-
v3.2.39.27f268d62 · ·
SECURITY: [Logs] log:set-logrotation() permits arbitrary directives processed as root. A malicious script could be set as a postrotate action to grant elevated privileges. No such exploit is known to exist. NEW: [Joomla] v5 support. [PHP] 8.3 support. [Web Apps] Manifests support a "depth" parameter to separate the document root from application root of arbitrary depth. FIXED: [cgroup] cpuset controller requires cpus + mems to be declared. In case of cgroup,cpupin=None, this controller may be created with empty parameters upon boot for cgroupv1 resulting in cgclassify failure when explicitly bound. [file] stat() missing file race condition. [Opcenter] atomic writes forget mode/ownership. [PHP Pools] Switching from user-owned to apache terminates all user processes on account.
-
v3.2.39.119049c02 · ·
NEW: [Internal] Filesystem::atomicWrite() performs synchornous write followed by atomic libc rename() request. Intended to provide guarantee of non-partial reads. [ionCube] PHP 8.2 support. [SourceGuardian] PHP 8.2 support. [webapps] available()- report Web Apps available for install. FIXED: [Configuration] Type representation in non-debug mode. [Lararia] Jobs always generate new session. A race condition can arise in which the user requests install in UI, job begins to process, user logs out (destroys session), then elevated backend request goes to cold worker that cannot be resumed. [Opcenter] cgroup,enabled always calls freshenSite() which in turn invalidates other sessions instantiated against site. Web Apps installed with first-time SSL issuance trigger this behavior introduced in #4f60e7ea, in which the installation shadow session has precedence. Perform loose inspection of parameters to determine freshenSite() requirement. [PHP] Resuscitating a PHP-FPM pool from a failed state may encounter race condition on asynchronous socket re-enablement + restart operation. [rspamd] hotfix rspamd/rspamd#4703 [BUG] 3.7.4 fails to start on RHEL 9.3 [vsftpd] C7 always performs rsa_cert_file directive check on start. [web] Renaming subdomain creates index.html placeholder. CHANGED: [Backend] Pin hot worker to authentication context. [Let's Encrypt] All DNS timeouts observe [dns] => lookup_timeout. [Let's Encrypt] append() honors strict tolerance setting. [pman] kill() runs as process owner if owner uid meets minimum UID and within user list. [Users] Limit GECOS to 128 characters. Longer values may result in underruns in re-entrant getpwnam() implementations.
-
v3.2.39580c1ea0 · ·
NEW: [API] Expand common:get-ip{,6}-address to include pool when invoked as Appliance Administrator. [API] misc:release-fsghost(), examine active processes for referenced file that exists solely in process space, in other words a file whose inode is no longer referenced in the OS. Covers situations where for example Postfix may update but file permissions are non-atomic which in turn may result in an invalid copy of postdrop without appropriate setuid permissions for injection into mail queue. Offending sites are frozen, processes terminated, and mount cache emptied before restoring to previous state. [API] misc:run-cron(), run all or specific module crons immediately, bypassing timers. [Cgroup] v2. Overhauled interface, fewer mountpoints, faster PHP-FPM startups. Run cpcmd scope:set cgroup.version 2 (reboot necessary). [Internal] Error_Reporter::exception_convert() convert an exception into a lightweight message that retains frame info. Useful for capturing exception upgrades in nested code with retained context. [Scopes] LDA delivery deletion controllable on a global scale using mail.spam-deletion-threshold. Likewise spam scoring threshold set by mail.spam-threshold. Deletion threshold may be overrode on a per-site basis, as well as score threshold with SpamAssassin. rspamd scoring threshold is still global. [Web Apps] Document roots symlinked as subdirectories within existing domain structures treated as subsites within parent hostname ("subsite" feature). FIXED: [Backend] One-off housekeeping overwrites primary housekeeping/cron pid. If cron exits abnormally, backend cannot restart as it becomes untracked. [Backend] Race condition between nsswitch systemd source removal in group database during install and cron. [DAPHNIE] Truncating a value over field limit creates null dereference through unregistered cgroup statistic within metric provider. Introduce anonymous statistics whose type is inferred from database result. [Database] [database] => concurrency_limit takes precedence over individual database limits. [DNS] validate_template() Ephemeral account changes results in null invariant return. [Laravel] Logic inversion precludes cache generation. [Manage Users] Duplicate username label. [OS] Shell timezone. [PHP] .user.ini ignored without specifying DOCUMENT_ROOT environment var. [Scopes] cp.config settings missing. [Scopes] system.integrity-check deactivation delays deactivation until second run. CHANGED: [Bootstrapper] Report backend log if admin creation fails. [Bootstrapper] Delay cron tasks until FST fully provisioned. [Cgroup] Reinitialize blkio controller on bugged kernel to ensure monotonic counters properly reinitialized. [DNS] Normalize Hetzner NS records. [Laravel] Refer to laravel/laravel as installation basis instead of framework. [Laravel] Run composer/artisan commands as approot owner. [Let's Encrypt] During _acme-challenge TXT probe, explicitly request authoritative results to ensure propagation without forwarding in split-view DNS setups. [Scripts] mapCheck removes orphaned sites. [UI] Acquire screenshots on subpaths. [Web Apps] Hostnames may be overwritten by rediscovering on multihomed directory. [Web Apps] Updateable versions in UI follow webapp:is-current logic. [Webmail] Changing webmail location attempts SSL issuance for new subdomain. [Yum] Updating apps may now pull in new dependencies. REMOVED: [Ghost] Drop -D flag, originally a means to bypass permission checks but now unconditionally sets NODE_ENV=development. [UI] Hide DNS tab when provider is "null". [UI] Remove SPF Setup when provider is "null". [Web Apps] Deduplicate same paths.
