Changelog for version 1.x

Changes in version 1.9.1-r3767 (09/17/2015):

  • fixed rare deadlock in GUI process when certain SSL handshake fails

Changes in version 1.9.1-r3749 (09/14/2015):

  • fixed bug when creating zones files with TXT records
  • fixed missing permissions when subscription was re-assigned within a reseller subscription
  • fixed bug when configuring Postfix 2.8+ with DNS whitelists

Changes in version 1.9.1-r3736 (09/04/2015):

  • added french translations (thanks to our customer post.lu!)
  • enabled croatian translations (thanks to our customer BitLab d.o.o.!)
  • allow sending mail with login information and subscriptions overview
  • supporting custom DH parameters with Apache 2.2.30+ respectively Debian 7 (Apache 2.2.22-13+deb7u5)
  • automatically refreshing all vHost configurations where SSL is enabled to enable custom DH parameters
  • DH parameters for ProFTPD replaced with 2048 bit parameters
  • supporting deletion of unused contacts
  • web apps (via AppInstaller) can also be protected with a password (#120)
  • locked/suspended customers are marked in reports/customer list (#138)
  • allow changing the default HTML pages permanently (#21)
  • fixed bug when editing an IP group assigned exclusively through a reseller
  • fixed bug when importing MD5-CRYPT mailbox passwords with ‘/’ in salt
  • fixed bug in dereferer ('#’ part of destination URL was ignored)
  • fixed bug when adding a subdomain via SOAP API to a DNS zone managed by LiveConfig
  • fixed bug when enabling DNSSEC for domains already managed by LiveConfig (NSEC3PARAM wasn’t included)
  • custom DNS records weren’t included when domain was switched from own DNS servers to external DNS servers and back
  • fixed bug when disabling DNSSEC (key files were not deleted)
  • fixed bug with missing permissions when additional user adds subscription (#111)
  • split translations for mail templates into separate pages
  • moved OpenDKIM socket from /var/run/opendkim/opendkim.sock to /var/spool/postfix/opendkim/opendkim.sock to also sign locally generated mails
  • better error handlng when PHP detection fails (#136)
  • changed SOA retry time for new DNS templates from 2 hours to 3 hours
  • enabling OCSP only when certificate contains an OCSP URL
  • allow modification of aliases and forwards with SOAP method HostingMailboxEdit()
  • customizable OTP issuer name (LCDefaults option “login.ots.issuer”)
  • updated time zone database (2015f)
  • improved handling of SSL handshake errors

Changes in version 1.9.0-r3657 (07/10/2015):

  • displaying signature algorithm and OCSP URL of SSL certificates
  • supporting custom Application Installer repositories (#185)
  • Fixed bug in DKIM configuration (KeyTable/SigningTable)
  • table size can be changed (20/50/100/all rows per page)
  • added support for negative numbers in php.ini
  • display path and allow editing path of additional FTP accounts (#189)
  • support for DANE/TLSA with Postfix (#146)
  • allow more flexible wildcard subdomains (eg. “*.sub” instead of “*")
  • allow subdomains with underscore for DNS RRs (eg. “_25._tcp”)
  • configuring OCSP stapling with Apache 2.4 (#188)
  • configuring OCSP stapling with NGINX 1.3.7+ (#188)
  • configuring SSL session caching with NGINX
  • fixed bug in DKIM configuration (KeyTable/SigningTable)
  • fixed bug when setting individual TTL for custom DNS records
  • NGINX: fixed missing backslash at “location ~ .php”
  • fixed possible problem with some Apache 2.4 installations regarding “Require all granted” (#170)
  • lclogparse sometimes wasn’t started automatically after installation
  • fixed bug when changing shell in hosting plan
  • fixed bug when adding a new subdomain with e-mail while DKIM is not available/enabled
  • improved logging when Lua functions crash
  • upgraded openSSL from 1.0.1m to 1.0.2d
  • updated default SSL cipher suite
  • LiveConfig now only uses 2048 bit DH parameters (#190)
  • show warning when unencrypted login to SMTP/POP/IMAP is allowed
  • lcsam: only send debug messages to syslog when run in debug mode (-d) (#191)
  • lcsam: set “X-Spam-Flag: YES” on warn threshold (#192)
  • enabling U2F authentication by default

Changes in version 1.8.3-r3577 (05/11/2015):

