Jump to content
Froxlor Forum

Release 0.9.33 - Enhanced powers *update*


d00p
 Share

Recommended Posts

Dear Froxlor Community,

 

today we are releasing our next major stable release 0.9.33 which includes a bunch of improvements and some interesting new features.

 

Starting with this version, froxlor allows to move customers from one admin to another (including all resources like domains etc.). Due to the wish of some community members, we included a domain-import. It can be found in the admin-domain overview, more information can be found at http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc.

 

Also we added possibilities to define password-complexity rather then specifying a regular-expression - this makes suggested passwords in the panel match the complexity. The account passwords for admins and customers are now also hashed with the algorithm you've set in the settings. The passwords are being updated automatically when the user logs in successfully - you do not have to do anything. The default hash has been changed from MD5 to SHA256 - updaters need to set the setting manually as we do not overwrite user-settings.

 

Additionally, an admin can now specify a custom-newsfeed for his customers which is being displayed instead of the froxlor-newsfeed.

 

Our database-integrity-check now checks for correct UTF-8 in our tables and logs issues found and what has been fixed if necessary, this makes its actions more transparent and replicable to the admin.

 

It is now possible to add custom notes to admin / customer profiles. Optionally this custom note can be displayed on the users dashboard.

 

For users that really want to use sockets instead of 127.0.0.1/localhost for the database-connection can now set the "host" value in lib/userdata.inc.php to a socket-file.

 

We have included new configuration templates for Ubuntu 14.04 and RHEL / CentOS 7.

 

Important: the directory permissions for (new) customers changed to be more secure (0755 -> 0750), if you use FCGID or php-fpm you have to update your libnss-mysql config for this to work, you can see changes in the config-templates at http://config.froxlor.org (chose your distribution and your current version and click "show differences").

 

Note: Many people seem to be having issues with php-fpm / libnss / user-group permissions - nscd can be a party-killer sometimes, try to clear its cache using nscd --invalidate=group

 

Changes in 0.9.33:

+ #1289: use password-hash from froxlor-settings for admin/customer accounts

+ #1335: added possibility to use a socket-file for the database-connection

+ #1408: added custom newsfeed on customer-dashboard

+ #1410: added possibility to move customer between admins

+ #1414: added configuration templates for Ubuntu 14.04 LTS

+ #1452: added domain import (CSV file), infos at http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc

+ #1471: added custom-notes field in admin and customer profiles


~ #1426: fixed utf-8 encoding problem (use db-integrity check)

~ #1427: fixed the way php was included in nginx-vhosts

~ #1430: fixed various nginx-vhost problems

~ #1437: fixed cron-problem in FreeBSD

~ #1440: fixed ip-validation in some special cases

~ #1446: fixed nginx auto-index problem

~ #1447: fixed libnss-configs for customer-docroot chmod 750

~ #1455: fixed directory-protection with apache-2.4

~ #1458: fixed incorrect security check on mail-directories where various special-characters are allowed

~ #1459: fixed deprecated postfix configuration templates in debian

~ #1465: fixed dovecot-transport configuration in ubuntu

~ #1466: fixed design-issues when no add-link is present in overviews

~ #1468: fixed installer when mysql strict-mode is used

~ #1483: fixed possible orphaned lock-file from cronjob
Changes in 0.9.33.1:

 

~ #1489: fixed mysql-connection problem when using a private-network IP

~ #1498: fixed nginx vhost merging in case of variables in vhost, e.g. ${variable}

~ #1500: fixed global PEAR path for php-fpm
You can see all changes in our bugtracker at http://redmine.froxlor.org/versions/64 and http://redmine.froxlor.org/versions/65 (also changes in 0.9.33-rc1, changes in 0.9.33-rc2)

 

Download: 0.9.33.1

 

Note: Gentoo-ebuild and Debian packages are now available.

 

Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

 

Thank you,

d00p

Edited by d00p
Bugfix release 0.9.33.1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      this small release adds the ability for admins/resellers without the change-serversetting permission to adjust the domain-documentroot. We have also fixed a misbehaviour regarding standard-subdomain due to a wrong default value when updating a customer via API.
       
