Changelog for version 2.0 - 2.8

Changes in version 2.8.4-r5653 (10/01/2019):

fixed bug when searching in LiveConfig log (SQL error)
fixed bug in lcam when parsing IPv6 addresses
fixed bug when handling multiple identical SSL orders with Let’s Encrypt
fixed bug with new Let’s Encrypt module on CentOS 6 (Apache 2.2)

Changes in version 2.8.3-r5645 (09/23/2019):

when creating a CSR (with manually managed SSL certificates) you can now define additional domain names (SubjectAlternativeNames)
cron script for deleting expired PHP session files doesn’t require ‘sudo’ any more
removing directories ~/conf/acme during upgrade (not required any more)
quick search and table search now ignores whitespaces at begin/end
Let’s Encrypt: domain validation status is now linked with Let’s Encrypt validation URL to simplify debugging
fixed bug when ordering multiple SSL/TLS certificates from Let’s Encrypt while using MySQL as database backend
fixed bug loading shared LiveConfig modules on 32 bit platform
fixed bug when adding/modifying subdomains with custom NS records

Changes in version 2.8.2-r5624 (09/13/2019):

quick search now also includes search for exact domain names within all resellers
quick search now also includes search for exact user names within all resellers
improved startup of daemon processes
automatically re-trigger ACME SSL certificate orders (Let’s Encrypt) after 24 hours when validation failed due to “error 404”.
upgraded OpenSSL from 1.1.1c to 1.1.1d
fixed bug in PHP session cleaner script (expires session files where not deleted)
fixed error in autodetection for using external DNS resolvers
fixed problem when multiple Let’s Encrypt certificates for the same domains were renewed (ACMEv2 automatically merges identical orders)
fixed possibly multiple sending of Let’s Encrypt orders when using MySQL as backend
fixed duplicated log messages to systemd journal
fixed bug when replacing an existing and already configured SSL certificate with a new, manually managed one (HTTP/HTTPS subdomain configuration got mixed up)
During upgrade, all vHost configurations (including all php.ini files) will be updated. In some cases, not all vHost configurations where updated during upgrade to v2.8.0 - this is fixed now.

Changes in version 2.8.1-r5602 (08/28/2019):

allow customization of Apache SSLProtocols setting (Lua: apache.SSL_PROTOCOLS, apache.SSL_PROTOCOLS_STRONG)
disabling SSL protocols TLSv1 and TLSv1.1 when selecting “strong” SSL ciphers for an IP group
added support for explicit usage of external DNS resolvers (LCDefaults key dns.externalResolver)
automatically detect if DNS resolving is blocked (using system resolvers then)
added timeout (5 seconds) to DNS check for certificate orders
manually managed TLS/SSL certificates can now be assigned to its respective customer and be configured automatically
support assigning of manually managed SSL certificates (again)
existing subdomains configured as 301 redirect to https://<domain>/* are now managed in simplified “default view”
reduced caching of DNS resolver data to 60 seconds
fixed detection of PHP 7.3 FPM on Debian 10
fixed typo when warning of using deprecated SSL_PCI_CIPHERS variable in Lua
SSL certificate orders sometimes where not immediately processed when using MySQL as backend database
fixed login problem with Internet Explorer 11

Changes in version 2.8.0-r5579 (08/20/2019):

