Changelog

Changes in version 2.14.3 (07/06/2022):

  • configuration command db_option now supports charset and collation option for MySQL databases (required with MySQL < 5.7 / MariaDB < 10.1)
  • very old databases (MySQL <5.7, MariaDB <10.1) are now automatically migrated and opened with utf8 character set when utf8mb4 is not available (so db_options does not need to be set manually)
  • updated list of strong SSL ciphers
  • fixed bug when using SOAP API with reseller subscriptions
  • fixed (internal) bug when inserting data into table BACKUPS
  • fixed error on sorting numerical customer IDs
  • fixed bug when disabling TLS 1.0/1.1 for individual web server IP groups

Changes in version 2.14.2 (06/24/2022):

  • fixed regression bug from 2.14.1 (remove -e from dovecot.conf)

Changes in version 2.14.1 (06/24/2022):

  • fixed bug in database migration when parked mailboxes existed
  • fixed problem in database migration when IP addresses or webservers have been manually deleted from database
  • fixed bug when adding stats-writer option to dovecot.conf

Changes in version 2.14.0 (06/22/2022):

  • major improvements in database schema
  • removed billing contact (“billing-c”)
  • added %USER% placeholder for php.ini management
  • adding “notify no;” to new DNS zones on secondary servers (to reduce NOTIFY messages)
  • delete cached secondary DNS zone data file when zone is deleted
  • improved file permissions for DNS zone paths
  • removing stale Apache mod_fcgid socket files after 30 days
  • generating self-signed TLS certificates with proper X509v3 extensions to mitigate problems with Chrome on MacOS 10.15
  • Reseller settings: + at the end of a subscription prefix (for example web+) is replaced with next free number (starting at 1)
  • improved security when resetting the LiveConfig password
  • fixed password hashing issue when using vsftpd (with PAM) on Debian 11 and Ubuntu 20 (old DES passwords for virtual FTP users might be unusable)
  • zone files sometimes weren’t removed when deleting a zone
  • fixed configuration of HTTPS redirect with wildcard subdomains
  • Dovecot configuration >= 2.3 now contains the “stats-writer” directive
  • fixed bug when deleting FPM pool configuration for subscription with upper-case letters
  • fixed wrong location of webalizer data files on CentOS

Changes in version 2.13.1 (01/30/2022):

  • fixed wrong table order in MySQL schema (table APIKEYS couldn’t be created)
  • implemented rate limit for dynamic DNS updates (default: 15 updates per 10 minutes, configurable via LCDefaults key dns.updateLimit)
  • create /etc/ssl/chains if not existing on initial Apache configuration
  • updated Expat library to v2.4.4

Changes in version 2.13.0 (10/15/2021):

  • improved usability for “Delete Mailbox” button (prevent unintended deletion of mailbox)
  • preparing for rate limiting Dynamic DNS updates
  • security fix (file access - low impact level)
  • security fix (stored XSS within own customer data, low impact level)
  • updated Site.pro module
  • IP addresses can optionally be added only to web server vHost config, but not to DNS
  • Debian/Ubuntu: moving intermediate certificate files from /etc/ssl/certs/*-ca.crt to /etc/ssl/chains/*-ca.crt, adjusting Apache and ProFTPD configuration and running c_rehash (workaround for local OpenSSL validation problem/bug with Let’s-Encrypt “R3” certificate, see blog post)
  • disabling of SSH accounts did not work when using private key authentication
  • fixed warning regarding missing systemd-reload after update
  • fixed bug in Let’s Encrypt module when finalization has failed and is in “processing” state
  • DNS updates got stuck in a loop when multiple large IP groups where updated within a short interval

Changes in version 2.12.2 (08/25/2021):

  • allow disabling default MX records when setting custom MX records
  • improved detection of CentOS Stream 8
  • updated OpenSSL to 1.1.1l
  • differing MX was not used when adding a new domain

Changes in version 2.12.1 (08/11/2021):

