Changelog for version 2.0 - 2.8

Changes in version 2.8.4-r5653 (10/01/2019):

  • fixed bug when searching in LiveConfig log (SQL error)
  • fixed bug in lcam when parsing IPv6 addresses
  • fixed bug when handling multiple identical SSL orders with Let’s Encrypt
  • fixed bug with new Let’s Encrypt module on CentOS 6 (Apache 2.2)

Changes in version 2.8.3-r5645 (09/23/2019):

  • when creating a CSR (with manually managed SSL certificates) you can now define additional domain names (SubjectAlternativeNames)
  • cron script for deleting expired PHP session files doesn’t require ‘sudo’ any more
  • removing directories ~/conf/acme during upgrade (not required any more)
  • quick search and table search now ignores whitespaces at begin/end
  • Let’s Encrypt: domain validation status is now linked with Let’s Encrypt validation URL to simplify debugging
  • fixed bug when ordering multiple SSL/TLS certificates from Let’s Encrypt while using MySQL as database backend
  • fixed bug loading shared LiveConfig modules on 32 bit platform
  • fixed bug when adding/modifying subdomains with custom NS records

Changes in version 2.8.2-r5624 (09/13/2019):

  • quick search now also includes search for exact domain names within all resellers
  • quick search now also includes search for exact user names within all resellers
  • improved startup of daemon processes
  • automatically re-trigger ACME SSL certificate orders (Let’s Encrypt) after 24 hours when validation failed due to “error 404”.
  • upgraded OpenSSL from 1.1.1c to 1.1.1d
  • fixed bug in PHP session cleaner script (expires session files where not deleted)
  • fixed error in autodetection for using external DNS resolvers
  • fixed problem when multiple Let’s Encrypt certificates for the same domains were renewed (ACMEv2 automatically merges identical orders)
  • fixed possibly multiple sending of Let’s Encrypt orders when using MySQL as backend
  • fixed duplicated log messages to systemd journal
  • fixed bug when replacing an existing and already configured SSL certificate with a new, manually managed one (HTTP/HTTPS subdomain configuration got mixed up)
  • During upgrade, all vHost configurations (including all php.ini files) will be updated. In some cases, not all vHost configurations where updated during upgrade to v2.8.0 - this is fixed now.

Changes in version 2.8.1-r5602 (08/28/2019):

  • allow customization of Apache SSLProtocols setting (Lua: apache.SSL_PROTOCOLS, apache.SSL_PROTOCOLS_STRONG)
  • disabling SSL protocols TLSv1 and TLSv1.1 when selecting “strong” SSL ciphers for an IP group
  • added support for explicit usage of external DNS resolvers (LCDefaults key dns.externalResolver)
  • automatically detect if DNS resolving is blocked (using system resolvers then)
  • added timeout (5 seconds) to DNS check for certificate orders
  • manually managed TLS/SSL certificates can now be assigned to its respective customer and be configured automatically
  • support assigning of manually managed SSL certificates (again)
  • existing subdomains configured as 301 redirect to https://<domain>/* are now managed in simplified “default view”
  • reduced caching of DNS resolver data to 60 seconds
  • fixed detection of PHP 7.3 FPM on Debian 10
  • fixed typo when warning of using deprecated SSL_PCI_CIPHERS variable in Lua
  • SSL certificate orders sometimes where not immediately processed when using MySQL as backend database
  • fixed login problem with Internet Explorer 11

Changes in version 2.8.0-r5579 (08/20/2019):