forwarding e-mails to certain domains can now be restricted (using LCDefaults key mail.forwards.blacklist)
improved “add domain” form (added www/redirect/ssl options)
drastically simplified “edit domain/subdomain” form
supporting individual PHP-FPM configurations using ~/conf/fpm.conf
read/edit individual php.ini settings using HostingSubscriptionGet() / HostingSubscriptionEdit()
supporting per-domain custom Apache configuration (/var/www/<subscription>/conf/\<domain\>.httpd.conf)
mailboxes can either be parked or be deleted when the associated domain is being deleted
editing SSL certificate of a subdomain now possible using HostingSubdomainEdit()
moved management of SSL providers into separate modules
Let’s Encrypt now using ACMEv2 API (RFC8555)
domain validation (for SSL) doesn’t need a server reload any more
supporting Debian 10 (“Buster”)
Debian/Ubuntu: added trigger for automated update of version numbers after upgrading PHP packages (php-#.#-opt)
GUI: using <shift>+<enter> when searching for an exact subscription name automatically starts a new session in a separate window
GUI: supporting usage of <shift>+<enter> in expandable input fields (eg. when adding new domain names)
allowing underscore sign (_) within subdomain names according to RFC2181 (except for webspace/mail)
mailbox configuration: forward addresses are now entered in a <textarea> (separated by newline, whitespace, comma or semicolon)
improved input form for adding/editing mailboxes
don’t allow CNAME records with empty hostname
lcdbbackup: added option -w to open input database in read/write mode
allow leading underscore (_) in CNAMEs (eg. for DKIM)
optimized purging of expired PHP session files
removed SNI detection and note on SNI for webspace configuration
SetHandler is now allowed again in .htaccess file
LiveConfig binaries, shared libraries & lua scripts are not world-readable any more
disabled TLSv1 and TLSv1.1 for communication between LiveConfig instances in multi-server setup
disabled TLSv1 and TLSv1.1 for LiveConfig web interface
Apache+FastCGI: configuring FcgidBusyTimeout with same value as FcgidIOTimeout to better support long running scripts (>300sec)
when creating the first IP group for a webserver, SSL and HTTP/2 is now enabled automatically
lcpolicyd: supporting wildcard addresses (*@example.org) as fallback for per-domain limit
renamed “PCI” SSL ciphers to “strong” SSL ciphers, thus renamed SSL_PCI_CIPHERS to SSL_STRONG_CIPHERS in Lua API
NGINX as reverse proxy: set HTTPS=on when forwarding HTTPS connections to Apache
NGINX: more flexible proxy configuration via nginx.PROXY_PARAMS variable
renamed LCDEFAULTS key login.u2f.enabled to login.webauthn.enabled
Lua API: improved error handling in LC.expect
automatically assigning SSL certificate to matching domains
preventing cron.php.sh (PHP session cleanup) to run in multiple instances
NGINX: configuring client_max_body_size identical to php.ini setting post_max_size
minimum retry interval for DNS check (SSL orders) is now 5 minutes
renewal of SSL certificates will not be triggered as long as there are any non-expired SSL orders (e.g. after failed domain validations). New validation can be triggered manually though.
SSL orders/renewals are only performed when both DNS checks are successful and the domains are (still) available on the server
disabling HTTPS-redirect when the SSL certificate being used is deleted
do not automatically renew SSL certificates of suspended customers or hosting subscriptions
if existing, contents of /usr/share/liveconfig/login-info.html will be included on login page (below login form)
entries in “custom links” (IFRAME API) can now be sorted arbitrarily
Debian/Ubuntu: do not run interactive configuration during package upgrade if LiveConfig was installed non-interactively
don’t try connecting to MySQL database if database management was disabled
fixed bug when external domain was added (now automatically enabling webspace/mail if available, and automatically create ‘www’ subdomain)
SSL certificates where not removed from /etc/ssl/ when deleted in LiveConfig
fixed various bugs from preview release v2.8.0-r5484 (mostly SSL management)
fixed bug when upgrading from v2.8.0-r5484 while using MySQL as LiveConfig backend database
fixed bugs with ACMEv2 (certificates were deleted after installation, ACMEv1 accounts were migrated with wrong URL)
fixed some issues with new “standard view” when editing domains
fixed issues with DNS check for SSL certificate orders (not all members of an IP group need to be in DNS)
fixed bugs with automatic renewal of SSL certificates (ACME2)
fixed bug with SAN SSL certificates (ACME2)
fixed SOAP exception on idempotent contact data update
fixed various minor GUI bugs with new SSL/subdomain management
intermediate CA certificates were missing when using 4096 bit RSA keys with Let’s Encrypt
triggering HTTP validation for all pending SSL orders with Let’s Encrypt (even when DNS check failed) to not run into limit (max. 300 pending validations
fixed various minor bugs in new subdomain configuration form
Lua: fixed bug in FPM pool configuration code (regression from r5355)
SubjectAltNames of manually managed SSL/TLS certificates were ignored when searching for matching certificates for a domain
fixed bugs with ACMEv2
when running PHP via FPM, access to /tmp/ is removed from open_basedir (when upgrading LiveConfig, access to /tmp/ still allowed with FastCGI)
During upgrade, all vHost configurations (including all php.ini files) will be updated. This is required for the improved SSL domain validation.
In multi-server environments we recommend to first update all clients (lcclient), and finally the LiveConfig server.

Changes in version 2.7.4-r5214 (02/11/2019):

added LCDefaults option log.hideAdminEvents (don’t show log events triggered by admin access)
delete temporary AppInstaller variables after installation
disallow Apache directive SetHandler in .htaccess files

Changes in version 2.7.3-r5163 (12/18/2018):

updated SQLite to 3.26.0 (preventing “Magellan” vulnerability)

Changes in version 2.7.2-r5133 (11/26/2018):

updated OpenSSL to v1.1.1a
allow wildcard subdomains again (broken in v2.7.1)
fixed problem in client/server communication (LCCP protocol)
fixed bug when using broken/incomplete SSL certificates with NGINX

Changes in version 2.7.1-r5125 (11/14/2018):

subdomains can’t be deleted (regression bug from r5120)

Changes in version 2.7.1-r5120 (11/13/2018):

added php.ini setting opcache.file_cache_only (default: NO)
lclogsplit now supports additional data after “bytes sent” column (allows additional fields in LogFormat)
improved validation of subdomain/domain names
returning creation and last modification timestamp on HostingSubscriptionGet()
fixed bug when configuring NGINX vHosts with Apps from AppInstaller using a custom PHP version (Lua error)
fixed missing logout button in mobile view
using local timezone for displaying validity period of SSL certificates
added some missing translations
dynamic DNS updates of single IPv6 addresses (AAAA) were not forwarded to BIND
fixed problems when webspace user names contained uppercase letters (from old LiveConfig installations) (affected: Logrotate, FPM pools, account deletion)
fixed bug when checking unicode domain names containing non-spacing mark characters
invalid domain names couldn’t be deleted
[r5120] format check didn’t allow “simple” subdomains in r5119

