Tags

[PostgreSQL] experimental v12 support
[cPanel] follow mailbox aliases in non-standard shell imports
[Backups] process backups on unlimited quota accounts

[Migrations] migrate suspended cPanel sites
[tmpfiles.d] e flag correctly applied in CentOS 7.7. var glob incorrectly referenced as "var" instead of "var/tmp"
[apnscp] PID corruption on abrupt shutdown
[mysql] permit dash in database prefix

[Scopes] apache.evasive-wordpress-filter sets strict xmlrpc/wp-login POST limits
[Opcenter] plans now support partial overrides
[Rampart] fail2ban v0.10 compatibility
[Scopes] Static file + WordPress filters customizable templates (see docs/admin/Evasive.md)
[Bootstrapper] quota build applied incorrectly on / mount instead of /home
[Opcenter] improve failed account resiliency. Unhandled exceptions reported on failed creation
[Bandwidth] updating bandwidth,threshold properly updates database record
[Wordpress] Fortification applies mutual read-write permissions to upgrade/

[PHP] update internationalization build deps
[CLI] suspend resumption effectively resolving unpredictable "Session corruption" error
[cPanel] handle case where SHELL is without quotes. Soft fail is dnszones/ is missing from backup
[fail2ban] decrease database retention duration from 90 days to recidive duration + 5 days
[Modules] .pgpass missing provisioning on account creation
[Modules] admin:collect() accepts second parameter, filter param e.g. cpcmd admin:collect null "[ssh.enabled:1]"

[SECURITY] xss in gecos in Manage Users, file:reset-path() operates on referent instead of link
[Bootstrapper] system/sysctl improperly handles empty values in Ansible 2.8.4
[Quota] disabling disk quota no longer disables inode quota
[DNS] changing the primary domain fails ownership check
[DNS] email:get-records() renamed to provisioning-records() for consistency with dns:provisioning-records()
[apnscpd] backend lockups recover faster

[Laravel] fix "min" Fortification application
[Migration] add --delete flag, removes backup on successful import
[scripts] expand change_dns.php usage to support arbitrary TTL/prior IP
[AJAX] remove "s" session ID setter
[helpers] fix condition in which collapsed arrays reported "name.subname.index" in key

[UI] custom times generate warning in Task Scheduler
[UI] show matching search meta in Nexus
[UI] typo in Code Frameworks, setting global interpreter with goenv/rbenv

[admin] collect() helper function, generate account list of requested service parameters
[SSL] include webmail subdomains

[Migration] attempt in-situ extraction using ustar format, fallback to POSIX.1-2001 when file exceeds system memory or ustar restrictions.
[Migration] workaround for cPanel server migration or username change in which home field in passwd retains prior homedir marker

[Scopes] system.sshd-pubkey-only sets public-key only authentication
[Scopes] fs.tmp-mount sets /tmp properties
[Web Apps] learning mode bestows permissions to app root owner on new directories
[Migration] use pigz when available
[Migration] fix large cPanel imports
[Task Scheduler] fix tasks with tabbed time-spec cannot be deleted
[DNS] changing providers populates zones on new provider

[Summary] BUGFIX retrieving apps by ID treated as string
[PHP] disable opcache_invalidate() usage. Restricted by opcache.restrict_api setting, which generates a warning that may not be correctly handled.
[ssh] backport keyboard-interactive toggle (sshd_pubkey_only setting)

[Opcenter] create server affinity record on import
[Mail] cleanup majordomo method errors if mail provider not builtin
[Passenger] set default app timeout
[Summary] apps conditionally linked to based upon availability

[Opcenter] cPanel Migrations
[DNS] imported resources determined by target DNS provider RRs
[DNS] compatibility with cPanel exported zones which ignore class in AXFR

[Opcenter] always lowercase domain
[Opcenter] in-place account wipe/creation reuses previous credentials on first call to aliases:synchronize-changes()
[Wordpress] link WP-CLI to /usr/bin/wp-cli
[Migration] cPanel migration updates

[Migration] cPanel import facility preview
[UI] remove e-mail options when mail driver is null or disabled
[DNS] correct addon domain DNS provisioning when dns,enabled=1 toggled
[Wordpress] validate wp-cli consistency on update
[MySQL] user update ignores .my.cnf update

[security] AP-01-AP-07 vulernability fixes
[file] symlink usage disables optimized shadow assertions. Use referent in permission calculations to close symlink attack loophole.
[dns] domain_hosted() uses cp-proxy endpoint to perform additional checks in multi-server setups
[filesystem] fuser support
[backups] backup_dbs.php does not evaluate the state of file prior to processing backup. An attacker can use a symlink attack to gain ownership of sensitive files
[SSL Certificates] revert CSR generation

[UI] permit session switch on all apps
[UI] disable MIME sniffing
[DNS] disabling DNS no longer removes key, provider setting from service
[DNS] move DNS zone depopulation to end of service depopulate() call. Removes false positive on missing zone.
[Bootstrapper] addin skipped when role type is directory
[Billing] [billing] => demo_invoice, any account attached this invoice will be a demo account
[Webmail] fix access without SSO uses shortcut
[Webapps] remove conflicting htaccess directives (FollowSymLinks, Includes) from .htaccess

[Bootstrapper] correct addin logic with modules/roles/tasks
[Dashboard] Google Analytics bounding

[Bootstrapper] addin facility modules
[Magento] sanitize db credential import on 2.x
[Cloudflare] non-standard TTL breaks atomic update
[UI] potential CSRF IP disclosure on password reset request

[apnscpd] doubly including a recursive anonymous function during IDE helper generation can generate a segfault under certain conditions
[Scopes] immediately change /etc/sysconfig/apnscp on update policy