Changelog for version 2.0 - 2.8
Changes in version 2.8.4-r5653 (10/01/2019):
- fixed bug when searching in LiveConfig log (SQL error)
- fixed bug in lcam when parsing IPv6 addresses
- fixed bug when handling multiple identical SSL orders with Let’s Encrypt
- fixed bug with new Let’s Encrypt module on CentOS 6 (Apache 2.2)
Changes in version 2.8.3-r5645 (09/23/2019):
- when creating a CSR (with manually managed SSL certificates) you can now define additional domain names (SubjectAlternativeNames)
- cron script for deleting expired PHP session files doesn’t require ‘sudo’ any more
- removing directories
~/conf/acme
during upgrade (not required any more)
- quick search and table search now ignores whitespaces at begin/end
- Let’s Encrypt: domain validation status is now linked with Let’s Encrypt validation URL to simplify debugging
- fixed bug when ordering multiple SSL/TLS certificates from Let’s Encrypt while using MySQL as database backend
- fixed bug loading shared LiveConfig modules on 32 bit platform
- fixed bug when adding/modifying subdomains with custom NS records
Changes in version 2.8.2-r5624 (09/13/2019):
- quick search now also includes search for exact domain names within all resellers
- quick search now also includes search for exact user names within all resellers
- improved startup of daemon processes
- automatically re-trigger ACME SSL certificate orders (Let’s Encrypt) after 24 hours when validation failed due to “error 404”.
- upgraded OpenSSL from 1.1.1c to 1.1.1d
- fixed bug in PHP session cleaner script (expires session files where not deleted)
- fixed error in autodetection for using external DNS resolvers
- fixed problem when multiple Let’s Encrypt certificates for the same domains were renewed (ACMEv2 automatically merges identical orders)
- fixed possibly multiple sending of Let’s Encrypt orders when using MySQL as backend
- fixed duplicated log messages to systemd journal
- fixed bug when replacing an existing and already configured SSL certificate with a new, manually managed one (HTTP/HTTPS subdomain configuration got mixed up)
- During upgrade, all vHost configurations (including all php.ini files) will be updated. In some cases, not all vHost configurations where updated during upgrade to v2.8.0 - this is fixed now.
Changes in version 2.8.1-r5602 (08/28/2019):
- allow customization of Apache SSLProtocols setting (Lua:
apache.SSL_PROTOCOLS
, apache.SSL_PROTOCOLS_STRONG
)
- disabling SSL protocols TLSv1 and TLSv1.1 when selecting “strong” SSL ciphers for an IP group
- added support for explicit usage of external DNS resolvers (LCDefaults key
dns.externalResolver
)
- automatically detect if DNS resolving is blocked (using system resolvers then)
- added timeout (5 seconds) to DNS check for certificate orders
- manually managed TLS/SSL certificates can now be assigned to its respective customer and be configured automatically
- support assigning of manually managed SSL certificates (again)
- existing subdomains configured as 301 redirect to https://<domain>/* are now managed in simplified “default view”
- reduced caching of DNS resolver data to 60 seconds
- fixed detection of PHP 7.3 FPM on Debian 10
- fixed typo when warning of using deprecated
SSL_PCI_CIPHERS
variable in Lua
- SSL certificate orders sometimes where not immediately processed when using MySQL as backend database
- fixed login problem with Internet Explorer 11
Changes in version 2.8.0-r5579 (08/20/2019):
- forwarding e-mails to certain domains can now be restricted (using LCDefaults key
mail.forwards.blacklist
)
- improved “add domain” form (added www/redirect/ssl options)
- drastically simplified “edit domain/subdomain” form
- supporting individual PHP-FPM configurations using
~/conf/fpm.conf
- read/edit individual php.ini settings using
HostingSubscriptionGet()
/ HostingSubscriptionEdit()
- supporting per-domain custom Apache configuration (
/var/www/<subscription>/conf/\<domain\>.httpd.conf
)
- mailboxes can either be parked or be deleted when the associated domain is being deleted
- editing SSL certificate of a subdomain now possible using
HostingSubdomainEdit()
- moved management of SSL providers into separate modules
- Let’s Encrypt now using ACMEv2 API (RFC8555)
- domain validation (for SSL) doesn’t need a server reload any more
- supporting Debian 10 (“Buster”)
- Debian/Ubuntu: added trigger for automated update of version numbers after upgrading PHP packages (php-#.#-opt)
- GUI: using <shift>+<enter> when searching for an exact subscription name automatically starts a new session in a separate window
