Tags

[UI] custom times generate warning in Task Scheduler
[UI] show matching search meta in Nexus
[UI] typo in Code Frameworks, setting global interpreter with goenv/rbenv

[admin] collect() helper function, generate account list of requested service parameters
[SSL] include webmail subdomains

[Migration] attempt in-situ extraction using ustar format, fallback to POSIX.1-2001 when file exceeds system memory or ustar restrictions.
[Migration] workaround for cPanel server migration or username change in which home field in passwd retains prior homedir marker

[Scopes] system.sshd-pubkey-only sets public-key only authentication
[Scopes] fs.tmp-mount sets /tmp properties
[Web Apps] learning mode bestows permissions to app root owner on new directories
[Migration] use pigz when available
[Migration] fix large cPanel imports
[Task Scheduler] fix tasks with tabbed time-spec cannot be deleted
[DNS] changing providers populates zones on new provider

[Summary] BUGFIX retrieving apps by ID treated as string
[PHP] disable opcache_invalidate() usage. Restricted by opcache.restrict_api setting, which generates a warning that may not be correctly handled.
[ssh] backport keyboard-interactive toggle (sshd_pubkey_only setting)

[Opcenter] create server affinity record on import
[Mail] cleanup majordomo method errors if mail provider not builtin
[Passenger] set default app timeout
[Summary] apps conditionally linked to based upon availability

[Opcenter] cPanel Migrations
[DNS] imported resources determined by target DNS provider RRs
[DNS] compatibility with cPanel exported zones which ignore class in AXFR

[Opcenter] always lowercase domain
[Opcenter] in-place account wipe/creation reuses previous credentials on first call to aliases:synchronize-changes()
[Wordpress] link WP-CLI to /usr/bin/wp-cli
[Migration] cPanel migration updates

[Migration] cPanel import facility preview
[UI] remove e-mail options when mail driver is null or disabled
[DNS] correct addon domain DNS provisioning when dns,enabled=1 toggled
[Wordpress] validate wp-cli consistency on update
[MySQL] user update ignores .my.cnf update

[security] AP-01-AP-07 vulernability fixes
[file] symlink usage disables optimized shadow assertions. Use referent in permission calculations to close symlink attack loophole.
[dns] domain_hosted() uses cp-proxy endpoint to perform additional checks in multi-server setups
[filesystem] fuser support
[backups] backup_dbs.php does not evaluate the state of file prior to processing backup. An attacker can use a symlink attack to gain ownership of sensitive files
[SSL Certificates] revert CSR generation

[UI] permit session switch on all apps
[UI] disable MIME sniffing
[DNS] disabling DNS no longer removes key, provider setting from service
[DNS] move DNS zone depopulation to end of service depopulate() call. Removes false positive on missing zone.
[Bootstrapper] addin skipped when role type is directory
[Billing] [billing] => demo_invoice, any account attached this invoice will be a demo account
[Webmail] fix access without SSO uses shortcut
[Webapps] remove conflicting htaccess directives (FollowSymLinks, Includes) from .htaccess

[Bootstrapper] correct addin logic with modules/roles/tasks
[Dashboard] Google Analytics bounding

[Bootstrapper] addin facility modules
[Magento] sanitize db credential import on 2.x
[Cloudflare] non-standard TTL breaks atomic update
[UI] potential CSRF IP disclosure on password reset request

[apnscpd] doubly including a recursive anonymous function during IDE helper generation can generate a segfault under certain conditions
[Scopes] immediately change /etc/sysconfig/apnscp on update policy

[cron] platform integrity check clobbered by cron.daily runs
[Web Apps] standardize treatment of version lock policy 'none'
[MySQL] export, truncate, empty database operations require temporary elevation to fetch root password
[Nexus] add first-run placeholder, account filter
[Opcenter] misc:cp-version follows semantic versioning now, include "dirty" flag if tracked files changed
[Backend] db.yaml, auth.yaml, and config.ini automatically import constants
[DNS] DigitalOcean, Linode, CloudFlare module updates
[CloudFlare] new jumpstart parameter to clone public records
[Templates] Blades may be overriden on view-by-view basis

[CLI] disable automatic parsing of passwords as array if [] present, correct parsing of keyed complex service values
[admin] get_plan accepts null parameter to use system default
[license] network-restricted licensing

[UI] CSRF support
[SOAP] fatal exceptions generate SoapFault
[admin] hijack() now supports gated authentication for example instantiate UI login via SOAP for SSO
[admin] get_plan(), list_plans(), get_service_info() plan helpers
[mlist] hide Majordomo if mlist disabled (issue #17)

[fail2ban] periodic database vacuuming
[rampart] improve ssh filtering, remediate abusive clients that disconnect prior to sending authentication
[bootstrapper] Remove MariaDB 5.5 support, add systemd service for MariaDB 10.0
[clamd] default setting to disable on machines < 3 GB

[rampart] CIDRs incorrect validated as IP
[apnscp] decouple strict MySQL/PostgreSQL dependency. Resolves integrity check abruptly terminating on MariaDB restart.

[apache] correct restart in failed/inactive state
[playbooks] missing addin hooks
[API Keys] fix comment rename