] SRS secret may be rolled ahead of 48 hour validity period using mail:roll-srs or setting [mail] => srs_autoroll. See SECURITY.md.
[Mail] catch-all and external forwarding may be set granularly per site in mail,catchallfwd and mail,extfwd.
[Map] "textfile" type maps support duplicate keys.
[PHP] ionCube 8.4 support.
[Route53] Support multiple same-origin records.
[UI] Defining NO_AUTH=1 in an app bypasses authentication/authorization checks.

FIXED:
[Bootstrapper] Mitogen runtime socket lost on /tmp remount.
[CLI] Strings that contain array metacharacters without proper demarcation syntax parsed as array.
[DNS] Provisioning a domain performs unconditional reset, ignoring existing record presence.
[Frontend] Shutting down httpd service within backend asserts PHP7 module.
[Kernel] Modern EFI-based systems with multiple drives in softraid may boot of hard drives in round robin fashion. EFI may not be raided thus grub2 configuration must be updated on each EFI system partition. Resolves issues with cgroupv2 on OVH systems.
[Laravel] Version cap applies floor.
[Opcenter] Service parameters that accept "DEFAULT" report "DEFAULT" upon service value expansion if parameter has not yet been committed to account.
[Opcenter] Escape metacharacters in site creation command.
[PowerDNS] All records of same name, content, RR must share same TTL - se PowerDNS/pdns#10921.
[PowerDNS] Remove all records when parameter value omitted.
[Subdomains] Multi-level subdomains cannot be removed.
[Transfer] --stage non-persisted over a collection of sites. --all preserves buffer across runs.
[WordPress] Versionless themes and plugins generate type error.

CHANGED:
[API] site:wipe returns challenge token.
[API] Modules that implement _cron() must implement Tasking interface. Schedules may be suspended by passing null to $interval.
[Cloudflare] URI RR type deprecates "content" parameter in favor of "target".
[Discourse] 3.2+ compatibility.
[DNS] Rely on internal cache for asynchronous record modifications before consulting authoritative servers.
[FTP] Set passive address for machines behind NAT.
[FTP] vsftpd configuration may be overrode in Bootstrapper. See Customizing.md.
[Logging] silence() macro usage bypasses suppression in debug mode.
[Migration] Importing from backup will administratively add missing domains to profile to ensure addon domains may be properly added. Such a situation arises if the account was created, then an import applied to account.
[Migration] Running specific stage in cPanel backup restore as --do includes dependent components.
[Net] IpCommon:bound() autodetects family.
[Opcenter] Reorder cgroup, diskquota dependency map such that removing quota would not inhibit cgrules generation.
[UI] /.well-known URI maps to storage/well-known/.
[vfs] Alias ImageMagick "convert" binary to "magick".
[vfs] Package synchronizer implements --remove-all, --auto alternatives states.
[vfs] Update ghostscript dependencies.
[Web Apps] "fortify" is now a transient property.
[Web Apps] Version reports triadic falsey state: "false" on failure, "" during install, and "null" on irresolvable.

REMOVED:
[Transfer] Original migration log reported database users without prefix as API handled without prefix. Retaining behavior results in ambiguity when namespaced user is named after dbaseadmin as the API prefers fully-qualified users now but falls back to prefixless.
    Unverified

  • v3.2.43

    83b85d44 · FIX: 6.x kernels may not expose device-mapper queueing directly relying... · 
    FIXED:
[Bootstrapper] Mitogen lxml module blacklist in software/imagick role.
[Cgroup] Last named group in cgroup.controllers reports unmounted.
[Cloudflare] Reading values from auth.yaml, use cloudflare.email parameter if scalar value detected for "key".
[Ghost] Update reports old version.
[Migration] Mailbox conflict generates separate argument exception.
[Opcenter] 6.x kernels may not expose device-mapper queueing directly relying instead on intrerogating slave members to determine underlying block.
[Transfer] multiPHP unavailable on target server generates unhandled exception.
[vfs] Apply missing PostgreSQL 16, PHP 8.3 Remi package hooks.