- GUI: supporting usage of <shift>+<enter> in expandable input fields (eg. when adding new domain names)
- allowing underscore sign (_) within subdomain names according to RFC2181 (except for webspace/mail)
- mailbox configuration: forward addresses are now entered in a
<textarea>
(separated by newline, whitespace, comma or semicolon)
- improved input form for adding/editing mailboxes
- don’t allow CNAME records with empty hostname
- lcdbbackup: added option
-w
to open input database in read/write mode
- allow leading underscore (_) in CNAMEs (eg. for DKIM)
- optimized purging of expired PHP session files
- removed SNI detection and note on SNI for webspace configuration
SetHandler
is now allowed again in .htaccess
file
- LiveConfig binaries, shared libraries & lua scripts are not world-readable any more
- disabled TLSv1 and TLSv1.1 for communication between LiveConfig instances in multi-server setup
- disabled TLSv1 and TLSv1.1 for LiveConfig web interface
- Apache+FastCGI: configuring
FcgidBusyTimeout
with same value as FcgidIOTimeout
to better support long running scripts (>300sec)
- when creating the first IP group for a webserver, SSL and HTTP/2 is now enabled automatically
- lcpolicyd: supporting wildcard addresses (*@example.org) as fallback for per-domain limit
- renamed “PCI” SSL ciphers to “strong” SSL ciphers, thus renamed SSL_PCI_CIPHERS to SSL_STRONG_CIPHERS in Lua API
- NGINX as reverse proxy: set
HTTPS=on
when forwarding HTTPS connections to Apache
- NGINX: more flexible proxy configuration via
nginx.PROXY_PARAMS
variable
- renamed LCDEFAULTS key
login.u2f.enabled
to login.webauthn.enabled
- Lua API: improved error handling in
LC.expect
- automatically assigning SSL certificate to matching domains
- preventing cron.php.sh (PHP session cleanup) to run in multiple instances
- NGINX: configuring
client_max_body_size
identical to php.ini setting post_max_size
- minimum retry interval for DNS check (SSL orders) is now 5 minutes
- renewal of SSL certificates will not be triggered as long as there are any non-expired SSL orders (e.g. after failed domain validations). New validation can be triggered manually though.
- SSL orders/renewals are only performed when both DNS checks are successful and the domains are (still) available on the server
- disabling HTTPS-redirect when the SSL certificate being used is deleted
- do not automatically renew SSL certificates of suspended customers or hosting subscriptions
- if existing, contents of
/usr/share/liveconfig/login-info.html
will be included on login page (below login form)
- entries in “custom links” (IFRAME API) can now be sorted arbitrarily
- Debian/Ubuntu: do not run interactive configuration during package upgrade if LiveConfig was installed non-interactively
- don’t try connecting to MySQL database if database management was disabled
- fixed bug when external domain was added (now automatically enabling webspace/mail if available, and automatically create ‘www’ subdomain)
- SSL certificates where not removed from
/etc/ssl/
when deleted in LiveConfig
- fixed various bugs from preview release v2.8.0-r5484 (mostly SSL management)
- fixed bug when upgrading from v2.8.0-r5484 while using MySQL as LiveConfig backend database
- fixed bugs with ACMEv2 (certificates were deleted after installation, ACMEv1 accounts were migrated with wrong URL)
- fixed some issues with new “standard view” when editing domains
- fixed issues with DNS check for SSL certificate orders (not all members of an IP group need to be in DNS)
- fixed bugs with automatic renewal of SSL certificates (ACME2)
- fixed bug with SAN SSL certificates (ACME2)
- fixed SOAP exception on idempotent contact data update
- fixed various minor GUI bugs with new SSL/subdomain management
- intermediate CA certificates were missing when using 4096 bit RSA keys with Let’s Encrypt
- triggering HTTP validation for all pending SSL orders with Let’s Encrypt (even when DNS check failed) to not run into limit (max. 300 pending validations
- fixed various minor bugs in new subdomain configuration form
- Lua: fixed bug in FPM pool configuration code (regression from r5355)
- SubjectAltNames of manually managed SSL/TLS certificates were ignored when searching for matching certificates for a domain
- fixed bugs with ACMEv2
- when running PHP via FPM, access to
/tmp/
is removed from open_basedir
(when upgrading LiveConfig, access to /tmp/
still allowed with FastCGI)
- During upgrade, all vHost configurations (including all php.ini files) will be updated. This is required for the improved SSL domain validation.
