Skip to content

Releases: froxlor/Froxlor

Froxlor Beta Release 2.1.0-beta1

13 Oct 08:46
2.1.0-beta1
cfae354
Compare
Choose a tag to compare
Pre-release

What's Changed

  • Added otp security check to critical settings
  • Domains: added possibility to deactivate single domains
  • Domains: remove 'main but subdomain' as this is done automatically now
  • Added Domains.duplicate() API call, refs #807
  • Added php-configuration to domain-listing, fixes #1141
  • Added Froxlor.generateLoginLink() API call to allow generation of one-time-login links for customers, thx to INWX for supporting and sponsoring this feature
  • Added support DNS TLSA record by @overgrow in #1165
  • Add tabindex to search by @rubo77 in #1182
  • Allow editing/viewing of standard subdomain for customer, fixes #1121
  • Combine change-password, change-theme and change-language into 'my profile'
  • Renamed CustomerBackup to DataDump
  • Added the ability to enable/disable login for ftp users; fixes #1146
  • Send email notification to admin for non-successful let's encrypt results; fixes #1162
  • Allow customers to enable separate log-file for (sub)domains; fixes #1117
  • Added config-diff CLI Command (#1168)
  • Added markdown support in custom_notes field

Full Changelog: 2.0.24...2.1.0-beta1

Release 2.0.24

06 Oct 09:40
2.0.24
166ec05
Compare
Choose a tag to compare

What's Changed

  • fix API permission error in navigation when customer-hide-options include 'domains'; fixes #1183
  • fix vhost-cleaning regex for nginx-location directives; fixes #1185
  • added catalan language
  • NOTE: This is the last release in the 2.0 series. Stay tuned for announcements about froxlor-2.1

Full Changelog: 2.0.23...2.0.24

Release 2.0.23

01 Sep 08:25
2.0.23
10555bf
Compare
Choose a tag to compare

What's Changed

  • [API] validate non-empy admin-name in Admins.update()
  • [API] fix optional-flag for IpsAndPorts.add() and IpsAndPorts.update()
  • rework path to certificates non-ecc/ecc, regardless of current setting
  • adjust proftpd config for debian 12 bookworm
  • correctly redirect to last-page if session is timed out and remove passing script/qrystr url parameters
  • correct validation of hostingplan name and description
  • Add config-diff CLI Command by @bashgeek in #1168

Full Changelog: 2.0.21...2.0.23

Release 2.0.21

07 Jul 08:08
2.0.21
Compare
Choose a tag to compare

What's Changed

  • Correcting Nginx location match, fixes #1153
  • remove hidden fields from login/passwd-reset; refs #1102
  • adjust log-levels in API methods
  • exclude password fields from being filtered/escaped by AntiXSS, fixes #1150
  • Fix typo in pathDescriptionSubdomain; #1156
  • validate generated config-json parameter string

Full Changelog: 2.0.20...2.0.21

Release 2.0.20

02 Jun 18:46
2.0.20
c236d9e
Compare
Choose a tag to compare

What's Changed

  • Fix typo in English privileged_passwd by @n-thumann in #1136
  • Fix IPv6 address in cookie domain by @n-thumann in #1137
  • Add same loginfail restrictions for entering 2fa code as for user/pwd login
  • Remove superfluous try_files in nginx config if php-backend (non-fastcgi) is used
  • Fix missing idna encode adding/editing email-account/email-forwarder
  • Secure filename of local-archive in webupdate
  • Show 0 value of resource-fields if value is empty, fixes #1149
  • Re-enable fcgid/php-fpm activation-validate-check

Full Changelog: 2.0.19...2.0.20

Release 2.0.19

06 May 18:17
2.0.19
d5661d4
Compare
Choose a tag to compare
  • don't run cron tasks if requirements return non-success; fixes #1122
  • respect no-try_files setting also in protected directories
  • put php-fpm directives in Directory-directive in apache2; fixes #1120
  • strictly check whether field to select is the id or the email-address b/c is cases of email-addresses starting with a digit this is somehow used as value for the id field and return the wrong entity
  • fix adding mysql-server to customers without any prior assigned mysql-server, fixes #1123
  • fix issues with displaying set value if path-mode is 'dropdown'
  • trigger rebuild of config files after changing only ip-settings in domains
  • add copy-system-details-to-clipboard button on admin dashboard; fixes #1126
  • Allow admins to edit openbasedir_path for domains (#1125)
  • set default value of 'openbasedir_path' to 0 in SubDomain.add() like we do in Domains.add()
  • set default value for email_quota to settings-default in EmailAccounts.add(); fixes #1132
  • Disable autocomplete on 2FA input element (#1133)
  • introduce http-request rate-limit

Full Changelog: 2.0.15...2.0.19

Release 2.0.15

23 Apr 10:01
2.0.15
ca433d8
Compare
Choose a tag to compare
  • use correct parameter in PowerDNS::cleanDomainZone(), fixes #1104
  • add 'Passing HTTP AUTH BASIC' header option when using FCGID
  • require php-gd extension for better/secure validating uploaded images
  • add Spanish language (#1105)
  • avoid socket length limitations leading to cut-off/invalid filename for very long domain and/or loginnames, fixes #1108
  • corrected checkLocalGroup() validation if setting did not change, fixes #1111
  • open newsfeed-links in a new tab, fixes #1112
  • fix incorrect indexed array sorting in case of FTP-domain-usernames; fixes #1114
  • add certificate metadata to db table to allow filter/sort of 'Issuer', 'Valid from' and 'Valid until' properties
  • correctly retriggered certificate issue on froxlor-vhost alias-domain changes, fixes #1115

Full Changelog: 2.0.13...2.0.15

Release 2.0.13

03 Mar 12:16
2.0.13
b30d7a8
Compare
Choose a tag to compare
  • keep search-fields/text in pagination links of displaying a search-result
  • specify clearly which tls settings are being overwritten/ignored depending on the 'Override system TLS settings' flag when adding/updating Domains
  • type-safe comparsion of md5-compatibility hash-validation
    [CWE-305: Authentication Bypass by Primary Weakness]
  • fix email-domain navigation and descriptions
  • update dependencies

Full Changelog: 2.0.12...2.0.13

Release 2.0.12

17 Feb 10:23
2.0.12
38d9469
Compare
Choose a tag to compare
  • add new email-domain-overview for better overview of multiple email-domains/addresses
  • fix let's encrypt dns validation check
  • backup possible remote-db-server databases in backup-cron
  • fix wrong function-definition in nginx-cron
  • check for existing fields when setting/updating tablelisting-columns
    [CWE-352: Cross-Site Request Forgery (CSRF)]
  • corrected validation of import-settings data to avoid injecting malicious content
    [CWE-94: Code Injection]

Full Changelog: 2.0.10...2.0.12

Security Release 2.0.10

28 Jan 19:29
2.0.10
c5bece6
Compare
Choose a tag to compare
  • enforce password requirements set in settings for directory-protection
    [CWE-521: Weak Password Requirements]
  • add missing use statement for error-reporting to include the dbms version
    [CWE-391: Unchecked Error Condition]
  • validate existence of language in admin-templates
    [CWE-840: Business Logic Errors]
  • verify cronjob interval is one of the fixed available values
    [CWE-96: Static Code Injection]
  • fix possible privilege escalation from customer to root when specifying custom error documents in directory-options
    [CWE-94: Code Injection]

Full Changelog: 2.0.9...2.0.10