Tags

NEW:
[Bootstrapper] kernel_automated_reboot controls unassisted reboots after kernel upgrade.
[Opcenter] Internal/reserved IPv4/IPv6 address sensibility checks for CloudFlare, Delegated Whitelist.
[pgsql] change_owner(), get_owner()- manage database ownership in PostgreSQL.
[telemetry] telemetry is now enabled by default. See Metrics.md.
[WordPress] "Manage Packages" feature now available in Web Apps. Functions as a backdoor to disable plugins/themes in an inconsistent state, as well as manage update settings. skip_asset(), unskip_asset(), asset_summary() API methods added to facilitate.

FIXED:
[Bootstrapper] various idempotency fixes. UEFI support.
[DataStream] multi-mode reports failed commands.
[Logrotate] btmp never rotated out on weekly basis due to unmatchable regex.
[MySQL] 10.4 mysql.user field fixes.
[Net] hairpin check defaults to gateway address if not previously configured as with a namebased hosting.
[Opcenter] ssh,port_index does not initialize when ssh,enabled is flipped on during an edit.
[WordPress] numerous fixes to updating third-party/commercial plugins.

CHANGED:
[DNS] Parented zones now use the parent zone instead of creating a separate zone. A parented zone is one in which the parent and child reside on the same account. If a child is created as a new domain, then a separate zone will be created or in the case of CloudFlare, fail.
[Migrations] remediation improvements, ".boxtrapper" handling, detect previously relocated subpaths.
[upcp] drop privileges on git usage.
[Web Apps] Joomla!, Laravel, Drupal, Ghost, and WordPress produce additional debugging information when debug mode is enabled (see DEBUGGING.md).

REMOVED:
[aliases] change_domain() no longer requires the domain to not be listed in aliases,aliases.
[PHP] Remove mod_php from non-low-memory servers.

[admin] collect() can filter on "active" field (true/false) to select accounts that are active or suspended.
[Any-version] account admin may now update shims.
[Argos] validate relay password.
[Bootstrapper] ~2 minute performance bump by refactoring mail/configure-postfix role.
[Bootstrapper] tolerate really weird kernel configurations.
[Bootstrapper] various idempotency fixes.
[ClamAV] remove packages on disablement.
[Cloudflare] proxy only permitted records. Improve error message reporting during CF outage.
[Dovecot] block learning in stressed environments.
[file] reset_path()- when user is empty string, it defaults to current user. "null" still bypasses reset.
[FST] remove rm -rf sudo helper. Conflicts with moving essential services, such as PHP-FPM, to /.socket. May be enabled via [ssh] => sudo_support.
[helpers.sh] su VIRTUSER accepts all normal arguments.
[Letsencrypt] loquacious nameservers may stuff a TXT record beyond what is necessary during ACME challenge resulting in a pause up to the timeout interval.
[Letsencrypt] retry IP check for slow DNS servers.
[Mail] remove "postfix" user when mail is disabled on an account effectively disabling sendmail usage.
[Migrations] Fix condition in which SSL certificates do not activate without second EditDomain post-migration.
[Migrations] limit remediation suggestion to 32 characters per system limitation.
[Migrations] server-to-server migrations, domain suspension may be postponed with --no-suspend flag.
[Monit] scramble default password.
[MySQL] users may contain a period in their username.
[Nexus] IPv6 addresses with numeric leading hextet are incorrectly parsed as an array index.
[Opcenter] add sanity checks to prefix presence before discarding MySQL/PostgreSQL databases.
[Opcenter] correct condition in which promoting an alias to primary domain without explicitly removing the domain from aliases,aliases causes duplicate key on address rename.
[PHP] migrating from non-jail to jail also migrates directives from .htaccess. Controlled via [httpd] => fpm_migration.
[phpMyAdmin, phpPgAdmin] correct condition in which SSO fails if behind CloudFlare.
[phpMyAdmin, phpPgAdmin] updating a password may now optionally reset the password to the specified value.
[Postfix] /etc/postfix/master.d allows for per-site overrides (see Customizing.md).
[Rampart] malware jail, integrates into mod_security/ClamAV filtering.
[Rampart] non-essential logs are tailed on startup thus improving startup time.
[Storage Tracker] correct rendering as Picasso painting.
[Task Scheduler] MAILTO supported.
[Telemetry] range() accepts a negative $begin to look behind n seconds.
[Telemetry] fix condition in which compressed metrics block deletion of a site.
[UI] filters support ESC/ENTER hotkeys.
[UI] update default placeholder.
[WordPress] db_config()- workaround for segfaults if the output buffer fills during database inquiry.
[WordPress] enable debug mode in WP-CLI when ApisCP debugging enabled.
[WordPress] fix condition in lower versions with patch are preferred to those without.