  • forwarding e-mails to certain domains can now be restricted (using LCDefaults key mail.forwards.blacklist)
  • improved “add domain” form (added www/redirect/ssl options)
  • drastically simplified “edit domain/subdomain” form
  • supporting individual PHP-FPM configurations using ~/conf/fpm.conf
  • read/edit individual php.ini settings using HostingSubscriptionGet() / HostingSubscriptionEdit()
  • supporting per-domain custom Apache configuration (/var/www/<subscription>/conf/\<domain\>.httpd.conf)
  • mailboxes can either be parked or be deleted when the associated domain is being deleted
  • editing SSL certificate of a subdomain now possible using HostingSubdomainEdit()
  • moved management of SSL providers into separate modules
  • Let’s Encrypt now using ACMEv2 API (RFC8555)
  • domain validation (for SSL) doesn’t need a server reload any more
  • supporting Debian 10 (“Buster”)
  • Debian/Ubuntu: added trigger for automated update of version numbers after upgrading PHP packages (php-#.#-opt)
  • GUI: using <shift>+<enter> when searching for an exact subscription name automatically starts a new session in a separate window
  • GUI: supporting usage of <shift>+<enter> in expandable input fields (eg. when adding new domain names)
  • allowing underscore sign (_) within subdomain names according to RFC2181 (except for webspace/mail)
  • mailbox configuration: forward addresses are now entered in a <textarea> (separated by newline, whitespace, comma or semicolon)
  • improved input form for adding/editing mailboxes
  • don’t allow CNAME records with empty hostname
  • lcdbbackup: added option -w to open input database in read/write mode
  • allow leading underscore (_) in CNAMEs (eg. for DKIM)
  • optimized purging of expired PHP session files
  • removed SNI detection and note on SNI for webspace configuration
  • SetHandler is now allowed again in .htaccess file
  • LiveConfig binaries, shared libraries & lua scripts are not world-readable any more
  • disabled TLSv1 and TLSv1.1 for communication between LiveConfig instances in multi-server setup
  • disabled TLSv1 and TLSv1.1 for LiveConfig web interface
  • Apache+FastCGI: configuring FcgidBusyTimeout with same value as FcgidIOTimeout to better support long running scripts (>300sec)
  • when creating the first IP group for a webserver, SSL and HTTP/2 is now enabled automatically
  • lcpolicyd: supporting wildcard addresses (*@example.org) as fallback for per-domain limit
  • renamed “PCI” SSL ciphers to “strong” SSL ciphers, thus renamed SSL_PCI_CIPHERS to SSL_STRONG_CIPHERS in Lua API
  • NGINX as reverse proxy: set HTTPS=on when forwarding HTTPS connections to Apache
  • NGINX: more flexible proxy configuration via nginx.PROXY_PARAMS variable
  • renamed LCDEFAULTS key login.u2f.enabled to login.webauthn.enabled
  • Lua API: improved error handling in LC.expect
  • automatically assigning SSL certificate to matching domains
  • preventing cron.php.sh (PHP session cleanup) to run in multiple instances
  • NGINX: configuring client_max_body_size identical to php.ini setting post_max_size
  • minimum retry interval for DNS check (SSL orders) is now 5 minutes
  • renewal of SSL certificates will not be triggered as long as there are any non-expired SSL orders (e.g. after failed domain validations). New validation can be triggered manually though.
  • SSL orders/renewals are only performed when both DNS checks are successful and the domains are (still) available on the server
  • disabling HTTPS-redirect when the SSL certificate being used is deleted
  • do not automatically renew SSL certificates of suspended customers or hosting subscriptions
  • if existing, contents of /usr/share/liveconfig/login-info.html will be included on login page (below login form)
  • entries in “custom links” (IFRAME API) can now be sorted arbitrarily
  • Debian/Ubuntu: do not run interactive configuration during package upgrade if LiveConfig was installed non-interactively
  • don’t try connecting to MySQL database if database management was disabled
  • fixed bug when external domain was added (now automatically enabling webspace/mail if available, and automatically create ‘www’ subdomain)
  • SSL certificates where not removed from /etc/ssl/ when deleted in LiveConfig
  • fixed various bugs from preview release v2.8.0-r5484 (mostly SSL management)
  • fixed bug when upgrading from v2.8.0-r5484 while using MySQL as LiveConfig backend database
  • fixed bugs with ACMEv2 (certificates were deleted after installation, ACMEv1 accounts were migrated with wrong URL)
  • fixed some issues with new “standard view” when editing domains
  • fixed issues with DNS check for SSL certificate orders (not all members of an IP group need to be in DNS)
  • fixed bugs with automatic renewal of SSL certificates (ACME2)
  • fixed bug with SAN SSL certificates (ACME2)
  • fixed SOAP exception on idempotent contact data update
  • fixed various minor GUI bugs with new SSL/subdomain management
  • intermediate CA certificates were missing when using 4096 bit RSA keys with Let’s Encrypt
  • triggering HTTP validation for all pending SSL orders with Let’s Encrypt (even when DNS check failed) to not run into limit (max. 300 pending validations
  • fixed various minor bugs in new subdomain configuration form
  • Lua: fixed bug in FPM pool configuration code (regression from r5355)
  • SubjectAltNames of manually managed SSL/TLS certificates were ignored when searching for matching certificates for a domain
  • fixed bugs with ACMEv2
  • when running PHP via FPM, access to /tmp/ is removed from open_basedir (when upgrading LiveConfig, access to /tmp/ still allowed with FastCGI)
  • During upgrade, all vHost configurations (including all php.ini files) will be updated. This is required for the improved SSL domain validation.
    In multi-server environments we recommend to first update all clients (lcclient), and finally the LiveConfig server.

Changes in version 2.7.4-r5214 (02/11/2019):

  • added LCDefaults option log.hideAdminEvents (don’t show log events triggered by admin access)
  • delete temporary AppInstaller variables after installation
  • disallow Apache directive SetHandler in .htaccess files

Changes in version 2.7.3-r5163 (12/18/2018):

  • updated SQLite to 3.26.0 (preventing “Magellan” vulnerability)

Changes in version 2.7.2-r5133 (11/26/2018):

  • updated OpenSSL to v1.1.1a
  • allow wildcard subdomains again (broken in v2.7.1)
  • fixed problem in client/server communication (LCCP protocol)
  • fixed bug when using broken/incomplete SSL certificates with NGINX

Changes in version 2.7.1-r5125 (11/14/2018):

  • subdomains can’t be deleted (regression bug from r5120)

Changes in version 2.7.1-r5120 (11/13/2018):

  • added php.ini setting opcache.file_cache_only (default: NO)
  • lclogsplit now supports additional data after “bytes sent” column (allows additional fields in LogFormat)
  • improved validation of subdomain/domain names
  • returning creation and last modification timestamp on HostingSubscriptionGet()
  • fixed bug when configuring NGINX vHosts with Apps from AppInstaller using a custom PHP version (Lua error)
  • fixed missing logout button in mobile view
  • using local timezone for displaying validity period of SSL certificates
  • added some missing translations
  • dynamic DNS updates of single IPv6 addresses (AAAA) were not forwarded to BIND
  • fixed problems when webspace user names contained uppercase letters (from old LiveConfig installations) (affected: Logrotate, FPM pools, account deletion)
  • fixed bug when checking unicode domain names containing non-spacing mark characters
  • invalid domain names couldn’t be deleted
  • [r5120] format check didn’t allow “simple” subdomains in r5119

