Tags

FIXED:
[Backups] "snapshot" in database causes infinite loop on purge
[Dashboard] Rampart unban throws post is not defined error
[email] modify_mailbox()- address change adssumes "root" user

SECURITY:
[MySQL] UMASK= unconventionally applied as an additive mask instead of subtractive. UMASK=0077 appends these permissions instead of stripping g-rwx,o-rwx to data files exposing potentially confidential data to secondary users within the account.

NEW:
[Web Apps] Update Assurance. Post-update hook that monitors for deviations in update page size and rolls back automatically if encountered. Parameter threshold may be configured via [webapps] => assurance_drift.
[letsencrypt] solve()- complete pending challenges from challenges(). See SSL.md for examples.
[Cronus] variable interval job scheduling.
[Ruby, Node] lazy-load support for nvm/rbenv helpers. Prior, having both present could impart a 1-2s lag on shell initialization. Add LAZY_LOAD_XXX=1 in .bashrc to control this behavior. See Ruby.md.
[argos] Dashboard integration, monitoring API.
[email] user_mailboxes()- get a list of mailboxes affiliated with the named user.
[git] head()- show repo HEAD commit.

FIXED:
[Opcenter] a failure in an edit chain causes subsequent domain edits to fail.
[Subdomains] editing a subdomain defaults ownership to first user.
[Error Reporter] broken session deserialization blocks backtrace reports.
[PostgreSQL] editing user via EditDomain applies the wrong password to .pgpass.
[Vacation Responder] always set vacation message, which when setting vacation for secondary user for first time did not populate the message resulting in spurious "File not found" errors.
[MySQL] privileged password cannot be discovered when seteuid, such as with job runner.
[Bootstrapper] dnf i18n idempotency checks.
[Kernel] rebuild grub2.cfg on kernel change.

CHANGED:
[Screenshots] batch runs in hourly intervals. Cleanup chromium work directories.
[Subdomains, Addon Domains] enqueue docroot changes.
[Spam Filter] renamed from SpamAssassin Configuration Wizard. Add support for deliver threshold.
[argos] disambiguate existing config* API methods to config_relay.
[Core] misc:debug-session hooks into request lifecycle earlier - immediately following session initialization.
[Web Apps] deduplicate several preflight checks into Webapps::parseInstallOptions().
[Vacation Responder] clarify "no duplicates" option. Show affected email addresses when enabling vacation mode.
[git] add()- ignore files that cannot be added due to permissions if no fileset specified.'
[License] -f/--force flag overrides panel's best effort not to replace a perfectly fine license.

SECURITY:
Move .php denial to accounts specifically configured without apache,jail=0. Prior, it would be possible to side-step authorization policy if the request URI were a .php resource with .php explicitly appended. All other related resources would continue to be blocked as normal. A corresponding httpd-2.4.43-3 package has been released in coordination.

NEW:
[Core] API callbacks. See Hooks.md.

FIXED:
[Database] appldb incorrectly owned by "root", which during image packaging via clean.sh, prevented root from being dropped.
[SSL Certificates] domain sorting.
[Yum] package solving kicks out nightly package updates from added third-party deps with PostgreSQL.
[apnscpFunctionInterceptor] session context inherited from global context.
[Opcenter] propagate bandwidth changes when unit changes independent of threshold.
[HTTP] IPv6 fixes during self-referential reachability checks.
[rspamd] MX checks. Firewall rules do not inspect supplementary groups until iptables 1.8.4.
[.htaccess Manager] various maladies.
[Chromedriver] certain call pathways could persist chromedriver binary longer than necessary.
[dns] nested parented domains.
[Drupal] various installation blockers

CHANGED:
[system/limits] PAM-imposed limits configurable via limit_<NAME>_<TYPE> where name is the resource imposition and type hard or soft.
[PHP Pools] PHP5.6 compatibility during PHP-FPM interrogation.
[Let's Encrypt] report pruned SSL hostnames to account holder during issuance.
[Let's Encrypt] transient requests may be debugged from command-line using env DEBUG=1.
[Screenshots] interface extracted into general-purpose template in master::partials.shared.wa-screenshot.
[discourse] report debugging information directly when invoked from command-line with env DEBUG=1.