-
v3.2.38.2fc84cec4 · ·
FIXED: [Opcenter] systemd implements quasi subset of shell expansion without subshell execution. When forcing a housekeeping run, invoke sh directly to grab backend pid. Resolves Let's Encrypt certificate renewal if nightly panel updates disabled. CHANGED: [DNS] get_zone_data() on a parented domain returns null. [Scopes] Both metrics.enabled + cp.update-policy pull in apnscp/install-services role.
-
v3.2.38.1f384a810 · ·
NEW: [Filesystem] Support differing filesystem types between / and /home. FIXED: [Backend] SIGCHLD handler consumes exit status before proc_get_status() may examine this. Use exit code contained in siginfo struct as workaround. Freeze panel PHP to 8.1.21 until GH#11498 rollback patch is released in 8.1.23. [Cgroup] cpuacct controller loses precision on conversion. [Web Apps] Screenshot storage location may be uninitialized. CHANGED: [Auth] An unspecified protocol in [auth] => server_query implies https. [Bootstrapper] Observe custom mount options in /etc/fstab for / and /home. [Bootstrapper] tmpfs_cleave_rate sets percentage total server memory allocated to /tmp. Final value is the exponentiated integer (base 2). [file] Canonicalize paths in symlink calculations. [multiPHP] Note when setting php.version scope would replace multiPHP build.
-
v3.2.38ac8929c6 · ·
NEW: [Scopes] kernel.crashguard, controls crashguard/kexec usage. kernel.panic-asr determines the timeout for an automated reboot in event of a panic. FIXED: [Cgroup] Kernel panic resetting blkio counter on non-root container between kernel 4.18.0-477 and 4.18.0-504 [DNS] Missing NS records yields invalid auto-generation. [file] Incorrect bitwise symlink mask. [Nextcloud] Propagate ENV to occ. [Opcenter] Demoting primary domain loses domainmap lookup. [Rampart] Unwrap nested ban reason. [Scopes] system.monthly-integrity-check, update role reference. [Task Scheduler] Setting CRON_TZ in unordered spool exceeds line boundary due to defect in dba_replace/dba_delete parsing in non-uniform ini file. [Web Apps] Unhandled exception on PHP variant apps when PHP-FPM is disabled. [Wordpress] Fetching a define() constant inhibits reuse on and after retrieved node. CHANGED: [admin] get_meta_from_domain() renamed to get_meta_from_site(). Deprecated, scheduled for removal in v4. [Cgroup] Always create controllers in cgconfig. [Cloudflare] Parse complex arguments if set in [dns] => provider_key. Support for 1000+ domain pagination. [Ghost] Detection now looks for "GhostServer.js". [Let's Encrypt] Staging removes all conflicting _acme-challenge TXT records. [MySQL] Update ping() logic to anticipate mysqli_sql_exception. [Opcenter] Optimize user/group/shadow operations. [PostgreSQL] Previous implementation permitted superuser. Deny all database connections on rename. [Scopes] apache.evasive-whitelist and rampart.fail2ban-whitelist remediate if whitelisted IP is presently banned. [Scripts] mapCheck.php updates admin user within VFS. [Transfer] Permit accounts with different MySQL and PostgreSQL prefixes. [Wordpress] Reimplement theme versioning. Previously suspended due to wp-cli/extension-command#349. [Wordpress] Update WP_SITEURL, WP_HOME during rename. REMOVED: [Opcenter] Expensive fuser check in lock detection.
-
v3.2.37.1d849b1c2 · ·
NEW: [PHP] SVG imagick support. FIXED: [Internal] Bugs reported with an encoded backend send unsupported NUL bytes. [Internal] Code rot in various routines. [Metrics] Missing TimescaleDB v2 hook at RPM update. [phpMyAdmin] Invalid client password throws unhandled exception. [Transfer] Reapplying a completed migration checks old UUID value. CHANGED: [Bootstrapper] php/install-pecl-module renamed to php/install-extension. [git] Trust ApisCP code root for git v2.39+. [MySQL] Use MariaDB versioning instead of MySQL equivalence. [PostgreSQL] v15 compatibility. Assigning permissions to a database requires explicit grants on "public" schema. [Web Apps] Fallback to system PHP binary when multiPHP unavailable.