Changes in version 2.7.0-r5095 (10/29/2018):

added AutoDeploy support (admin, lcdefaults, licensekey, include)
supporting domain-specific configuration includes for NGINX (~/conf/\<domain\>.nginx.conf)
web-based “onboarding” for configuration of license code, login details and contact data on new installations
supporting PHP-FPM (FastCGI Process Manager)
supporting import of SSL certificates with SOAP API (HostingDomainAdd(), HostingSubdomainAdd())
supporting TLS 1.3 (RFC8446) with LiveConfig GUI (OpenSSL 1.1.1)
on forced password change (immediately after logging in), the old password isn’t asked for any more
supporting configuration of Dovecot 2.3
supporting Postfix setting enable_long_queue_ids with lclogparse
log rotation now configured for all log file (~/logs/*.log, ~/logs/priv/*.log)
improved performance when configuring Apache vHosts with a large number of <VirtualHost> sections
allow result filtering for DNS whitelists (eg. list.dnswl.org=127.0.[0..255].[1..3])
added php.ini options opcache.file_cache and opcache.lockfile_path for safety when using PHP-FPM
Apache: show warning when mod_http2 is enabled, but not mod_mpm_event
fixed bug when writing CAA record to initial zone file (text file)
quick search for domain names returned multiple identical results when customer has multiple user accounts
outbound e-mails submitted via port 587 (submissions) were not counted by lclogparse
fixed deadlock when receiving unexpected results from passwd program (eg. when using local password policies)
fixed possible buffer overflow when parsing SMTP statistics with broken e-mail addresses
fixed bugs when adding same domain twice through mass import
log rotation of liveconfig.log/lcclient.log sometimes got ignored
when a differing shell was configured for a subscription and the plan was edited, the shell sometimes was reset to the plan’s value
fixed bug in SSL assignment (regression from r5075)
fixed bug when terminating FastCGI PHP instances with NGINX while running multiple PHP versions
when updating an “old” LiveConfig installation (initially <1.7.0), invalid php.ini values were used for opcache settings (regression from r5091)
fixed various minor issues when importing SSL certificates using the SOAP API

Changes in version 2.6.3-r5013 (07/03/2018):

removing logrotate configuration immediately when a subscription is deleted (previously the configuration removal was delayed)
added “nocreate” option to logrotate configuration for access.log files to prevent problems with restrictive umask while running logrotate
systemd erroneously reported an error while reading the PID files of LiveConfig services (“PID xxx read from file xxx.pid does not exist or is a zombie.")
lclogsplit can’t be started stand-alone (with NGINX) when /var/run (or /run) is located on a tmpfs and /var/run/liveconfig wasn’t created

Changes in version 2.6.2-r4996 (06/28/2018):

“coming soon” page for NGINX vHosts can be disabled via Lua option nginx.COMING_SOONtt> (to prevent conflicts with custom configurations containing a location = / block)
return HTTP error “method not allowed” instead of “not found” when accessing the autodiscover/autoconfig URL with an invalid request
setting “immutable” flag for php.ini directories in ~/conf/
error page for suspended websites was not displayed with NGINX
LCDEFAULTS setting db.stats.interval was ignored in some cases

Changes in version 2.6.1-r4987 (06/18/2018):

updated integrated MariaDB client to v3.0.5
automatically detecting language for iPhone/iPad configuration page (/liveconfig/hosting/mobileconfig)
configuring ProFTPD (v1.3.5+) to also support TLS 1.1 and 1.2
fixed bug when displaying CAPTCHA image on Safari browsers
in some cases, new created access.log files can’t be read by users (too restrictive umask in lclogsplit)
lcclient: remove /etc/logrotate.d/liveconfig during upgrade (got replaced by /etc/logrotate.d/liveconfig-vhosts)
fixed bug in lclogsplit when NGINX access log was rotated (already rotated log file sometimes was parsed again several times)
date-based deactivation of autoresponder didn’t work with SQLite backend

Changes in version 2.6.0-r4972 (06/12/2018):

