Tags

NEW:
[Bootstrapper] add has_proxy_only build type, provisions a server to act as a cp-proxy relay. See Panel proxy.md for further information.

FIXED:
[Backups] database backups may never terminate when the number of snapshots exceeds the number of preserved backups.
[Bootstrapper] Node, PHP tarballs accounted under admin1.
[Bootstrapper] sofware/passenger role from an interactive terminal in which Rake is installed suspends tty to background.
[CentOS] version detection incorrect on 8+ paltforms resulting in invalid comparisons.
[DNS] moving providers no longer automatically provisions DNS on the new provider.
[Ghost] mail cannot deliver due to firewall restrictions on "direct" mail transport.

CHANGED:
[Auth] redirection DNS check now optional via [auth] => server_validity. Useful in cp-proxy installs with internal hostnames.
[Auth] log attempts and Anvil blocks now logged to /var/log/secure.
[Bootstrapper] always use local connection in panel
[ClamAV] FreshClam usage dependent upon server mode.
[Digitalocean] honor 30s minimum DNS TTL.
[DNS] record names may be optionally split on 255 octet boundaries now.
[File Manager] cleanup incomplete extractions.
[mail] disable mailbox management for third-party mail providers.

FIXED:
[Opcenter] mail/dns provider list merged in Nexus
[PHP-FPM] unlink stray php-fpm Wants= target from earlier efforts

NEW:
[Opcenter] registration of custom DNS, mail providers. See DNS.md.

FIXED:
[Bootstrapper] duplicate notifications generated for jobs.
[Ghost] Fails to start on fresh install from missing interpreter.
[Opcenter] apache,subnum off-by-one error.
[PHP] move socket after PHP-FPM pool operation. During stop/start operations in Bootstrapper a rare race condition (<0.5%) was observed in which one or more pools may after the socket has been restarted thus inhibiting socket activation.
[systemd] verify systemd-resolved enabled in local presets. Images provisioned with systemd-resolved enabled will lose this setting whenever systemd package updates per rules in /usr/lib/systemd/system-preset/90-default.preset.
[upcp] always cleanup SSH agent directory.

CHANGED:
[Bootstrapper] SCL may be controlled individually via has_scl setting.
[ClamAV] disable freshclam in client-only mode.
[Network] enable bidirectional explicit congestion notification. This has been the default in iOS 11+ and network infrastructure sufficiently new since introduction 20 years ago.
[Opcenter] aliases,max=0 disables end-user addon domain management while retaining administrative alias usage.
[PHP] reset failed state on pool restart.
[Scopes] cp.nightly-update- permit systemd.time(7)-style updates

FIXED:
[DNS Manager] fetch all domains before dropping privileges as admin.
[Filesystem] remove incorrect device-mapper block name from FST, which may block migrations from completing.
[SSO] cookie helper does not replicate when /var is on its own mount-point.
[upcp] restore git 2.2 behavior in overwriting tags if a tag moves during production.

NEW:
[OS] CentOS 8.3+ support.
[upcp] Automatically log updates and report failures.

FIXED:
[Bootstrapper] job daemon authentication changes prevented email summaries from generating for Bootstrapper + integrity check emails.
[cgroups] a mount change in 3.2.13 attempted to unmount the reference cgroup controller instead of bind-mounted controller within the filesystem template.
[UI] downloaded files buffer in-memory potentially resulting in OOM conditions for larger files.
[Web Apps] screenshots on CentOS 8 do not honor /etc/hosts restrictions.

CHANGED:
[Apache] apply 2 GB memory limit to control group slice intended to prevent runaway processes.
[Let's Encrypt] disable renewal of SSL for suspended accounts. Move renewal to activation of suspended accounts. A minor change to suspend-rules template is added to allow /.well-known requests to succeed while a site is undergoing activation.
[Let's Encrypt] honor global strict_mode/verify_ip settings under [letsencrypt] in config.ini.
[Network] switch queueing algorithm to fq, which supports TCP pacing in pre-4.13 kernels necessary for BBR congestion control.
[Nexus] report total accounts in addition to total domains.
[PowerDNS] report connectivity errors.
[Process] always inherit unshared mount's permissions.
[UI] use Brotli compression. Periodically cull HTTP processes above resource watermark (195 MB).
[Utilities] mapCheck will reverse populate appldb.siteinfo table with any missing domains.