[Bootstrapper] correct condition that would cause Mitogen to fail an assertion check

[Scopes] mysql.remote-access, pgsql.remote-access, ftp.insecure-ssl scopes added
[Telemetry] JIT metric support, Rampart logging
[Opcenter] improve quota fetch throughput, partition enumeration on large (> 500) installs
[PHP] add webp support
[PHP] prevent loading pool for opcache statistics if ActiveState is deactivated
[phpMyAdmin] 4.9+ SSO fixes
[Error Reporter] all unhandled exceptions set exit code 255
[DNS] zone validation wait threshold now configurable via [dns] => validation_wait
[cgroups] add "io" service limit, a 24-hour combined storage bandwidth limit
[Apache] VirtualHost prioritization (see Apache.md)
[admin] get_usage() reports cgroup data. Cache behavior controlled via [cgroup] => prefetch_ttl, usage controlled by show_usage option

[SECURITY] restrict wheel su to MINUID, 1000 on RHEL7+. Restricted daemons expose sockets into virtual filesystem that would allow primary account user, also in wheel, to masquerade as these services potentially injecting arbitrary commands into its socket
[Scopes] GUI now available
[Nexus] display storage, bandwidth utilization. Optional inode utilization support (configure in Account > Settings)
[File Manager] use fixed-width font in editor
[Opcenter] promoting an addon domain to primary is now atomic. Prior to, doing so first required dropping the domain and thus deleting email addresses associated with the addon domain before it could be promoted to primary.
[Auth] Clients that successfully reset their password via login portal and when [auth] => update_restrictions_on_reset is set, if IP login restrictions are present the IP address that successfully resets password will be added to the IP restriction list.
[Dovecot] hibernation now enabled by default. Each IMAP mailbox spawns a separate process, approximately 5-10 MB per. Hibernation freezes these per-mailbox listeners into a single process and thaws into a new process when activity is received on the inbox.
[Migrations] permit numeric email addresses when conflict strategy is "namespaced"
[admin] API command get_usage($type, array $sites) allows usage retrieval for storage or bandwidth of all or a subset of sites

[Layout] search widget
[Scopes] mail.insecure-ssl helper, revert TLSv1.0/TLSv1.1 support. apache.buffered-logs, control buffering of log files. scopes:list() now accepts filter. l() and i() aliased to list()/info()
[Opcenter] siteinfo,domain and aliases,aliases are now an atomic operation. Prior to switching values in Nexus the primary domain would get dropped during a swap resulting in an inconsistent state. Mail transports are now preserved as well.
[Letsencrypt] DNS validation wait period may now be tuned via [letsencrypt] => dns_validation_wait. renew() exposed to admin to renew server certificate.
[SSO] Parent to subordinate SSO fails due to routing changes
[Subdomains] folder browser on subdomain change

[FLARE] Downgrade Monit 5.26 => 5.25 amid PostgreSQL false positives.
[WordPress] set custom rewrite structure on new installs.
[telemetry] new module. Provides information on a variety of monitored attributes. Must be enabled via "cpcmd scope:set cp.config telemetry enabled"

