Jump to content
Froxlor Forum

Release Candidate 0.9.29-rc1


d00p
 Share

Recommended Posts

Dear Froxlor Community,
 
sorry for the long delay. There are several reasons for this, most of them regarding Debian Wheezy of course and the fact that I've been on my honeymoon.
 
Again, there are a lot of changes in the upcoming version 0.9.29, so please take a look at our bugtracker (http://redmine.froxlor.org/versions/38) and report any issues left for the final release.
 
The next step will be the integration of the dualstack feature and some more work on per-domain ssl certificates.
 
Also, DomainKey does currently only work with dkim-filter, not with opendkim.
 
Please report bugs/errors in the bugtracker (http://redmine.froxlor.org) as usual.
 
Changes in 0.9.29-rc1:

+ customers are now able to define ssl-certificates on a per-domain basis when SSL is enabled

+ Debian Wheezy support (configuration templates)

+ #587 when using php-fpm, you can now also specify php-configurations on a per-domain basis, note: not all listed configs can be used in fpm and are therefore ignored

+ #100 allow usage of AXFR records in bind

+ #744 added possiblity to hide subdomains in the PHP-configurations overview

+ #1175 added possibility for admins to allow/disallow changing the theme


~ #640 non-latin IDN domains are now correctly validated

~ #1197 fixed phpMyAdmin URL validation, entering an IP-address is now possible

 
Important information: 

  • support for dovecot-1 on Gentoo will be dropped in 0.9.29 as Gentoo's tree does not include it anymore.
  • support for Ubuntu Hardy will be removed in 0.9.29 as it is unsupported since april 2013.

Download: 0.9.29-rc1
 
Note: As this is a release candidate, there will be no Debian packages and no new Gentoo ebuild for this.
 
Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.
 
Thank you,
d00p

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      this small release adds the ability for admins/resellers without the change-serversetting permission to adjust the domain-documentroot. We have also fixed a misbehaviour regarding standard-subdomain due to a wrong default value when updating a customer via API.
       
      Changes in 0.10.31:
      set correct php-version numbers for installation dependencies-check; fixes #997 fix behaviour in Customers.update() in case 'createstdsubdomain' is not set when called via API (wrong default); fixes #998 allow settings/updating documentroot (only relative to customer homedirectory) when change_serversettings permission is not granted; fixes #1000 fix Domains.update() with correct path and change_serversettings=0; fixes #1001  
      Download: 0.10.31 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      with the release of 0.10.28 we've introduced the possiblity to let customer use custom-database names if enabled in the settings. One of our community members found out that the parameter was not validated correctly and that a user with customer-privileges to the panel could exploit this with an SQL injection. The assigned CVE is CVE-2021-42325 and the fixing commit can be found here.
      Default froxlor installations are not affected per se as this feature requires an admin to set DBNAME in the corresponding "SQL prefix" setting to be enabled.
      Additionally, this release fixes minor validation in the SubDomains-module and the bulk-import of domains. You can now also specify that a newly created php-confiugrations gets assigned to all customers instead of having to add them to each customer manually.
      Changes in 0.10.30:
      fix validation of database_name if custom-database-name feature is enabled fix allowed-phpconfigs check in SubDomains.add() and SubDomains.update() adjust debian 11 config templates, fixes #982 don't remove 0-value parameter values from bulk-actions add possibility to assign new/edited php-config to all customer accounts; fixes #980 add complete list of nameserver-ips and given axfr-servers to allow-axfr-ips list for PowerDNS; fixes #985 fix api documentation for Domains.add() and Domains.update(); fixes #987 soften/correct permissions on pdns configs; fixes #991 check whether the domain to clean from pdns actually still exists there; fixes #992 avoid possible DivisionByZeroError in APCu info page, fixes #995  
      Download: 0.10.30 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      this release integrates a few security improvements that have been reported to us regarding the session settings, session id and possible url manipulation. Additionally, thanks to the guys from INWX, support for mysql-tls settings have been integrated in the installation-process and the system. Thanks again for the contribution.
      Changes in 0.10.29:
      set php session security related settings (httponly and secure flag) secure commonly used filename-variable against url manipulation generate unpredictable unique session ids fix session for 2fa enabled logins integrate the new czech language file; refs #976 possibility to decide whether target database should be dropped after backup when installing adds mysql tls support, refs #979 Changes in 0.10.29.1:
      fix fresh installation (database exist check)
        Download: 0.10.29.1 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      this release brings the ability to allow customers to set custom names when creating a database. Just set DBNAME as SQL prefix in the account settings. The DNS of a domain is now validated on creation and update if Let's Encrypt is enabled to ensure the domain resolves to one of the server's (and selected!) IP addresses to prevent failure when generating certificates. Additionally to the new logo upload possibility introduced in 0.10.27 we've re-enabled the overwriting of theme-logo's using the logo_custom.png and logo_custom_login.png files and also introduce new settings to control whether this is wanted or not (see panel settings, right above the logo upload).
      Changes in 0.10.28:
      added new sql-prefix mode DBNAME in order to allow custom database names; fixes #672 correct heredoc indentation in AcmeSh for php-7.1 - php-7.3; fixes #957 fixed Minimum and Expired SOA-Records according to RFC; see #959 have more power over theme logo, custom theme logo and uploaded logo; fixes #958 added option to disable creation of default subdomain; fixes #960 added/updated czech language file; see #870 added Buypass to the list of ACME providers; see #968 add setting for a custom system group for all customer-users (requires libnss-extrausers); fixes #953 check dns for lets encrypt when adding/editing domains and via cron; fixes #971  
      Download: 0.10.28 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      in this release, we start to support the new Debian Bullseye (11) distribution (including packages via deb.froxlor.org). We have also added the ZeroSSL endpoint as an alternative to Let's Encrypt, you can read more about ZeroSSL here: https://zerossl.com/letsencrypt-alternative/. It is now also possible to customize the login and header logo from within the panel-settings. For users that are currently using the custom_logo.png file to override it - the updater will convert it for you.
      Changes in 0.10.27:
      added a default robots.txt to avoid indexing by search-engines add setting for default serveralias value for new domains prefer custom zone entries over automatically created ones when system.dns_createmailentry is enabled; fixes #944 support ZeroSSL via acme.sh (v3); fixes #946 allow defining php_value/php_admin_value for session.save_path when using php-fpm; fixes #954 possibility to upload custom header/login logo, refs #948 possibility to specify custom css; refs #949 bump phpmailer/phpmailer from 6.4.1 to 6.5.0 support for Debian Jessie has been dropped  
      Download: 0.10.27 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
×
×
  • Create New...