NEW:
[Bootstrapper] ARA builds.
[Panel Proxy] support for a singular control panel URL. See @apisnetworks/cp-proxy or Panel proxy.md in the bundled documentation.
[PHP] PHP8 support. Enabling PHP8 disables Horde webmail + ionCube features until supported.
[PowerDNS] centralized DNS management within UI. Any DNS zone in a cluster may be managed from the UI now regardless of server.
[Scopes] php.composer-autoupdate, manage Composer auto updates. virus-scanner.remote-scan, use a centralized ClamAV scanner (see ModSecurity.md).

FIXED:
[Bootstrapper] "php-fpm" service fires on each notify usage that can result in php-fpm-MAIN as well as other services from deactivating.
[File Manager] uploads rejected when diskquota is disabled for site.
[Pagespeed] disable gzip compression when Brotli support enabled. Corrects situation in which content compressed using gzip despite client wanting br
[PHP-FPM] correct race condition in which PHP-FPM starts in parallel before cgconfig.service cgroup hierarchy is created.
[upcp] builds ignored in edge-major.

CHANGED:
[Frontend] reduce memory usage.
[Let's Encrypt] enhance registration reporting errors. Attempt dns-01 solver on root domain when self-check fails.
[Let's Encrypt] detection of new R1 signing root.
[License] enforce DNS-only domain checks early.
[Opcenter] preserve file/inode quotas when diskquota,enabled is disabled. Allows temporary toggles to preserve previous quota settings.
[Opcenter] apache,enabled may be disabled.
[PHP] allow override of configure script location via "php_configure".
[PHP-FPM] write cgroup task only to tracked cgroup controllers.

[Scopes] rename apache.php-multi => php.multi, apache.php-version => php.version. Deprecated beginning 3.3
[UI] migrate all application.spec XML files to Yaml.

REMOVED:
[Postgresql] 9.6 support on CentOS 8.
[System] sssd service.

CHANGED:
[systemd-resolved] Apply CentOS #16988 hotfix for missing PrivateTmp=/ProtectSystem= declarations resulting in 222/NAMESPACE failure
[SysV] apply rc-compatibility changes to /etc/rc.d/rc.local

NEW:
[OS] Stream 8 support.
[upcp] "edge-major" mode to set ApisCP on edge releases until next official release.
[webapp] snapshot(), rollback() API helpers to facilitate app snapshots and rollbacks. API signature applies to all compatible Web Apps.

FIXED:
[Composer] specify "name" field on config/custom/composer.json creation.
[git] commit() does not report failure reason.
[Ghost] LTS version fails to set on pristine account.
[MySQL] imports cannot read from backups that begin with a dot.
[PHP] apply g+x to home directories when subdomains are located within if PHP-FPM is used.
[PHP] socket activation may be disabled on boot.
[Python] Python3 libraries missing on CentOS 8 platforms.
[Settings] Cannot unset "Strict SSL" setting.

CHANGED:
[Bootstrapper] changing hostname in net.hostname update
[dns] remove_zone() accepts optional $force parameter bypassing any sanity checks in removal.
[Internal] Improve self-referential timeouts for misbehaving routers.
[Laravel] db_config()- cache configuration if needed.
[PHP] Increase default upload filesize limit.
[PHP] Permit fpm-config-custom to override php_admin directives.
[Rampart] reduce port ban on postfix-sasl violation to Postfix ports (25, 465, 587).
[web] remove_subdomain()- add optional $keepdns parameter to retain DNS after a subdomain is removed.

NEW:
[Web Apps] prune() API method removes invalid document roots.

FIXED:
[PEAR] conflicting PEAR_Exception declaration triggered in specific setting where SMTP server sends mail and PEAR dependency had been previously included by a forced inclusion via require_once. Notably this situation was encountered on Let's Encrypt renewal where a certificate failed renewal and ApisCP configured to use an external SMTP service.

CHANGED:
[MySQL] Force update to November 9 security release for local privilege vulernability.
[Terminal] backport IPv6 support

FIXED:
[MariaDB] "Malformed communication packet" error in PHP-linked PDO library present in 10.3.26. Force downgrade to 10.3.25 and version-lock until this bug is resolved upstream.
[Panel] listen on IPv6 addresses.
[Perl] add missing perl-interpreter package

CHANGED:
[File Manager] clipboard split button toggles clipboard dropdown.
[MariaDB] missing libmariadb library from FST.
[PHP] patch system, including OpenSSL fixes in PHP 5.6 on CentOS 8+ systems.
[Web Apps] honor skip preferences before calculating update candidates.

FIXED:
[imagick] Severe performance regression in 3.4.4 impacting WordPress media uploads. Switch to dev releases until resolved.
[polkit] GDBus errors on service restart in CentOS 7.