In multi-server environments we recommend to first update all clients (lcclient), and finally the LiveConfig server.
Changes in version 2.7.4-r5214 (02/11/2019):
- added LCDefaults option
log.hideAdminEvents
(don’t show log events triggered by admin access)
- delete temporary AppInstaller variables after installation
- disallow Apache directive
SetHandler
in .htaccess
files
Changes in version 2.7.3-r5163 (12/18/2018):
- updated SQLite to 3.26.0 (preventing “Magellan” vulnerability)
Changes in version 2.7.2-r5133 (11/26/2018):
- updated OpenSSL to v1.1.1a
- allow wildcard subdomains again (broken in v2.7.1)
- fixed problem in client/server communication (LCCP protocol)
- fixed bug when using broken/incomplete SSL certificates with NGINX
Changes in version 2.7.1-r5125 (11/14/2018):
- subdomains can’t be deleted (regression bug from r5120)
Changes in version 2.7.1-r5120 (11/13/2018):
- added php.ini setting
opcache.file_cache_only
(default: NO
)
- lclogsplit now supports additional data after “bytes sent” column (allows additional fields in
LogFormat
)
- improved validation of subdomain/domain names
- returning creation and last modification timestamp on
HostingSubscriptionGet()
- fixed bug when configuring NGINX vHosts with Apps from AppInstaller using a custom PHP version (Lua error)
- fixed missing logout button in mobile view
- using local timezone for displaying validity period of SSL certificates
- added some missing translations
- dynamic DNS updates of single IPv6 addresses (AAAA) were not forwarded to BIND
- fixed problems when webspace user names contained uppercase letters (from old LiveConfig installations) (affected: Logrotate, FPM pools, account deletion)
- fixed bug when checking unicode domain names containing non-spacing mark characters
- invalid domain names couldn’t be deleted
- [r5120] format check didn’t allow “simple” subdomains in r5119
Changes in version 2.7.0-r5095 (10/29/2018):
- added AutoDeploy support (admin, lcdefaults, licensekey, include)
- supporting domain-specific configuration includes for NGINX (
~/conf/\<domain\>.nginx.conf
)
- web-based “onboarding” for configuration of license code, login details and contact data on new installations
- supporting PHP-FPM (FastCGI Process Manager)
- supporting import of SSL certificates with SOAP API (
HostingDomainAdd()
, HostingSubdomainAdd()
)
- supporting TLS 1.3 (RFC8446) with LiveConfig GUI (OpenSSL 1.1.1)
- on forced password change (immediately after logging in), the old password isn’t asked for any more
- supporting configuration of Dovecot 2.3
- supporting Postfix setting
enable_long_queue_ids
with lclogparse
- log rotation now configured for all log file (
~/logs/*.log
, ~/logs/priv/*.log
)
- improved performance when configuring Apache vHosts with a large number of
<VirtualHost>
sections
- allow result filtering for DNS whitelists (eg.