  • showing LiveConfig version in Reports -> Server (#176)
  • optionally allow multiple concurrent logins with the same account (using LCDEFAULTS key “login.concurrent”) (#160)
  • optionally allow “FollowSymLinks” with Apache (using custom.lua: apache.FOLLOWSYMLINKS=true) (#171)
  • no SMTP HELO restrictions for authenticated users (#177)
  • allow larger customer IDs (up to 18 digits) (#179)
  • allow removal of FIDO U2F devices (#167)
  • show externally accessible databases (#152)
  • show disk usage (#155)
  • show disk usage & number of deployed customers in server report
  • hide DNS server option when no managed DNS servers available (#153)
  • don’t suggest random passwords with ‘, " or \ characters
  • allow filtering e-mail addresses by subscription name
  • renaming Apache config file “liveconfig” to “liveconfig.conf” for Debian 8 (#169)
  • DKIM support (#145)
  • Mass mail: fixed display error with floating text (#158)
  • Mass mail: fixed error in recipient selection (#157)
  • displayed wrong “default” logo when admin uploaded a custom logo
  • HTTP traffic graph not displayed for end-customers (#166)
  • fixed NGINX PHP configuration within password-protected directories
  • dereferer didn’t work with IDN domains (#184)

Changes in version 1.8.2-r3508 (03/27/2015):

  • improved default vHost configuration for Apache 2.4 (use /usr/share/liveconfig/html instead of compiled-in default DocumentRoot)

Changes in version 1.8.2-r3494 (03/19/2015):

  • updated OpenSSL library to v1.0.1m

Changes in version 1.8.2-r3493 (03/12/2015):

  • added support for FIDO U2F (universal two factor authentication)
  • “admin” user can now be renamed
  • contact data of LiveConfig users can now be modified
  • supporting configuration of PHP extensions in php.ini management
  • fixed bug in intermediate SSL certificate cache (last certificate of a chain wasn’t cached)
  • fixed bug in nginx.lua when configuring SSL with NGINX 1.0.x
  • fixed “missing permissions” bug when displaying DNSSEC key for a customer domain
  • fixed bug when changing IP group of a domain didn’t trigger DNS update
  • displayed wrong “default” logo within reseller settings
  • individual reseller subscriptions couldn’t be edited
  • zones.liveconfig file could be corrupted after mass updates due to missing thread synchronization
  • fixed bug when parsing multiple IP addresses of external name servers
  • fixed bug when editing php.ini expression value within subscription
  • improved handling of invalid input in table search
  • displaying web server name and database server name in webspace overview
  • increased size of “Select Contact” popup (to prevent scrolling)
  • spam filter: warn threshold can now be set to same value as reject threshold (no messages will then be marked as being “suspicious”)
  • multiple concurrent sessions with the same login are now forbidden (“admin sessions” are not affected by this)
  • each OTP code can now only be used once to log in (to prevent session hijacking)

Changes in version 1.8.2-r3457 (02/19/2015):

  • fixed error in NGINX SSL configuration with more than one IP address
  • fixed bug when using syslog for LiveConfig messages
  • fixed bug when only changing comment of a database (without changing password too)
  • added parameters “webserver”, “mailserver” and “dbserver” to SOAP method HostingSubscriptionEdit() (required when resources are initially added to a subscription)

Changes in version 1.8.2-r3451 (02/13/2015):

  • fixed database error when trying to edit web statistics settings
  • fixed error when entering a website address at contact data
  • improved detail level in 7d HTTP traffic graph
  • made restart of LiveConfig with start-stop-daemon more robust

Changes in version 1.8.2-r3447 (02/11/2015):

  • displaying DNS template name in domain table
  • show notice when a new LiveConfig version is available
  • checking certification path on intermediate CA certificates
  • caching and automatic configuration of intermediate CA certificates
  • fixed bug when deleting a subdomain with DNS managed by LiveConfig
  • fixed bug when reassigning an IP group to another reseller subscription
  • fixed error when selecting start directory for formerly disabled subdomains
  • fixed bug when displaying 24h/7d graphs
  • [r3447] fixed display bug on (not) expired SSL certificates
  • [r3447] fixed display bug with 24h/7d graphs on MySQL 5.5.5+ backend
  • improved security of Apache vHost configuration
  • improved checks for DNSSEC prerequisites
  • marking expired SSL certificates in certificate list
  • fixed SSL/SNI configuration for NGINX
  • increased input sizes of contact data fields (for multibyte UTF8 input)
  • increased maximum length of subscription names from 10 to 63 characters
  • improved directory password protection with NGINX
  • showing traffic contained with hosting subscription
  • supporting TSIG keys with up to 512 bit (instead of 128 bit)
  • allow assigning DNS templates to reseller subscriptions
  • added parameter “dnstemplate” to SOAP method HostingDomainAdd()

In .htaccess files, the option FollowSymLinks can’t be used any more. LiveConfig already has enabled the option SymLinksIfOwnerMatch by default, so the effective permissions don’t change. Existing .htaccess files will be adjusted automatically with sed. Informations about the supported .htaccess settings can be found in our knowledge base: KB#25 - allowed .htaccess options.