REMOVED:
[FST] go packages obviated by goenv

NEW:
[Bootstrapper] "has_dns_only" build option installs a lightweight ApisCP for use with DNS-only.
[Dashboard] show ban reason, corresponding API command rampart:get-reason().
[DNS] $hostname available in DNS templates as a composition of $subdomain + $zone.
[DNS Manager] show DNS zone information in Toolbox.
[Mail] MXRoute provider (see docs.apiscp.com/admin/mail/Mxroute/).
[Process] unshare support. Namespace resources (files, PIDs, UIDs, network) prior to running a process.
[Scopes] cp.screenshots - enable screenshot support; cp.whitelist-login - always permit CP login (see SECURITY.md for Anvil).
[stats] vmstat()- report virtual memory statistics.
[UI] rspamd app now available for admins.
[Web Apps] learning mode duration.
[Web Apps] screenshot support. Enabled automatically if has_low_memory wasn't set at install time. May be manually enabled using the cp.screenshots Scope. web:inventory-capture() performs an en masse screenshot acquitisition.

FIXED:
[Dev] prune unreachable methods during intellisense stub generation.
[file] recursive chown repeatedly calls fsmount for each directory chown'd
[Import] accept mailman list names with underscores.
[PHP] PHP-FPM cache inspection could leave behind its inspection script in certain conditions.
[PHP] webp support for PHP 7.4.
[Process] argument decomposition incorrectly handles nested quotes.
[Opcenter] "True"/"False" parsed as literals.
[Scopes] cp.config automatic postback ignores numeric input types.
[Virtualhosting] binding additional IPs before nm readies drops the active interface from nm's control. Relocate virtualhosting.service until after network-online.target to ensure nm has completed upstream acquisition. ISO/IEC 9899:2011 workaround for last IP in multihomed environment.

CHANGED:
[admin] admin:collect() now supports invoice selection. Works with both primary and subordinate accounts (billing,invoice/billing,parent_invoice).
[billing] implement billing:get-package-type().
[Bootstrapper] improved CentOS 8+ support.
[build] Always drop privileges using git. If root privileges are required for git hooks, set "apnscp_build_helper" in Bootstrapper with a custom build script. set-repo-user.sh in build/ may be used to update remote credentials to the effective username if previously supplied credentials assumed "root".
[cgroup] get-usage() CPU cumulative usage refers to 24 hours, previously 240 hours. Add cumsystem, cumuser that refer to cumulative usage since uptime. system/user fields refer to same value over 24 hour window.
[DNS] get-records() accepts "null" as subdomain to list all records.
[Firewall] change 25/TCP restriction from "postfix" gid to more generic, "mail" gid. Allows rspamd to perform MX checks as well.
[Import] detect corrupted HOME paths from backup source.
[MySQL] database renames apply correct DDL statements.
[MySQL Manager] display database size charged on disk.
[PHP] imagick enabled by default. Simplify multiPHP extension builds + configuration (see PHP-FPM.md).
[PHP] detach pool .service binding from php-fpm such that pools have two-way binding to named .socket and propagated action through group or "php-fpm" master service. Requires `EditDomain --reconfig --all` to appyl retroactively.
[PHP] Relocate composer referent to /usr/share/pear/composer.phar, inline with wp-cli and other PHP utilities.
[Postfix] simplify SMTPS/ESMTP mode settings (see SMTP.md). Always encrypt smarthost transmission set via mail.smart-host. Prior to, encryption was opportunistic.
[Process] suid/sgid options no longer wrap the command in /bin/sh. "Fork" process types may accept open/close callbacks.
[watch] lockdown()- support web user ("apache") as a target user after learning mode completes.
[Web Apps] perform validity check before updating web apps. Prevents potential loop on updating a ghosted web app.
[wordpress] purge WP-CLI cache periodically. Recovery mode resets theme to twentyXXX.

REMOVED:
[dns] check-zone() authoritative_ns requirement. Intended for use internally with BIND. Still used for PTR checks in IpCommon\ip_allocated() for now.

NEW:
[Core] CentOS/RHEL 8 support.
[PHP] track sending scripts via mail.add_x_header=1.
[rampart] get_reason(): show ban reason for IP.

FIXED:
[Bootstrapper] aggressive substitution rule removes vendor-specific kernel parameters on XFS servers.
[DNS Manager] Remove branding from DNS Manager (issue #32)
[Dovecot] indexing cannot connect to indexer service due to visibility.
[PHP] libphpX.so never stripped from httpd.conf.
[Web Apps] email option always overrode with common:get_email() value.
[WordPress] skiplist does not trigger per-asset updates.