[upcp] Correct condition in which a dirty tree on non-edge update policies would result in an infinite update loop
[Error] Unhandled frontend exceptions now expose the stack when panel is in debug mode
[Dashboard] Integrate Rampart widget into Admin panel
[Template] Laravel Route integration
[MySQL] connections operate natively in utf8mb4
[Scopes] apache.insecure-ssl added. Enable support for insecure TLS v1.0/v1.1 usage.
[Site Optimizer] Pagespeed integration. Optimize a variety of rendering problem areas on websites.
[Migrations] cPanel improvements: deduplicate mailboxes, extract PostgreSQL backups, relocating a document root clobbers itself if source and dest are the same as with subdomains.
[DAPHNIE] MySQL, PHP statistics collection. CPU usage now reported in centisecs.
[cgroup] Implement delta counting for CPU controllers. get_usage("cpu") now reports accurate 24 hour usage.
[rampart] bans_since() API call. Returns ban tally between bracketed time. get_jail_entries() now accepts explicit "null" to return all entries in all tracked jails.
[pgsql] import() supports reading backups from compressed pg_restore invocations
[Cloudflare] Module update, zone deletion. Improve API token validation.

[Let's Encrypt] rewrite solver logic to try best available solver (HTTP, DNS) depending upon inference
[DAPHNIE] Metric compression, optional elision of repeated data via [telemetry] tuneable. PostgreSQL uses a modest cap on optimization. Tuning may be controlled via [telemetry] => memory_consumption
[Let's Encrypt] append() now prevents repeated requests for the same certificate set
[Bootstrapper] delay job notice until Bootstrapper has exited. Prevent false reports when panel restarts in a task
[ClamAV] update package naming as of 0.101.5

[UI] Update "apnscp" theme. Convert DNS zone into combobox. Update layout to native feel.
[SSL] Catch rate-limiting errors during Let's Encrypt challenge.
[aliases] Fix condition in which detaching an addon domain produces a duplicate effect once configuration is synchronized.
[Scripts] mapCheck performs orphan domain check.
[Scopes] apache.evasive may now set "enabled" flag.
[PHP] Remove sysvsem module from PHP-FPM. A variety of race conditions have been encountered without common origin. Running `cpcmd scope:set cp.bootstrapper php_build_flags ""` restores the old build behavior.
[Opcenter] applying a plan type via siteinfo,plans= sets the system default in account metadata

[Docs] new layout, new site - https://docs.apiscp.com
[Migrations] prefer "documentroot" value from cPanel backup metadata instead of /var/www/<DOMAIN>
[cpcmd] errors/warnings use stderr
[Mailing Lists] correct pathing in /etc/majordomo.cf
[License] dev-only licenses. Free license class identical to a Pro license with the exception only .test TLDs may be hosted
[web] add_subdomain(), remove_subdomain() support alternative fallthrough subdomain naming scheme "*.domain.com"

[DNS] cache invalidation throws unhandled exception when a hostname has children
[CP] change Apache mutex to posixsem
[MySQL] fix issue where advanced permissions formatted as plain-text
[Bootstrapper] apache.php-version will always force a rebuild of PHP
[phpMyAdmin] fallback to account password, if available, when SSO'ing into phpMyAdmin. cPanel migrations share account and database password, which for security, shall not be stored in ~/.my.cnf
[Synchronizer] set a reasonable ceiling for TimescaleDB memory usage. Previous ceiling was server memory that slowly grows over time.

[PHP] zip compile flag changed from --enable-zip to --with-zip in PHP 7.4. Correct type check that prevented apache.php-version from changing version in major or major.minor versions
[cpcmd] Restore -l, --list-commands usage

[UI] theme components namespaced into "theme::" namespace. @extends("layout") now becomes @extends("theme::layout"). Modal converted into component, @modal
[Web Apps] snapshot reversion applies correct commit value. Blocking database export cleared prior to snapshot
[Quota] an over-quota user would generate a fatal error during site:get-account-quota call
[File Manager] "New" actions now work as expected in Firefox
[UI] Laravel router support. See "template" app for sample usage
[Debug] exception types now prefixed to unhandled exception messages
[Core] deduplicate account metadata. Jobs require ~2.3x less storage
[UI] bump jQuery to 3.4.1

[Web Apps] snapshot support
[Bootstrapper] apply Ansible #65136 fix to templated aliases
[Process] processes spawned from backend incorrectly report 0 exit status in non-zero conditions
[Migration] mailman, path relocation support
[apnscpd] DEBUG environment controls backend debugging. Previously frontend/cpcmd relied on "DEBUG" and backend used "DEVELOPMENT". env DEBUG=1 ./apnscpd -f restart restarts panel in foreground with debugging.