Changes in version 1.8.1-r3397 (01/22/2015):

  • limit of e-mail aliases and e-mail forwards is configurable (via LCDEFAULTS)
  • added optional parameter “ipgroup” to SOAP method HostingSubdomainAdd()
  • support for custom configuration options with proftpd.conf
  • support for custom configuration options with dovecot.conf
  • restored missing translation of logout button (“abmelden”)
  • fixed bug in application installer to allow other languages than EN/DE
  • fixed race-condition deadlock in LiveConfig client process in some very rare cases (after executing external programs through Lua)
  • fixed bug in Apache default vHost rewrite rule
  • fixed double-escaping of HTML entities in password inputs after form reload
  • updated OpenSSL from 1.0.1j to 1.0.1k
  • disabled use of (wrong) passwords from browser password manager when setting or updating passwords eg. for mailboxes or FTP accounts
  • more log messages when deleting a webspace directory

Changes in version 1.8.0-r3363 (01/05/2015):

  • fixed bug on escaping MySQL passwords

Changes in version 1.8.0-r3361 (01/05/2015):

  • fixed typo in PCI-compliant Postfix SSL configuration
  • removed “required” attribute from TEXTAREA fields due to an error in Internet Explorer
  • fixed bug when deleting a subdomain from DNS
  • Server overview showed no more existing network interfaces (#143)
  • fixed bug when adding a subdomain to DNS
  • fixed GUI bug when selecting webspace directory for a new subdomain

Changes in version 1.8.0-r3350 (12/24/2014):

  • added missing SSL error pages (“not-available-ssl.(s)html”)
  • removed “–symlink” option from ZIP backup creation due to bug/limitation in info-zip
  • improved error logging when creating backup streams

Changes in version 1.8.0-r3345 (12/22/2014):

  • optionally logging LiveConfig messages to syslog service
  • configurable minimum length of additional FTP accounts (#84)
  • renewed GUI (HTML5) with customizable CSS templates
  • management of custom DNS records (A/AAAA/CNAME/MX/TXT/SRV) (#34)
  • configurable “help” link on LiveConfig login page (see KB#24)
  • support for expressions in php.ini (eg. “E_ALL”)
  • fixed SSL CA chain configuration in ProFTPd
  • fixed bug with too large messages in LCCP protocol
  • “lcsam” init script wasn’t enabled on Ubuntu 12.x
  • fixed broken pagination in subscription list when assigning an exclusive IP address group & added some more columns
  • Lua: allow overriding Postfix configuration with “postfix.LOCALCONFIG” table
  • allow special chars in web redirect URLs (using [NE] flag in RewriteRule)
  • when a subscription is reassigned within the same admin/reseller, the selected hosting plan is preserved
  • Apache: smarter configuration for default 404 page on unknown domains/vhosts (RewriteRule using [R=404,L])
  • separate error page when requesting a non-ssl website with HTTPS
  • improved handling of MySQL bugs #41119, #42041 (adaptive & limited retries)
  • will not start LiveConfig (or lcclient) if an error in a Lua script was detected
  • creating new MySQL table statistics 15 minutes after last run has finished
  • updated timezone database (2014i)
  • using precomputed 2048bit DH parameters instead of calculating them (would require 10-12 minutes)
  • allow renaming the “main user” of a customer (#76)
  • allow changing the contact data of a customers’ “main user”
  • moved MySQL statistics update into separate worker thread with its own (dedicated) MySQL connection
  • improved detection of MariaDB server (also search with upper-case letters)
  • intermediate CA certificates can now be deleted

Changes in version 1.7.5-r3221 (11/26/2014):

  • fixed SSL CA chain configuration in ProFTPd
  • fixed bug with too large messages in LCCP protocol
  • will not start LiveConfig (or lcclient) if an error in a Lua script was detected
  • creating new MySQL table statistics 15 minutes after last run has finished

Changes in version 1.7.5-r3127 (10/16/2014):

  • configuring default SSL certificate for SNI configurations with Apache httpd
  • automatically reconnecting to MySQL database on LiveConfig server process restart
  • updated OpenSSL from 1.0.1i to 1.0.1j
  • disabled SSLv3 for LiveConfig HTTPS/LCCP interfaces
  • disabled SSLv3 for all configured services (Apache, NGINX, Postfix, Dovecot, ProFTPd, vsftpd) due to POODLE attack

Changes in version 1.7.4-r3112 (10/08/2014):

  • fixed some minor table display bugs

Changes in version 1.7.4-r3110 (10/07/2014):

  • fixed table output for Cron jobs (new style)
  • implemented table sorting for Cron jobs and databases

Changes in version 1.7.4-r3109 (10/07/2014):

  • refactored tables (sortable, saving filter/position/sorting)
  • use default SpamAssassin values (LCDEFAULTS) also on e-mail login
  • fixed bug in nameserver IP selection (server management)
  • fixed bug in LCCP parser leading to client hangup in rare cases

Changes in version 1.7.4-r3086 (09/25/2014):