      Changes in 0.10.31:
      set correct php-version numbers for installation dependencies-check; fixes #997 fix behaviour in Customers.update() in case 'createstdsubdomain' is not set when called via API (wrong default); fixes #998 allow settings/updating documentroot (only relative to customer homedirectory) when change_serversettings permission is not granted; fixes #1000 fix Domains.update() with correct path and change_serversettings=0; fixes #1001  
      Download: 0.10.31 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      with the release of 0.10.28 we've introduced the possiblity to let customer use custom-database names if enabled in the settings. One of our community members found out that the parameter was not validated correctly and that a user with customer-privileges to the panel could exploit this with an SQL injection. The assigned CVE is CVE-2021-42325 and the fixing commit can be found here.
      Default froxlor installations are not affected per se as this feature requires an admin to set DBNAME in the corresponding "SQL prefix" setting to be enabled.
      Additionally, this release fixes minor validation in the SubDomains-module and the bulk-import of domains. You can now also specify that a newly created php-confiugrations gets assigned to all customers instead of having to add them to each customer manually.
      Changes in 0.10.30:
      fix validation of database_name if custom-database-name feature is enabled fix allowed-phpconfigs check in SubDomains.add() and SubDomains.update() adjust debian 11 config templates, fixes #982 don't remove 0-value parameter values from bulk-actions add possibility to assign new/edited php-config to all customer accounts; fixes #980 add complete list of nameserver-ips and given axfr-servers to allow-axfr-ips list for PowerDNS; fixes #985 fix api documentation for Domains.add() and Domains.update(); fixes #987 soften/correct permissions on pdns configs; fixes #991 check whether the domain to clean from pdns actually still exists there; fixes #992 avoid possible DivisionByZeroError in APCu info page, fixes #995  
      Download: 0.10.30 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      this release integrates a few security improvements that have been reported to us regarding the session settings, session id and possible url manipulation. Additionally, thanks to the guys from INWX, support for mysql-tls settings have been integrated in the installation-process and the system. Thanks again for the contribution.
      Changes in 0.10.29:
      set php session security related settings (httponly and secure flag) secure commonly used filename-variable against url manipulation generate unpredictable unique session ids fix session for 2fa enabled logins integrate the new czech language file; refs #976 possibility to decide whether target database should be dropped after backup when installing adds mysql tls support, refs #979 Changes in 0.10.29.1:
      fix fresh installation (database exist check)
        Download: 0.10.29.1 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      this release brings the ability to allow customers to set custom names when creating a database. Just set DBNAME as SQL prefix in the account settings. The DNS of a domain is now validated on creation and update if Let's Encrypt is enabled to ensure the domain resolves to one of the server's (and selected!) IP addresses to prevent failure when generating certificates. Additionally to the new logo upload possibility introduced in 0.10.27 we've re-enabled the overwriting of theme-logo's using the logo_custom.png and logo_custom_login.png files and also introduce new settings to control whether this is wanted or not (see panel settings, right above the logo upload).
      Changes in 0.10.28:
      added new sql-prefix mode DBNAME in order to allow custom database names; fixes #672 correct heredoc indentation in AcmeSh for php-7.1 - php-7.3; fixes #957 fixed Minimum and Expired SOA-Records according to RFC; see #959 have more power over theme logo, custom theme logo and uploaded logo; fixes #958 added option to disable creation of default subdomain; fixes #960 added/updated czech language file; see #870 added Buypass to the list of ACME providers; see #968 add setting for a custom system group for all customer-users (requires libnss-extrausers); fixes #953 check dns for lets encrypt when adding/editing domains and via cron; fixes #971  
      Download: 0.10.28 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      in this release, we start to support the new Debian Bullseye (11) distribution (including packages via deb.froxlor.org). We have also added the ZeroSSL endpoint as an alternative to Let's Encrypt, you can read more about ZeroSSL here: https://zerossl.com/letsencrypt-alternative/. It is now also possible to customize the login and header logo from within the panel-settings. For users that are currently using the custom_logo.png file to override it - the updater will convert it for you.
      Changes in 0.10.27:
      added a default robots.txt to avoid indexing by search-engines add setting for default serveralias value for new domains prefer custom zone entries over automatically created ones when system.dns_createmailentry is enabled; fixes #944 support ZeroSSL via acme.sh (v3); fixes #946 allow defining php_value/php_admin_value for session.save_path when using php-fpm; fixes #954 possibility to upload custom header/login logo, refs #948 possibility to specify custom css; refs #949 bump phpmailer/phpmailer from 6.4.1 to 6.5.0 support for Debian Jessie has been dropped  
      Download: 0.10.27 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
×
×
  • Create New...