Tags

[SECURITY] restrict wheel su to MINUID, 1000 on RHEL7+. Restricted daemons expose sockets into virtual filesystem that would allow primary account user, also in wheel, to masquerade as these services potentially injecting arbitrary commands into its socket
[Scopes] GUI now available
[Nexus] display storage, bandwidth utilization. Optional inode utilization support (configure in Account > Settings)
[File Manager] use fixed-width font in editor
[Opcenter] promoting an addon domain to primary is now atomic. Prior to, doing so first required dropping the domain and thus deleting email addresses associated with the addon domain before it could be promoted to primary.
[Auth] Clients that successfully reset their password via login portal and when [auth] => update_restrictions_on_reset is set, if IP login restrictions are present the IP address that successfully resets password will be added to the IP restriction list.
[Dovecot] hibernation now enabled by default. Each IMAP mailbox spawns a separate process, approximately 5-10 MB per. Hibernation freezes these per-mailbox listeners into a single process and thaws into a new process when activity is received on the inbox.
[Migrations] permit numeric email addresses when conflict strategy is "namespaced"
[admin] API command get_usage($type, array $sites) allows usage retrieval for storage or bandwidth of all or a subset of sites

[Layout] search widget
[Scopes] mail.insecure-ssl helper, revert TLSv1.0/TLSv1.1 support. apache.buffered-logs, control buffering of log files. scopes:list() now accepts filter. l() and i() aliased to list()/info()
[Opcenter] siteinfo,domain and aliases,aliases are now an atomic operation. Prior to switching values in Nexus the primary domain would get dropped during a swap resulting in an inconsistent state. Mail transports are now preserved as well.
[Letsencrypt] DNS validation wait period may now be tuned via [letsencrypt] => dns_validation_wait. renew() exposed to admin to renew server certificate.
[SSO] Parent to subordinate SSO fails due to routing changes
[Subdomains] folder browser on subdomain change

[FLARE] Downgrade Monit 5.26 => 5.25 amid PostgreSQL false positives.
[WordPress] set custom rewrite structure on new installs.
[telemetry] new module. Provides information on a variety of monitored attributes. Must be enabled via "cpcmd scope:set cp.config telemetry enabled"

[upcp] Correct condition in which a dirty tree on non-edge update policies would result in an infinite update loop
[Error] Unhandled frontend exceptions now expose the stack when panel is in debug mode
[Dashboard] Integrate Rampart widget into Admin panel
[Template] Laravel Route integration
[MySQL] connections operate natively in utf8mb4
[Scopes] apache.insecure-ssl added. Enable support for insecure TLS v1.0/v1.1 usage.
[Site Optimizer] Pagespeed integration. Optimize a variety of rendering problem areas on websites.
[Migrations] cPanel improvements: deduplicate mailboxes, extract PostgreSQL backups, relocating a document root clobbers itself if source and dest are the same as with subdomains.
[DAPHNIE] MySQL, PHP statistics collection. CPU usage now reported in centisecs.
[cgroup] Implement delta counting for CPU controllers. get_usage("cpu") now reports accurate 24 hour usage.
[rampart] bans_since() API call. Returns ban tally between bracketed time. get_jail_entries() now accepts explicit "null" to return all entries in all tracked jails.
[pgsql] import() supports reading backups from compressed pg_restore invocations
[Cloudflare] Module update, zone deletion. Improve API token validation.

[Let's Encrypt] rewrite solver logic to try best available solver (HTTP, DNS) depending upon inference
[DAPHNIE] Metric compression, optional elision of repeated data via [telemetry] tuneable. PostgreSQL uses a modest cap on optimization. Tuning may be controlled via [telemetry] => memory_consumption
[Let's Encrypt] append() now prevents repeated requests for the same certificate set
[Bootstrapper] delay job notice until Bootstrapper has exited. Prevent false reports when panel restarts in a task
[ClamAV] update package naming as of 0.101.5