-
v3.2.37aa2aee55 · ·
NEW: [Core] PHP 8.1 [Discourse] v3.0. Requires Redis 6.2+ in apisnetworks/redis. [Internal] Account\Enumerate::matches() performs free-form match against account on site, domain, invoice, or invoice group. [php] pool_get_policy()- read settings from php-policy.yml; pool_set_policy()- admin-only overrides of policy settings, supports dot notation. [Scopes] mysql.connection-limit, psql.connection-limit- set database server connection limits. FIXED: [Backend] fsize limit may not be overridden in subshell. [CLI] DEBUG=0 may not be overrode from enabled state. [CLI] Quoted expressions that contain a colon misinterpreted as keyed hash. [DBus] GetUnit() always reports transformed unit name. Use GetUnitFileState to confirm presence of unit on server. [DigitalOcean] Duplicate apex NS records. [Drupal] Preserve .htaccess during docroot relocation. [Joomla] Manager role returned as administrator. [Manage Mailboxes] "Select All" selects filtered elements. [Mange Users] JavaScript bindings inactive. [Migrations] Mailbox detection skips Maildir imports through premature return. [Nextcloud] Dispatcher rules missing in v26+. [Opcenter] Setting [auth] => suspended_login=false blocks deleting of suspended accounts. [Settings] Timezone modification applied asynchronously. [WordPress] db_config() ignores pool version. CHANGED: [Bootstrapper] Cap make concurrency to 8. [DNS Manager] Reset missing postback confirmation. [Filesystem] Update major:minor block extraction to 64-bit implementation. [Frontend] Bind to ::1 when IPv6 available. [Opcenter] --fd usage supersedes immediate exit after json dump. Hard exit masks exit codes elsewhere in script. [Opcenter] --reconfig regenerates logrotate cronjob as needed. [php] CLI usage follows memory_limit value set in PHP policy. [Scopes] Updating timezone with system.timezone updates timezone setting in VFS. [Scripts] mapCheck replaces stale records in appldb. [WordPress] Execute wp-cli as docroot owner. [WordPress] SSO routine skips theme load. REMOVED: [ClamAV] Aggressive Foxhole signatures (11, 18, 20, 22, Zip-fs197).
-
v3.2.36.3ad0b9daf · ·
NEW: [Nexus] Show process counts. [Web Apps] Specific upgrade version selectable. FIXED: [Drupal] Snapshot feature cannot export database with relocated docroot. [PHP-FPM] enable --now implicitly reloads systemd. Perform analogous task over D-Bus. [Web Apps] Apps with multiple subclasses lack base reconfigurable properties.
-
v3.2.36.217520969 · ·
FIXED: [Joomla] Bogus version check uses incorrect helper when installing with PHP 8.0. [Laravel] v9+ incomplete installation. [Logging] Uncaught exceptions or fatal() macros may remain unlogged. [MySQL Manager] Commit #df88738c introduces additional name field. [Opcenter] "artisan opcenter:plan --remove" cannot delete plan files. [Web Apps] Changing username results in crash. CHANGED: [auth] Parented accounts return true in auth:is-demo(). [Bootstrapper] mysqlnd may be disabled by specifying php_native_mysql=False. Disabling mysqlnd will revert to libmysqlclient. [Daphnie] Automatically wrap monotonic values. [Migrations] Recursively look for mailbox type. [SELinux] Set selinux=0 in kernel on disablement. [UI] Enable strict sessions. [upcp] Code and platform updates are now atomic. Releases will not update until all migrations on current release have completed successfully. Code will continue to update irrespective of migration status in edge mode. REMOVED: [Limits] Virtual memory/address space limit. Better memory restriction exists in cgroup memory controller. Imposing any such limit creates undesirable side-effect in V8 allocation, see nodejs/node #25933. [PHP] Huge codepage support on new installs. Introduces marginal startup tax on multitenant environments, see php/php-src PR #10301
-
v3.2.36.1ca1b769d · ·
NEW: [Opcenter] Native D-Bus communication. All systemd requests use D-Bus instead of systemctl. FIXED: [Dashboard] Invalid peak memory calculation. [dns] Invalid assertion clones all subdomain records into target zone. [file] Appliance Admin stat() access lost during refactor. CHANGED: [ModSecurity] Only ClamAV malware can may trigger 406 status. All other ModSecurity dispositions report 403. [PHP] Update ionCube download location. REMOVED: [Git] 4 GB filesize restriction. Packfiles may grow beyond this resource limit resulting in undefined behavior.