  • fixed double-slashes bug on Apache HTTP redirects with ‘/*’ option
  • fixed bug when adding multiple IPs to web server IP group
  • fixed “Error 500” when selecting own subscription (“My Hosting”) from Top 10 report
  • updated translations
  • configurable prefix for suspected SPAM mails
  • quick search now also searches subscription names in “My Hosting”

Changes in version 1.7.4-r3079 (09/24/2014):

  • no more restart of LiveConfig required after enabling SpamAssassin

Changes in version 1.7.4-r3077 (09/23/2014):

  • setting correct default spam filter values for existing mailboxes

Changes in version 1.7.4-r3072 (09/22/2014):

  • added support for SpamAssassin (configurable per mailbox)
  • added support for switching the PHP version per (sub)domain (#86)
  • allow customization of some default values through database
  • advanced PFS configuration for Postfix
  • allow preserving the URL path with 301/302 redirects
  • added comment field for SSL certificates
  • allow editing mail forwards within mail login
  • supporting CentOS 7
  • supporting Ubuntu 14
  • fixed bug in WSDL for HostingMailboxEdit()
  • fixed missing permissions for subscriptions created using SOAP API
  • fixed parser bug in lclogparse (mail statistics)
  • updating quota when modifying hosting plan (#11)
  • updated/improved SSL ciphers for LiveConfig, supporting PFS with older browsers; RC4 generally disabled
  • updated SSL cipher list from Mozilla OpSec
  • upgraded OpenSSL from 1.0.1h to 1.0.1i

Changes in version 1.7.3-r2934 (07/01/2014):

  • fixed bug with missing permissions for web applications
  • fixed bug in cron job input check when using commas in interval specification

Changes in version 1.7.3-r2921 (06/14/2014):

  • fixed bug from r2910 when saving a cron job

Changes in version 1.7.3-r2914 (06/11/2014):

  • showing number of sent/received mails within last 24 hours in mail overview
  • Top 10 reports now can also be sorted by traffic or mail
  • added SOAP method HostingMailboxEdit() (#63)
  • allow disabling IPv6 for outbound SMTP connections
  • allow selecting individual IP addressess for inbound SMTP
  • fixed too restrictive permissions for ~/stats/.htpasswd with mpm_itk
  • allowing newTLDs (with more than 6 characters) in SOAP method ContactAdd()
  • fixed invalid CustomLog directive (‘||’ instead of ‘|exec’) (#141)
  • fixed wrong line breaks in e-mail templates when using SQLite backend db
  • fixed bug in RRD aggregation
  • fixed bug when reseller belatedly enables e-mail/databases for an existing subscription
  • improved SSL ciphers (using Mozilla’s OpSec recommendations)
  • LiveConfig passwords now always hashed with PBKDF2
  • improved security when editing users as “non-admin” user
  • automatically updating SSL certificates on server (#109)
  • catching error messages when installation of a new crontab fails
  • improved form checks when editing cron jobs
  • unblocking IP after brute-force block when password was reset successfully
  • added “greylisting” option to SOAP method HostingMailboxAdd()
  • upgraded OpenSSL from 1.0.1g to 1.0.1h

Changes in version 1.7.2-r2824 (04/08/2014):

Due to a serious bug in the OpenSSL library (CVE-2014-0160) we **strongly** encourage you to upgrade LiveConfig (and of course the "rest" of your server) as soon as possible!
  • now also showing traffic of last 24 hours in “top 10” report
  • reassign subscription: subscriptions can now be transferred into reseller subscriptions
  • added page to manage e-mail templates (eg. for password recovery)
  • allow selection of IP address to use with Postfix for outbound SMTP connections (#137)
  • fixed display bug in IP address count (server overview with business license)
  • improved reliability of lclogsplit restart after reloading Apache
  • automatically removing stale shared memory segment if LiveConfig process died unexpectedly
  • upgraded OpenSSL from 1.0.1f to 1.0.1g (due to CVE-2014-0160)

Changes in version 1.7.1-r2775 (03/10/2014):

  • improved Autodiscover service
  • fixed buffer overflow when calculating backup checksums

Changes in version 1.7.1-r2770 (03/04/2014):

Due to an important modification in the header of the internal LCCP protocol, you need to upgrade both LiveConfig server and client to the latest version (1.7.1).
**The version 1.7.0 (and before) can't communicate with version 1.7.1 (and later)!**
However, the upgrade order doesn't matter.
  • added subdomains to output of HostingSubscriptionGet()
  • quick search now also searches for subscription names within resellers (exact matches only) (#132)
  • added serbian translations (thanks to Bojan Suzic)
  • MySQL driver for LiveConfig database now supports configuration options ([liveconfig] section in my.cnf and some db_options in liveconfig.conf)
  • support for Ubuntu 13.10
  • support for OpenSUSE 13.1
  • manage FcgidIOTimeout with PHP max_execution_time (#135)
  • fixed wrong number of subdomains displayed in domain overview (#127)
  • fixed bug in date calculation causing no stats being displayed for 12/2013 since 01/2014
  • fixed bug in NGINX configuration (introduced with v1.7.0-r2666)
  • fixed problem with AWStats and upper-case subscription names (#133)
  • fixed quota check when adding/editing a POP3/IMAP mailbox (#134)
  • fixed bug when changing webspace quota to “unlimited”
  • showing mailbox quota instead of real (used) size in e-mail overview
  • displaying overall mail quota now also at subscriptions -> statistics
  • checking recursively for sufficient resources in higher reseller subscriptions (PHP/CGI/SSI/Shell)
  • fixed bug in resource selection dropdown when adding a new subscription