Changes in version 2.7.0-r5095 (10/29/2018):

  • added AutoDeploy support (admin, lcdefaults, licensekey, include)
  • supporting domain-specific configuration includes for NGINX (~/conf/\<domain\>.nginx.conf)
  • web-based “onboarding” for configuration of license code, login details and contact data on new installations
  • supporting PHP-FPM (FastCGI Process Manager)
  • supporting import of SSL certificates with SOAP API (HostingDomainAdd(), HostingSubdomainAdd())
  • supporting TLS 1.3 (RFC8446) with LiveConfig GUI (OpenSSL 1.1.1)
  • on forced password change (immediately after logging in), the old password isn’t asked for any more
  • supporting configuration of Dovecot 2.3
  • supporting Postfix setting enable_long_queue_ids with lclogparse
  • log rotation now configured for all log file (~/logs/*.log, ~/logs/priv/*.log)
  • improved performance when configuring Apache vHosts with a large number of <VirtualHost> sections
  • allow result filtering for DNS whitelists (eg. list.dnswl.org=127.0.[0..255].[1..3])
  • added php.ini options opcache.file_cache and opcache.lockfile_path for safety when using PHP-FPM
  • Apache: show warning when mod_http2 is enabled, but not mod_mpm_event
  • fixed bug when writing CAA record to initial zone file (text file)
  • quick search for domain names returned multiple identical results when customer has multiple user accounts
  • outbound e-mails submitted via port 587 (submissions) were not counted by lclogparse
  • fixed deadlock when receiving unexpected results from passwd program (eg. when using local password policies)
  • fixed possible buffer overflow when parsing SMTP statistics with broken e-mail addresses
  • fixed bugs when adding same domain twice through mass import
  • log rotation of liveconfig.log/lcclient.log sometimes got ignored
  • when a differing shell was configured for a subscription and the plan was edited, the shell sometimes was reset to the plan’s value
  • fixed bug in SSL assignment (regression from r5075)
  • fixed bug when terminating FastCGI PHP instances with NGINX while running multiple PHP versions
  • when updating an “old” LiveConfig installation (initially <1.7.0), invalid php.ini values were used for opcache settings (regression from r5091)
  • fixed various minor issues when importing SSL certificates using the SOAP API

Changes in version 2.6.3-r5013 (07/03/2018):

  • removing logrotate configuration immediately when a subscription is deleted (previously the configuration removal was delayed)
  • added “nocreate” option to logrotate configuration for access.log files to prevent problems with restrictive umask while running logrotate
  • systemd erroneously reported an error while reading the PID files of LiveConfig services ("PID xxx read from file xxx.pid does not exist or is a zombie.“)
  • lclogsplit can’t be started stand-alone (with NGINX) when /var/run (or /run) is located on a tmpfs and /var/run/liveconfig wasn’t created

Changes in version 2.6.2-r4996 (06/28/2018):

  • “coming soon” page for NGINX vHosts can be disabled via Lua option nginx.COMING_SOONtt> (to prevent conflicts with custom configurations containing a location = / block)
  • return HTTP error “method not allowed” instead of “not found” when accessing the autodiscover/autoconfig URL with an invalid request
  • setting “immutable” flag for php.ini directories in ~/conf/
  • error page for suspended websites was not displayed with NGINX
  • LCDEFAULTS setting db.stats.interval was ignored in some cases

Changes in version 2.6.1-r4987 (06/18/2018):

  • updated integrated MariaDB client to v3.0.5
  • automatically detecting language for iPhone/iPad configuration page (/liveconfig/hosting/mobileconfig)
  • configuring ProFTPD (v1.3.5+) to also support TLS 1.1 and 1.2
  • fixed bug when displaying CAPTCHA image on Safari browsers
  • in some cases, new created access.log files can’t be read by users (too restrictive umask in lclogsplit)
  • lcclient: remove /etc/logrotate.d/liveconfig during upgrade (got replaced by /etc/logrotate.d/liveconfig-vhosts)
  • fixed bug in lclogsplit when NGINX access log was rotated (already rotated log file sometimes was parsed again several times)
  • date-based deactivation of autoresponder didn’t work with SQLite backend

Changes in version 2.6.0-r4972 (06/12/2018):