-
v3.2.36ff670fed · ·
SECURITY: [file] Insufficient access control checks would permit accessing a file with 0xx4 permissions behind a directory with 0700 permissions. No directories within the virtual filesystem possess this permission pattern but improper use of root within a vfs could create files exhibiting this pattern. NEW: [DNS] Zone migration on provider change. Enable with [dns] => migrate. [dns] zones()- report all zones for given authentication context. [Drupal] 10.x support. [email] convert_malbox()- convert between mdbox/sdbox/mbox/maildir formats. cPanel mailboxes are automatically converted upon import. [Frontend] Use FPM instead of Apache SAPI. Improved stability, lower memory requirements. [Internal] Process creation loggable by setting [core] => debug_proc when debug mode enabled. [Internal] Volatile auth profiles, write-once, save-never variants of authentication contexts created through clone. [Opcenter] IPv6 interface autodetection. [php] pool_direct_read()- bypass HTTP routing, send request direct to PHP-FPM process. [PHP] 8.2 support. [PostgreSQL] pgsql.postgis-version scope. Enable/set PostGIS version on server. [PostgreSQL] SSL support. [Process] execve support. Commands passed as an array of parameters bypass /bin/sh subshell processing. ~50% performance improvement. [Templates] Introduuce $user, $docroot, $hostname variables in docroot placeholder. [Transfer] Synchronize multiPHP settings. [UI] [demo] => admin_lock produces a read-only panel instance. Privileged execution still remains via cpcmd. [upcp] Pass runtime values to Bootstrapper using --var=KEY=VAL. Replaces old "BSARGS=--extra-vars=x=y" format. FIXED: [Apache] IPv6 without IPv4 namebased hosting results in malformed Apache configuration. [Bandwidth] Refresh daily site bandwidth usage. [Bootstrapper] Mitogen persists an rpm lock in subshell resulting in read lock failure when mail.enabled scope is invoked. [Bootstrapper] Extension build conflict in php/install-pecl-module if PHP package named "http". [cgroup] "cpupin" setting persists after cleaning value. [cgroup] peak memory usage resettable via [cgroup] => reset_peak. [DNS Manager] Dismissing clone modal persists domain list. [DNS Manager] Login domain displayed out of order. [file] get_directory_contents() runs in exponential time. [Filesystem] Device major integer wraparound. [File Manager] Paths with plus interpreted as RFC 1866 space. [Internal] Filesystem::interrogate() returns error when no open file handles exist. [Internal] implement getgrgid(), getpwuid() within Role\Group, Role\User. [Let's Encrypt] Replacing Let's Encrypt with non-LE certificate will attempt LE auto renewal. [MySQL Manager] Max connections limited to 99. [Network] Disabling IPv6 via net.ip6-enabled scope sets incorrect procfs value. [Network] Take first routed IP address. [Nextcloud] Canonicalize global subdomain. [Nextcloud] Follow prescribed update policy, i.e. remove all files except config/ and data/ during update. [Opcenter] Addon domains specified directly in aliases,aliases runtime are doubly-counted against license limit. [Opcenter] Immediately update username/domain value if changed in EditDomain. [PAM] Boundary metachar misuse. [PHP-FPM] Adding cgroup controllers retains old cgroup controller list. [PostgreSQL Manager] Max connections truncated to 99. [Regex] Set PCRE_DOLLAR_ENDONLY flag on regexes used for validation purposes. Prevents CLI invocation that intentionally append a newline to value. [Scripts] mapCheck tracks sites absent in other maps. Deletes database users in DB-VARIANT.usermap. [Task Scheduler] MAILTO= idempotency violation. [upcp] --reset updates Composer + runs pending migrations. [upcp] Successive vars passed as BSARGS= environment variable ignored. [Users] /bin/false + /sbin/nologin missing from CentOS 8. CHANGED: [Anvil] Report API throttle and retry time in response headers. [auth] reset_password() returns password. Previously delivered password OOB as status message. [Backend] Memory management improvements. Restart cron when [cron] => memory_limit watermark reached. [Bootstrapper] Bypass existent repo configuration unless forced. [Bootstrapper] Flush filesystem cache post-install to reduce perceived memory usage of panel. [Bootstrapper] Passing --var=force=yes rebuilds all PHP modules. [Bootstrapper] System PHP compilation reassigned to role php/install. php/build-from-source handles low-level builds. [file] copy() follows cp behavior: preserve deep symlinks, copy referent at surface. [file] Reject paths greater than OS PATH_MAX. [file] stat() always works on shadow layer. Composite access must be done through file_stat_backend(). [Ghost] Restore Ghost 5 installation rights. Block 5.21 <= ver < 5.24. [misc] cp_version() reports debug mode. [Nextcloud] Adhere to Nextcloud security checks in multiowner setup. Switch occ execution context to match config/config.php owner. [Opcenter] Improve deletion logic on mismatched username. [PHP] clean_php Bootstrapper var affects extension source preservation after build. [PHP-FPM] Bump MAIN pool startup to 3m for O(n^k) cgroupv1 parsing when ProtectHome is set. [PHP Pools] Cache introspection/phpinfo() bypasses overzealous .htaccess rules through direct FastCGI request. [pman] Set reasonable upper limit for maximum process CPU time. A process should not exceed its runtime limit, receiving a kill signal if exceeded. Double sanity check by adding CPU throttle 2x runtime. [Subdomains] "Browse" defaults to active directory. [Tuned] Increase sleep duration. Configurable in system/tuned role. [UI] Directory browser creates directories recursively. [Web Apps] Emptying existing docroot calls app's uninstall method if present. [Webmail] Apply "use external opener" behavior. [WordPress] Filter third-party WP-CLI output. [WordPress] Run database discover as docroot owner. [WordPress] Trim whitespace from closing PHP tags in SSO URL. REMOVED: [Anvil] Phase out exponential blocking algorithm. Adequate delays are incporated into password_verify(), stalling a connction blocks PHP-FPM worker processes. [Cloudflare] Partner portal.