  • improved displaying MX records and SMTP server name
  • autoresponder status wasn’t displayed in mailbox list

Changes in version 2.12.0 (07/29/2021):

  • allow configuration of PHP FPM pool settings (e.g. pm.max_children) via php.ini management
  • allow configuration of differing MX records for Postfix
  • edit mailbox: added “info” tab with all mailbox settings at a glance
  • support for Debian 11 (“Bullseye”)
  • support for CentOS Stream 8
  • log SASL user name in lcpolicyd when rejecting e-mails
  • improved security of password protection when using NGINX as reverse proxy for Apache
  • also removing /var/tmp from open_basedir in php.ini when running PHP via FPM
  • show subscription comment also to end-users (in webspace overview) to better differentiate between multiple subscriptions
  • prepared new licensing features
  • improved compatibility of Autodiscover feature with Microsoft Outlook Connectivity Test
  • support deletion of dynamic DNS records (A or AAAA)
  • connection to MySQL now also possible via IP (instead of only UNIX socket)
  • fixed timing problem when updating Postfix map files (could lead to deadlock under certain conditions)
  • Postfix sender_bcc/recipient_bcc also contained addresses without destination address
  • updating the validity period of SSL intermediate certificates if this is missing
  • fixed bug when allowing external database access for existing databases

Changes in version 2.11.3 (04/06/2021):

  • allow configuration of a default SPF record (if no custom SPF record is defined for a domain)
  • changed default location of most .pid files from /var/run/ to /run/ on Debian/Ubuntu
  • supporting installation with mod_php and without php-cgi
  • allow disabling creation of catch-all e-mail addresses (existing catch-all addresses can still be managed)
  • updated OpenSSL to 1.1.1k
  • allowing UTF symbols (e.g. emojis) in domain names
  • disabling sql_mode ONLY_FULL_GROUP_BY when using MySQL/MariaDB as backend database for LiveConfig
  • when adding/deleting directly managed secondary DNS servers from DNS templates, the zones.liveconfig file sometimes not was updated
  • DNSSEC keys where removed under certain conditions when DNS templates where modified
  • fixed expiry date of intermediate SSL certificates (some certificate chains where shown as being expired)

Changes in version 2.11.2 (02/22/2021):

  • fixed bug in PHP version list (list was empty in some cases)

Changes in version 2.11.1 (02/22/2021):

  • updated OpenSSL, Unbound and cURL libraries
  • restricted PHP versions are marked in overview list
  • disabled reverse DNS lookups in ProFTPD (configuration needs to be refreshed)
  • checking BCC destinations against forward domains blacklist
  • number of subdomains using the default PHP version was not counted correctly
  • fixed several missing translations

Changes in version 2.11.0 (02/16/2021):

  • usage of outdated PHP versions can now be restricted
  • a copy of all incoming and outbound e-mails can now be sent via BCC to another address (e.g. for e-mail archiving)
  • added SOAP method CustomerDelete()
  • a comment can now be added to subscriptions (to better differentiate between several subscriptions)
  • ignore errors when LogRotate postrotate command fails
  • improved error handling when PHP-FPM is not installed and a subscription was configured with PHP-FPM
  • rejecting e-mails to local accounts, except those listed in /etc/aliases
  • show message when OpenDKIM wasn’t found
  • increased maximum password length for HostingMailboxAdd/Edit() to 200 chars
  • private log files are now also rotated even if the user has exceeded his filesystem quota
  • suPHP option is not available any more for new hosting plans & subscriptions (suPHP is deprecated and will not be supported in the future)
  • option “skip DNS check” was ignored when adding a new SSL certificate (worked only when editing existing SSL jobs)
  • fixed bug in detection of PHP 7.4 FPM on Ubuntu 20
  • number of subdomains using the default PHP version was not counted correctly
  • fixed bug in UsageStats (HostingSubscriptionGet()) - data was returned in bytes/kB instead of MB

Changes in version 2.10.4 (11/13/2020):