  • subscription prefix can now contain “#” characters, which are replaced by random digits (eg. “web#####” => “web92754”)
  • added option to force change of LiveConfig password on next login
  • autoresponder for e-mail can now be disabled to a certain date
  • allow adding multiple domains to a subscription at a time
  • full access.log support for NGINX, including live statistics and merging with Apache access.log
  • supporting address extensions with e-mail addresses (sub-addresses, VERP/recipient_delimiter), like “mailbox+suffix@example.org
  • icons can now be selected for “custom links” (Adminstration -> LiveConfig -> Custom Links)
  • supporting Ubuntu 18.04 LTS
  • automatically registering additional PHP packages installed from LiveConfig repository (Debian/Ubuntu) - no need to create/modify custom.lua (/etc/liveconfig/lua.d/*.lua)
  • auto-configuration of e-mail settings for Apple iOS devices (/liveconfig/hosting/mobileconfig)
  • contacts table can now also be filtered by e-mail address
  • contact data can now be edited directly (without prior searching)
  • own contact data can now be edited directly at “Preferences” -> “Contact data” (if user has permissions for that)
  • improved “null_sender” option (Postfix/Dovecot) for bounce messages to local mailboxes
  • editing and deletion of databases is now logged (via GUI)
  • optionally, a webmail URL can be defined (server management -> e-mail -> dovecot) which will be displayed at the mailbox settings and at the subscription overview
  • upgraded OpenSSL from version 1.1.0g to 1.1.0h
  • allow symlinks in webpace directory browser
  • when enabling e-mail for an existing hosting plan, existing subdomains are not modified any more (e-mail feature has to be enabled individually for desired subdomains, this mitigates problems where users have custom MX records)
  • using MariaDB Connector/C 3.0.4 for communication with MariaDB and MySQL servers
  • show usage of contact records (customers/users using this contact)
  • adding/editing/deleting cron jobs is now logged to LiveConfig GUI log
  • DNS whitelist now has priority over DNS blacklists and greylisting
  • renamed /etc/logrotate.d/liveconfig to /etc/logrotate.d/liveconfig-vhosts
  • added parameters logfilter4 and logfilter6 to HostingSubscription* SOAP methods for editing access.log filter settings
  • fixed error when adding subdomains via SOAP API (occured when adding a subdomain while the domain itself was not yet active on primary DNS)
  • fixed some compatibility issues with OpenSUSE 42.3
  • fixed bug when triggering e-mail mass update with passwords >40 chars
  • do not delete dovecot.sieve when editing a mailbox if it is a symlink (eg. when using ManageSieve)
  • when a single subdomain was deleted, custom DNS records were not removed from database
  • after modification of the SSL certificate, the FTP service was only reloaded instead of restarted (ProFTPD sometimes stopped working, vsftpd didn’t use the new certificate)
  • logrotate: if rotation was configured by file age (maxage), depending on configuration in /etc/logrotate.conf only the latest 4 log files where kept
  • escaping HTML special characters before displaying in log viewer
  • lcclient.log wasn’t properly rotated
  • fixed bug when same IP address was detected twice

Actions while upgrading from previous LiveConfig installations:

  • all Apache and NGINX vHosts are reconfigured, to get NGINX domain names into /var/lib/liveconfig/accesslog.map and to update all log rotation settings
  • the CustomLog directive in /etc/apache2/conf-available/liveconfig.conf respective /etc/httpd/conf.d/99_liveconfig.conf is changed (new parameters for lclogsplit call)
  • the file /etc/apache2/accesslog.map is moved to /var/lib/liveconfig/accesslog.map
  • the setting for Dovecot in /etc/postfix/master.cf is modified (null_sender= is inserted), then Postfix is restarted
  • if NGINX is used, lclogsplit is additionally installed as service
  • the file /etc/logrotate.d/liveconfig is renamed to /etc/logrotate.d/liveconfig-vhosts (log rotation of vHosts then separated from settings for LiveConfig log files)

Changes in version 2.5.3-r4805 (01/26/2018):

  • re-opening LiveConfig log file on SIGHUP
  • rotating LiveConfig log files monthly (using logrotate)
  • CSV download of customer list and contacts list
  • supporting NS records in custom DNS settings
  • better names for CSV downloads (eg. Customers.csv instead of data.csv)
  • selection of PHP version isn’t possible any more if PHP is disabled for a subscription or if mod_php is selected
  • only create automatic backup of SQLite database when SQLite is actually used
  • show e-mail address in contacts list
  • removed “Postfix” ($mail_name) from smtpd_banner setting
  • added option phpversion to SOAP method HostingDomainAdd() (as with HostingSubdomainAdd())
  • pending modifications (not applied yet) in php.ini management are displayed with a wrench icon
  • fixed a bug in backup download function (in some cases, the download was aborted with an error message without transferring any data)
  • fixed bug when re-enabling only e-mail services for a locked/disabled subscription
  • suPHP was not disabled correctly in some cases when the subscription did not allow PHP (only Debian 7)
  • removed error message from Debian installer during upgrades

Changes in version 2.5.2-r4777 (12/04/2017):

  • when a new password for a customer is set, it’s now also saved temporarily for welcome mail
  • removed secp521 from list of supported ECDSA algorithms (not supported by many browsers)
  • creation of a new customer is now logged into database
  • logging update of FTP passwords now also in liveconfig.log
  • checking PHP version (php-cli) when running session cleanup cron to use correct php.ini
  • fixed bug in AppInstaller when using %c placeholder in the middle of database names

Changes in version 2.5.1-r4758 (11/16/2017):

  • upgraded OpenSSL from version 1.1.0f to 1.1.0g
  • improved U2F/OTP login (separate prompt for OTP code when using password manager)
  • preventing use of ACME RSA key as private key for SSL certificates
  • preventing use of secp521r1 ECDSA keys with Let’s Encrypt (not yet supported by Let’s Encrypt)
  • disabled HTTP/2 with NGINX for reverse proxy vHosts
  • fixed bug with phpMyAdmin Single Sign-On when PMA URL didn’t contain a /
  • U2F login now also works with Firefox (Nightly)
  • fixed timestamp not supported by MySQL in db-mysql.sql
  • fixed configuration bug with NGINX when SSL is enabled only with exclusive IP groups

Changes in version 2.5.0-r4741 (10/29/2017):

  • fixed bug when new MySQL database was created (regression from r4735)

Changes in version 2.5.0-r4739 (10/27/2017):

  • IPv6 resolvers removed from NGINX resolver.conf when using NGINX <1.2.2 or <1.3.1 (eg. on Debian 7)
  • fixed GUI bug when enabling phpMyAdmin Single Sign-On for existing MySQL database

Changes in version 2.5.0-r4735 (10/26/2017):