-
v3.2.35174d031c · ·
NEW: [mysql] resolve_site_from_database- given a database[/table] format, resolve to site. [pgsql] resolve_site_from_database- given a database[/table] format, resolve to site. [php] pool_version_from_path- resolve PHP pool version from path. FIXED: [argos] list_monitored requires backend elevation. [Bootstrapper] Explicit version sorting on CentOS 8 kernel selects incorrect default kernel on multiple majors. [Bootstrapper] Mitogen detection in CentOS 8. [Digitalocean] Follow pagination results. [Digitalocean] CAA record normalization. [Dovecot] Corrupt mtab in vfs prevents quota reporting. [Hetzner] Normalize long TXT records. [Metrics] TimescaleDB v2 metrics deletion. [Opcenter] Activating a site from plan edit yields ghosted session. [Redis] TCP binding attempted in unixsocket-only mode. [rspamd] "daemonize yes" breaks Redis v6, cf redis/redis#7217. [SSL] Quota overage inhibits installation. [UI] Timezone configuration always reports UTC. [upcp] Existent ssh-agent process killed at end of update. [Users] Malformed branch permits uppercase characters after initial 2 chars. [Versioning] Non-seequential versioning. CHANGED: [Backend] Lambda functions introduce memory leak over backend lifetime. Enable opcache to optimize out potential memory leaks in recurrent evaluation. [Bootstrapper] Add support zipped PECL modules. [Bootstrapper] PECL module discovery will now follow redirects. [email] set-webmail-location() setting null resets webmail to system default. [Internal] Convert MySQL connectivity issues into mysqli_sql_exception, improve robustness of starting backend during downed MySQL event. [Joomla] Bump Joomlatools to 2.0. Enhance support for 4.x. [Linode] Reinstate CAA flags parameter. [Nextcloud] Custom version label. [node] install() reports installed version for flexible versioning, e.g. 3.5 will return 3.5.7. [Opcenter] Force-close connection upon database deletion to ensure all references to database discarded. Race condition encountered during unit testing with PHP 7.4/MariaDB 10.5. [PHP] Use account timezone. [PHP] Utilize larger temporary swap on PHP8+ builds to satisfy compiler requirements. [PowerDNS] dns.powerdns-version may be set to "true" to default to ApisCP default. [Quota] Restrict accidentally triggering a change to diskquota,quota or diskquota,fquota fields that would result in immediate overage. [ruby] get_available()- returns all versions. Previously only each respective MAJ.MIN release was listed. [ruby] install() reports installed version for flexible versioning, e.g. 3.5 will return 3.5.7. [Screenshots] Disable feature in headless mode. [UI] Filter webmail redirect subdomains. REMOVED: [Anvil] Expotential backoff algorithm. Original intention to thwart password timing attacks. password_verify() provides sufficient entropy during hash verification. [Ghost] Block v5 until MySQL 8 requirement is resolved. Ref: https://forum.ghost.org/t/mariadb-support/33880
-
v3.2.34.18dd241b1 · ·
Note: moving to hotfix instead of retag to prevent temporary upcp failure on 3.2.33 downgrade. FIXED: [DNS] Bulk record update inherits default TTL value resulting in mismatch when required by API driver. [file] symlink()- existing symlink reports referent than symlink as existent file. [SSL Certificates] Incorporate missing mail subdomain hostnames. [Subdomains] Duplicate subdomain remap results in confusing error message.