list.dnswl.org=127.0.[0..255].[1..3]
)
- added php.ini options
opcache.file_cache
and opcache.lockfile_path
for safety when using PHP-FPM
- Apache: show warning when mod_http2 is enabled, but not mod_mpm_event
- fixed bug when writing CAA record to initial zone file (text file)
- quick search for domain names returned multiple identical results when customer has multiple user accounts
- outbound e-mails submitted via port 587 (submissions) were not counted by lclogparse
- fixed deadlock when receiving unexpected results from passwd program (eg. when using local password policies)
- fixed possible buffer overflow when parsing SMTP statistics with broken e-mail addresses
- fixed bugs when adding same domain twice through mass import
- log rotation of
liveconfig.log
/lcclient.log
sometimes got ignored
- when a differing shell was configured for a subscription and the plan was edited, the shell sometimes was reset to the plan’s value
- fixed bug in SSL assignment (regression from r5075)
- fixed bug when terminating FastCGI PHP instances with NGINX while running multiple PHP versions
- when updating an “old” LiveConfig installation (initially <1.7.0), invalid php.ini values were used for opcache settings (regression from r5091)
- fixed various minor issues when importing SSL certificates using the SOAP API
Changes in version 2.6.3-r5013 (07/03/2018):
- removing logrotate configuration immediately when a subscription is deleted (previously the configuration removal was delayed)
- added “nocreate” option to logrotate configuration for
access.log
files to prevent problems with restrictive umask while running logrotate
- systemd erroneously reported an error while reading the PID files of LiveConfig services (“PID xxx read from file xxx.pid does not exist or is a zombie.")
- lclogsplit can’t be started stand-alone (with NGINX) when
/var/run
(or /run
) is located on a tmpfs and /var/run/liveconfig
wasn’t created
Changes in version 2.6.2-r4996 (06/28/2018):
- “coming soon” page for NGINX vHosts can be disabled via Lua option
nginx.COMING_SOON
tt> (to prevent conflicts with custom configurations containing a location = /
block)
- return HTTP error “method not allowed” instead of “not found” when accessing the autodiscover/autoconfig URL with an invalid request
- setting “immutable” flag for php.ini directories in
~/conf/
- error page for suspended websites was not displayed with NGINX
- LCDEFAULTS setting
db.stats.interval
was ignored in some cases
Changes in version 2.6.1-r4987 (06/18/2018):
- updated integrated MariaDB client to v3.0.5
- automatically detecting language for iPhone/iPad configuration page (
/liveconfig/hosting/mobileconfig
)
- configuring ProFTPD (v1.3.5+) to also support TLS 1.1 and 1.2
- fixed bug when displaying CAPTCHA image on Safari browsers
- in some cases, new created
access.log
files can’t be read by users (too restrictive umask in lclogsplit)
- lcclient: remove
/etc/logrotate.d/liveconfig
during upgrade (got replaced by /etc/logrotate.d/liveconfig-vhosts
)
- fixed bug in lclogsplit when NGINX access log was rotated (already rotated log file sometimes was parsed again several times)
- date-based deactivation of autoresponder didn’t work with SQLite backend
Changes in version 2.6.0-r4972 (06/12/2018):
- subscription prefix can now contain “#” characters, which are replaced by random digits (eg. “web#####” => “web92754”)
- added option to force change of LiveConfig password on next login
- autoresponder for e-mail can now be disabled to a certain date
- allow adding multiple domains to a subscription at a time
- full access.log support for NGINX, including live statistics and merging with Apache access.log
- supporting address extensions with e-mail addresses (sub-addresses, VERP/recipient_delimiter), like “mailbox+suffix@example.org”