  • placeholder %c for database prefixes doesn’t need to be at the beginning any more (allows for example db_%c_)
  • show disk usage details also for subscriptions with “unlimited” disk quota
  • supporting ECDSA certificates (SSL/TLS)
  • supporting ECDSA certificates with Let’s Encrypt
  • a new session into a subscription of an own customer can now be started with one mouse click from quick search
  • added support for CAA records in DNS (Certificate Authority Authorization)
  • supporting HTTP/2 with NGINX >=1.9.5 and Apache >= 2.4.17
  • supporting Single Sign-On to phpMyAdmin
  • supporting PHP7 as Apache Module (mod_php7)
  • upgraded OpenSSL from 1.0.2l to 1.1.0f (preparing for TLS 1.3)
  • db.stats.interval can now be configured to values >32768 seconds
  • installing a new GPG key for LiveConfig repositories (going to be used from November 2017 on)
  • improved NGINX configuration (creating /etc/nginx/conf.d/resolver.conf)
  • improved performance of log split utility (lclogsplit) - 50x less I/O
  • autoresponder does not send a reply when message is tagged as SPAM (new/updated mailboxes only)
  • updated timezone database to 2017b
  • fixed bug in decrypting passwords (in one special case, an ‘x’ character was added to passwords used with Dovecot)
  • PHP session files were not removed automatically when running on server with only PHP7 installed
  • fixed propably inactive OCSP configuration on Apache >=2.3.3
  • mailboxes were not added to deny.imap file when a subscription was suspended (disabled)
  • fixed configuration bug when using NGINX as reverse proxy for a (sub)domain
  • Let’s Encrypt certificates can’t be ordered when using with subdomains configured as reverse proxy (Apache)
  • removed duplicate entries from /etc/apache2/accesslog.map
  • e-mails submitted through port 465 (SMTPS) were not counted by lclogparse
  • mailbox statistics (maildirsize) didn’t work with mailboxes >2GB on 32 bit systems
  • fixed memory leak in lcpolicyd (on negative lookups in policy database)
  • cron jobs were not re-enabled after a locked subscription was re-enabled

Changes in version 2.4.1-r4635 (07/25/2017):

  • fixed bug when importing Dovecot passwords as CRAM-MD5 hash (passwords were hashed twice)
  • AutoDiscover wasn’t enabled when a domain or subdomain was added via the SOAP API (with mail.autoconfig.default=1)

Changes in version 2.4.1-r4630 (07/21/2017):

  • disabled captcha for password recovery (can be re-enabled using LCDEFAULTS key user.pwrecover.captcha)
  • using ProxyPass & ProxyPassReverse for Apache proxy configuration (instead of RewriteRule with [P] option)
  • automatic 302 redirect (instead of “400 Bad Request” error page) when accessing LiveConfig via HTTP on HTTPS port
  • LiveConfig and all of its tools are now hardened at compile-time
  • show error page when subdomain is configured as proxy, but mod_proxy is not enabled
  • fixed missing “deny.imap” file on fresh installations
  • spam filter thresholds where displayed “*100” when logging in to LiveConfig with e-mail credentials
  • fixed GUI bug when creating new ACME account without e-mail address
  • fixed error in parsing spamwarn/spamreject fields in HostingMailboxAdd() (regression bug from v2.4.0)
  • fixed minor GUI bugs
  • HostingMailboxAdd(): spam warn threshold may be equal to reject threshold
  • HostingDomainAdd() now returns in <webip> the NAT IP instead of the private IP address
  • fixed bug with ACME and differing reload interval (triggered too early)
  • fixed wrong SpamAssassin thresholds when manually triggering mailbox updates via the database (using MB_STATUS=9)
  • Autoconfig subdomains were not deleted when e-mail was disabled for a domain
  • fixed problem in local LCCP connection (single-server) when data was sent much faster than client process could handle (eg. on mass updates)

Changes in version 2.4.0-r4607 (06/27/2017):

  • fixed missing “deny.imap” file on fresh installations

Changes in version 2.4.0-r4602 (06/21/2017):

  • fixed problem with PHP7-“only” and NGINX on Debian 9

Changes in version 2.4.0-r4601 (06/21/2017):

  • optionally allow Linux account names with leading numbers (LCDefaults key user.login.leadingNumbers)
  • allow multiple PHP settings with the same name when PHP version limitation does not overlap
  • supporting Debian 9 (“Stretch”)
  • “permissive mode” for SOAP method ContactAdd() (eg. ignore format errors on mass import)
  • Let’s Encrypt now respects differing reload interval (apache.RELOAD_MAX)
  • when CRAM-MD5 is disabled in Dovecot (eg. due to backward-compatibility to imported mailboxes), AutoDiscover for Thunderbird now allows plaintext password authentication
  • updated OpenSSL to v1.0.2l
  • auto-detecting location of MySQL socket if not configured properly
  • fixed bug when configuring NGINX reverse-proxy vHost with HTTP redirect
  • lcsam: fixed scanning of outgoing e-mails with “-a” option
  • e-mail accounts of disabled subscriptions still were able to read mail via POP3/IMAP
  • when using BIND with NAT IPs, the “interfaces” option contained the NAT IPs instead of the physical IPs

Changes in version 2.3.1-r4556 (05/08/2017):

  • fixed bug when switching mailserver name from “manual” back to default name

Changes in version 2.3.0-r4555 (05/05/2017):