-
v3.2.3408be27c7 · ·
NEW: [.htaccess Manager] Search applet. [Argos] systemd-resolved monitoring. [Auth] Add [auth] => server_key support for extended cp-proxy usage. See apisnetworks/cp-api repository. [Cron] [crond] => autostart controls automatic startup of crond process when crontab,enabled=1. [dns] dns:flush()- empty authoritative cache if supported. Only PowerDNS is supported at this time. [dns] dns:empty_zone()- delete all records in a zone. dns:reset()- call empty_zone() then provision zone with default records. [DNS] dns.powerdns-version scope. Set PowerDNS daemon version on server. [DNS] Dns\Record::add(). Similar to merge, except properties are only set if unset. [Lararia] route/view dynamic namespaces. Path resolution determined at call-time, caching for the remainder of the request lifecycle. Additional dynamic namespaces @NAMESPACE-NAME(PARAMETER) may be registered against Lararia\Routing\NamespacedRouteCollection or Lararia\View\NamespacedViewFinder. Corresponding bindings are superceded by these classes. [Laravel] Lumen subtype dection. [Metrics] metrics.enabled scope. Toggles metrics support, including purge on disablement. [php] php:pool-name()- get pool name from path. [PHP] ionCube v12 support. Supports PHP 8.1. 8.0 is not included from vendor. [PHP] SourceGuardian support. Activated when php_install_sourceguardian is true. [Rampart] Speculative whitelisting. When an IP is unbanned, the address is temporarily added to ignorelist for [rampart] => speculative_whitelist seconds. See docs/FIREWALL.md [UI] Relocate Web App compact display to shared view, master::shared.compact. [UI] Sticky session tracking. When IP restrictions are enabled for a user, track the most recent login automatically adding the IP if detected. Requires enablement under Settings. [UI] Content security reporting support. Configured in [frontend] => content_security_policy_report_only. [upcp] Add -f/--force flag. Applies --extra-vars=force=yes to Bootstrapper invocation as well as upcp --reset prior to codebase updates. [upcp] Add -v/-vv/-vvv flags. Controls verbosity of migrations and Bootstrapper usage. [WordPress] Add "language" reconfigurable to set default WordPress language. May be hooked into wordpress:install() to override default language after setup. FIXED: [Aliases] Calling aliases:add-domain() after removing a domain before aliases:synchronize-changes() blocks on bad assertion (related #e4959bb3). [Bootstrapper] Workaround for Ansible filtering localized "No packages match". [Cloudflare] Origin marker usage mandatory. [Cloudflare] Soft-deletion compatibility. Zones deleted are now retained within Cloudflare's system for an extended duration. Zones recreated during this time are subject to dns:reset(). [Cron] Starting virtualcron in at least one persistent environment resulted in invalid "failed" state. [Database Backups] Pipeline non-zero exit treats corrupted database backup as success. [DNS] Bulk updates fail on subsequent matches in same zone. [Domains] Addon domain creation in user home blocks o+x applicatin when PHP-FPM enabled. [Email] Mailbox restoration during provider change from null to builtin improperly tried to restore mailbox backup. [File Manager] ASCII encoding preferred over UTF-8 when UTF-8 best candidate. [Internal] Expired afi instance sends invalid ghosted session. [Internal] Difficulty arises during deserialization when the context isn't known at object instantiation; an ephemeral function broker is created to replace the session. Function broker's ID is replaced with this ID while the global auth context is preserved causing a mismatch in Preferences sanity check. [Mail] Expose additional environment variables to maildrop: $SENDER, $EXTENSION, $RECIPIENT, $NEXTHOP, $SENDER. See docs/admin/LDA.md [Mail] maildrop unconditionally queries authlib per compile-time settings. Introduce new flag, -x, to bypass authlib lookup when mail_enabled=0. [Metrics] Wrap monotonic values exceeding 2^31-1. [MySQL] Tables with non-alphanumeric characters fails rename. [Nextcloud] config_is_read_only enforced in occ usage. Implement direct parser to lock/unlock before occ invocation. [Node] Ignore exit code 3 in software/nvm role when no Node versions installed on system. [NSS] CentOS Stream introduces new directive usage. [PHP] Permissions block enumerating multiPHP versions from UI. [PowerDNS] Canonicalize SOA RNAME. Required in 4.6+. [PostgreSQL Manager] Database prefix lists mysql,dbaseprefix. [Proxy] mod_remoteip presence in cp-proxy documentation replaces remote address IP with X-Forwarded-For when remote address matches proxy address. Various checks always assume X-Forwarded-For is valid but can be poisoned if supplied in addition to mod_remoteip usage. Check loaded modules to determine whether X-Forwarded-For is a safe header when [core] => http_trusted_forward is set. [Scopes] Observe explicit quotes in cp.config. [Scopes] mail.enabled must trigger software/haproxy to update monitoring. [Setup Instructions] FTP login references ftp,ftpserver. [SpamAssassin] sa-compile idempotency check in mail/spamassasin. [SSL Certificates] Primary domain deauthorized from handling mail deselects all mail-related subdomains from other domains. [SSL Certificates] Mail domains omitted from SSL selection when primary domain is delisted from