subscription prefix can now contain “#” characters, which are replaced by random digits (eg. “web#####” => “web92754”)
added option to force change of LiveConfig password on next login
autoresponder for e-mail can now be disabled to a certain date
allow adding multiple domains to a subscription at a time
full access.log support for NGINX, including live statistics and merging with Apache access.log
supporting address extensions with e-mail addresses (sub-addresses, VERP/recipient_delimiter), like “mailbox+suffix@example.org”
icons can now be selected for “custom links” (Adminstration -> LiveConfig -> Custom Links)
supporting Ubuntu 18.04 LTS
automatically registering additional PHP packages installed from LiveConfig repository (Debian/Ubuntu) - no need to create/modify custom.lua (/etc/liveconfig/lua.d/*.lua)
auto-configuration of e-mail settings for Apple iOS devices (/liveconfig/hosting/mobileconfig)
contacts table can now also be filtered by e-mail address
contact data can now be edited directly (without prior searching)
own contact data can now be edited directly at “Preferences” -> “Contact data” (if user has permissions for that)
improved “null_sender” option (Postfix/Dovecot) for bounce messages to local mailboxes
editing and deletion of databases is now logged (via GUI)
optionally, a webmail URL can be defined (server management -> e-mail -> dovecot) which will be displayed at the mailbox settings and at the subscription overview
upgraded OpenSSL from version 1.1.0g to 1.1.0h
allow symlinks in webpace directory browser
when enabling e-mail for an existing hosting plan, existing subdomains are not modified any more (e-mail feature has to be enabled individually for desired subdomains, this mitigates problems where users have custom MX records)
using MariaDB Connector/C 3.0.4 for communication with MariaDB and MySQL servers
show usage of contact records (customers/users using this contact)
adding/editing/deleting cron jobs is now logged to LiveConfig GUI log
DNS whitelist now has priority over DNS blacklists and greylisting
renamed /etc/logrotate.d/liveconfig to /etc/logrotate.d/liveconfig-vhosts
added parameters logfilter4 and logfilter6 to HostingSubscription* SOAP methods for editing access.log filter settings
fixed error when adding subdomains via SOAP API (occured when adding a subdomain while the domain itself was not yet active on primary DNS)
fixed some compatibility issues with OpenSUSE 42.3
fixed bug when triggering e-mail mass update with passwords >40 chars
do not delete dovecot.sieve when editing a mailbox if it is a symlink (eg. when using ManageSieve)
when a single subdomain was deleted, custom DNS records were not removed from database
after modification of the SSL certificate, the FTP service was only reloaded instead of restarted (ProFTPD sometimes stopped working, vsftpd didn’t use the new certificate)
logrotate: if rotation was configured by file age (maxage), depending on configuration in /etc/logrotate.conf only the latest 4 log files where kept
escaping HTML special characters before displaying in log viewer
lcclient.log wasn’t properly rotated
fixed bug when same IP address was detected twice

Actions while upgrading from previous LiveConfig installations:

all Apache and NGINX vHosts are reconfigured, to get NGINX domain names into /var/lib/liveconfig/accesslog.map and to update all log rotation settings
the CustomLog directive in /etc/apache2/conf-available/liveconfig.conf respective /etc/httpd/conf.d/99_liveconfig.conf is changed (new parameters for lclogsplit call)
the file /etc/apache2/accesslog.map is moved to /var/lib/liveconfig/accesslog.map
the setting for Dovecot in /etc/postfix/master.cf is modified (null_sender= is inserted), then Postfix is restarted
if NGINX is used, lclogsplit is additionally installed as service
the file /etc/logrotate.d/liveconfig is renamed to /etc/logrotate.d/liveconfig-vhosts (log rotation of vHosts then separated from settings for LiveConfig log files)

Changes in version 2.5.3-r4805 (01/26/2018):

re-opening LiveConfig log file on SIGHUP
rotating LiveConfig log files monthly (using logrotate)
CSV download of customer list and contacts list
supporting NS records in custom DNS settings
better names for CSV downloads (eg. Customers.csv instead of data.csv)
selection of PHP version isn’t possible any more if PHP is disabled for a subscription or if mod_php is selected
only create automatic backup of SQLite database when SQLite is actually used
show e-mail address in contacts list
removed “Postfix” ($mail_name) from smtpd_banner setting
added option phpversion to SOAP method HostingDomainAdd() (as with HostingSubdomainAdd())
pending modifications (not applied yet) in php.ini management are displayed with a wrench icon
fixed a bug in backup download function (in some cases, the download was aborted with an error message without transferring any data)
fixed bug when re-enabling only e-mail services for a locked/disabled subscription
suPHP was not disabled correctly in some cases when the subscription did not allow PHP (only Debian 7)
removed error message from Debian installer during upgrades

Changes in version 2.5.2-r4777 (12/04/2017):

when a new password for a customer is set, it’s now also saved temporarily for welcome mail
removed secp521 from list of supported ECDSA algorithms (not supported by many browsers)
creation of a new customer is now logged into database
logging update of FTP passwords now also in liveconfig.log
checking PHP version (php-cli) when running session cleanup cron to use correct php.ini
fixed bug in AppInstaller when using %c placeholder in the middle of database names

Changes in version 2.5.1-r4758 (11/16/2017):

upgraded OpenSSL from version 1.1.0f to 1.1.0g
improved U2F/OTP login (separate prompt for OTP code when using password manager)
preventing use of ACME RSA key as private key for SSL certificates
preventing use of secp521r1 ECDSA keys with Let’s Encrypt (not yet supported by Let’s Encrypt)
disabled HTTP/2 with NGINX for reverse proxy vHosts
fixed bug with phpMyAdmin Single Sign-On when PMA URL didn’t contain a /
U2F login now also works with Firefox (Nightly)
fixed timestamp not supported by MySQL in db-mysql.sql
fixed configuration bug with NGINX when SSL is enabled only with exclusive IP groups

Changes in version 2.5.0-r4741 (10/29/2017):

fixed bug when new MySQL database was created (regression from r4735)

Changes in version 2.5.0-r4739 (10/27/2017):

IPv6 resolvers removed from NGINX resolver.conf when using NGINX <1.2.2 or <1.3.1 (eg. on Debian 7)
fixed GUI bug when enabling phpMyAdmin Single Sign-On for existing MySQL database