Changes in version 1.7.0-r2704 (12/09/2013):

  • fixed bug in RPM installer (liveconfig.conf got deleted during upgrade)
  • fixed bug showing only “0” in e-mail usage summary
  • fixed subscription sort order (wasn’t correctly updated with new subscriptions)
  • fixed wrong sort order in DNS zone files on primary DNS
  • fixed bug when updating lcclient on Debian/Ubuntu (init script sometimes didn’t stop lcclient correctly)

Changes in version 1.7.0-r2696 (12/03/2013):

  • fixed bug when modifying IP addresses of external nameservers (zones were not updated)
  • management of php.ini settings now also available in hosting plans (tab was missing)
  • fixed possibly invalid quoting of php.ini settings
  • show traffic usage per subscription in reports (#125)

Changes in version 1.7.0-r2690 (11/28/2013):

  • management of logrotate settings per hosting plan and per subscription
  • added brute-force prevention for GUI and SOAP API (#102)
  • AppInstaller now writes output of STDERR while installation/uninstallation into log file (~/logs/appinstall.log) (#108)
  • support for mpm_itk (#110)
  • anonymization of IP addresses for access.log (#113)
  • webspace backup on-the-fly (single-server setup only) (#115)
  • remove additional servers from LiveConfig (#116)
  • edit server details (host id, description) (#116)
  • edit php.ini settings per subscription (by reseller or by customer) (#28)
  • fixed bug in javascript code for mini graphs which led to browser hangup
  • fixed bug when disabling SSL option for IP groups (#97)
  • fixed bug when redirecting from HTTP to HTTPS with IPv6 address (#101)
  • fixed file descriptor leak with LCCP protocol in certain environments (#103)
  • fixed display error of database sizes in subscriptions report (#96)
  • MySQL users were not deleted if the database name contained an underscore (#106)
  • fixed bug in webspace usage display when a customer has multiple webspace subscriptions (#107)
  • fixed bug when adding a new IP group with SSL enabled (#99)
  • removing unfinished uninstallations from AppInstaller (#80)
  • fixed bug when displaying Apache modules with “–diag” option (#109)
  • fixed bug in package detection via ‘emerge’ on Gentoo Linux
  • fixed bug when creating a SSL CSR with IE10+ (#117)
  • fixed missing quote escape in generated config files (#118)
  • fixed bug in traffic calculation and other RRD data (#95)
  • fixed bug in NGINX configuration (missing escape character)
  • fixed bug when adding subdomain to “own subscription” using SOAP API (122)
  • fixed display bug in Top10 subscriptions report (#123)
  • fixed calculation of available mailbox size and improved display of current mailbox quota (#124)
  • added “disable_vrfy_command=yes” to Postfix configuration
  • allow using mod_php and suPHP simultaneously
  • added TMPDIR environment variable to FastCGI starter
  • allow dash in MySQL user names and database names (#104)
  • reassigning subscriptions is now forbidden in demo mode
  • disabling APC for webspace subscriptions using suPHP
  • change shell option per subscription (#47)
  • updating quota immediately after changing it in subscription (#11)
  • optionally disable additional reselling for resellers (#114)
  • updated timezone database to version 2013g
  • don’t display (unavailable) customer reports with basic license
  • limit selection of PHP method (mod_php, suPHP, FastCGI) to actually available Apache modules (#87)
  • setting FcgidMaxRequestsPerProcess/PHP_FCGI_MAX_REQUESTS to 5000 for better stability with PHP/FastCGI

Changes in version 1.6.4-r2534 (09/04/2013):

  • fixed file descriptor leak with LCCP protocol in certain environments (#103)

Changes in version 1.6.4-r2509 (08/06/2013):

  • fixed deadlock in client process
  • added mail quota script (mailquota.sh) to lcclient package

Changes in version 1.6.4-r2488 (07/17/2013):

  • workaround for bug in SQLite (some queries didn’t return any data)

Changes in version 1.6.4-r2487 (07/16/2013):

  • workaround for JavaScript bug in IE8 with php.ini management
  • fixed bug in vsftpd configuration for PASV ports
  • fixed error when calling HostingDatabaseAdd() without password and ‘create'=1

Changes in version 1.6.4-r2480 (07/12/2013):

