Releases: froxlor/Froxlor
Releases · froxlor/Froxlor
Froxlor Beta Release 2.1.0-beta1
What's Changed
- Added otp security check to critical settings
- Domains: added possibility to deactivate single domains
- Domains: remove 'main but subdomain' as this is done automatically now
- Added Domains.duplicate() API call, refs #807
- Added php-configuration to domain-listing, fixes #1141
- Added Froxlor.generateLoginLink() API call to allow generation of one-time-login links for customers, thx to INWX for supporting and sponsoring this feature
- Added support DNS TLSA record by @overgrow in #1165
- Add tabindex to search by @rubo77 in #1182
- Allow editing/viewing of standard subdomain for customer, fixes #1121
- Combine change-password, change-theme and change-language into 'my profile'
- Renamed CustomerBackup to DataDump
- Added the ability to enable/disable login for ftp users; fixes #1146
- Send email notification to admin for non-successful let's encrypt results; fixes #1162
- Allow customers to enable separate log-file for (sub)domains; fixes #1117
- Added config-diff CLI Command (#1168)
- Added markdown support in custom_notes field
Full Changelog: 2.0.24...2.1.0-beta1
Release 2.0.24
What's Changed
- fix API permission error in navigation when customer-hide-options include 'domains'; fixes #1183
- fix vhost-cleaning regex for nginx-location directives; fixes #1185
- added catalan language
- NOTE: This is the last release in the 2.0 series. Stay tuned for announcements about froxlor-2.1
Full Changelog: 2.0.23...2.0.24
Release 2.0.23
What's Changed
- [API] validate non-empy admin-name in Admins.update()
- [API] fix optional-flag for IpsAndPorts.add() and IpsAndPorts.update()
- rework path to certificates non-ecc/ecc, regardless of current setting
- adjust proftpd config for debian 12 bookworm
- correctly redirect to last-page if session is timed out and remove passing script/qrystr url parameters
- correct validation of hostingplan name and description
- Add config-diff CLI Command by @bashgeek in #1168
Full Changelog: 2.0.21...2.0.23
Release 2.0.21
What's Changed
- Correcting Nginx location match, fixes #1153
- remove hidden fields from login/passwd-reset; refs #1102
- adjust log-levels in API methods
- exclude password fields from being filtered/escaped by AntiXSS, fixes #1150
- Fix typo in pathDescriptionSubdomain; #1156
- validate generated config-json parameter string
Full Changelog: 2.0.20...2.0.21
Release 2.0.20
What's Changed
- Fix typo in English privileged_passwd by @n-thumann in #1136
- Fix IPv6 address in cookie domain by @n-thumann in #1137
- Add same loginfail restrictions for entering 2fa code as for user/pwd login
- Remove superfluous try_files in nginx config if php-backend (non-fastcgi) is used
- Fix missing idna encode adding/editing email-account/email-forwarder
- Secure filename of local-archive in webupdate
- Show 0 value of resource-fields if value is empty, fixes #1149
- Re-enable fcgid/php-fpm activation-validate-check
Full Changelog: 2.0.19...2.0.20
Release 2.0.19
- don't run cron tasks if requirements return non-success; fixes #1122
- respect no-try_files setting also in protected directories
- put php-fpm directives in Directory-directive in apache2; fixes #1120
- strictly check whether field to select is the id or the email-address b/c is cases of email-addresses starting with a digit this is somehow used as value for the id field and return the wrong entity
- fix adding mysql-server to customers without any prior assigned mysql-server, fixes #1123
- fix issues with displaying set value if path-mode is 'dropdown'
- trigger rebuild of config files after changing only ip-settings in domains
- add copy-system-details-to-clipboard button on admin dashboard; fixes #1126
- Allow admins to edit openbasedir_path for domains (#1125)
- set default value of 'openbasedir_path' to 0 in SubDomain.add() like we do in Domains.add()
- set default value for email_quota to settings-default in EmailAccounts.add(); fixes #1132
- Disable autocomplete on 2FA input element (#1133)
- introduce http-request rate-limit
Full Changelog: 2.0.15...2.0.19
Release 2.0.15
- use correct parameter in PowerDNS::cleanDomainZone(), fixes #1104
- add 'Passing HTTP AUTH BASIC' header option when using FCGID
- require php-gd extension for better/secure validating uploaded images
- add Spanish language (#1105)
- avoid socket length limitations leading to cut-off/invalid filename for very long domain and/or loginnames, fixes #1108
- corrected checkLocalGroup() validation if setting did not change, fixes #1111
- open newsfeed-links in a new tab, fixes #1112
- fix incorrect indexed array sorting in case of FTP-domain-usernames; fixes #1114
- add certificate metadata to db table to allow filter/sort of 'Issuer', 'Valid from' and 'Valid until' properties
- correctly retriggered certificate issue on froxlor-vhost alias-domain changes, fixes #1115
Full Changelog: 2.0.13...2.0.15
Release 2.0.13
- keep search-fields/text in pagination links of displaying a search-result
- specify clearly which tls settings are being overwritten/ignored depending on the 'Override system TLS settings' flag when adding/updating Domains
- type-safe comparsion of md5-compatibility hash-validation
[CWE-305: Authentication Bypass by Primary Weakness] - fix email-domain navigation and descriptions
- update dependencies
Full Changelog: 2.0.12...2.0.13
Release 2.0.12
- add new email-domain-overview for better overview of multiple email-domains/addresses
- fix let's encrypt dns validation check
- backup possible remote-db-server databases in backup-cron
- fix wrong function-definition in nginx-cron
- check for existing fields when setting/updating tablelisting-columns
[CWE-352: Cross-Site Request Forgery (CSRF)] - corrected validation of import-settings data to avoid injecting malicious content
[CWE-94: Code Injection]
Full Changelog: 2.0.10...2.0.12
Security Release 2.0.10
- enforce password requirements set in settings for directory-protection
[CWE-521: Weak Password Requirements] - add missing use statement for error-reporting to include the dbms version
[CWE-391: Unchecked Error Condition] - validate existence of language in admin-templates
[CWE-840: Business Logic Errors] - verify cronjob interval is one of the fixed available values
[CWE-96: Static Code Injection] - fix possible privilege escalation from customer to root when specifying custom error documents in directory-options
[CWE-94: Code Injection]
Full Changelog: 2.0.9...2.0.10