CHANGED:
[Add User] add link back to Manage Users.
[ghost] follow recommended Node version.
[MXRoute] implement API lookups to determine public MX/fallback MX records.
[WordPress] squelch plugin/theme version query warnings for commercial plugins.

NEW:
[AddDomain] --bootstrap will automatically issue SSL for the domain upon creation. See Plans.md for further details. May be configured globally by setting [letsencrypt] => auto_bootstrap.
[Composer] Composer 2.0 support for new installs.
[Kernel] add support for querying BLS layouts.
[ImageMagick] policy management via software/imagick role.
[UI] alter login appearance via [style] => verbose_login.
[Yum] implement post-transaction actions for dnf-based systems (CentOS 8+).

FIXED:
[Bootstrapper] various idempotency fixes.
[file] takeover_user() applies permissions as if previous user still owner.
[PHP-FPM] Restarting PHP-FPM services could result in vanishing socket caused by out-of-order execution.
[PostgreSQL] Startup may not always have /run/postgresql available.

CHANGED:
[bwcron] Suspension logic rotated such that stopgap > notify, stopgap is now checked before notify threshold.
[Cloudflare] restrict API management of .cf, .ga, .gq, .ml, .tk TLDs per Cloudflare's policy.
[Nexus] implement password sharing in welcome email.
[Postfix] relax mandatory header insertion to locally originating mail only. Resolves potential condition where forwarded mail breaks DKIM.

REMOVED:
[Laravel] cache priming while apache,jail=1

FIXED:
[MySQL] database grants on newly-created databases lack privilege editing.

CHANGED:
[Discourse] follow Docker guidelines with Node version (v10). Pass HTTP protocol type to backend for CSP conformance.
[Node] installed() allows weak matching on versions, i.e. node:installed 10.2 will match 10.2 or 10.2.5.
[Ruby] installed() allows weak matching on versions, i.e. ruby:installed 2 will match 2, 2.7, or 2.7.5.
[WordPress] suspend versioning support on theme updates. A nasty bug exists in WP-CLI that leaves a theme deleted if an update fails. See wp-cli/extension-command#263.

NEW:
[Auth] geolocation security notices may use self-hosted GeoLite2 database. See SECURITY.md.
[Databases] double-throw safety switch for mysql and pgsql services. Prior to, the only means to delete databases/grants on an account was to remove the account. A DTSS has been added that allows these to be removed by setting enabled=0 and dbaseprefix=None in the corresponding service definition. See MySQL.md.
[PHP] multiPHP role in Bootstrapper, php/multiphp. This role will update and build new native multiPHPs during a platform scrub. Setting apache.php-multi will persist settings now for use with php/multiphp.
[PowerDNS] turnkey AXFR clustering. See PowerDNS.md.

FIXED:
[Bootstrapper] ionCube work directory is not always created.
[Cloudflare] weak record check via $parameter omission always fails.
[Cloudflare] reformat parameter if "key" index looks like a token.
[Dovecot] rewriting a subject on learning spam as ham results in cache corruption/segfault in Dovecot 2.2.36.4.
[email] address_exists()- catch-alls always return false.
[Geoip] IPv6 geolocation reports as invalid.
[PostgreSQL] add missing v12 support in filesystem template.
[rspamd] event order isn't guaranteed on Firefox resulting in persistent authentication screen.
[ruby] incorrect coalesce order reports useless error reason in do().
[Scopes] mail.smart-host cannot be disabled.
[Settings] Cannot deselect Nexus app settings.
[Spam Filter] delivery threshold applied for User Administrator resulting in error.
[Systemd] non-existent services reported as present by incorrect status code comparison in systemctl.
[WordPress] prior skiplist entries are transmogrified on edit.

CHANGED:
[Bootstrapper] bypass account creation when license class disallows it.
[Bootstrapper] reduce has_low_memory requirement by 9 MB. Larger systems reserve more memory for hotpluggable CPUs that create adverse install conditions for low-memory mode.
[crontab] list_users()- ignore temporary files created as "#tmp".
[DAPHNIE] increase max_locks_per_transaction for large hypertable environments.
[DeleteDomain] error when --since and identifier arguments omitted.
[License] add language restrictions.
[Migrations] bogus catch-alls now deliver to the named user unless a separate passwd entry exists for user.
[MySQL] database_exists()- query INFORMATION_SCHEMA as a reliable oracle of database presence. Previously, grants were examined, which could result in spurious results.
[PowerDNS] add Monit profile.

REMOVED:
[Dashboard] Google Analytics loads only when needed.