CHANGED:
[Bootstrapper] Restart PostgreSQL if needed for TimescaleDB extension update.
[Cgroup] v2 default on all new installs. v2 reduces mount-point pollution with a monolithic controller per group reducing overhead on php-fpm service startup.
[email] convert_mailbox()- invokable by user administrator.
[Linode] Rely on 53/UDP for record lookups until 53/TCP access is restored by Linode.
[php] Passing "null" to $version parameter resets PHP pool to system default.
[Synchronizer] Terminate rpmdb processes to acquire a reader lock.
[Webapps] Update best-match algorithm to prefer same major if an 8.x installer is requested but a 6.x installer is published after the last available 8.x installer.
[Webapps] Rewrite meta initialization such that parseInstallOptions() sets meta, notifyInstalled() commits it. A separate call is no longer needed to initializeMeta() within an app installation routine. Likewise all callbacks registered will fire once meta is committed.

REMOVED:
[Discourse] GeoIP key no longer mandatory.
    Unverified

  • v3.2.42.3

    2761454a · CHG: add latest generation cross-signing authorities (Let's Encrypt) · 
    CHANGED:
[Let's Encrypt] Support E5/E6 signing intermediaries effective June 6.
    Unverified

  • v3.2.42.2

    6250d517 · CHG: promote mongodb_version to playbook-wide setting (packages/install) · 
    FIXED:
[MariaDB] CapabilityBoundingSet/AmbientCapabilities conflict with changes introduced in 10.4.34+, initially triggered in 10.5.25 release. See MariaDB/server@76a27155b4cd for further details.

CHANGED:
[MariaDB] Floor query_cache_size to nearest power of 2.

REMOVED:
[cgroup] Incompatible cgroupv1 configuration upon migration to v2.
    Unverified

  • v3.2.42.1

    eb890396 · FIX: st_dev field data type is unsigned int (Opcenter\Filesystem) · 
    NEW:
[SourceGuardian] PHP 8.3 support.

FIXED:
[Filesystem] getMountOptions() detects first path that starts with path.

CHANGED:
[Cgroup] Workaround for blkcg_iostat_update kernel panic present in 4.18.0-513.
[Internal] fatal()/report() supports symbolic messages.
[Scopes] php.version incorrectly reports next system version as multiPHP.
[WordPress] In event of PHP fatal error, still attempt to salvage database configuration.
    Unverified

  • v3.2.42

    dc442b5a · CHG: overzealous use of chroot args on C8 (apache) · 
    NEW:
[Anyversion] direct()- apply raw command against nvm, pyenv, rbenv, goenv wrappers.
[Cgroup] Delegative authority technology preview. Unlimited suballocatable resource groups enforced kernel space by cgroupv2. See Resource enforcement.md.
[Internal] Jobs may be executed with suppression filters.
[Keyring] Secure storage of platform hints. Accompanying module "keyring". See Authentication.md.
[PHP] AVIF support on PHP 8.1+.
[Platform] Supervisory mode, set panel_headless=True + has_dns_only=True + webserver_type=null for a management-only variation. Works with DNS-only/testing licenses. Useful on hypervisors.
[Transfers] --all option performs transfer of all non-suspended sites on server.

FIXED:
[Anyversion] Reverse interpreter version to match least significant first otherwise "18" incorrectly matches 18.20 in [18.20,18.50] whereas wrapper pulls "18.50".
[Bootstrapper] Incorrect substitution in memory-ranged crashkernel values.
[Cgroup] Files in /etc/cgconfig.d ignored on startup.
[Ghost] Specifying localhost.localdomain may result in incorrect grant evaluation on dual-stack networks.
[Net] Interface address scope, off-by-one in removal.
[Opcenter] DeleteDomain hooks ignored in API.
[Subdomains] Subdomains created within /var/subdomain generate inaccessible paths.
[Tuned] Active profile must be set through tuned-adm.

