Jump to content
Froxlor Forum

Release 0.9.28 *update*


d00p
 Share

Recommended Posts

Dear Froxlor Community,
 
the release candidate of version 0.9.28 has been released a month ago and thanks to a bunch of community users for testing and reporting, a lot of bugfixes found their way into this release and we are proud to announce a new stable release of Froxlor: 0.9.28
 
The upcoming release-candidates, followed by a stable release, of version 0.9.29 will include improved SSL-support and IPv4/IPv6 dual-stack support as announced earlier.
Also you might have noticed that we started to work on our new version tree 0.99 which will be API based. It's under heavy development and still in its beginnings.
 
As we probably will not be finished with 0.99 after 0.9.29 is released, depending on bug-reports or similar, there will of course be another maintenaince release of 0.9.x if necessary.
 
As announced in the release-candidate thread, support for php's safe_mode, mod_log_sql and Debian Lenny has been removed in this release. Also, Ubuntu Hardy completely and dovecot-1 on Gentoo have been marked as deprecated as they will be removed in 0.9.29.
 
Please report bugs/errors in the bugtracker (http://redmine.froxlor.org) as usual.
 
Changes in 0.9.28:

+ #536 Use complete domain name as default path for DocumentRoot

+ #1150 added possibility to add random prefixes to a customers database-name


~ #668 fixed FreeBSD 8.2: Bind 9 is missing from list of Daemons

~ #758 fixed bug in "Amount of APS installations" counter

~ #916 fixed webserver-specific default vHost settings don't work in ligHTTPd

~ #1023 fixed Redirect with SSL Enabled Domain

~ #1058 fixed bug in "Amount of autoresponders" counter

~ #1085 fixed incorrect configuration command for awstats under Gentoo

~ #1127 fixed falsely used e-mail sender name

~ #1134 updated default parameter list of sendmail-program in php.ini-template

~ #1136 fixed falsely added specialsettings to a ssl-redirect

~ #1160 fixed usage of empty value for CertificateChainFile (it's allowed)

~ #1172 cleaned up language files

~ #1173 fixed redirect to "ip:port"

~ #1180 fixed clean-up if fcgid/php-fpm configurations

 
Important information: 
The configurations for postfix on FreeBSD have been updated. Please check using http://config.froxlor.org/.

Update: Due to a syntax-error in the updater we had to re-release as version 0.9.28.1 - for all who got stupid errors on updating, we are sorry :/

Download: froxlor 0.9.28.1
 
Note: Debian packages and the Gentoo ebuild will follow shortly.
 
Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.
 
Thank you,
d00p

Link to comment
Share on other sites

  • 3 weeks later...

as you might have noticed already, debian 7.0 got released a few hours ago.

going on par with that a small change and a note:

 

squeeze users:

stable is now oldstable, if you are pointing to the "stable" symlink in your configuration, you might want to change that to "squeeze" or "oldstable"

 

wheezy users:

there will be *no* wheezy packages for 0.9.28.1, this will have to wait for the next froxlor release

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      this small release adds the ability for admins/resellers without the change-serversetting permission to adjust the domain-documentroot. We have also fixed a misbehaviour regarding standard-subdomain due to a wrong default value when updating a customer via API.
       
