Changelog
Changes in version 2.14.3 (07/06/2022):
- configuration command
db_optionnow supportscharsetandcollationoption for MySQL databases (required with MySQL < 5.7 / MariaDB < 10.1) - very old databases (MySQL <5.7, MariaDB <10.1) are now automatically migrated and opened with
utf8character set whenutf8mb4is not available (sodb_optionsdoes not need to be set manually) - updated list of strong SSL ciphers
- fixed bug when using SOAP API with reseller subscriptions
- fixed (internal) bug when inserting data into table BACKUPS
- fixed error on sorting numerical customer IDs
- fixed bug when disabling TLS 1.0/1.1 for individual web server IP groups
Changes in version 2.14.2 (06/24/2022):
- fixed regression bug from 2.14.1 (remove
-efromdovecot.conf)
Changes in version 2.14.1 (06/24/2022):
- fixed bug in database migration when parked mailboxes existed
- fixed problem in database migration when IP addresses or webservers have been manually deleted from database
- fixed bug when adding stats-writer option to dovecot.conf
Changes in version 2.14.0 (06/22/2022):
- major improvements in database schema
- removed billing contact (“billing-c”)
- added
%USER%placeholder for php.ini management - adding “notify no;” to new DNS zones on secondary servers (to reduce NOTIFY messages)
- delete cached secondary DNS zone data file when zone is deleted
- improved file permissions for DNS zone paths
- removing stale Apache mod_fcgid socket files after 30 days
- generating self-signed TLS certificates with proper X509v3 extensions to mitigate problems with Chrome on MacOS 10.15
- Reseller settings:
+at the end of a subscription prefix (for exampleweb+) is replaced with next free number (starting at 1) - improved security when resetting the LiveConfig password
- fixed password hashing issue when using vsftpd (with PAM) on Debian 11 and Ubuntu 20 (old DES passwords for virtual FTP users might be unusable)
- zone files sometimes weren’t removed when deleting a zone
- fixed configuration of HTTPS redirect with wildcard subdomains
- Dovecot configuration >= 2.3 now contains the “stats-writer” directive
- fixed bug when deleting FPM pool configuration for subscription with upper-case letters
- fixed wrong location of webalizer data files on CentOS
Changes in version 2.13.1 (01/30/2022):
- fixed wrong table order in MySQL schema (table
APIKEYScouldn’t be created) - implemented rate limit for dynamic DNS updates (default: 15 updates per 10 minutes, configurable via LCDefaults key
dns.updateLimit) - create
/etc/ssl/chainsif not existing on initial Apache configuration - updated Expat library to v2.4.4
Changes in version 2.13.0 (10/15/2021):
- improved usability for “Delete Mailbox” button (prevent unintended deletion of mailbox)
- preparing for rate limiting Dynamic DNS updates
- security fix (file access - low impact level)
- security fix (stored XSS within own customer data, low impact level)
- updated Site.pro module
- IP addresses can optionally be added only to web server vHost config, but not to DNS
- Debian/Ubuntu: moving intermediate certificate files from
/etc/ssl/certs/*-ca.crtto/etc/ssl/chains/*-ca.crt, adjusting Apache and ProFTPD configuration and runningc_rehash(workaround for local OpenSSL validation problem/bug with Let’s-Encrypt “R3” certificate, see blog post) - disabling of SSH accounts did not work when using private key authentication
- fixed warning regarding missing systemd-reload after update
- fixed bug in Let’s Encrypt module when finalization has failed and is in “processing” state
- DNS updates got stuck in a loop when multiple large IP groups where updated within a short interval
Changes in version 2.12.2 (08/25/2021):
- allow disabling default MX records when setting custom MX records
- improved detection of CentOS Stream 8
- updated OpenSSL to 1.1.1l
- differing MX was not used when adding a new domain
Changes in version 2.12.1 (08/11/2021):
- improved displaying MX records and SMTP server name
- autoresponder status wasn’t displayed in mailbox list
Changes in version 2.12.0 (07/29/2021):
- allow configuration of PHP FPM pool settings (e.g.