Changes in version 2.5.0-r4735 (10/26/2017):

placeholder %c for database prefixes doesn’t need to be at the beginning any more (allows for example db_%c_)
show disk usage details also for subscriptions with “unlimited” disk quota
supporting ECDSA certificates (SSL/TLS)
supporting ECDSA certificates with Let’s Encrypt
a new session into a subscription of an own customer can now be started with one mouse click from quick search
added support for CAA records in DNS (Certificate Authority Authorization)
supporting HTTP/2 with NGINX >=1.9.5 and Apache >= 2.4.17
supporting Single Sign-On to phpMyAdmin
supporting PHP7 as Apache Module (mod_php7)
upgraded OpenSSL from 1.0.2l to 1.1.0f (preparing for TLS 1.3)
db.stats.interval can now be configured to values >32768 seconds
installing a new GPG key for LiveConfig repositories (going to be used from November 2017 on)
improved NGINX configuration (creating /etc/nginx/conf.d/resolver.conf)
improved performance of log split utility (lclogsplit) - 50x less I/O
autoresponder does not send a reply when message is tagged as SPAM (new/updated mailboxes only)
updated timezone database to 2017b
fixed bug in decrypting passwords (in one special case, an ‘x’ character was added to passwords used with Dovecot)
PHP session files were not removed automatically when running on server with only PHP7 installed
fixed propably inactive OCSP configuration on Apache >=2.3.3
mailboxes were not added to deny.imap file when a subscription was suspended (disabled)
fixed configuration bug when using NGINX as reverse proxy for a (sub)domain
Let’s Encrypt certificates can’t be ordered when using with subdomains configured as reverse proxy (Apache)
removed duplicate entries from /etc/apache2/accesslog.map
e-mails submitted through port 465 (SMTPS) were not counted by lclogparse
mailbox statistics (maildirsize) didn’t work with mailboxes >2GB on 32 bit systems
fixed memory leak in lcpolicyd (on negative lookups in policy database)
cron jobs were not re-enabled after a locked subscription was re-enabled

Changes in version 2.4.1-r4635 (07/25/2017):

fixed bug when importing Dovecot passwords as CRAM-MD5 hash (passwords were hashed twice)
AutoDiscover wasn’t enabled when a domain or subdomain was added via the SOAP API (with mail.autoconfig.default=1)

Changes in version 2.4.1-r4630 (07/21/2017):

disabled captcha for password recovery (can be re-enabled using LCDEFAULTS key user.pwrecover.captcha)
using ProxyPass & ProxyPassReverse for Apache proxy configuration (instead of RewriteRule with [P] option)
automatic 302 redirect (instead of “400 Bad Request” error page) when accessing LiveConfig via HTTP on HTTPS port
LiveConfig and all of its tools are now hardened at compile-time
show error page when subdomain is configured as proxy, but mod_proxy is not enabled
fixed missing “deny.imap” file on fresh installations
spam filter thresholds where displayed “*100” when logging in to LiveConfig with e-mail credentials
fixed GUI bug when creating new ACME account without e-mail address
fixed error in parsing spamwarn/spamreject fields in HostingMailboxAdd() (regression bug from v2.4.0)
fixed minor GUI bugs
HostingMailboxAdd(): spam warn threshold may be equal to reject threshold
HostingDomainAdd() now returns in <webip> the NAT IP instead of the private IP address
fixed bug with ACME and differing reload interval (triggered too early)
fixed wrong SpamAssassin thresholds when manually triggering mailbox updates via the database (using MB_STATUS=9)
Autoconfig subdomains were not deleted when e-mail was disabled for a domain
fixed problem in local LCCP connection (single-server) when data was sent much faster than client process could handle (eg. on mass updates)

Changes in version 2.4.0-r4607 (06/27/2017):

fixed missing “deny.imap” file on fresh installations

Changes in version 2.4.0-r4602 (06/21/2017):

fixed problem with PHP7-“only” and NGINX on Debian 9

Changes in version 2.4.0-r4601 (06/21/2017):

optionally allow Linux account names with leading numbers (LCDefaults key user.login.leadingNumbers)
allow multiple PHP settings with the same name when PHP version limitation does not overlap
supporting Debian 9 (“Stretch”)
“permissive mode” for SOAP method ContactAdd() (eg. ignore format errors on mass import)
Let’s Encrypt now respects differing reload interval (apache.RELOAD_MAX)
when CRAM-MD5 is disabled in Dovecot (eg. due to backward-compatibility to imported mailboxes), AutoDiscover for Thunderbird now allows plaintext password authentication
updated OpenSSL to v1.0.2l
auto-detecting location of MySQL socket if not configured properly
fixed bug when configuring NGINX reverse-proxy vHost with HTTP redirect
lcsam: fixed scanning of outgoing e-mails with “-a” option
e-mail accounts of disabled subscriptions still were able to read mail via POP3/IMAP
when using BIND with NAT IPs, the “interfaces” option contained the NAT IPs instead of the physical IPs

Changes in version 2.3.1-r4556 (05/08/2017):

fixed bug when switching mailserver name from “manual” back to default name

Changes in version 2.3.0-r4555 (05/05/2017):