  • hiding SSL options for Postfix/Dovecot if no SSL certificates are available
  • hiding Greylisting option in mailbox configuration if Greylisting is not enabled on mail server
  • fixed postfix configuration for v2.10+ (smtpd_relay_restrictions)
  • added support for multi-domain SSL certificates
  • changed configuration of sockets for incoming HTTP/HTTPS/LCCP connections
    Use “*” now for any IPv4/IPv6 interface. Before, ‘::’ also accepted IPv6-mapped IPv4-addresses. Now both address families can/must be configured independently.
  • disabling two factor authentication when admin password is reset via console (with “–init”)
  • using PBKDF2 as new default algorithm for password hashes
  • added support for HostingSubscriptionAdd() and HostingDomainAdd() with subscriptions at “My Hosting”
  • fixed bug when modifying permissions for external database access for a subscription
  • added stack trace support for Lua API
  • improved stability of Lua API
  • upgraded SQLite due to bug in 3.7.17
  • improved SSL cipher configuration for services (for PCI compliance)
  • added support for ECDH ciphers (TLSv1)
  • automatically adjusting FcgidMaxRequestLen to PHP post_max_size
  • added support for HSTS - HTTP Strict Transport Security (RFC6797)
  • fixed broken check for password length on login page
  • added workaround to filter available apps from AppInstaller
  • fixed bug when updating HTTP traffic per subscription
  • better protection of per-subscription php.ini file
  • optimized syntax check for ‘timestamp’ parameter on SOAP requests
  • workaround for optimizer bug in SQLite 3.7.17
  • allowing wildcard subdomains with HostingSubdomainAdd()
  • fixed pagination bug when entering a search term in tables on page >1
  • allow configuration of PASV ports for FTP server
  • fixed bug when editing mailbox limit for individual subscriptions
  • fixed missing permissions with individual reseller subscriptions
  • added new report “Top 10 subscriptions”

Changes in version 1.6.3-r2383 (06/04/2013):

  • fixed bug in directory password protection with NGINX
  • fixed problem with live log viewer when no error.log exists
  • added option ‘weblogin’ to SOAP method HostingMailboxAdd
  • fixed bug in SOAP method CustomerEdit()
  • fixed configuration problem with wildcard subdomains and Apache httpd
  • reassigning hosting subscriptions to another customer (#22)
  • fixed bug when deleting a user account
  • fixed problem with missing subscriptions when reassigning a subscription
  • upgraded MySQL driver and SQLite driver
  • improved stability of MySQL driver after lost connection to database server
  • improved logging to prevent flooding log file with identical messages
  • [r2383] fixed bug in SOAP method HostingMailboxAdd() (introduced with r2381)

Changes in version 1.6.2-r2361 (05/22/2013):

Important: with version 1.6.2 LiveConfig brings a complex php.ini management. If you’re upgrading from an earlier version to 1.6.2 (or later), please log on as admin after applying the upgrade, open the php.ini management page and check if the preset default values are ok for you and your customers. Only after clicking the apply template… button these settings will be applied to all customers’ php.ini files.

  • added support to change name/domain of an e-mail address
  • fixed rounding bug in display of mailbox sizes
  • fixed bug when deleting external domain with empty hostname
  • fixed bug when disabling a custom logo as login logo
  • configure e-mail address for cron output (#45)
  • displaying “pause” icon on disabled cron jobs (#46)
  • added configuration option “log_level” to LiveConfig Client
  • fixed some bugs when using subscription names with uppercase letters
  • started work on FreeBSD support
  • improved NGINX PHP-FCGI starter script (using PID files)
  • E-Mail self-service login (#51)
  • improved detection of MySQL packages, also supporting Percona and MariaDB
  • added “allow_writeable_chroot” option to vsftpd 3.x configuration (see also #73)
  • writing error message to log file (instead of only stderr) if license renewal failed
  • allow webspace customer to enable error.log for 24 hours (#37)
  • added missing “mail_max_userip_connections” option to Dovecot 2.x config
  • added live viewer for log files
  • fixed bug in Application Installer when system call (select()) was interrupted
  • improved Postfix configuration (reject_unknown_reverse_client_hostname, reject_invalid_helo_hostname, reject_unknown_recipient_domain)
  • fixed bug in Apache module detection
  • fixed GUI bug when adding a new IP address group for NGINX
  • preserving hash in URLs on dereferer
  • disabling all websites when a customer is suspended
  • returning list of assigned databases in HostingSubscriptionGet()
  • improved sort order of hosting subscription names (web1, web10, web2, web20 -> web1, web2, web10, web20, …)
  • automatically detecting if MySQL server has SSL support enabled
  • RPM installer: keeping existing liveconfig.conf/lcclient.conf and mailquota.txt during upgrade if locally modified
  • allow users to enable external MySQL access (#54)
  • manage comments for databases (#26)
  • not deleting MySQL user when deleting a database if user still has access to other databases
  • added SOAP method UserGet()
  • fixed a bug when configuring a “shared IP group” as reseller
  • fixed bug in WSDL schema for HostingSubscriptionGet (list of databases is now returned as “databaseList” instead of “databases”)
  • Dovecot configuration parameter “mail_max_userip_connections” disabled for v1.0.x (CentOS 5 ships Dovecot 1.0.7 by default)
  • added configuration option for “SSL session reuse” on FTP server (#85)
  • allow selection of end customer when assigning a SSL certificate to a reseller
  • added support for two factor authentication (eg. with Google Authenticator)
  • allow restriction of configuration of external database access (#54)
  • editing the maximum number of allowed customers in reseller subscriptions(#9)
  • added “O” flag to Postfix’ master.cf (adding X-Original-To: header)
  • fixed minor bug in SSL CSR generation (#88)
  • added GUI for directory password protection (#9)
  • fixed bug in packet search (using ‘eix’) with Gentoo
  • fixed Apache module detection with Gentoo and RedHat/CentOS
  • added support for Linux Malware Detect to PHP upload scan script (http://www.rfxn.com/projects/linux-malware-detect/)
  • management of global php.ini settings (#28)
  • added support for other languages with AWStats
  • added support for wildcard subdomains (#38)
  • fixed bug with individual php.ini settings for mod_php
  • fixed problem with Application Installer using too restrictive php.ini settings
  • fixed bug in AWStats configuration (LogFormat)
  • added SOAP method CustomerEdit()
  • various minor bugfixes and improvements
  • fixed directory permissions for ‘apps’ (broken with r2347)
  • added subdirectory support for log viewer