NEW:
[Bootstrapper] MariaDB 10.5 support.
[DeleteDomain] --filter=XYZ may be specified to delete domains that match a suspension reason (see Plans.md).
[git] clean() removes untracked files from repository.
[SuspendDomain] suspension reasons may be given with --reason=XYZ. A template may be specified with --template=ABC. Reasons are shown upon login when [auth] => show_suspension_reason is enabled.

FIXED:
[PowerDNS] correct condition in which configuring PowerDNS as default provider, then installing PowerDNS on same server would utilize different API keys.
[SOAP] traits and proxied modules were improperly listed in WSDL.
[Terminal] discover non-standard SSH port.

CHANGED:
[Argos] monitoring of /home partition if different.
[Bandwidth] autofix missing spans.
[Bootstrap] bootstrapper-resume service may timeout on lower performing hardware during installation cycle. Increase timer to 3 minutes.
[Bootstrapper] SpamAssassin filter threshold may be configured using spamassassin_scan_threshold.
[DNS] add check to use systemd-resolve service ("resolve") in nsswitch.conf on derelict upstream DNS resolvers.
[UI] Upgrade jQuery 3.5.1.

REMOVED:
[MySQL] editing control user hostname (localhost). For remote connections for primary user, change 127.0.0.1. localhost is always used for phpMyAdmin access.

NEW:
[Web Apps] "Forget Application" option. Discards any stored information about the web app. Useful with previously detected subdirectories.

FIXED:
[Vacation] affected domains may be listed multiple times.
[Vacation] message does not immediately update on alteration.
[vsftpd] restart service after system SSL update.
[Web Apps] allow "Release Fortification" for unknown apps.
[Web Apps] add authorization check for HTTP/1.0 domain enroll/unenroll actions.

CHANGED:
[UI] add debug mode indicator.

NEW:
[AddDomain] --notify passed to AddDomain will dispatch a welcome email upon provisioning.
[cgroup] volatile cgroup resources, specifically resources set by the "cgroup" service class, may be temporarily suspended.
[Composer] [webapps] => composer_volatile applies memory volatility during composer operations, specifically install, which can use a remarkable amount of memory solving.
[node] get_default()- get default interpreter for a given path.
[Scopes] apache.mutex Scope, quickly change synchronization mutex.

FIXED:
[firewalld] flush nft tables when backend chages. Switching firewalld backend from nft to iptables persists default drop-all policy that takes priority, blocking any permit rules.
[joomla] version check fires before update, reporting incorrect update status.
[Login] autofilled fields do not transition.
[mysql] permit IPv6 addresses.
[Preferences] various fixes that would result in preferences being overwritten or partially updated.
[Webapps] git fails on relocated documented root.

CHANGED:
[apnscpd] disable cron processing/job runner when [apnscpd] => cron_resolution is 0
[auth] changing password clears Dovecot authentication cache used by IMAP/POP3/SMTP.
[ghost] relax memory minimum to 768 MB.
[Metrics] trade storage for memory during metric compression. Reduce window over which compression runs.
[Nexus] add "Login As" option after account is created.
[Nexus] define "units" validator range.
[Sessions] automate corrupted session table recovery. MariaDB is designed to recover tables in the background upon detecting corruption; however, in 10.3 this is scantly seen. Add a startup check and automate recovery if apnscpsession.php is the last file in the backtrace.
[Webapps] git snapshot uses application root instead of docroot.
[Webapps] UI update triggers Update Assurance if configured.
[wordpress] explicitly set --version= flag if version specified to plugin/theme. Some plugins/themes are known to block WP CLI from correctly detecting remote version (see wp-cli/wp-cli issues #370, #1123).

REMOVED:
[dnf] dnf "best" package usage.
[OS] crashkernel support on installs with less than 2 GB.

SECURITY:
[common] preference cache uses built-in Redis serializer, which could allow an attacker to store a carefully crafted class instance as a preference value. No known attack vector exists presently, but if preferences had a vulnerability to store an arbitrary object or attacker had direct access to modify raw preference data, it would thus be feasible to leverage. Use a whitelist of acceptable objects to unserialize.

FIXED:
[build] check composer.lock timestamp on each update to ensure ./composer install is installed as needed during batch updates.
[Nextcloud] reapply read/write access to config.php depending on Fortification mode.
[Summary] report service limits.
[Web Apps] "Show Detected Apps" hides all apps.