Lua: allow overriding Postfix settings in master.cf using table postfix.LOCALMASTER
added SOAP method UserEdit()
Apache configuration reload interval can be overridden via custom.lua (apache.RELOAD_MIN, apache.RELOAD_MAX)
supporting Single Sign-On (using SOAP method SessionCreate())
added czech language support (thanks to vshosting.cz!)
added Postfix policy service “lcpolicyd” to limit outgoing e-mails
supporting pre-hashed passwords in {CRAM-MD5] schema with HostingMailboxAdd()
SOAP method HostingSubscriptionEdit() supports locking/disabling of individual subscriptions
SOAP method HostingSubdomainAdd() supports selecting the PHP version
added SOAP method HostingLookup()
prepared IP mapping for DNS services behind NAT (IPS.IP_NAT)
fixed bug when trying to update virtual ProFTPD account with empty password
new LiveConfig installations with v2.2.3 used a wrong default time zone for the web interface (“Europe/Astrakhan” instead of “Europe/Berlin”)
Lua: fixed bug when using the flag apache.FOLLOWSYMLINKS (effectively SymLinksIfOwnerMatch was still enabled)
fixed bug in HostingPasswordPathAdd() when adding a wildcard login
CustomerAdd() didn’t check for duplicate customer IDs (parameter “cid”)
lcsam: symbols hit by SpamAssassin were not passed to log & mail headers (X-Spam-Score), only score was logged
HTTP(S) redirect did not work with NGINX Reverse Proxy configuration
fixed bug when running a web application with HTTPS and NGINX Reverse Proxy
fixed bug when saving “thai” as language in user preferences
DNSSEC: DS RR was displayed base64-encoded instead of hexadecimal
DNS: fixed bug when managing TXT records with more than 255 characters
fixed location of “insserv” tool for Ubuntu 16 (nginx-php-fcgi, lcsam)
supporting “only PHP7” configurations with Apache and NGINX on Ubuntu 16
stop trying to renew Let’s Encrypt certificate if domain has been deleted but SSL certificate not
systemd sometimes killed all nginx-php-fcgi processes when restarting LiveConfig service (moved nginx-php-fcgi into separate cgroup)
SSL CA chain certificate was not configured with SNI default vHost
IPv6 address in SOAP WSDL was in twice brackets
fixed bug in ACME client when receiving unexpected response from CA server
when mailbox was edited (domain changed), the domain didn’t get removed from “virtual_domains” file if domain wasn’t used any more
if the SSL certificate of a vHost is “broken”, it’s not configured any more (this rendered Apache unusable in some cases)
ACME: configuring HTTP->HTTPS redirect now only on initial certificate installation (not on renewal)
mailbox passwords were limited to 40 characters with HostingMailboxAdd()
control characters were not escaped correctly in JSON output
fixed bug when creating php-fcgi-starter script while user has exceeded his webspace quota
fixed bug when trying to rename an account into a recently deleted user name
improved language detection on “coming soon” placeholder page
lcsam: outbound e-mails from SASL authenticated users are by default not scanned any more by SpamAssassin
Spam prefix (Suspected SPAM) can be customized via LCDefaults (mail.spam.prefix)
updated timezone database to 2016h
allow “%” sign in local-part of e-mail addresses
changed syslog prefix for postfix port 587 to “postfix/submission” and port 465 to “postfix/smtps”
show web configuration (“destination”) for both HTTP and HTTPS (Hosting -> Domains)
Postfix master.cf: chroot flag set to “y” (instead of “-”) to mitigate warnings with Postfix 3.x
added workaround for broken OpenDKIM systemd script on Ubuntu 16
domains/subdomains with custom DNS records are marked with an icon (Hosting -> Domains)
updated OpenSSL to v1.0.2k
improved database indices
improved performance of statistics collection on large installations
automatical management of SSL certificates (ACME) can be disabled
allow override of Dovecot SSL ciphers (LC.dovecot.SSL_CIPHERS)
proposing filename data.csv when downloading CSV table data
minor GUI improvements
optimized restart of LiveConfig services (lclogparse, lcpolicyd, lcsam) after package upgrade
removed phone input from ACME registration (not supported any more by Let’s Encrypt)
improved install/uninstall of systemd unit files on Debian Linux

Changes in version 2.2.3-r4343 (10/04/2016):

display “DS Resource Record” (according to RFC4509) of DNSSEC keys
updated TLS cipher list (Mozilla recommendations v4.0)
disabled 3DES for LiveConfig access
added “X-Content-Type-Options” header to LiveConfig
display error message (reason) when application installer script couldn’t be run
improved lcservice.sh (now also fixing file owner, optionally recursively)
updated OpenSSL to v1.0.2j
updated timezone database to 2016g
show mail server name when adding/editing a mailbox
HostingMailboxAdd() didn’t use aliases/forwards limits from LCDEFAULTS
fixed too restrictive syntax check for e-mail aliases (both GUI and SOAP API)
ACME: fixed bug with renewal of domain authorizations
DNS template didn’t allow configuration of 4th secondary DNS server
catch-all addresses remained in virtual_alias file after renaming
TTL was not updated into zones when changed in DNS template (SOA)
broken/hanging AppInstaller installations can now be deleted after restarting LiveConfig
HostingDatabaseDelete(): parameter “subscription” was missing in API documentation