Changes in version 1.6.1-r2140 (02/21/2013):

  • optionally display custom logo on login pages (#43)
  • CentOS 6: added support for AWStats package from EPEL repository (#55)
  • CentOS: adjusted nginx-php-fcgi script to work with CentOS (#56)
  • CentOS: fixed “status” action of init script (#57)
  • fixed escaping of HTML characters in some data tables (#58)
  • fixed error in ProFTPd configuration with unlimited connections (#59)
  • fixed SQL query when selecting a folder for a new subdomain (#60)
  • various minor bugfixes & optimizations in GUI
  • fixed error in application installer if databases should be created on external database server
  • if a SSL certificate was assigned to a customer, the customer name was not displayed (#61)
  • increased timeouts for application installer
  • fixed bug in logrotate configuration when a subscription name contains a dash character (#62)
  • added support for vsftpd with Debian
  • added support for mailbox quota warning (#64)
  • fixed bug when disabling PHP in existing subscriptions (#65)
  • displaying mailbox quota usage in mail overview (#66)
  • deletion of “empty” subdomain isn’t allowed any more (#67)
  • fixed bug with AWStats and upper-case subscription names (#68)
  • improved import of pre-hashed MySQL passwords
  • displaying list of enabled Apache modules (#3)
  • configure max. concurrent POP3/IMAP connections per user and IP (#69)
  • fixed bug regarding issue #43 when using SQLite database
  • allow “Options ExecCGI” on subscriptions with CGI
  • added support for “dovecot21” package with OpenSUSE 12.2 (#73)
  • allow decreasing quota of overbooked mailboxes
  • added server configuration option ‘log_level’
  • fixed bug when deleting a hosting subscription without webspace
  • improved browser compatibility with Internet Explorer
  • added workaround for bug in AWStats 7.x with Perl >=5.14 (statistics didn’t get updated)
  • fixing permissions of ~/htdocs/cgi-bin to work correctly with suexec on OpenSUSE (#74)
  • fixed bug on sending data via SSL (error SSL_WANT_WRITE)
  • improved postfix configuration
  • optionally disable CRAM-MD5 authentication for Dovecot when using imported passwords in MD5-CRYPT scheme
  • fixed bug when dealing with big group files on recent Linux kernels (#77)
  • added missing “unix:” prefix in ClamAV configuration for Postfix/OpenSUSE
  • fixed display bug for traffic graph on “My Hosting” page
  • fixed detection of Apache module “proxy_http”
  • improved error output when starting via init script
  • fixed bug with virtual FTP users when using vsftpd with “dash” shell (eg. on Debian linux)

Changes in version 1.6.0-r2047 (11/27/2012):