CHANGED:
[Discourse] support 2.4.0+
[Firewalld] restart firewalld when switching FirewallBackend types. A full flush is required otherwise all network operations are blocked.
[Opcenter] sort services on edit hook.
[pgsql] incorrect field in add-user() parameterization.
[Postfix] always add missing headers. Broken mail clients, such as Windows Mail, do not set a Message-ID header resulting in quarantined mail.
[rspamd] disable RBL checks for ESMTPA transactions.
[Scopes] add scope change to history.
[Web Apps] separate into individual repositories. Native apps may be overridden by placing the corresponding app in config/custom/webapps/name, then running ./composer dump-autoload -o followed by systemctl restart apiscp.
[WordPress] use native mod_rewrite template. Resolves double-append cases when permalinks are updated in panel.

REMOVED:
[Preferences] hrtime() uses arbitrary origin and thus unsuitable for synchronization checks.

[composer] Force package update, resigning a tag on acomposer update does not update the composer packages when reapplying the tag. This will be addressed in v3.2.2
[firewalld] Switching from nftables to iptables requires a reboot to properly flush tables. A workaround for a rebootless change will be addressed in v3.2.2

3.2 release 🎉
 Web Apps facility rewrite, significant improvements to functionality.

NEW:
[Bootstrapper] BSARGS= environment variable for passing off --extra-vars=$BSARGS to ansible-playbook, e.g. `env BSARGS="--force=yes" upcp -sb`
[CLI] "serialize" output/input format added. Uses builtin PHP serialization to pass objects around unadulterated.
[Dashbord] add Argos glance.
[DNS] Katapult, Hetzner DNS providers. Katapult is an upcoming premium VPS, Hetzner provides free DNS service.
[dns] verify(), verified(), challenges() API calls for third-party DNS providers that require additional challenges.
[git] add_ignore(), list_ignored_files()manage ignored files for git repository.
[web] get_all_hostnames_from_path()given a docroot, find all hostnames that serve from this base location.
[webapp] general purpose Web App module. Don't know the web app installed under a document root, but want to update it? cpcmd -d mydomain.com webapp:update mydomain.com. All family methods are exposed through this module except install().
[webapp] get_reconfigurable()get a reconfigurable value either transient or fixture.
[Web Apps] learn, write, release are now callable from API. wordpress:fortify("mydomain.com","","learn", [10]);
[Web Apps] fortification_modes()list all Fortification modes available to an app.
[Web Apps] Nextcloud 1-click support.
[Web Apps] Manifests. Bolt on Fortification and database snapshot/rollback support to any document root on your account. Manifest Fortification may define additional modes in addition to an app's base modes.
[Web Apps] notification controls via Account > Settings.
[Web Apps] third-party support. See @apisnetworks/apiscp-webapp-demo for a sample application.
[WordPress] AST parser allows for tighter integration with wp-config.php. Changing Fortification to "write" mode for example rewrite FS_METHOD to 'direct' automatically. May be used in hooks as well (see WordPress.md).
[WordPress] Site duplication and rename support. Easily migrate a WP site from staging to production with one click!

FIXED:
[file] stat calls could report an invalid user if the user were removed and recreated with the same site ID/user ID combination.
[DeleteDomain] flush global error log prior to deletion. Epehemeral account generation may erroneously report failure if global state is error prior to deletion.
[Migrations] update IPv6 on migration
[Web Apps] corrupted sites during update will no longer terminate an update batch.

CHANGED:
[Core] bump PHP to 7.4.
[Datastream] support 2^22 PIDs, which allows for worker pinning when PID exceeds 65536.
[Let's Encrypt] disable wildcard SSL if null driver is used.
[Laravel] Update Laravel to 6/LTS, Horizon to 3.
[mysql, pgsql] clone() may now duplicate a database into an empty destination.
[mysql, pgsql] export() may now export a database onto an empty file.
[PHP] libsodium always enabled for PHP 7.2+.
[Postfix] CentOS 8/systemd sendmail compatibility. RestrictAddressFamilies requires AF_NETLINK support. Setting PrivateDevices or RestrictAddressFamilies, in addition to other directives, irrevocably enables NoNewPrivileges=yes, which prevents postdrop setgid helper from temporarily granting the invoking process "postdrop" membership. This requires either opening /var/spool/postfix/maildrop to world or using ACLs to grant apache user write/execute permissions to directory. Pursuing this route blocks future developments in multi-user pools as well as running pool same-user (cPanel compatibility mode), leaving supplementary group addition the only appropriate route.
[PostgreSQL] PostGIS install-time option via `pgsql_has_postgis`.
[PowerDNS] pdns server no longer explicitly enabled if using PowerDNS provider unless `powerdns_enabled` is set to true.
[Rampart] disabling FTP/mail services disables respective log monitoring profiles.
[UI] convert collapse to flyout menu. Minor UI tweaks.
[UI] "search" promoted into reusable component.
[Web Apps] report Fortification mode in meta gutter.