CHANGED:
[Bootstrapper] Factor into consideration memory savings of disabling crashkernel when calculating memory threshold.
[Dashboard] Fetch load average as soon as possible before other requests are enqueued to reflect the normalized run-queue depth.
[Ghost] Remove older releases after successful update.
[Ghost] Switch to ghost-cli to apisnetworks/ghost-cli-lite, without systemd/Ubuntu mannerisms.
[MySQL] Perform quick, transactional database exports which no longer require table locks.
[PHP] Report identifier to syslog as php-fpm/siteXX-pool. Disambiguate startup errors in /var/log/messages plus facilitate identification of rogue syslog messages. Remove block on changing error_log setting, which has valid cases in WordPress when WP_DEBUG_LOG is true.
[Postfix] Downgrade SpamCop quality while row with Office365 continues, https://forum.spamcop.net/topic/73128-massive-spams-from-microsoft/.
[Postfix] postscreen DNS lists broken out to "postfix_dnsbl_sites". Default behavior of performing DNSBL checks behind postscreen can be reverted to old behavior (< 2.8) by setting postfix_postscreen_dnsbl_bypass=true in Bootstrapper. Bypassing DNSBL checks in Postscreen moves the checks to the smtpd client, which may be skipped entirely based upon results in client_access. Note, this method is less efficient but allows for a recipient to subvert any DNSBL checks.
[PostgreSQL] Update timezone with system.timezone scope.
[PowerDNS] Tag SOA creation with ctime, site, and server for better tracking.
[Scopes] apache.system-directive supports array values, e.g. ['BROTLI':false,'STRICT':true].
[Syslog] Standardize idents as <service>/<site><?-optional identifier>.
[System] CVE-2024-2961 hotfix. POC drops May 10.
[WordPress] Set FS_METHOD to "direct" on release fortification.

REMOVED:
[Backend] Remove PHP-FPM dependency in theme acquisition.
[Packages] bind-utils, use dig instead of host.
[PHP-FPM] Administratively set values for opcache.restrict_api, mirrors default and session.save_path, /tmp is preferred for its ephemeral storage but justification for permanent restriction is insufficient.
[PHP-FPM] Explicit controller names may be picked up with cgclassify + cgrules.conf.
[tuned] Dynamic tuning.
    Unverified

  • v3.2.41

    b30a6a04 · FIX: extraneous indention (Webapps) · 
    NEW:
[Internal] preempt() complement to defer(), pushes a deferred callback to head of queue.
[Internal] Symbolic messages, prefixed with ":", may be filtered by its symbol instead of literal message.
[Scopes] backups.automatic-database-exports, routine exports of database backups or triggered manually. See Backups.md.
[Scopes] system.process-limits, control vfs ulimit parameters. See Limits.md.
[Tests] "DEBUG_PRESERVE_SITE" env presence controls ephemeral account deletion. Used to examining unit tests post-mortem.
[Tests] Upgrade ladder test runner. Perform iterative upgrade on app against range. See tests/runners/.
[Web Apps] BookStack, Flarum, Invoice Ninja, and Vanilla Forums.
[Web Apps] Deferrable reconfigurables. Reconfigurables that may be set at install time yet only fire (apply) after installation or at invocation time on an installed app.

FIXED:
[API] Symlinks incorrectly copied as files.
[Bandwidth] Site without bandwidth records triggers a warning.
[Bootstrapper] Setting admin password before Postfix configured on an install loop prevents mail dispatch when bootstrapper-resume is started interactively.
[HTTP] Force-resolve target domains upon redirection.
[Laravel] Punycode domain names in composer.json.
[PHP] Workspace parent directory removed by periodic tmpfiles sweep is not recreated due to inadequate stat checks.
[Web Apps] PHP-FPM caches docroot referent resulting in spurious "No input file specified" upon reinstalling a relinked docroot path in a hot worker.
[Web Apps] Releases sorted by page.

CHANGED:
[Anyversion] Facilitate module builds by moving temporary directory to /var/tmp.
[API] file:delete will remove empty directories when $recurse is false.
[API] php:pool-set-state(), add support for "reload" to perform graceful reload of PHP-FPM.
[CLI] Success status reported. Previously level was blank.
[Datastream] Reduce read syscall overhead.
[GMail] Update MX records ASPMX2/3 to ALT3/4.
[Internal] Web Apps release fetch accepts version normalization callback.
[Laravel] Additional version check such that create-project package is at most 1 release behind target framework release date. Addresses condition in which laravel/framework 10.3.1 is requested yet laravel/laravel 10.3.3 boilerplate contains updated code in laravel/framework 10.10.1+. 10.0.5 would be the ideal candidate by timestamp.
[Laravel] Reconfigure APP_URL on SSL reconfiguration.
[MariaDB] Restore 11.0.1+ binary names.
[MultiPHP] Link PHP CLI binaries into /usr/local/bin if requested version varies from system.
[Transfer] Remote API access defaults to SSL.
[Web Apps] Add vendor link.
[Web Apps] Apps based on Composer no longer expect an approot beneath docroot.
[Web Apps] Graceful handling of irresolvable docroots. Application root shall report main document root when the domain is unbound to account.
[Web Apps] Subshell invocations of "php" binary pick up multiPHP directory.
[Web Apps] Silence "subdomain docroot is directory" in Web App update emails.