  • added SSL support for Postfix and Dovecot
  • configurable DNS blacklists for Postfix
  • extended application installer to support <select> input (for XTC modified)
  • allow editing of customer ID (#33)
  • improved button for captcha reload (#15)
  • removing empty configuration files from purged subscriptions (#17)
  • removing empty mail directories (#17)
  • open external website links from application installer in new tab/window
  • updated internal zime zone database
  • fixed bug in time zone query (now also showing time zones without any DST rule)
  • setting time zone for new users added via SOAP function UserAdd() (#36)
  • fixed php.ini setting for mod_php (PHPIniDir)
  • added configuration options “http_canonical_host” and “http_canonical_redirect” to configure a canonical server name for the web interface
  • hosting subscriptions can now be deleted at once without having to delete all mailboxes/databases/etc. first
  • improved detection of NGINX packages under Debian linux
  • fixed serious bug when deleting an e-mail address with a dash (-) in the domain name
  • added Greylisting support (via Postgrey)
  • webspace directory (‘htdocs’) now can be named differently (eg. ‘html’)
  • removed some unnecessary error messages (#39)
  • optionally allow only SSL connections to POP3/IMAP server
  • fixed possible problem when deleting multiple MySQL database at a time (eg. when deleting a whole subscription)
  • improved SSL security to mitigate BEAST attack possibility (#42)
  • added support for TLSv1.1 and TLSv1.2
  • disabled client-initiated SSL renegotiation (CVE-2009-3555)
  • added detection of NGINX web server on CentOS
  • added support for rssh (scponly replacement)
  • fixed display error when MySQL database is >4 GB big
  • added option to disable POP3S/IMAPS
  • improved autodiscover/autoconfig service
  • added SSL support for FTP servers (vsftpd/ProFTPd) (#12)
  • fixed bug in Debian installer for LiveConfig client (configuration file overwritten on upgrade)
  • added management of external DNS servers (#34)
  • fixed bug preventing generation of statistics with AWStats on CentOS
  • fixed bug in Postfix configuration leading to bounces (instead of rejects) of mails to unknown local recipients
  • fixed bug in Dovecot 2.x configuration (mail quota not enforced)
  • fixed bug in application installer (database name length was limited to 12 instead of 16 characters)
  • fixed bug in UTF8-encoding of multibyte characters with >2 bytes
  • fixed display bug in folder selection popup with IE9
  • added deletion of unused IP groups (#49)
  • allow limiting the maximum number of concurrent FTP connections (#50)

Changes in version 1.5.3-r1932 (10/10/2012):

  • returning list of webserver IP addresses where the new domain is configured on SOAP function HostingDomainAdd()
  • SSL certificates: checking that the private key matches the certificate key
  • fixed creation of PHP FastCGI starter script on new subscriptions
  • improved performance on setups with large RRD tables
  • added configuration directive “db_options”
  • improved permission fix script (now also moving cgi-bin if destination is empty)
  • fixed bug in liveconfig.lua preventing permissions-fix to run on first time
  • fixed suPHP configuration for Debian7 and OpenSUSE when mod_php is enabled
  • fixed “Error 500” on path selection popup
  • opening web statistics in new browser tab/window
  • added SOAP methods HostingPasswordUserAdd() and HostingPasswordPathAdd()
  • Apps (installed via App Installer) can now be configured directly with HTTPS
  • improved readability of password recovery captcha
  • returning list of webserver IP addresses where the new domain is configured on SOAP function HostingSubdomainAdd()

Changes in version 1.5.2-r1893 (10/02/2012):

  • fixed bug in database creation via AppInstaller when running in certain multi-server setups
  • disallowing use of UTF-8 special chars (umlauts etc.) for POP/IMAP passwords
  • fixed configuration error in Postfix’ master.cf when using submission port (587) and ClamAV-Milter
  • not listing webspace properties which are not available in current subscription
  • fixed overflow bug in Round Robin Database implementation (tables are automatically cleaned up when running the LiveConfig upgrade)
  • added SOAP methods ContactEdit() and ContactGet()
  • implemented locking/suspending customers
  • fixed bug in HTTP redirect configuration for SSL webspace
  • automatically removing crontab when deleting a webspace account
  • improved fault tolerance when removing a webspace account
  • added support for AWstats
  • added software selection option for web analytics configuration
  • optimized display of reseller subscription statistics and subscription list
  • fixed minor bug in Debian/Ubuntu installer when running non-interactively
  • fixed installer bug when installing on OpenSUSE12 without SuSEfirewall2
  • added cron job to remove expired PHP session files from user directories
  • fixed minor JavaScript GUI bugs with Internet Explorer
  • added selection of PHP execution mode (suPHP/FastCGI/mod_php)
  • domains/subdomains with Apache httpd are from now on configured using separate <VirtualHost> sections, optionally still possible with RewriteRules
  • if a user or customer is deleted, all open sessions are immediately terminated
  • checking permissions for configuration file (aborting startup if insecure)
  • showing subscription properties differing from hosting plan on subscription details page
  • fixed permissions for webspace home directories for better security
  • fixed Apache SSL configuration on CentOS5/6 (renaming “ssl.conf”)
  • added placeholder ##LC_WEBROOT## for php.ini files
  • improved SELinux configuration for CentOS
  • added “umask 0022” to PHP FastCGI starter (Apache & NGINX)