CHANGED:
[dns] add_record_conditionally()- A and AAAA records honor CNAME presence.
[Net] improve remote IP detection resiliency.
[Postfix] reduce message size to 100 MB.

NEW:
[Bootstrapper] kernel_automated_reboot controls unassisted reboots after kernel upgrade.
[Opcenter] Internal/reserved IPv4/IPv6 address sensibility checks for CloudFlare, Delegated Whitelist.
[pgsql] change_owner(), get_owner()- manage database ownership in PostgreSQL.
[telemetry] telemetry is now enabled by default. See Metrics.md.
[WordPress] "Manage Packages" feature now available in Web Apps. Functions as a backdoor to disable plugins/themes in an inconsistent state, as well as manage update settings. skip_asset(), unskip_asset(), asset_summary() API methods added to facilitate.

FIXED:
[Bootstrapper] various idempotency fixes. UEFI support.
[DataStream] multi-mode reports failed commands.
[Logrotate] btmp never rotated out on weekly basis due to unmatchable regex.
[MySQL] 10.4 mysql.user field fixes.
[Net] hairpin check defaults to gateway address if not previously configured as with a namebased hosting.
[Opcenter] ssh,port_index does not initialize when ssh,enabled is flipped on during an edit.
[WordPress] numerous fixes to updating third-party/commercial plugins.

CHANGED:
[DNS] Parented zones now use the parent zone instead of creating a separate zone. A parented zone is one in which the parent and child reside on the same account. If a child is created as a new domain, then a separate zone will be created or in the case of CloudFlare, fail.
[Migrations] remediation improvements, ".boxtrapper" handling, detect previously relocated subpaths.
[upcp] drop privileges on git usage.
[Web Apps] Joomla!, Laravel, Drupal, Ghost, and WordPress produce additional debugging information when debug mode is enabled (see DEBUGGING.md).

REMOVED:
[aliases] change_domain() no longer requires the domain to not be listed in aliases,aliases.
[PHP] Remove mod_php from non-low-memory servers.

[admin] collect() can filter on "active" field (true/false) to select accounts that are active or suspended.
[Any-version] account admin may now update shims.
[Argos] validate relay password.
[Bootstrapper] ~2 minute performance bump by refactoring mail/configure-postfix role.
[Bootstrapper] tolerate really weird kernel configurations.
[Bootstrapper] various idempotency fixes.
[ClamAV] remove packages on disablement.
[Cloudflare] proxy only permitted records. Improve error message reporting during CF outage.
[Dovecot] block learning in stressed environments.
[file] reset_path()- when user is empty string, it defaults to current user. "null" still bypasses reset.
[FST] remove rm -rf sudo helper. Conflicts with moving essential services, such as PHP-FPM, to /.socket. May be enabled via [ssh] => sudo_support.
[helpers.sh] su VIRTUSER accepts all normal arguments.
[Letsencrypt] loquacious nameservers may stuff a TXT record beyond what is necessary during ACME challenge resulting in a pause up to the timeout interval.
[Letsencrypt] retry IP check for slow DNS servers.
[Mail] remove "postfix" user when mail is disabled on an account effectively disabling sendmail usage.
[Migrations] Fix condition in which SSL certificates do not activate without second EditDomain post-migration.
[Migrations] limit remediation suggestion to 32 characters per system limitation.
[Migrations] server-to-server migrations, domain suspension may be postponed with --no-suspend flag.
[Monit] scramble default password.
[MySQL] users may contain a period in their username.
[Nexus] IPv6 addresses with numeric leading hextet are incorrectly parsed as an array index.
[Opcenter] add sanity checks to prefix presence before discarding MySQL/PostgreSQL databases.
[Opcenter] correct condition in which promoting an alias to primary domain without explicitly removing the domain from aliases,aliases causes duplicate key on address rename.
[PHP] migrating from non-jail to jail also migrates directives from .htaccess. Controlled via [httpd] => fpm_migration.
[phpMyAdmin, phpPgAdmin] correct condition in which SSO fails if behind CloudFlare.
[phpMyAdmin, phpPgAdmin] updating a password may now optionally reset the password to the specified value.
[Postfix] /etc/postfix/master.d allows for per-site overrides (see Customizing.md).
[Rampart] malware jail, integrates into mod_security/ClamAV filtering.
[Rampart] non-essential logs are tailed on startup thus improving startup time.
[Storage Tracker] correct rendering as Picasso painting.
[Task Scheduler] MAILTO supported.
[Telemetry] range() accepts a negative $begin to look behind n seconds.
[Telemetry] fix condition in which compressed metrics block deletion of a site.
[UI] filters support ESC/ENTER hotkeys.
[UI] update default placeholder.
[WordPress] db_config()- workaround for segfaults if the output buffer fills during database inquiry.
[WordPress] enable debug mode in WP-CLI when ApisCP debugging enabled.
[WordPress] fix condition in lower versions with patch are preferred to those without.