  • replaced %h with %a in Apache LogFormat
  • userprefs path for SpamAssassin now is always created when spam filter is enabled for a mailbox (allows using the Bayes filter)
  • fixed JavaScript escaping (affected some popup windows on French interface)
  • don’t use system skeleton directory when creating users on CentOS/RHEL

Changes in version 2.10.3 (11/05/2020):

  • fixed bug when changing database password on MariaDB 10.1.x
  • also display installed but unused PHP versions at Server Management -> Web
  • fixed bug in login informations popup (when no language was configured for the receiving user)

Changes in version 2.10.2 (10/30/2020):

  • support enabling DNSSEC when adding domain via SOAP API
  • show end-of-life (EOL) date and comments in PHP version select dropdown
  • edit comments and EOL dates of PHP versions (Server Management -> Web)
  • domains/subdomains added via SOAP API are now displayed in “default view” by default
  • when a subscription is deleted, all assigned SSL certificates are now automatically deleted too
  • e-mail with login informations is now prepared in language of recipient
  • user language can be selected when adding a customer or editing a user
  • Webspace overview doesn’t show the host ID any more, but the server name (hostname)
  • server description is now displayed in server selection dropdown (when creating a new subscription)
  • permissions of directories created with LC.fs.mkdir_rec were too restrictive
  • support MySQL “authentication_string” authorization with upgraded databases
  • displayed wrong size of DNSSEC keys (factor 8)
  • fixed HTML escaping of translated phrases
  • when disabling a user, active sessions are immediately closed

Changes in version 2.10.1 (09/17/2020):

  • some configuration files where created with wrong permissions (error in v2.10.0)

Changes in version 2.10.0 (09/16/2020):

  • allow wildcard domains (e.g. *.example.org or even *.tld) for e-mail blacklists/whitelists
  • SOAP method HostingMailboxGet() added (returns configuration of an e-mail address)
  • use /var/www/.skel (if existing) as so-called “skeleton directory” when adding new webspace accounts
  • support global configuration overrides for PHP FPM pools (Lua table LC.web.FPMCONFIG)
  • checking expire date of intermediate (chain) SSL/TLS certificates
  • full support for CentOS 8
  • full support for Ubuntu 20.04 LTS
  • IFRAME-API: added toTop() javascript function to scroll to top of page from within IFRAME content
  • supporting openSUSE 15.1
  • SOAP method HostingSubscriptionGet() now also returns a list of all configured e-mail addresses
  • prepared for repository GPG key rollover (key id: D409AC6D65FE6664)
  • supporting domain-specific Apache configuration includes also with proxy destinations
  • updated OpenSSL to v1.1.1g
  • supporting new privilege system on MariaDB 10.4
  • changed default mailbox home directory from /var/mail to /var/mail/%C/%I (fixes problem with repeated mails from autoresponder)
  • improved MySQL authentication to work with MySQL 8.x
  • support auth_socket authentication (without password) for MySQL root user
  • iOS mobileconfig supports multiple mailboxes within same domain on same device
  • iOS mobileconfig supports disabling IMAPS/POP3S (port 993/995)
  • added autocomplete attributes to password fields for better usability
  • minor CSS improvements
  • improved NGINX vHost configuration for web statistics
  • improved NGINX reverse proxy configuration
  • SOAP method HostingSubscriptionGet() now also returns configured PHP version per subdomain as well as usage data of the subscription (UsageStats)
  • increased limit for php.ini settings (text) from 512 to 4096 byte
  • changed default setting for php.ini setting opcache.file_cache from %HOME%/tmp to "" (empty string), effectively disabling file cache by default
  • added %PHP% placeholder in php.ini settings (allows option opcache.file_cache to be set per PHP version, e.g. %HOME%/.cache/opcache.%PHP%)
  • fixed wrong password limit when enabling/modifying OTP configuration
  • fixed minor bug when searching for full mail address in list of mailboxes
  • domain was not removed from Postfix’ recipient_access file when locked subscription was deleted
  • fixed bug when creating additional ftp accounts using HostingFtpAdd() (affected version 2.9.x)
  • fixed bug resetting shell to nologin when reseller has edited an existing hosting plan
  • fixed problem in ACMEv2 client when using e.g. Buypass CA
  • .htpasswd file for web statistics was not generated when using only NGINX
  • disabling TLS1/TLS1.1 was ignored with NGINX
  • SSL cipher selection (default/strong) wasn’t applied to NGINX vHosts
  • fixed bug when changing password on MySQL 8.x