pm.max_children) via php.ini management - allow configuration of differing MX records for Postfix
- edit mailbox: added “info” tab with all mailbox settings at a glance
- support for Debian 11 (“Bullseye”)
- support for CentOS Stream 8
- log SASL user name in lcpolicyd when rejecting e-mails
- improved security of password protection when using NGINX as reverse proxy for Apache
- also removing
/var/tmpfromopen_basedirin php.ini when running PHP via FPM - show subscription comment also to end-users (in webspace overview) to better differentiate between multiple subscriptions
- prepared new licensing features
- improved compatibility of Autodiscover feature with Microsoft Outlook Connectivity Test
- support deletion of dynamic DNS records (A or AAAA)
- connection to MySQL now also possible via IP (instead of only UNIX socket)
- fixed timing problem when updating Postfix map files (could lead to deadlock under certain conditions)
- Postfix
sender_bcc/recipient_bccalso contained addresses without destination address - updating the validity period of SSL intermediate certificates if this is missing
- fixed bug when allowing external database access for existing databases
Changes in version 2.11.3 (04/06/2021):
- allow configuration of a default SPF record (if no custom SPF record is defined for a domain)
- changed default location of most .pid files from
/var/run/to/run/on Debian/Ubuntu - supporting installation with mod_php and without php-cgi
- allow disabling creation of catch-all e-mail addresses (existing catch-all addresses can still be managed)
- updated OpenSSL to 1.1.1k
- allowing UTF symbols (e.g. emojis) in domain names
- disabling sql_mode ONLY_FULL_GROUP_BY when using MySQL/MariaDB as backend database for LiveConfig
- when adding/deleting directly managed secondary DNS servers from DNS templates, the
zones.liveconfigfile sometimes not was updated - DNSSEC keys where removed under certain conditions when DNS templates where modified
- fixed expiry date of intermediate SSL certificates (some certificate chains where shown as being expired)
Changes in version 2.11.2 (02/22/2021):
- fixed bug in PHP version list (list was empty in some cases)
Changes in version 2.11.1 (02/22/2021):
- updated OpenSSL, Unbound and cURL libraries
- restricted PHP versions are marked in overview list
- disabled reverse DNS lookups in ProFTPD (configuration needs to be refreshed)
- checking BCC destinations against forward domains blacklist
- number of subdomains using the default PHP version was not counted correctly
- fixed several missing translations
Changes in version 2.11.0 (02/16/2021):
- usage of outdated PHP versions can now be restricted
- a copy of all incoming and outbound e-mails can now be sent via BCC to another address (e.g. for e-mail archiving)
- added SOAP method
CustomerDelete() - a comment can now be added to subscriptions (to better differentiate between several subscriptions)
- ignore errors when LogRotate
postrotatecommand fails - improved error handling when PHP-FPM is not installed and a subscription was configured with PHP-FPM
- rejecting e-mails to local accounts, except those listed in
/etc/aliases - show message when OpenDKIM wasn’t found
- increased maximum password length for
HostingMailboxAdd/Edit()to 200 chars - private log files are now also rotated even if the user has exceeded his filesystem quota
- suPHP option is not available any more for new hosting plans & subscriptions (suPHP is deprecated and will not be supported in the future)
- option “skip DNS check” was ignored when adding a new SSL certificate (worked only when editing existing SSL jobs)
- fixed bug in detection of PHP 7.4 FPM on Ubuntu 20
- number of subdomains using the default PHP version was not counted correctly
- fixed bug in
UsageStats(HostingSubscriptionGet()) - data was returned in bytes/kB instead of MB
Changes in version 2.10.4 (11/13/2020):
- replaced
%hwith%ain Apache LogFormat - userprefs path for SpamAssassin now is always created when spam filter is enabled for a mailbox (allows using the Bayes filter)
- fixed JavaScript escaping (affected some popup windows on French interface)
- don’t use system skeleton directory when creating users on CentOS/RHEL
Changes in version 2.10.3 (11/05/2020):
- fixed bug when changing database password on MariaDB 10.1.x
- also display installed but unused PHP versions at Server Management -> Web
- fixed bug in login informations popup (when no language was configured for the receiving user)
Changes in version 2.10.2 (10/30/2020):
- support enabling DNSSEC when adding domain via SOAP API
- show end-of-life (EOL) date and comments in PHP version select dropdown
- edit comments and EOL dates of PHP versions (Server Management -> Web)
- domains/subdomains added via SOAP API are now displayed in “default view” by default
- when a subscription is deleted, all assigned SSL certificates are now automatically deleted too
- e-mail with login informations is now prepared in language of recipient
- user language can be selected when adding a customer or editing a user
- Webspace overview doesn’t show the host ID any more, but the server name (hostname)
- server description is now displayed in server selection dropdown (when creating a new subscription)
- permissions of directories created with
LC.fs.mkdir_recwere too restrictive - support MySQL “authentication_string” authorization with upgraded databases
- displayed wrong size of DNSSEC keys (factor 8)
- fixed HTML escaping of translated phrases
- when disabling a user, active sessions are immediately closed
Changes in version 2.10.1 (09/17/2020):
- some configuration files where created with wrong permissions (error in v2.10.0)
Changes in version 2.10.0 (09/16/2020):
- allow wildcard domains (e.g.