Changes in version 2.2.2-r4304 (08/31/2016):

allow reassigning a subscription at any level to an administrator or reseller
password for additional (virtual) FTP users was reset when editing the home directory
Lua: fixed bug in LC.timeout() function, which in some cases made services reload too early
SOAP API: permissions were not updated when hosting plan was changed via HostingSubscriptionEdit()
show status on customer details page when customer is locked or suspended

Changes in version 2.2.1-r4293 (08/15/2016):

send notification e-mail when SSL certificate is about to expire
some tables now contain a “copy to clipboard” and “open in new tab” link
after editing a PHP setting for a subscription, the “log files” tab was displayed
when the IPs of an IP group were changed, DNS updates were not applied immediately
NGINX: PHP was not enabled if webspace was only configured with a web application
NGINX: always started instances of default PHP version, even when not being used for any domain
when accessing LiveConfig via HTTP on a HTTPS port, the KeepAlive connection was not closed immediately, allowing subsequent unencrypted requests
updated time zone database (2016f)
allow connecting to MySQL servers with pre-4.1.1 protocol
no more logging of “a2ensite” calls (for a clearer log file)
subscription names are now limited to 32 characters
added trailing slashes to php.ini setting “open_basedir”
IP addresses may not be added as “external domains” any more
show eventually differing PHP version for domains with web application
popup windows now can be closed using the Escape key

Changes in version 2.2.0-r4254 (07/14/2016):

Debian 6 is **not** supported any more (EOL since 03/2016)

supporting autoresponder with forward-only mailboxes
added configuration option to conceal DMI data on server overview (LCDEFAULTS key server.info.dmi)
supporting ${subject} placeholder in subject or message of e-mail autoresponder
serial number for domain can be set with HostingDomainAdd()
added configuration option for default mailbox quota (LCDEFAULTS key mail.quota.default)
allow replacing the default LiveConfig logo in custom template files
supporting MySQL 5.7.6+
allow configuration of NGINX as reverse proxy for Apache httpd
supporting CSV download of domain table and subdomain table
added Thai language support (thanks to Hostway!)
supporting Ubuntu 16.04 LTS
supporting custom BIND options (Lua table bind.LOCALOPTIONS)
added parameter “ipgroup” to SOAP method HostingDomainAdd() (like in HostingSubdomainAdd())
SSL certificate for SMTP, POP3/IMAP and FTP is updated when being modified or extended (eg. with Let’s Encrypt)
added configuration parameter http_proxy_url to define the “public” URL when running LiveConfig behind a reverse proxy
HostingSubscriptionGet() now also returns mail server hostname
interval for collecting MySQL statistics is now configurable (LCDEFAULTS key db.stats.interval)
fixed bug when requesting new password with standard mail template
editing a LiveConfig user required entering a new password
LiveConfig user password length isn’t limited any more
editing a FTP user required entering a new password
fixed bug when modifying secondary DNS servers in DNS templates
country was not displayed in contact data list
allowing dashes in user names for SOAP API if admin user was renamed
fixed problem when adding a subdomain before new domain was loaded into primary DNS
fixed bug when importing existing password hashes into vsftpd
when editing an FTP account, a ‘/’ was inserted multiple times before the path name
replaced “0.0.0.0” with “0.0.0.1” in access.log.1 placeholder and AWStats/Webalizer configuration, because no statistics were generated when IPv4 addresses were fully anonymized
mailbox name in HostingMailboxAdd() had to be at least 2 characters long (1 character is now enough)
improved TLS session cache configuration for ProFTPD
revised list of allowed characters in mailbox names (now more consistent)
updated translations
changed Apache LogFormat directive ‘%h’ into ‘%a’ (log IP address instead of hostname, even if HostnameLookups is on; support reverse proxy)
“liveconfig –diag” now shows which PHP version is configured by default

Changes in version 2.1.2-r4149 (04/12/2016):

added support for OpenSUSE 42.1
added configuration option to disable autoresponder management (LCDEFAULTS key “mail.autoresponder.enabled”)
custom e-mail template for “recover password” wasn’t used in some cases
fixed wrong encoding of some special characters in e-mail templates (&, <, …)
ACME: handling possible error when received SSL certificate is empty or too small
creating vsftpd user configuration file on password update (if not existing)

Changes in version 2.1.1-r4131 (03/07/2016):

added SOAP method HostingDatabaseDelete()
added option to not create automatic A/AAAA DNS records for webspace when custom A/AAAA records exist
added configuration option http_nonssl_redirect
HTTP proxy support for outbound connections from LiveConfig (eg. for license activation, repository updates)
HTTP proxy support for inbound connections (new configuration options http_proxy_ip_header and http_proxy_ip_from)
show warning message on login page when JavaScript is disabled
allow manual configuration of database server name
added LCDEFAULTS option “mail.autoconfig.default” (default value for new domains)
fixed bug in NGINX FastCGI configuration with upper-case subscription names
custom mail server name wasn’t used in login informations (###MAILSERVER###)
checking for databases to be deleted when LiveConfig re-connects to MySQL (eg. on restart)
checking for databases to be deleted when LiveConfig re-connects to MySQL (eg. on restart)
ACME: better error handling when certificate download has failed
optmized database indexes
allow “%c” placeholder in FTP account prefix not only on first position