- icons can now be selected for “custom links” (Adminstration -> LiveConfig -> Custom Links)
- supporting Ubuntu 18.04 LTS
- automatically registering additional PHP packages installed from LiveConfig repository (Debian/Ubuntu) - no need to create/modify custom.lua (
/etc/liveconfig/lua.d/*.lua
)
- auto-configuration of e-mail settings for Apple iOS devices (
/liveconfig/hosting/mobileconfig
)
- contacts table can now also be filtered by e-mail address
- contact data can now be edited directly (without prior searching)
- own contact data can now be edited directly at “Preferences” -> “Contact data” (if user has permissions for that)
- improved “null_sender” option (Postfix/Dovecot) for bounce messages to local mailboxes
- editing and deletion of databases is now logged (via GUI)
- optionally, a webmail URL can be defined (server management -> e-mail -> dovecot) which will be displayed at the mailbox settings and at the subscription overview
- upgraded OpenSSL from version 1.1.0g to 1.1.0h
- allow symlinks in webpace directory browser
- when enabling e-mail for an existing hosting plan, existing subdomains are not modified any more (e-mail feature has to be enabled individually for desired subdomains, this mitigates problems where users have custom MX records)
- using MariaDB Connector/C 3.0.4 for communication with MariaDB and MySQL servers
- show usage of contact records (customers/users using this contact)
- adding/editing/deleting cron jobs is now logged to LiveConfig GUI log
- DNS whitelist now has priority over DNS blacklists and greylisting
- renamed
/etc/logrotate.d/liveconfig
to /etc/logrotate.d/liveconfig-vhosts
- added parameters logfilter4 and logfilter6 to
HostingSubscription*
SOAP methods for editing access.log
filter settings
- fixed error when adding subdomains via SOAP API (occured when adding a subdomain while the domain itself was not yet active on primary DNS)
- fixed some compatibility issues with OpenSUSE 42.3
- fixed bug when triggering e-mail mass update with passwords >40 chars
- do not delete dovecot.sieve when editing a mailbox if it is a symlink (eg. when using ManageSieve)
- when a single subdomain was deleted, custom DNS records were not removed from database
- after modification of the SSL certificate, the FTP service was only reloaded instead of restarted (ProFTPD sometimes stopped working, vsftpd didn’t use the new certificate)
- logrotate: if rotation was configured by file age (maxage), depending on configuration in /etc/logrotate.conf only the latest 4 log files where kept
- escaping HTML special characters before displaying in log viewer
- lcclient.log wasn’t properly rotated
- fixed bug when same IP address was detected twice
Actions while upgrading from previous LiveConfig installations:
- all Apache and NGINX vHosts are reconfigured, to get NGINX domain names into
/var/lib/liveconfig/accesslog.map
and to update all log rotation settings
- the CustomLog directive in
/etc/apache2/conf-available/liveconfig.conf
respective /etc/httpd/conf.d/99_liveconfig.conf
is changed (new parameters for lclogsplit call)
- the file
/etc/apache2/accesslog.map
is moved to /var/lib/liveconfig/accesslog.map
- the setting for Dovecot in
/etc/postfix/master.cf
is modified (null_sender=
is inserted), then Postfix is restarted
- if NGINX is used, lclogsplit is additionally installed as service
- the file
/etc/logrotate.d/liveconfig
is renamed to /etc/logrotate.d/liveconfig-vhosts
(log rotation of vHosts then separated from settings for LiveConfig log files)
Changes in version 2.5.3-r4805 (01/26/2018):
- re-opening LiveConfig log file on SIGHUP
- rotating LiveConfig log files monthly (using logrotate)
- CSV download of customer list and contacts list
- supporting NS records in custom DNS settings
- better names for CSV downloads (eg.