Changes in version 2.9.3 (03/03/2020):

  • fixed problem regarding Let’s Encrypt update when MySQL was being used as backend database

Changes in version 2.9.2 (03/03/2020):

  • allow downloading list of SSL certificates as CSV file
  • added option to disable TLSv1/TLSv1.1 per IP group for web server
  • added SOAP methods HostingDCVCreate()/HostingDCVDelete()
  • improved systemd configuration of liveconfig/lcclient
  • ACMEv2: some fixes to work with Let’s Encrypt Staging API
  • automated renewal of SSL certificates from Let’s Encrypt affected by their “CAA rechecking bug”
  • lcphp: PHP_BINARY environment variable got lost
  • SAN domains were ignored in SSL orders (v2.9.x)

Changes in version 2.9.1 (12/13/2019):

  • SSL certificates: added filter option “only own certificates”
  • salutation (contact data) can now be left empty
  • table search string wasn’t saved during page refresh
  • fixed display of version number in “Servers” report
  • fixed bug (missing permissions) when adding a FTP user as an additional LiveConfig user
  • fixed missing permission check when editing domains at “my hosting” as additional LiveConfig user
  • comparing HC_REFRESHCFG with version number (revision number not available any more)
  • fixed bug in quota check when editing mailboxes

Changes in version 2.9.0 (11/29/2019):

  • Let’s Encrypt: retry domain validation after HTTP errors (eg. timeout with Let’s Encrypt API) every 15 minutes
  • the DNS checks for automated SSL/TLS certificates can now be individually skipped (e.g. when using a CDN)
  • when private IPv4 addresses are used (without corresponding IP_NAT data) then the DNS checks for Let’s Encrypt are automatically skipped
  • it’s now possible to change the PHP CLI used by the Application Installer (using Lua variable LC.web.PHPCLI)
  • automatic configuation of automated SSL certificates can now optionally be disabled (using checkboxes in order form)
  • allow binding Postfix only to localhost (127.0.0.1)
  • when an additional admin user adds a new server, he now automatically gets all permissions for that server
  • when a domain is deleted, optionally all assigned SSL certificates can be deleted too
  • improved detection of matching wildcard SSL certificates when configuring subdomains
  • list of SSL certificates can now be filtered (expired, unassigned, …)
  • mass mails aren’t sent to suspended customers any more (can be enabled via checkbox)
  • overview of SSL jobs (start page) doesn’t show entries of suspended customers any more
  • allow editing e-mail addresses of Let’s Encrypt accounts
  • display HTTPS links in AppInstaller if domain is configured with SSL
  • AppInstaller: uninstall sometimes failed when directory of application didn’t yet exist or was already deleted before uninstall
  • deleting a domain with existing mailboxes as reseller sometimes returned an error (missing permissions)
  • end users with hosting plans created via GUI didn’t have the permission to view the LiveConfig event log
  • fixed display error when editing a subdomain while parent domain has “(+www)” configuration enabled, preferring the “.www” subdomain
  • fixed bug when merging www/non-www subdomains if they were configured as redirect
  • don’t allow to automatically order SSL certificate when adding a new domain if user has no SSL management permissions
  • fixed bug when adding an automated SSL certificate with automatic HTTPS redirect (non-webspace targets where configured incorrectly)
  • fixed bug when configuring FPM with default PHP on CentOS (wrong directory for pool configuration)
  • lcsam: removed duplicate line breaks in X-Spam-Report

Archive