Mail Routing. [Subdomains] "user ownership" setting has no effect on document root. [Traceroute] Use positional arguments in traceroute address to ensure appropriate escaping as reported by cmg. [UI] Security key usage in Terminal, rspamd may expire before it is rolled over. Bad logic checks makes retrieval from master httpd process impossible in /proc/PID/environ. [Webapps] CLI installation ignores app-specific reconfigurables. [WordPress] Renaming a site to a directory whose source name contained part of the target directory incorrectly detected as nested. CHANGED: [ApisCP] Change default mutex from posixsem to pthread. On posixsem, semaphore ownership is not recovered in a thread in the process holding the mutex segfaults resulting in a hang. With pthread, C7+ implements pthread_mutexattr_setrobust_np(). If the thread dies it passes onto the next owner with EOWNERDEAD. [ApisCP] Reduce RSS usage by moving OPCache to file-cache. [Backend] TSTP/CONT signals are forwarded to job runner service from apnscpd process. [Backend] Unlink apnscp.sock on shutdown, avoid conflict with hydration. [Bootstrapper] Apply migrations occuring after image marked for hydration. [Bootstrapper] Removing packages from filesystem template triggers fsmount reload. [cgroups] Allow group to write its pids to tasks, including Dovecot mail processes. Once a group is bound it can only migrate to a new group. Permissions on other groups prevent migration locking a PID to a controller taskset. [CLI] rmspam purges matching pattern in maildrop queue. [Composer] Prefer reading version from composer.lock. [Composer] Use PHP wrapper assigned for path if multiPHP present. [Config] Blacklist directives in config.ini support partial matching such as foo* or !foo*. [DAPHNIE] Deleting time-ordered data deletes underlying chunks. [Database Backups] Attempt automatic repair of corrupted databases. [Discourse] Switch Ruby versions on demand if available during upgrade. [DNS] gethostbyname_t(), gethostbyaddr_t() report failing nameserver. Both API functions follow timeout defined in [dns] => lookup_timeout. [DNS] Implement get_server_from_domain(), get_all_domains(), get_parent_domain(), domain_hosted(), domain_on_account() in multi-server setups. [Hooks] Multiple hooks may be registered to an API call. [Hooks] Fill omitted arguments on callback. [Let's Encrypt] Trigger SSL bootstrap only on domain addition. Previously deletions were included. [Manage Users] Apply username input validation on entry. [Map] Harden map symlink checks. [Miscellaneous] Update AlmaLinux, Rocky Linux conversion scripts. [MySQL] Process condition in which MySQL database rename destination is to empty directory. [node] installed()- value return changed from boolean to null|string, value that matches version filter if found. [Opcenter] Report pid when global lock held. [Opcenter] Resolve multiple typing errors when changing plans from one deleted directly in the filesystem. artisan opcenter:plan --delete should be used for sanity checks prior to deletion. Fallback to system default, then apply hard reset (--reset) against new plan. [php] version() reports PHP-FPM pool version instead of system version. [PHP] Extensions downloads from pecl.php.net observe transient network outages. [PHP] Ignore Remi presence when php_enabled is set to false. Implied when has_dns_only enabled. [PHP Pools] Catch connection errors on cache inspection. [PowerDNS] Downgrade duplicate record to warning. PowerDNS utilizes both negative and positive query caches with different TTL values (60/20 default). Querying for a record, adding, then querying again responds with NXDOMAIN resulting in potential duplicate operation. In future these lookups should be made directly against the master - whether hidden or exposed. [PowerDNS] Reduce client instantiations. [Rampart] Prevent direct management of named ipset or iptables lists in [rampart] => blacklist. [Rampart] Reimplement entry parser as line parser. Approximate 50% speedup in entry processing. [ruby] installed()- value return changed from boolean to null|string, value that matches version filter if found. [Scopes] Changing timezone resarts rsyslog/systemd-journald, see fail2ban/fail2ban#1986. [Scopes] dns.ip4-proxy and dns.ip6-proxy may now be set "null" to clear value. [Subdomains] Link subdomain into all_subdomains/ inside respective useer home. [upcp] ANSIBLE_STDOUT_CALLBACK may be overwritten from environment. [vsftpd] Define tcp_wrappers depending upon CentOS release. Clears potential in-place upgrade from 7 -> 8 in which tcpwrapper support is disabled. [Webapps] API improvements. WebappUtilities::getAuthContextFromDocroot() creates a new context based on document root ownership. DatabaseGenerator::connect() creates PDO connection using sourced credentials from webapp::db_config(). Separate PhpWrapper/ComposerWrapper utility classes. [WordPress] Toggle WP_AUTO_UPDATE_CORE when same-user and panel autoupdates disabled or unprivileged and autoupdates enables. REMOVED: [ClamAV] freshclam cronjob superseded by clamav-update systemd timer. [Cloudflare] Host app. Officially abandoned by Cloudflare. [Lararia] jenssegers/blade package replaced with in-house implementation. [Filesystem Template] sudo remained accessible in virtual environments provisioned between Feburary 7 and July 14.