Customers.csv
instead of data.csv
)
- selection of PHP version isn’t possible any more if PHP is disabled for a subscription or if mod_php is selected
- only create automatic backup of SQLite database when SQLite is actually used
- show e-mail address in contacts list
- removed “Postfix” (
$mail_name
) from smtpd_banner
setting
- added option
phpversion
to SOAP method HostingDomainAdd()
(as with HostingSubdomainAdd()
)
- pending modifications (not applied yet) in php.ini management are displayed with a wrench icon
- fixed a bug in backup download function (in some cases, the download was aborted with an error message without transferring any data)
- fixed bug when re-enabling only e-mail services for a locked/disabled subscription
- suPHP was not disabled correctly in some cases when the subscription did not allow PHP (only Debian 7)
- removed error message from Debian installer during upgrades
Changes in version 2.5.2-r4777 (12/04/2017):
- when a new password for a customer is set, it’s now also saved temporarily for welcome mail
- removed secp521 from list of supported ECDSA algorithms (not supported by many browsers)
- creation of a new customer is now logged into database
- logging update of FTP passwords now also in
liveconfig.log
- checking PHP version (php-cli) when running session cleanup cron to use correct php.ini
- fixed bug in AppInstaller when using
%c
placeholder in the middle of database names
Changes in version 2.5.1-r4758 (11/16/2017):
- upgraded OpenSSL from version 1.1.0f to 1.1.0g
- improved U2F/OTP login (separate prompt for OTP code when using password manager)
- preventing use of ACME RSA key as private key for SSL certificates
- preventing use of secp521r1 ECDSA keys with Let’s Encrypt (not yet supported by Let’s Encrypt)
- disabled HTTP/2 with NGINX for reverse proxy vHosts
- fixed bug with phpMyAdmin Single Sign-On when PMA URL didn’t contain a
/
- U2F login now also works with Firefox (Nightly)
- fixed timestamp not supported by MySQL in
db-mysql.sql
- fixed configuration bug with NGINX when SSL is enabled only with exclusive IP groups
Changes in version 2.5.0-r4741 (10/29/2017):
- fixed bug when new MySQL database was created (regression from r4735)
Changes in version 2.5.0-r4739 (10/27/2017):
- IPv6 resolvers removed from NGINX
resolver.conf
when using NGINX <1.2.2 or <1.3.1 (eg. on Debian 7)
- fixed GUI bug when enabling phpMyAdmin Single Sign-On for existing MySQL database
Changes in version 2.5.0-r4735 (10/26/2017):
- placeholder
%c
for database prefixes doesn’t need to be at the beginning any more (allows for example db_%c_
)
- show disk usage details also for subscriptions with “unlimited” disk quota
- supporting ECDSA certificates (SSL/TLS)
- supporting ECDSA certificates with Let’s Encrypt
- a new session into a subscription of an own customer can now be started with one mouse click from quick search
- added support for CAA records in DNS (Certificate Authority Authorization)
- supporting HTTP/2 with NGINX >=1.9.5 and Apache >= 2.4.17
- supporting Single Sign-On to phpMyAdmin
- supporting PHP7 as Apache Module (mod_php7)
- upgraded OpenSSL from 1.0.2l to 1.1.0f (preparing for TLS 1.3)
db.stats.interval
can now be configured to values >32768 seconds
- installing a new GPG key for LiveConfig repositories (going to be used from November 2017 on)
- improved NGINX configuration (creating
/etc/nginx/conf.d/resolver.conf
)
- improved performance of log split utility (lclogsplit) - 50x less I/O
- autoresponder does not send a reply when message is tagged as SPAM (new/updated mailboxes only)
- updated timezone database to 2017b
- fixed bug in decrypting passwords (in one special case, an ‘x’ character was added to passwords used with Dovecot)
- PHP session files were not removed automatically when running on server with only PHP7 installed
- fixed propably inactive OCSP configuration on Apache >=2.3.3
- mailboxes were not added to
deny.imap
file when a subscription was suspended (disabled)
- fixed configuration bug when using NGINX as reverse proxy for a (sub)domain
- Let’s Encrypt certificates can’t be ordered when using with subdomains configured as reverse proxy (Apache)
- removed duplicate entries from
/etc/apache2/accesslog.map