REMOVED:
[Internal] Duplicate download routine in Webapps, Util\HTTP.
[Login] Potentially confusing characters in set "iIloO0" from password reset dialog.
    Unverified

  • v3.2.40

    1135aa6d · CHG: move PGDG earlier into migration · 
    NEW:
[Anyversion] python, go API modules.

FIXED:
[Anyversion] Modified .bashrc files may lack rbenv/pyenv/nvm/goenv wiring. Always include in API calls.
[Cgroup] 5.x kernels before 5.8 lack root-level memory.stat, cpu.stat counters in cgroupv2. Approximate system usage through procfs. Requires a combination of mainline kernel from ELrepo + cgroupv2 to trigger.
[Cgroup] Erroneous "frozen" state in v2.
[Firewall] fail2ban.whitelist removal has no effect.
[Firewall] SASL failed login match.
[Opcenter] Modifying diskquota,quota must cancel pending amnesty rollback.

CHANGED:
[Ansible] 8.x compatibility.
[Bootstrapper] Forced reboot exits with 0 to allow ExecStartPost processing in abrupt termination.
[Discouse] 3.1 support.
[Mail] SMTP smuggling workaround on CentOS 7.
[Manage Mailboxes] Bulk add converts user to local delivery.
[Opcenter] Bypass logging local bandwidth.
[PostgreSQL] "unaccent" extension may be enabled.
[PostgreSQP] RPM key update.
[RPM] Convert MariaDB + MongoDB repositories to INI directives.
[vfs] VFS ulimits stored as templated dict. Any values encoded in there are repeated verbatim in FST/siteinfo/etc/security/limits.d/10-apnscp-user.conf.
[Wordpress] Implicitly update wp-cli-login upgrade.

REMOVED:
[pman] run()- scalar arguments are deprecated. An array or hash must be used in future versions.
[rspamd] v3.7.3 lock.
    Unverified

  • v3.2.39.2

    7f268d62 · CHG: default modes (Opcenter\Filesystem) · 
    SECURITY:
[Logs] log:set-logrotation() permits arbitrary directives processed as root. A malicious script could be set as a postrotate action to grant elevated privileges. No such exploit is known to exist.

NEW:
[Joomla] v5 support.
[PHP] 8.3 support.
[Web Apps] Manifests support a "depth" parameter to separate the document root from application root of arbitrary depth.

FIXED:
[cgroup] cpuset controller requires cpus + mems to be declared. In case of cgroup,cpupin=None, this controller may be created with empty parameters upon boot for cgroupv1 resulting in cgclassify failure when explicitly bound.
[file] stat() missing file race condition.
[Opcenter] atomic writes forget mode/ownership.
[PHP Pools] Switching from user-owned to apache terminates all user processes on account.
    Unverified

  • v3.2.39.1

    19049c02 · FIX: uninitialized property $avatar when [style] => gravatar disabled (UI) · 
    NEW:
[Internal] Filesystem::atomicWrite() performs synchornous write followed by atomic libc rename() request. Intended to provide guarantee of non-partial reads.
[ionCube] PHP 8.2 support.
[SourceGuardian] PHP 8.2 support.
[webapps] available()- report Web Apps available for install.

FIXED:
[Configuration] Type representation in non-debug mode.
[Lararia] Jobs always generate new session. A race condition can arise in which the user requests install in UI, job begins to process, user logs out (destroys session), then elevated backend request goes to cold worker that cannot be resumed.
[Opcenter] cgroup,enabled always calls freshenSite() which in turn invalidates other sessions instantiated against site. Web Apps installed with first-time SSL issuance trigger this behavior introduced in #4f60e7ea, in which the installation shadow session has precedence. Perform loose inspection of parameters to determine freshenSite() requirement.
[PHP] Resuscitating a PHP-FPM pool from a failed state may encounter race condition on asynchronous socket re-enablement + restart operation.
[rspamd] hotfix rspamd/rspamd#4703 [BUG] 3.7.4 fails to start on RHEL 9.3
[vsftpd] C7 always performs rsa_cert_file directive check on start.
[web] Renaming subdomain creates index.html placeholder.