[UI] Update "apnscp" theme. Convert DNS zone into combobox. Update layout to native feel.
[SSL] Catch rate-limiting errors during Let's Encrypt challenge.
[aliases] Fix condition in which detaching an addon domain produces a duplicate effect once configuration is synchronized.
[Scripts] mapCheck performs orphan domain check.
[Scopes] apache.evasive may now set "enabled" flag.
[PHP] Remove sysvsem module from PHP-FPM. A variety of race conditions have been encountered without common origin. Running `cpcmd scope:set cp.bootstrapper php_build_flags ""` restores the old build behavior.
[Opcenter] applying a plan type via siteinfo,plans= sets the system default in account metadata

[Docs] new layout, new site - https://docs.apiscp.com
[Migrations] prefer "documentroot" value from cPanel backup metadata instead of /var/www/<DOMAIN>
[cpcmd] errors/warnings use stderr
[Mailing Lists] correct pathing in /etc/majordomo.cf
[License] dev-only licenses. Free license class identical to a Pro license with the exception only .test TLDs may be hosted
[web] add_subdomain(), remove_subdomain() support alternative fallthrough subdomain naming scheme "*.domain.com"

[DNS] cache invalidation throws unhandled exception when a hostname has children
[CP] change Apache mutex to posixsem
[MySQL] fix issue where advanced permissions formatted as plain-text
[Bootstrapper] apache.php-version will always force a rebuild of PHP
[phpMyAdmin] fallback to account password, if available, when SSO'ing into phpMyAdmin. cPanel migrations share account and database password, which for security, shall not be stored in ~/.my.cnf
[Synchronizer] set a reasonable ceiling for TimescaleDB memory usage. Previous ceiling was server memory that slowly grows over time.

[PHP] zip compile flag changed from --enable-zip to --with-zip in PHP 7.4. Correct type check that prevented apache.php-version from changing version in major or major.minor versions
[cpcmd] Restore -l, --list-commands usage

[UI] theme components namespaced into "theme::" namespace. @extends("layout") now becomes @extends("theme::layout"). Modal converted into component, @modal
[Web Apps] snapshot reversion applies correct commit value. Blocking database export cleared prior to snapshot
[Quota] an over-quota user would generate a fatal error during site:get-account-quota call
[File Manager] "New" actions now work as expected in Firefox
[UI] Laravel router support. See "template" app for sample usage
[Debug] exception types now prefixed to unhandled exception messages
[Core] deduplicate account metadata. Jobs require ~2.3x less storage
[UI] bump jQuery to 3.4.1

[Web Apps] snapshot support
[Bootstrapper] apply Ansible #65136 fix to templated aliases
[Process] processes spawned from backend incorrectly report 0 exit status in non-zero conditions
[Migration] mailman, path relocation support
[apnscpd] DEBUG environment controls backend debugging. Previously frontend/cpcmd relied on "DEBUG" and backend used "DEVELOPMENT". env DEBUG=1 ./apnscpd -f restart restarts panel in foreground with debugging.

[NaiveCrypt] resolve case in which certain initialization vectors may be improperly parsed as bogus UTF-8 during serialization

[Telemetry] apply extension upgrade on package update. Reapply optimizations as well. [telemetry]unless [telemetry] => autotune is disabled.
[multiPHP] resolve various edge cases
[Web Apps] prefer stable releases. Backport MaxMind CCPA compliance changes
[PowerDNS] fix Bootstrapper failure when enabled and firewalld disabled
[sysctl] raise fs.inotify.max_user_instances. A high count of crond processes create an excessive number of watchers
[auth] set_temp_password() fails to reapply previous password
[PowerDNS] module update. Do not follow API redirections.
[apnscpd] truncate logfile if size exceeds RLIMIT_FSIZE
[PHP-FPM] DOCUMENT_ROOT no longer reflects unjailed path
[admin] edit_site(), add_site(), delete_site()- support flags (--since=now --force is '[since:now,force:true]', -n --reset '[n:true,reset:true]', etc)
[EditDomain] -c siteinfo,plan=NEWPLAN without --reset applies plan differences retaining any overrides. Plan switch with --reset resets all modified values - except lists such as aliases,aliases - with the plan settings. --backup backs up metadata prior to edit.
[Migrations] various improvements to cPanel migrations. Apply secondary migration check on invalid home locations for email. Import SquirrelMail when --unsafe-sources provided. Convert incompatible responders to local delivery. Apply o+x on all document roots to allow initial reading.