[NaiveCrypt] resolve case in which certain initialization vectors may be improperly parsed as bogus UTF-8 during serialization

[Telemetry] apply extension upgrade on package update. Reapply optimizations as well. [telemetry]unless [telemetry] => autotune is disabled.
[multiPHP] resolve various edge cases
[Web Apps] prefer stable releases. Backport MaxMind CCPA compliance changes
[PowerDNS] fix Bootstrapper failure when enabled and firewalld disabled
[sysctl] raise fs.inotify.max_user_instances. A high count of crond processes create an excessive number of watchers
[auth] set_temp_password() fails to reapply previous password
[PowerDNS] module update. Do not follow API redirections.
[apnscpd] truncate logfile if size exceeds RLIMIT_FSIZE
[PHP-FPM] DOCUMENT_ROOT no longer reflects unjailed path
[admin] edit_site(), add_site(), delete_site()- support flags (--since=now --force is '[since:now,force:true]', -n --reset '[n:true,reset:true]', etc)
[EditDomain] -c siteinfo,plan=NEWPLAN without --reset applies plan differences retaining any overrides. Plan switch with --reset resets all modified values - except lists such as aliases,aliases - with the plan settings. --backup backs up metadata prior to edit.
[Migrations] various improvements to cPanel migrations. Apply secondary migration check on invalid home locations for email. Import SquirrelMail when --unsafe-sources provided. Convert incompatible responders to local delivery. Apply o+x on all document roots to allow initial reading.

[multiPHP] extension directory may incorrectly pickup ApisCP extensions
[Rampart] fail2ban prefix overwritten
[Databases] clone() copies MySQL, PostgreSQL databases
[Auth] forward Cloudflare IP
[Discourse] disable mini profiler

[PHP] Remi + native multiPHP builds. Remi is simpler package-based at the cost of performance. Native builds have similar throughput to system PHP version (+10-15% over Remi) at the added cost of compilation. apache.php-multi Scope facilitates native builds. See PHP-FPM.md in release documentation.
[PHP] correct PHP 7.4 configuration flag for GD
[SpamAssassin] add X-Envelope-From header for SPF/DKIM checks which occur after SRS rewrite
[CLI] errors always report to STDERR
[Scopes] info() includes default Scope value
[License] add support for network restrictions, domain limits

[Scopes] system.kernel sets kernel type (system, stable, experimental)
[Branding] rename APNSCP to ApisCP
[mysql] recover-innodb-from-disk(), given a directory import all data files (.ibd) for which database lacks but has .frm
[CLI] EditDomain new flags: --all applies edit operation to all sites, previous "--all" flag (edit all services) renamed to "--reconfig". --dry-run shows proposed changes. --reset resets the account to plan defaults.
[Scopes] apache.ports sets HTTP/HTTPS ports for Apache to facilitate placing other services upstream. A non-SSL instance must always be active.
[PowerDNS] update module, add "native" support (lithiumhosting/apnscp-powerdns@6ba5681)
[CloudFlare] update module, trim certain RRs in accordance with API formatting. URI formatting (apisnetworks/apnscp-dns-cloudflare@65132b3)
[AWS] update module, fix condition where an empty RR set on modificaiton fails (apisnetworks/apnscp-dns-aws@6b99a0f)
[Laravel] fix installer version reference, misc installation bugs
[Web Apps] update look and feel
[CLI] YAML_INLINE environment var controls folding depth (default: 2)
[PHP-FPM] correct cyclic socket dependency
[Debugging] add documentation. common:purge-preferences() deletes user prefs in debug. misc:debug-session() enables debugging for named session
[misc] jobify() enqueues an API command as a job. Optional third argument binds to a Site Administrator role, which could be possible to call pman_run() as a secondary user
[artisan] opcenter:plan accepts --base and -c svc,var=val flags to optionally derive from an existing plan and service overrides
[Scopes] apache.strict-directives controls how Apache treats unrecognized directives - 550 (default, strict enabled) or ignores (strict disabled)
[Web Apps] installer errors do not bubble up in try/catch if ER messages upconverted to exceptions