[Bootstrapper] correct condition that would cause Mitogen to fail an assertion check

[Scopes] mysql.remote-access, pgsql.remote-access, ftp.insecure-ssl scopes added
[Telemetry] JIT metric support, Rampart logging
[Opcenter] improve quota fetch throughput, partition enumeration on large (> 500) installs
[PHP] add webp support
[PHP] prevent loading pool for opcache statistics if ActiveState is deactivated
[phpMyAdmin] 4.9+ SSO fixes
[Error Reporter] all unhandled exceptions set exit code 255
[DNS] zone validation wait threshold now configurable via [dns] => validation_wait
[cgroups] add "io" service limit, a 24-hour combined storage bandwidth limit
[Apache] VirtualHost prioritization (see Apache.md)
[admin] get_usage() reports cgroup data. Cache behavior controlled via [cgroup] => prefetch_ttl, usage controlled by show_usage option

[SECURITY] restrict wheel su to MINUID, 1000 on RHEL7+. Restricted daemons expose sockets into virtual filesystem that would allow primary account user, also in wheel, to masquerade as these services potentially injecting arbitrary commands into its socket
[Scopes] GUI now available
[Nexus] display storage, bandwidth utilization. Optional inode utilization support (configure in Account > Settings)
[File Manager] use fixed-width font in editor
[Opcenter] promoting an addon domain to primary is now atomic. Prior to, doing so first required dropping the domain and thus deleting email addresses associated with the addon domain before it could be promoted to primary.
[Auth] Clients that successfully reset their password via login portal and when [auth] => update_restrictions_on_reset is set, if IP login restrictions are present the IP address that successfully resets password will be added to the IP restriction list.
[Dovecot] hibernation now enabled by default. Each IMAP mailbox spawns a separate process, approximately 5-10 MB per. Hibernation freezes these per-mailbox listeners into a single process and thaws into a new process when activity is received on the inbox.
[Migrations] permit numeric email addresses when conflict strategy is "namespaced"
[admin] API command get_usage($type, array $sites) allows usage retrieval for storage or bandwidth of all or a subset of sites

[Layout] search widget
[Scopes] mail.insecure-ssl helper, revert TLSv1.0/TLSv1.1 support. apache.buffered-logs, control buffering of log files. scopes:list() now accepts filter. l() and i() aliased to list()/info()
[Opcenter] siteinfo,domain and aliases,aliases are now an atomic operation. Prior to switching values in Nexus the primary domain would get dropped during a swap resulting in an inconsistent state. Mail transports are now preserved as well.
[Letsencrypt] DNS validation wait period may now be tuned via [letsencrypt] => dns_validation_wait. renew() exposed to admin to renew server certificate.
[SSO] Parent to subordinate SSO fails due to routing changes
[Subdomains] folder browser on subdomain change

[FLARE] Downgrade Monit 5.26 => 5.25 amid PostgreSQL false positives.
[WordPress] set custom rewrite structure on new installs.
[telemetry] new module. Provides information on a variety of monitored attributes. Must be enabled via "cpcmd scope:set cp.config telemetry enabled"