      Changes in 0.10.31:
      set correct php-version numbers for installation dependencies-check; fixes #997 fix behaviour in Customers.update() in case 'createstdsubdomain' is not set when called via API (wrong default); fixes #998 allow settings/updating documentroot (only relative to customer homedirectory) when change_serversettings permission is not granted; fixes #1000 fix Domains.update() with correct path and change_serversettings=0; fixes #1001  
      Download: 0.10.31 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      with the release of 0.10.28 we've introduced the possiblity to let customer use custom-database names if enabled in the settings. One of our community members found out that the parameter was not validated correctly and that a user with customer-privileges to the panel could exploit this with an SQL injection. The assigned CVE is CVE-2021-42325 and the fixing commit can be found here.
      Default froxlor installations are not affected per se as this feature requires an admin to set DBNAME in the corresponding "SQL prefix" setting to be enabled.
      Additionally, this release fixes minor validation in the SubDomains-module and the bulk-import of domains. You can now also specify that a newly created php-confiugrations gets assigned to all customers instead of having to add them to each customer manually.
      Changes in 0.10.30:
      fix validation of database_name if custom-database-name feature is enabled fix allowed-phpconfigs check in SubDomains.add() and SubDomains.update() adjust debian 11 config templates, fixes #982 don't remove 0-value parameter values from bulk-actions add possibility to assign new/edited php-config to all customer accounts; fixes #980 add complete list of nameserver-ips and given axfr-servers to allow-axfr-ips list for PowerDNS; fixes #985 fix api documentation for Domains.add() and Domains.update(); fixes #987 soften/correct permissions on pdns configs; fixes #991 check whether the domain to clean from pdns actually still exists there; fixes #992 avoid possible DivisionByZeroError in APCu info page, fixes #995  
      Download: 0.10.30 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      this release integrates a few security improvements that have been reported to us regarding the session settings, session id and possible url manipulation. Additionally, thanks to the guys from INWX, support for mysql-tls settings have been integrated in the installation-process and the system. Thanks again for the contribution.
      Changes in 0.10.29:
      set php session security related settings (httponly and secure flag) secure commonly used filename-variable against url manipulation generate unpredictable unique session ids fix session for 2fa enabled logins integrate the new czech language file; refs #976 possibility to decide whether target database should be dropped after backup when installing adds mysql tls support, refs #979 Changes in 0.10.29.1:
      fix fresh installation (database exist check)
        Download: 0.10.29.1 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      this release brings the ability to allow customers to set custom names when creating a database. Just set DBNAME as SQL prefix in the account settings. The DNS of a domain is now validated on creation and update if Let's Encrypt is enabled to ensure the domain resolves to one of the server's (and selected!) IP addresses to prevent failure when generating certificates. Additionally to the new logo upload possibility introduced in 0.10.27 we've re-enabled the overwriting of theme-logo's using the logo_custom.png and logo_custom_login.png files and also introduce new settings to control whether this is wanted or not (see panel settings, right above the logo upload).
      Changes in 0.10.28:
      added new sql-prefix mode DBNAME in order to allow custom database names; fixes #672 correct heredoc indentation in AcmeSh for php-7.1 - php-7.3; fixes #957 fixed Minimum and Expired SOA-Records according to RFC; see #959 have more power over theme logo, custom theme logo and uploaded logo; fixes #958 added option to disable creation of default subdomain; fixes #960 added/updated czech language file; see #870 added Buypass to the list of ACME providers; see #968 add setting for a custom system group for all customer-users (requires libnss-extrausers); fixes #953 check dns for lets encrypt when adding/editing domains and via cron; fixes #971  
      Download: 0.10.28 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      in this release, we start to support the new Debian Bullseye (11) distribution (including packages via deb.froxlor.org). We have also added the ZeroSSL endpoint as an alternative to Let's Encrypt, you can read more about ZeroSSL here: https://zerossl.com/letsencrypt-alternative/. It is now also possible to customize the login and header logo from within the panel-settings. For users that are currently using the custom_logo.png file to override it - the updater will convert it for you.
      Changes in 0.10.27:
      added a default robots.txt to avoid indexing by search-engines add setting for default serveralias value for new domains prefer custom zone entries over automatically created ones when system.dns_createmailentry is enabled; fixes #944 support ZeroSSL via acme.sh (v3); fixes #946 allow defining php_value/php_admin_value for session.save_path when using php-fpm; fixes #954 possibility to upload custom header/login logo, refs #948 possibility to specify custom css; refs #949 bump phpmailer/phpmailer from 6.4.1 to 6.5.0 support for Debian Jessie has been dropped  
      Download: 0.10.27 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
×
×
  • Create New...