  • Lua: allow overriding Postfix settings in master.cf using table postfix.LOCALMASTER
  • added SOAP method UserEdit()
  • Apache configuration reload interval can be overridden via custom.lua (apache.RELOAD_MIN, apache.RELOAD_MAX)
  • supporting Single Sign-On (using SOAP method SessionCreate())
  • added czech language support (thanks to vshosting.cz!)
  • added Postfix policy service “lcpolicyd” to limit outgoing e-mails
  • supporting pre-hashed passwords in {CRAM-MD5] schema with HostingMailboxAdd()
  • SOAP method HostingSubscriptionEdit() supports locking/disabling of individual subscriptions
  • SOAP method HostingSubdomainAdd() supports selecting the PHP version
  • added SOAP method HostingLookup()
  • prepared IP mapping for DNS services behind NAT (IPS.IP_NAT)
  • fixed bug when trying to update virtual ProFTPD account with empty password
  • new LiveConfig installations with v2.2.3 used a wrong default time zone for the web interface (“Europe/Astrakhan” instead of “Europe/Berlin”)
  • Lua: fixed bug when using the flag apache.FOLLOWSYMLINKS (effectively SymLinksIfOwnerMatch was still enabled)
  • fixed bug in HostingPasswordPathAdd() when adding a wildcard login
  • CustomerAdd() didn’t check for duplicate customer IDs (parameter “cid”)
  • lcsam: symbols hit by SpamAssassin were not passed to log & mail headers (X-Spam-Score), only score was logged
  • HTTP(S) redirect did not work with NGINX Reverse Proxy configuration
  • fixed bug when running a web application with HTTPS and NGINX Reverse Proxy
  • fixed bug when saving “thai” as language in user preferences
  • DNSSEC: DS RR was displayed base64-encoded instead of hexadecimal
  • DNS: fixed bug when managing TXT records with more than 255 characters
  • fixed location of “insserv” tool for Ubuntu 16 (nginx-php-fcgi, lcsam)
  • supporting “only PHP7” configurations with Apache and NGINX on Ubuntu 16
  • stop trying to renew Let’s Encrypt certificate if domain has been deleted but SSL certificate not
  • systemd sometimes killed all nginx-php-fcgi processes when restarting LiveConfig service (moved nginx-php-fcgi into separate cgroup)
  • SSL CA chain certificate was not configured with SNI default vHost
  • IPv6 address in SOAP WSDL was in twice brackets
  • fixed bug in ACME client when receiving unexpected response from CA server
  • when mailbox was edited (domain changed), the domain didn’t get removed from “virtual_domains” file if domain wasn’t used any more
  • if the SSL certificate of a vHost is “broken”, it’s not configured any more (this rendered Apache unusable in some cases)
  • ACME: configuring HTTP->HTTPS redirect now only on initial certificate installation (not on renewal)
  • mailbox passwords were limited to 40 characters with HostingMailboxAdd()
  • control characters were not escaped correctly in JSON output
  • fixed bug when creating php-fcgi-starter script while user has exceeded his webspace quota
  • fixed bug when trying to rename an account into a recently deleted user name
  • improved language detection on “coming soon” placeholder page
  • lcsam: outbound e-mails from SASL authenticated users are by default not scanned any more by SpamAssassin
  • Spam prefix (Suspected SPAM) can be customized via LCDefaults (mail.spam.prefix)
  • updated timezone database to 2016h
  • allow “%” sign in local-part of e-mail addresses
  • changed syslog prefix for postfix port 587 to “postfix/submission” and port 465 to “postfix/smtps”
  • show web configuration (“destination”) for both HTTP and HTTPS (Hosting -> Domains)
  • Postfix master.cf: chroot flag set to “y” (instead of “-") to mitigate warnings with Postfix 3.x
  • added workaround for broken OpenDKIM systemd script on Ubuntu 16
  • domains/subdomains with custom DNS records are marked with an icon (Hosting -> Domains)
  • updated OpenSSL to v1.0.2k
  • improved database indices
  • improved performance of statistics collection on large installations
  • automatical management of SSL certificates (ACME) can be disabled
  • allow override of Dovecot SSL ciphers (LC.dovecot.SSL_CIPHERS)
  • proposing filename data.csv when downloading CSV table data
  • minor GUI improvements
  • optimized restart of LiveConfig services (lclogparse, lcpolicyd, lcsam) after package upgrade
  • removed phone input from ACME registration (not supported any more by Let’s Encrypt)
  • improved install/uninstall of systemd unit files on Debian Linux

Changes in version 2.2.3-r4343 (10/04/2016):

  • display “DS Resource Record” (according to RFC4509) of DNSSEC keys
  • updated TLS cipher list (Mozilla recommendations v4.0)
  • disabled 3DES for LiveConfig access
  • added “X-Content-Type-Options” header to LiveConfig
  • display error message (reason) when application installer script couldn’t be run
  • improved lcservice.sh (now also fixing file owner, optionally recursively)
  • updated OpenSSL to v1.0.2j
  • updated timezone database to 2016g
  • show mail server name when adding/editing a mailbox
  • HostingMailboxAdd() didn’t use aliases/forwards limits from LCDEFAULTS
  • fixed too restrictive syntax check for e-mail aliases (both GUI and SOAP API)
  • ACME: fixed bug with renewal of domain authorizations
  • DNS template didn’t allow configuration of 4th secondary DNS server
  • catch-all addresses remained in virtual_alias file after renaming
  • TTL was not updated into zones when changed in DNS template (SOA)
  • broken/hanging AppInstaller installations can now be deleted after restarting LiveConfig
  • HostingDatabaseDelete(): parameter “subscription” was missing in API documentation