Changes in version 2.1.0-r4084 (02/01/2016):

added systemd unit files for all LiveConfig services
Lua-API: added function “LC.fs.is_symlink”
allow manual configuration of SMTP server name
automatically managing CNAME RRs for autodiscover/autoconfig (when upgrading LiveConfig, autodiscover/autoconfig CNAME RRs will be added automatically for all domains managed by LiveConfig, when autodiscover/autoconfig is enabled in the mail server settings)
allow enabling/disabling autodiscover/autoconfig per domain
allow configuration of IMAP/POP3 priority for autodiscover/autoconfig per mailbox
support import of encrypted private keys (SSL) in PKCS#8 format
automatically renewing ACME certificates and configuring new certificates
symlinks in /etc/init.d/(lcsam|nginx-php-fcgi) are replaced by real files due to incompatibility with systemd on CentOS 7.2
ACME challenges were not automatically deleted with subdomain
ACME certificates were not requested if any subdomain was “invalid” before
fixed NGINX_FCGI_INI_PATH in nginx-php-fcgi-starter for additional PHP versions
PHP-FCGI processes for NGINX were not terminated when PHP version was switched or PHP was disabled
SSL certificate for Dovecot will be updated even if NOUPDATE option is set (required for using Let’s Encrypt certificates with Dovecot)
SMTP server configuration split into several tabs
allowing up to 255 chars for web redirects and webspace paths
prefixes for users/ftp/databases now more flexible
also check for “mysql-community-server” package when searching for MySQL
improved performance of SQLite database
removing catch-all configurations from /etc/postfix/spamassassin

Changes in version 2.0.2-r4019 (01/13/2016):

Lua: added “NOUPDATE” option for Dovecot configuration
optional automatic configuration of HTTPS (and optional redirect to HTTPS) with ACME/Let’s Encrypt
maldet/clamav upload scan (with PHP/Suhosin) didn’t work with NGINX
fixed problem when updating mail password with RoundCube plugin
Override CSS was not included within IFRAME popups
fixed bug when deleting custom DNS RRs
improved XSS protection
updated translations
when an ACME certificate (Let’s Encrypt) for multiple domains (with/without ‘www’) is requested, wait until all (sub)domains are successfully validated before installing a certificate

Changes in version 2.0.1-r3988 (12/07/2015):

fixed bug when trying to rename “admin” user
fixed bug with ACME challenges on NGINX vHosts with complex configuration
fixed too restrictive access permissions to ACME challenges on some distributions
supporting ACME challenges when webspace is password-protected
NGINX configuration now supports PATH_INFO (NGINX #321)
improved detection of Red Hat Enterprise Linux (RHEL)

Changes in version 2.0.1-r3979 (12/01/2015):

supporting multiple PHP versions with NGINX
fixed memory leak in ACME client
fixed problem with “ssl_prefer_server_ciphers” and “ssl_protocols” in NGINX default configuration on Debian 8

Changes in version 2.0.1-r3973 (11/30/2015):

supporting ACME authorization with NGINX
fixed installation problem on Gentoo linux (“rm” command in ebuild)
fixed bug in displaying number of CPU cores
fixed bug in ACME authorization when no PHP is installed on a web server
no more special chars allowed when renaming a LiveConfig user
NGINX is restarted after initial configuration (not only reloaded) to force loading of new configuration
prevent autofill of e-mail password when creating/editing a mailbox
allow deletion of unused ACME accounts
displaying possible errors from ACME authorization
subscription names in reports are linked
improved NGINX configuration
large table content is now displayed in multiple rows

Changes in version 2.0.0-r3952 (11/18/2015):

allow download of e-mail overview table as CSV
fixed minor display bugs in CSS
increased limit for e-mail forwards from 90 to 128 characters

Changes in version 2.0.0-r3944 (11/17/2015):

completely revised web interface (“responsive”)
supporting Let’s Encrypt (ACME protocol) for automated SSL certificate management
supporting ARM platform (Raspberry Pi, Odroid, etc.)
supporting FIDO U2F with experimental Firefox plugin
session timeout can be configured (via LCDEFAULTS)
warning before session expires, plus more session improvements
added API for updating e-mail password eg. with RoundCube plugin
supporting Dynamic DNS updates via URL
supporting ARM platform (Debian/Ubuntu)
suppressing browser password manager when setting/updating passwords
check for custom CSS file when using custom logo
custom “return URL” not used on session timeout (#70)
“comment”, “subdomains”, “extdomains” and “traffic” values were not updated with SOAP method HostingSubscriptionEdit()
correctly restarting “lclogparse” after upgrade
fixed bug when adding/updating 2048 bit DKIM keys to DNS
allowing up to 64 chars for MySQL database names
allowing digits in PHP settings names
allow arbitrary length of LiveConfig user passwords
workaround for problems with FileZilla & ProFTPD (FactsAdvertise off)
improved performance of “uploadscan.sh”, fixed problems with LMD (maldet)