[multiPHP] extension directory may incorrectly pickup ApisCP extensions
[Rampart] fail2ban prefix overwritten
[Databases] clone() copies MySQL, PostgreSQL databases
[Auth] forward Cloudflare IP
[Discourse] disable mini profiler

[PHP] Remi + native multiPHP builds. Remi is simpler package-based at the cost of performance. Native builds have similar throughput to system PHP version (+10-15% over Remi) at the added cost of compilation. apache.php-multi Scope facilitates native builds. See PHP-FPM.md in release documentation.
[PHP] correct PHP 7.4 configuration flag for GD
[SpamAssassin] add X-Envelope-From header for SPF/DKIM checks which occur after SRS rewrite
[CLI] errors always report to STDERR
[Scopes] info() includes default Scope value
[License] add support for network restrictions, domain limits

[Scopes] system.kernel sets kernel type (system, stable, experimental)
[Branding] rename APNSCP to ApisCP
[mysql] recover-innodb-from-disk(), given a directory import all data files (.ibd) for which database lacks but has .frm
[CLI] EditDomain new flags: --all applies edit operation to all sites, previous "--all" flag (edit all services) renamed to "--reconfig". --dry-run shows proposed changes. --reset resets the account to plan defaults.
[Scopes] apache.ports sets HTTP/HTTPS ports for Apache to facilitate placing other services upstream. A non-SSL instance must always be active.
[PowerDNS] update module, add "native" support (lithiumhosting/apnscp-powerdns@6ba5681)
[CloudFlare] update module, trim certain RRs in accordance with API formatting. URI formatting (apisnetworks/apnscp-dns-cloudflare@65132b3)
[AWS] update module, fix condition where an empty RR set on modificaiton fails (apisnetworks/apnscp-dns-aws@6b99a0f)
[Laravel] fix installer version reference, misc installation bugs
[Web Apps] update look and feel
[CLI] YAML_INLINE environment var controls folding depth (default: 2)
[PHP-FPM] correct cyclic socket dependency
[Debugging] add documentation. common:purge-preferences() deletes user prefs in debug. misc:debug-session() enables debugging for named session
[misc] jobify() enqueues an API command as a job. Optional third argument binds to a Site Administrator role, which could be possible to call pman_run() as a secondary user
[artisan] opcenter:plan accepts --base and -c svc,var=val flags to optionally derive from an existing plan and service overrides
[Scopes] apache.strict-directives controls how Apache treats unrecognized directives - 550 (default, strict enabled) or ignores (strict disabled)
[Web Apps] installer errors do not bubble up in try/catch if ER messages upconverted to exceptions

[DAPHNIE] passive metrics collection when [telemetry] => enabled = 1
[apnscpd] resolve when waitpid() syscalls in housekeeping fail to collect exit code
[Bootstrapper] resolve conditions in which Mitogen cannot activate. FLARE prematurely checks for /etc/sysconfig/apnscp

[Logs] fix condition in which xfs-based mounts can trigger an Apache reload failure if a site goes over quota due to idiosyncrasies in how quota enforcement operates compared to ext4
[Scopes] cp.flare-check, cp.update-schedule
[UI] job runner status now available as admin
[scripts] htrebuild implies systemctl reload httpd
[Metrics] materialized views properly refresh
[Opcenter] fix condition where editing all attributes of a domain results in dropping the domain from mapping and subequently fails to regenerate session

[UI] Toolbox domain clones within Manage Mailboxes, Subdomains, and DNS Manager
[PHP] drop dentry/inode cache on PHP-FPM update
[Opcenter] invalidating metacache on certain service reconfigurations triggers session ghost
[UI] update styles
[SSL] AcmePHP supports GET-as-POST
[Opcenter] DeleteDomain, EditDomain support invoice grouping

[System] force-update mod_security package; optionally require module configuration