Changes in version 2.2.2-r4304 (08/31/2016):

  • allow reassigning a subscription at any level to an administrator or reseller
  • password for additional (virtual) FTP users was reset when editing the home directory
  • Lua: fixed bug in LC.timeout() function, which in some cases made services reload too early
  • SOAP API: permissions were not updated when hosting plan was changed via HostingSubscriptionEdit()
  • show status on customer details page when customer is locked or suspended

Changes in version 2.2.1-r4293 (08/15/2016):

  • send notification e-mail when SSL certificate is about to expire
  • some tables now contain a “copy to clipboard” and “open in new tab” link
  • after editing a PHP setting for a subscription, the “log files” tab was displayed
  • when the IPs of an IP group were changed, DNS updates were not applied immediately
  • NGINX: PHP was not enabled if webspace was only configured with a web application
  • NGINX: always started instances of default PHP version, even when not being used for any domain
  • when accessing LiveConfig via HTTP on a HTTPS port, the KeepAlive connection was not closed immediately, allowing subsequent unencrypted requests
  • updated time zone database (2016f)
  • allow connecting to MySQL servers with pre-4.1.1 protocol
  • no more logging of “a2ensite” calls (for a clearer log file)
  • subscription names are now limited to 32 characters
  • added trailing slashes to php.ini setting “open_basedir”
  • IP addresses may not be added as “external domains” any more
  • show eventually differing PHP version for domains with web application
  • popup windows now can be closed using the Escape key

Changes in version 2.2.0-r4254 (07/14/2016):

Debian 6 is **not** supported any more (EOL since 03/2016)
  • supporting autoresponder with forward-only mailboxes
  • added configuration option to conceal DMI data on server overview (LCDEFAULTS key server.info.dmi)
  • supporting ${subject} placeholder in subject or message of e-mail autoresponder
  • serial number for domain can be set with HostingDomainAdd()
  • added configuration option for default mailbox quota (LCDEFAULTS key mail.quota.default)
  • allow replacing the default LiveConfig logo in custom template files
  • supporting MySQL 5.7.6+
  • allow configuration of NGINX as reverse proxy for Apache httpd
  • supporting CSV download of domain table and subdomain table
  • added Thai language support (thanks to Hostway!)
  • supporting Ubuntu 16.04 LTS
  • supporting custom BIND options (Lua table bind.LOCALOPTIONS)
  • added parameter “ipgroup” to SOAP method HostingDomainAdd() (like in HostingSubdomainAdd())
  • SSL certificate for SMTP, POP3/IMAP and FTP is updated when being modified or extended (eg. with Let’s Encrypt)
  • added configuration parameter http_proxy_url to define the “public” URL when running LiveConfig behind a reverse proxy
  • HostingSubscriptionGet() now also returns mail server hostname
  • interval for collecting MySQL statistics is now configurable (LCDEFAULTS key db.stats.interval)
  • fixed bug when requesting new password with standard mail template
  • editing a LiveConfig user required entering a new password
  • LiveConfig user password length isn’t limited any more
  • editing a FTP user required entering a new password
  • fixed bug when modifying secondary DNS servers in DNS templates
  • country was not displayed in contact data list
  • allowing dashes in user names for SOAP API if admin user was renamed
  • fixed problem when adding a subdomain before new domain was loaded into primary DNS
  • fixed bug when importing existing password hashes into vsftpd
  • when editing an FTP account, a ‘/’ was inserted multiple times before the path name
  • replaced “0.0.0.0” with “0.0.0.1” in access.log.1 placeholder and AWStats/Webalizer configuration, because no statistics were generated when IPv4 addresses were fully anonymized
  • mailbox name in HostingMailboxAdd() had to be at least 2 characters long (1 character is now enough)
  • improved TLS session cache configuration for ProFTPD
  • revised list of allowed characters in mailbox names (now more consistent)
  • updated translations
  • changed Apache LogFormat directive ‘%h’ into ‘%a’ (log IP address instead of hostname, even if HostnameLookups is on; support reverse proxy)
  • “liveconfig –diag” now shows which PHP version is configured by default

Changes in version 2.1.2-r4149 (04/12/2016):

  • added support for OpenSUSE 42.1
  • added configuration option to disable autoresponder management (LCDEFAULTS key “mail.autoresponder.enabled”)
  • custom e-mail template for “recover password” wasn’t used in some cases
  • fixed wrong encoding of some special characters in e-mail templates (&, <, …)
  • ACME: handling possible error when received SSL certificate is empty or too small
  • creating vsftpd user configuration file on password update (if not existing)

Changes in version 2.1.1-r4131 (03/07/2016):

  • added SOAP method HostingDatabaseDelete()
  • added option to not create automatic A/AAAA DNS records for webspace when custom A/AAAA records exist
  • added configuration option http_nonssl_redirect
  • HTTP proxy support for outbound connections from LiveConfig (eg. for license activation, repository updates)
  • HTTP proxy support for inbound connections (new configuration options http_proxy_ip_header and http_proxy_ip_from)
  • show warning message on login page when JavaScript is disabled
  • allow manual configuration of database server name
  • added LCDEFAULTS option “mail.autoconfig.default” (default value for new domains)
  • fixed bug in NGINX FastCGI configuration with upper-case subscription names
  • custom mail server name wasn’t used in login informations (###MAILSERVER###)
  • checking for databases to be deleted when LiveConfig re-connects to MySQL (eg. on restart)
  • checking for databases to be deleted when LiveConfig re-connects to MySQL (eg. on restart)
  • ACME: better error handling when certificate download has failed
  • optmized database indexes
  • allow “%c” placeholder in FTP account prefix not only on first position