[upcp] Correct condition in which a dirty tree on non-edge update policies would result in an infinite update loop
[Error] Unhandled frontend exceptions now expose the stack when panel is in debug mode
[Dashboard] Integrate Rampart widget into Admin panel
[Template] Laravel Route integration
[MySQL] connections operate natively in utf8mb4
[Scopes] apache.insecure-ssl added. Enable support for insecure TLS v1.0/v1.1 usage.
[Site Optimizer] Pagespeed integration. Optimize a variety of rendering problem areas on websites.
[Migrations] cPanel improvements: deduplicate mailboxes, extract PostgreSQL backups, relocating a document root clobbers itself if source and dest are the same as with subdomains.
[DAPHNIE] MySQL, PHP statistics collection. CPU usage now reported in centisecs.
[cgroup] Implement delta counting for CPU controllers. get_usage("cpu") now reports accurate 24 hour usage.
[rampart] bans_since() API call. Returns ban tally between bracketed time. get_jail_entries() now accepts explicit "null" to return all entries in all tracked jails.
[pgsql] import() supports reading backups from compressed pg_restore invocations
[Cloudflare] Module update, zone deletion. Improve API token validation.

[Let's Encrypt] rewrite solver logic to try best available solver (HTTP, DNS) depending upon inference
[DAPHNIE] Metric compression, optional elision of repeated data via [telemetry] tuneable. PostgreSQL uses a modest cap on optimization. Tuning may be controlled via [telemetry] => memory_consumption
[Let's Encrypt] append() now prevents repeated requests for the same certificate set
[Bootstrapper] delay job notice until Bootstrapper has exited. Prevent false reports when panel restarts in a task
[ClamAV] update package naming as of 0.101.5

[UI] Update "apnscp" theme. Convert DNS zone into combobox. Update layout to native feel.
[SSL] Catch rate-limiting errors during Let's Encrypt challenge.
[aliases] Fix condition in which detaching an addon domain produces a duplicate effect once configuration is synchronized.
[Scripts] mapCheck performs orphan domain check.
[Scopes] apache.evasive may now set "enabled" flag.
[PHP] Remove sysvsem module from PHP-FPM. A variety of race conditions have been encountered without common origin. Running `cpcmd scope:set cp.bootstrapper php_build_flags ""` restores the old build behavior.
[Opcenter] applying a plan type via siteinfo,plans= sets the system default in account metadata

[Docs] new layout, new site - https://docs.apiscp.com
[Migrations] prefer "documentroot" value from cPanel backup metadata instead of /var/www/<DOMAIN>
[cpcmd] errors/warnings use stderr
[Mailing Lists] correct pathing in /etc/majordomo.cf
[License] dev-only licenses. Free license class identical to a Pro license with the exception only .test TLDs may be hosted
[web] add_subdomain(), remove_subdomain() support alternative fallthrough subdomain naming scheme "*.domain.com"

[DNS] cache invalidation throws unhandled exception when a hostname has children
[CP] change Apache mutex to posixsem
[MySQL] fix issue where advanced permissions formatted as plain-text
[Bootstrapper] apache.php-version will always force a rebuild of PHP
[phpMyAdmin] fallback to account password, if available, when SSO'ing into phpMyAdmin. cPanel migrations share account and database password, which for security, shall not be stored in ~/.my.cnf
[Synchronizer] set a reasonable ceiling for TimescaleDB memory usage. Previous ceiling was server memory that slowly grows over time.

[PHP] zip compile flag changed from --enable-zip to --with-zip in PHP 7.4. Correct type check that prevented apache.php-version from changing version in major or major.minor versions
[cpcmd] Restore -l, --list-commands usage

[UI] theme components namespaced into "theme::" namespace. @extends("layout") now becomes @extends("theme::layout"). Modal converted into component, @modal
[Web Apps] snapshot reversion applies correct commit value. Blocking database export cleared prior to snapshot
[Quota] an over-quota user would generate a fatal error during site:get-account-quota call
[File Manager] "New" actions now work as expected in Firefox
[UI] Laravel router support. See "template" app for sample usage
[Debug] exception types now prefixed to unhandled exception messages
[Core] deduplicate account metadata. Jobs require ~2.3x less storage
[UI] bump jQuery to 3.4.1

[Web Apps] snapshot support
[Bootstrapper] apply Ansible #65136 fix to templated aliases
[Process] processes spawned from backend incorrectly report 0 exit status in non-zero conditions
[Migration] mailman, path relocation support
[apnscpd] DEBUG environment controls backend debugging. Previously frontend/cpcmd relied on "DEBUG" and backend used "DEVELOPMENT". env DEBUG=1 ./apnscpd -f restart restarts panel in foreground with debugging.