d00p Posted January 8 Share Posted January 8 Dear froxlor community, we are excited to announce the release of froxlor 2.0! This release includes several improvements and new features, which we have summarized below for you: Redesigned UI: The appearance of the user interface has been completely modernized. The redesigned froxlor is now even more user-friendly, efficient and customizable. We've added a global search for general data as well as for searching functions and configuration options. Custom column selection for listings has been added. And of course, it's all 100% responsive. Revamped installation routine: The froxlor installation has been improved in many ways it is now easier, faster than ever and looks better. Now you can activate SSL and PHP-FPM from within the installation process and start using froxlor in minutes. Improved security features: With expanded and enhanced security features like modern password hashing-algorithms we have made froxlor a better place for your data. On top of that, the code has been completely reviewed and restructured to make security fixes easier, CSFR-tokens on forms have been implemented to make Cross Site transactions more secure, and much more. CLI tool: With the new froxlor CLI tool, you can now use froxlor via the command line – great for automation! For example, complete the installation process, check and run updates, (re)configure services and more. Changes in 2.0: New features: [API] new MysqlServer Command to allow multiple MySQL servers to be used by customers [API] optional requests via api.php?/module/function/ [UI] Global-search [UI] Customize visibility of table-columns [CLI] new bin/froxlor-cli tool (installer, updater, helper scripts and cron) [Distros] added Debian Bookworm (12)* and Ubuntu 22.04 (Jammy Jellyfish) Breaking changes: PHP-7.4+ and php-gmp extension are now required [API] auth via HTTP-Auth, old format with apikey/secret in the request is no longer possible [UI] auto-update must be enabled explicitly in lib/config.inc.php [Config] proftpd needs to be re-configured (or simply add `OpenSSL` to `SQLAuthTypes` in `/etc/proftpd/sql.conf`) [Config] dovecot needs to be re-configured (or simply comment out `default_pass_scheme ...` in `/etc/dovecot/dovecot-sql.conf.ext`) [Distros] removed Debian Stretch / Ubuntu Xenial and CentOS [APT package] default installation path is now /var/www/html/froxlor. If you are updating, your froxlor installation will be moved there from /var/www/froxlor! Changes in minor releases: 2.0.10 security release enforce password requirements set in settings for directory-protection [CWE-521: Weak Password Requirements] add missing use statement for error-reporting to include the dbms version [CWE-391: Unchecked Error Condition] validate existence of language in admin-templates [CWE-840: Business Logic Errors] verify cronjob interval is one of the fixed available values [CWE-96: Static Code Injection] fix possible privilege escalation from customer to root when specifying custom error documents in directory-options [CWE-94: Code Injection] 2.0.11 security / bugfix release add new email-domain-overview for better overview of multiple email-domains/addresses fix let's encrypt dns validation check backup possible remote-db-server databases in backup-cron check for existing fields when setting/updating tablelisting-columns [CWE-352: Cross-Site Request Forgery (CSRF)] corrected validation of import-settings data to avoid injecting malicious content [CWE-94: Code Injection] 2.0.12 bugfix release fix wrong function-defintion/call in Nginx cron fix setting/resetting table-column preferences 2.0.13 maintenance release keep search-fields/text in pagination links of displaying a search-result specify clearly which tls settings are being overwritten/ignored depending on the 'Override system TLS settings' flag when adding/updating Domains type-safe comparsion of md5-compatibility hash-validation [CWE-305: Authentication Bypass by Primary Weakness] fix email-domain navigation and descriptions update dependencies 2.0.14/2.0.15 maintenance release use correct parameter in PowerDNS::cleanDomainZone(), fixes #1104 add 'Passing HTTP AUTH BASIC' header option when using FCGID require php-gd extension for better/secure validating uploaded images add Spanish language (#1105) avoid socket length limitations leading to cut-off/invalid filename for very long domain and/or loginnames, fixes #1108 corrected checkLocalGroup() validation if setting did not change, fixes #1111 open newsfeed-links in a new tab, fixes #1112 fix incorrect indexed array sorting in case of FTP-domain-usernames; fixes #1114 add certificate metadata to db table to allow filter/sort of 'Issuer', 'Valid from' and 'Valid until' properties correctly retriggered certificate issue on froxlor-vhost alias-domain changes, fixes #1115 2.0.19 maintenance release don't run cron tasks if requirements return non-success; fixes #1122 respect no-try_files setting also in protected directories put php-fpm directives in Directory-directive in apache2; fixes #1120 strictly check whether field to select is the id or the email-address b/c is cases of email-addresses starting with a digit this is somehow used as value for the id field and return the wrong entity fix adding mysql-server to customers without any prior assigned mysql-server, fixes #1123 fix issues with displaying set value if path-mode is 'dropdown' trigger rebuild of config files after changing only ip-settings in domains add copy-system-details-to-clipboard button on admin dashboard; fixes #1126 Allow admins to edit openbasedir_path for domains (#1125) set default value of 'openbasedir_path' to 0 in SubDomain.add() like we do in Domains.add() set default value for email_quota to settings-default in EmailAccounts.add(); fixes #1132 Disable autocomplete on 2FA input element (#1133) introduce http-request rate-limit 2.0.20 maintenance release Fix typo in English privileged_passwd by @n-thumann in #1136 Fix IPv6 address in cookie domain by @n-thumann in #1137 Add same loginfail restrictions for entering 2fa code as for user/pwd login Remove superfluous try_files in nginx config if php-backend (non-fastcgi) is used Fix missing idna encode adding/editing email-account/email-forwarder Secure filename of local-archive in webupdate Show 0 value of resource-fields if value is empty, fixes #1149 Re-enable fcgid/php-fpm activation-validate-check See also our Migration Guide for more information. We hope you enjoy froxlor 2.0 and look forward to your feedback. Download: 2.0 | website Documentation at https://docs.froxlor.org/. Visit https://www.froxlor.org and join our Discord channel (https://discord.froxlor.org) for support, help, participation or just to chat Thank you, the froxlor team * Debian 12 is not yet released and should be considered unstable. Froxlor will fully support Debian Bookworm after its release. 1 Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now