*.example.orgor even*.tld) for e-mail blacklists/whitelists - SOAP method
HostingMailboxGet()added (returns configuration of an e-mail address) - use
/var/www/.skel(if existing) as so-called “skeleton directory” when adding new webspace accounts - support global configuration overrides for PHP FPM pools (Lua table
LC.web.FPMCONFIG) - checking expire date of intermediate (chain) SSL/TLS certificates
- full support for CentOS 8
- full support for Ubuntu 20.04 LTS
- IFRAME-API: added
toTop()javascript function to scroll to top of page from within IFRAME content - supporting openSUSE 15.1
- SOAP method HostingSubscriptionGet() now also returns a list of all configured e-mail addresses
- prepared for repository GPG key rollover (key id: D409AC6D65FE6664)
- supporting domain-specific Apache configuration includes also with proxy destinations
- updated OpenSSL to v1.1.1g
- supporting new privilege system on MariaDB 10.4
- changed default mailbox home directory from
/var/mailto/var/mail/%C/%I(fixes problem with repeated mails from autoresponder) - improved MySQL authentication to work with MySQL 8.x
- support auth_socket authentication (without password) for MySQL root user
- iOS mobileconfig supports multiple mailboxes within same domain on same device
- iOS mobileconfig supports disabling IMAPS/POP3S (port 993/995)
- added autocomplete attributes to password fields for better usability
- minor CSS improvements
- improved NGINX vHost configuration for web statistics
- improved NGINX reverse proxy configuration
- SOAP method HostingSubscriptionGet() now also returns configured PHP version per subdomain as well as usage data of the subscription (UsageStats)
- increased limit for php.ini settings (text) from 512 to 4096 byte
- changed default setting for php.ini setting
opcache.file_cachefrom%HOME%/tmpto "" (empty string), effectively disabling file cache by default - added
%PHP%placeholder in php.ini settings (allows optionopcache.file_cacheto be set per PHP version, e.g.%HOME%/.cache/opcache.%PHP%) - fixed wrong password limit when enabling/modifying OTP configuration
- fixed minor bug when searching for full mail address in list of mailboxes
- domain was not removed from Postfix’
recipient_accessfile when locked subscription was deleted - fixed bug when creating additional ftp accounts using
HostingFtpAdd()(affected version 2.9.x) - fixed bug resetting shell to
nologinwhen reseller has edited an existing hosting plan - fixed problem in ACMEv2 client when using e.g. Buypass CA
- .htpasswd file for web statistics was not generated when using only NGINX
- disabling TLS1/TLS1.1 was ignored with NGINX
- SSL cipher selection (default/strong) wasn’t applied to NGINX vHosts
- fixed bug when changing password on MySQL 8.x
Changes in version 2.9.3 (03/03/2020):
- fixed problem regarding Let’s Encrypt update when MySQL was being used as backend database
Changes in version 2.9.2 (03/03/2020):
- allow downloading list of SSL certificates as CSV file
- added option to disable TLSv1/TLSv1.1 per IP group for web server
- added SOAP methods
HostingDCVCreate()/HostingDCVDelete() - improved systemd configuration of liveconfig/lcclient
- ACMEv2: some fixes to work with Let’s Encrypt Staging API
- automated renewal of SSL certificates from Let’s Encrypt affected by their “CAA rechecking bug”
- lcphp:
PHP_BINARYenvironment variable got lost - SAN domains were ignored in SSL orders (v2.9.x)
Changes in version 2.9.1 (12/13/2019):
- SSL certificates: added filter option “only own certificates”
- salutation (contact data) can now be left empty
- table search string wasn’t saved during page refresh
- fixed display of version number in “Servers” report
- fixed bug (missing permissions) when adding a FTP user as an additional LiveConfig user
- fixed missing permission check when editing domains at “my hosting” as additional LiveConfig user
- comparing
HC_REFRESHCFGwith version number (revision number not available any more) - fixed bug in quota check when editing mailboxes
Changes in version 2.9.0 (11/29/2019):
- Let’s Encrypt: retry domain validation after HTTP errors (eg. timeout with Let’s Encrypt API) every 15 minutes
- the DNS checks for automated SSL/TLS certificates can now be individually skipped (e.g. when using a CDN)
- when private IPv4 addresses are used (without corresponding IP_NAT data) then the DNS checks for Let’s Encrypt are automatically skipped
- it’s now possible to change the PHP CLI used by the Application Installer (using Lua variable
LC.web.PHPCLI) - automatic configuation of automated SSL certificates can now optionally be disabled (using checkboxes in order form)
- allow binding Postfix only to localhost (127.0.0.1)
- when an additional admin user adds a new server, he now automatically gets all permissions for that server
- when a domain is deleted, optionally all assigned SSL certificates can be deleted too
- improved detection of matching wildcard SSL certificates when configuring subdomains
- list of SSL certificates can now be filtered (expired, unassigned, …)
- mass mails aren’t sent to suspended customers any more (can be enabled via checkbox)
- overview of SSL jobs (start page) doesn’t show entries of suspended customers any more
- allow editing e-mail addresses of Let’s Encrypt accounts
- display HTTPS links in AppInstaller if domain is configured with SSL
- AppInstaller: uninstall sometimes failed when directory of application didn’t yet exist or was already deleted before uninstall
- deleting a domain with existing mailboxes as reseller sometimes returned an error (missing permissions)
- end users with hosting plans created via GUI didn’t have the permission to view the LiveConfig event log
- fixed display error when editing a subdomain while parent domain has “(+www)” configuration enabled, preferring the “.www” subdomain
- fixed bug when merging www/non-www subdomains if they were configured as redirect
- don’t allow to automatically order SSL certificate when adding a new domain if user has no SSL management permissions
- fixed bug when adding an automated SSL certificate with automatic HTTPS redirect (non-webspace targets where configured incorrectly)
- fixed bug when configuring FPM with default PHP on CentOS (wrong directory for pool configuration)
- lcsam: removed duplicate line breaks in X-Spam-Report