Changes in version 2.1.0-r4084 (02/01/2016):

  • added systemd unit files for all LiveConfig services
  • Lua-API: added function “LC.fs.is_symlink”
  • allow manual configuration of SMTP server name
  • automatically managing CNAME RRs for autodiscover/autoconfig (when upgrading LiveConfig, autodiscover/autoconfig CNAME RRs will be added automatically for all domains managed by LiveConfig, when autodiscover/autoconfig is enabled in the mail server settings)
  • allow enabling/disabling autodiscover/autoconfig per domain
  • allow configuration of IMAP/POP3 priority for autodiscover/autoconfig per mailbox
  • support import of encrypted private keys (SSL) in PKCS#8 format
  • automatically renewing ACME certificates and configuring new certificates
  • symlinks in /etc/init.d/(lcsam|nginx-php-fcgi) are replaced by real files due to incompatibility with systemd on CentOS 7.2
  • ACME challenges were not automatically deleted with subdomain
  • ACME certificates were not requested if any subdomain was “invalid” before
  • fixed NGINX_FCGI_INI_PATH in nginx-php-fcgi-starter for additional PHP versions
  • PHP-FCGI processes for NGINX were not terminated when PHP version was switched or PHP was disabled
  • SSL certificate for Dovecot will be updated even if NOUPDATE option is set (required for using Let’s Encrypt certificates with Dovecot)
  • SMTP server configuration split into several tabs
  • allowing up to 255 chars for web redirects and webspace paths
  • prefixes for users/ftp/databases now more flexible
  • also check for “mysql-community-server” package when searching for MySQL
  • improved performance of SQLite database
  • removing catch-all configurations from /etc/postfix/spamassassin

Changes in version 2.0.2-r4019 (01/13/2016):

  • Lua: added “NOUPDATE” option for Dovecot configuration
  • optional automatic configuration of HTTPS (and optional redirect to HTTPS) with ACME/Let’s Encrypt
  • maldet/clamav upload scan (with PHP/Suhosin) didn’t work with NGINX
  • fixed problem when updating mail password with RoundCube plugin
  • Override CSS was not included within IFRAME popups
  • fixed bug when deleting custom DNS RRs
  • improved XSS protection
  • updated translations
  • when an ACME certificate (Let’s Encrypt) for multiple domains (with/without ‘www’) is requested, wait until all (sub)domains are successfully validated before installing a certificate

Changes in version 2.0.1-r3988 (12/07/2015):

  • fixed bug when trying to rename “admin” user
  • fixed bug with ACME challenges on NGINX vHosts with complex configuration
  • fixed too restrictive access permissions to ACME challenges on some distributions
  • supporting ACME challenges when webspace is password-protected
  • NGINX configuration now supports PATH_INFO (NGINX #321)
  • improved detection of Red Hat Enterprise Linux (RHEL)

Changes in version 2.0.1-r3979 (12/01/2015):

  • supporting multiple PHP versions with NGINX
  • fixed memory leak in ACME client
  • fixed problem with “ssl_prefer_server_ciphers” and “ssl_protocols” in NGINX default configuration on Debian 8

Changes in version 2.0.1-r3973 (11/30/2015):

  • supporting ACME authorization with NGINX
  • fixed installation problem on Gentoo linux (“rm” command in ebuild)
  • fixed bug in displaying number of CPU cores
  • fixed bug in ACME authorization when no PHP is installed on a web server
  • no more special chars allowed when renaming a LiveConfig user
  • NGINX is restarted after initial configuration (not only reloaded) to force loading of new configuration
  • prevent autofill of e-mail password when creating/editing a mailbox
  • allow deletion of unused ACME accounts
  • displaying possible errors from ACME authorization
  • subscription names in reports are linked
  • improved NGINX configuration
  • large table content is now displayed in multiple rows

Changes in version 2.0.0-r3952 (11/18/2015):

  • allow download of e-mail overview table as CSV
  • fixed minor display bugs in CSS
  • increased limit for e-mail forwards from 90 to 128 characters

Changes in version 2.0.0-r3944 (11/17/2015):

  • completely revised web interface (“responsive”)
  • supporting Let’s Encrypt (ACME protocol) for automated SSL certificate management
  • supporting ARM platform (Raspberry Pi, Odroid, etc.)
  • supporting FIDO U2F with experimental Firefox plugin
  • session timeout can be configured (via LCDEFAULTS)
  • warning before session expires, plus more session improvements
  • added API for updating e-mail password eg. with RoundCube plugin
  • supporting Dynamic DNS updates via URL
  • supporting ARM platform (Debian/Ubuntu)
  • suppressing browser password manager when setting/updating passwords
  • check for custom CSS file when using custom logo
  • custom “return URL” not used on session timeout (#70)
  • “comment”, “subdomains”, “extdomains” and “traffic” values were not updated with SOAP method HostingSubscriptionEdit()
  • correctly restarting “lclogparse” after upgrade
  • fixed bug when adding/updating 2048 bit DKIM keys to DNS
  • allowing up to 64 chars for MySQL database names
  • allowing digits in PHP settings names
  • allow arbitrary length of LiveConfig user passwords
  • workaround for problems with FileZilla & ProFTPD (FactsAdvertise off)
  • improved performance of “uploadscan.sh”, fixed problems with LMD (maldet)