-
v3.2.33592601b0 · ·
NEW: [crontab] stop(), start(), restart() wrapper methods for toggle_status(). [crontab] match_job()- return jobs whose command matches regex pattern. [Filesystem] whiteout/opaque layer utility class. [scope] diff()- report changes in a given Bootstrapper role. Example: diff("clamav/setup") reports all configuration changes that override variables in clamav/setup. [telemetry] collect()- trigger statistics collection. [telemetry] interval()- report data over evenly spaced intervals. [upcp] List available roles using -l flag. [user] resolve_uid() method translates UID to a site/user tuple. [webapp] get_meta()/set_meta()- interact with Web App metadata. [webapp] refresh_apps()- expunge cached webapp facts, used when developing Web Apps without restarting ApisCP. [webapp] removeJobs() internal helper removes existent tasks within a given document root. [wordpress] cli()- free-form WP-CLI access. FIXED: [Argos] Weak "requests" dependency pulls down incompatible package on CentOS 7. [Backend] double-fork race condition. [Bootstrapper] Idempotency violation in mail/spamassassin. [CLI] non-CLI input format destructures array. [CLI] Numeric flag argument raises strict type error. [Composer] CVE-2022-24828 Composer Command Injection hotfix. [Filesystem] 0:0 valid device. [letsencrypt] Calling append() to non-existent certificate fails. [Nexus] Plans outside system charset are silently ignored. [Opcenter] Early termination suppresses other regitered callbacks. [Opcenter] DTSS activation orphans dbaseadmin, dbaseprefix values on account deletion. Apply AlwaysRun attribute to dbaseprefix. Change intention of AlwaysRun to always run even during deletion if service class "enabled" is false. [Opcenter] Prefixing "www." to a domain fails post-creation callbacks. [Opcenter] *.end event processing in Activate/SuspendDomain. [PHP] Reconfiguring PHP-FPM logging if logs,enabled=0 chmod's vfs root to 640. [PHP] SourceGuardian support. Set php_install_sourceguardian to "true" in cp.bootstrapper Scope, run upcp after. [Route53] Records created as weighted, closes issue #48. [Route53] Long records require label split. [rspamd] IPv6 MX records report MX_INVALID. [upcp] Hotfixes revert edge-major policy. [Users] Changing username could result in crash during notification. [Users] Usernames that begin with a number yet contain a valid character mask. CHANGED: [Backend] Squelch spurious same-mount warning early in installation. [Bootstrapper] Workaround on platforms in which /etc/selinux/config is marked with immutable attribute. [cgroup] Move to cgconfig.d/ usage. cgconfig is a oneshot task on boot that has a tendency to become unwieldy with parsing larger configurations. Each cgroup configuration is named after the site for easier management. [Cgroup] Cleanup internal API usage. Group name no longer required where Controller object is used. [Discourse] Add support for 2.8+. [DNS] Exporting corrupt/invalid zone fails gracefully. [Filesystem] Spam retention in ~/Mail/.Spam adjustable in software/tmpfiles. [Ghost] Support 4.5+. [Internal] Merge config/custom Composer dependencies into autoloader. [Laravel] Use pool version in determining installation requirements. [Metrics] Delete data older than 1 year, apply aggressive compression policy for metrics older than 2 days. [Opcenter] Block reducing bandwidth threshold that will result in immediate account suspension. [Opcenter] Rename Procfs helper class to Sysctl. [PHP] Disabling Apache service terminates PHP-FPM processes. [PostgreSQL] postgresql.conf values may be overridden in Bootstrapper as "pgsql_custom_config". [rampart] temp() may be used by admin. [Scopes] Suggest alternative scopes on invalid reference. [Subdomain] Removing a subdomain whose data directory is incorrectly located in /var/subdomain will remove the directory now. [Task Scheduler] Downgrade duplicate job to warning. [Task Scheduler] Task Scheduler (crontab) may operate independently from SSH when [ssh] => crontab_link is set to false. Doing so still allows a cron process to open a shell for a user to login to the account. This is intended as a simpler approach to creating a custom plan named nossh as referenced in Plans.md#complex-plan-usage. [upcp] Improve permission healing. [Watchdog] Delay on boot via watchdog_boot_delay Bootstrapper setting. Intended for heavy startups that spike load momentarily. [web] rename_subdomain() implicitly coerces local format to global. REMOVED: [Bootstrapper] Account creation role on DNS-only builds. [PowerDNS] Web server feature disabled by default. [UI] Nexus on DNS-only installs.