CHANGED:
[Backend] Pin hot worker to authentication context.
[Let's Encrypt] All DNS timeouts observe [dns] => lookup_timeout.
[Let's Encrypt] append() honors strict tolerance setting.
[pman] kill() runs as process owner if owner uid meets minimum UID and within user list.
[Users] Limit GECOS to 128 characters. Longer values may result in underruns in re-entrant getpwnam() implementations.
    Unverified

  • v3.2.39

    580c1ea0 · CHG: perform restart to clear failed status that would be inhibited by a... · 
    NEW:
[API] Expand common:get-ip{,6}-address to include pool when invoked as Appliance Administrator.
[API] misc:release-fsghost(), examine active processes for referenced file that exists solely in process space, in other words a file whose inode is no longer referenced in the OS. Covers situations where for example Postfix may update but file permissions are non-atomic which in turn may result in an invalid copy of postdrop without appropriate setuid permissions for injection into mail queue. Offending sites are frozen, processes terminated, and mount cache emptied before restoring to previous state.
[API] misc:run-cron(), run all or specific module crons immediately, bypassing timers.
[Cgroup] v2. Overhauled interface, fewer mountpoints, faster PHP-FPM startups. Run cpcmd scope:set cgroup.version 2 (reboot necessary).
[Internal] Error_Reporter::exception_convert() convert an exception into a lightweight message that retains frame info. Useful for capturing exception upgrades in nested code with retained context.
[Scopes] LDA delivery deletion controllable on a global scale using mail.spam-deletion-threshold. Likewise spam scoring threshold set by mail.spam-threshold. Deletion threshold may be overrode on a per-site basis, as well as score threshold with SpamAssassin. rspamd scoring threshold is still global.
[Web Apps] Document roots symlinked as subdirectories within existing domain structures treated as subsites within parent hostname ("subsite" feature).

FIXED:
[Backend] One-off housekeeping overwrites primary housekeeping/cron pid. If cron exits abnormally, backend cannot restart as it becomes untracked.
[Backend] Race condition between nsswitch systemd source removal in group database during install and cron.
[DAPHNIE] Truncating a value over field limit creates null dereference through unregistered cgroup statistic within metric provider. Introduce anonymous statistics whose type is inferred from database result.
[Database] [database] => concurrency_limit takes precedence over individual database limits.
[DNS] validate_template() Ephemeral account changes results in null invariant return.
[Laravel] Logic inversion precludes cache generation.
[Manage Users] Duplicate username label.
[OS] Shell timezone.
[PHP] .user.ini ignored without specifying DOCUMENT_ROOT environment var.
[Scopes] cp.config settings missing.
[Scopes] system.integrity-check deactivation delays deactivation until second run.

CHANGED:
[Bootstrapper] Report backend log if admin creation fails.
[Bootstrapper] Delay cron tasks until FST fully provisioned.
[Cgroup] Reinitialize blkio controller on bugged kernel to ensure monotonic counters properly reinitialized.
[DNS] Normalize Hetzner NS records.
[Laravel] Refer to laravel/laravel as installation basis instead of framework.
[Laravel] Run composer/artisan commands as approot owner.
[Let's Encrypt] During _acme-challenge TXT probe, explicitly request authoritative results to ensure propagation without forwarding in split-view DNS setups.
[Scripts] mapCheck removes orphaned sites.
[UI] Acquire screenshots on subpaths.
[Web Apps] Hostnames may be overwritten by rediscovering on multihomed directory.
[Web Apps] Updateable versions in UI follow webapp:is-current logic.
[Webmail] Changing webmail location attempts SSL issuance for new subdomain.
[Yum] Updating apps may now pull in new dependencies.

REMOVED:
[Ghost] Drop -D flag, originally a means to bypass permission checks but now unconditionally sets NODE_ENV=development.
[UI] Hide DNS tab when provider is "null".
[UI] Remove SPF Setup when provider is "null".
[Web Apps] Deduplicate same paths.
    Unverified

  • v3.2.38.2

    fc84cec4 · CHG: expose cert_exists to admin (ssl) · 
    FIXED:
[Opcenter] systemd implements quasi subset of shell expansion without subshell execution. When forcing a housekeeping run, invoke sh directly to grab backend pid. Resolves Let's Encrypt certificate renewal if nightly panel updates disabled.

CHANGED:
[DNS] get_zone_data() on a parented domain returns null.
[Scopes] Both metrics.enabled + cp.update-policy pull in apnscp/install-services role.
    Unverified