- e-mails submitted through port 465 (SMTPS) were not counted by lclogparse
- mailbox statistics (maildirsize) didn’t work with mailboxes >2GB on 32 bit systems
- fixed memory leak in lcpolicyd (on negative lookups in policy database)
- cron jobs were not re-enabled after a locked subscription was re-enabled
Changes in version 2.4.1-r4635 (07/25/2017):
- fixed bug when importing Dovecot passwords as CRAM-MD5 hash (passwords were hashed twice)
- AutoDiscover wasn’t enabled when a domain or subdomain was added via the SOAP API (with mail.autoconfig.default=1)
Changes in version 2.4.1-r4630 (07/21/2017):
- disabled captcha for password recovery (can be re-enabled using LCDEFAULTS key
user.pwrecover.captcha
)
- using ProxyPass & ProxyPassReverse for Apache proxy configuration (instead of RewriteRule with [P] option)
- automatic 302 redirect (instead of “400 Bad Request” error page) when accessing LiveConfig via HTTP on HTTPS port
- LiveConfig and all of its tools are now hardened at compile-time
- show error page when subdomain is configured as proxy, but mod_proxy is not enabled
- fixed missing “deny.imap” file on fresh installations
- spam filter thresholds where displayed “*100” when logging in to LiveConfig with e-mail credentials
- fixed GUI bug when creating new ACME account without e-mail address
- fixed error in parsing spamwarn/spamreject fields in
HostingMailboxAdd()
(regression bug from v2.4.0)
- fixed minor GUI bugs
HostingMailboxAdd()
: spam warn threshold may be equal to reject threshold
HostingDomainAdd()
now returns in <webip> the NAT IP instead of the private IP address
- fixed bug with ACME and differing reload interval (triggered too early)
- fixed wrong SpamAssassin thresholds when manually triggering mailbox updates via the database (using MB_STATUS=9)
- Autoconfig subdomains were not deleted when e-mail was disabled for a domain
- fixed problem in local LCCP connection (single-server) when data was sent much faster than client process could handle (eg. on mass updates)
Changes in version 2.4.0-r4607 (06/27/2017):
- fixed missing “deny.imap” file on fresh installations
Changes in version 2.4.0-r4602 (06/21/2017):
- fixed problem with PHP7-“only” and NGINX on Debian 9
Changes in version 2.4.0-r4601 (06/21/2017):
- optionally allow Linux account names with leading numbers (LCDefaults key
user.login.leadingNumbers
)
- allow multiple PHP settings with the same name when PHP version limitation does not overlap
- supporting Debian 9 (“Stretch”)
- “permissive mode” for SOAP method
ContactAdd()
(eg. ignore format errors on mass import)
- Let’s Encrypt now respects differing reload interval (
apache.RELOAD_MAX
)
- when CRAM-MD5 is disabled in Dovecot (eg. due to backward-compatibility to imported mailboxes), AutoDiscover for Thunderbird now allows plaintext password authentication
- updated OpenSSL to v1.0.2l
- auto-detecting location of MySQL socket if not configured properly
- fixed bug when configuring NGINX reverse-proxy vHost with HTTP redirect
- lcsam: fixed scanning of outgoing e-mails with “-a” option
- e-mail accounts of disabled subscriptions still were able to read mail via POP3/IMAP
- when using BIND with NAT IPs, the “interfaces” option contained the NAT IPs instead of the physical IPs
Changes in version 2.3.1-r4556 (05/08/2017):
- fixed bug when switching mailserver name from “manual” back to default name
Changes in version 2.3.0-r4555 (05/05/2017):
- Lua: allow overriding Postfix settings in master.cf using table
postfix.LOCALMASTER
- added SOAP method
UserEdit()
- Apache configuration reload interval can be overridden via custom.lua (
apache.RELOAD_MIN
, apache.RELOAD_MAX
)
- supporting Single Sign-On (using SOAP method
SessionCreate()
)
- added czech language support (thanks to vshosting.cz!)
- added Postfix policy service “lcpolicyd” to limit outgoing e-mails
- supporting pre-hashed passwords in {CRAM-MD5] schema with
HostingMailboxAdd()
- SOAP method HostingSubscriptionEdit() supports locking/disabling of individual subscriptions
- SOAP method
HostingSubdomainAdd()
supports selecting the PHP version
- added SOAP method
HostingLookup()
- prepared IP mapping for DNS services behind NAT (IPS.IP_NAT)
- fixed bug when trying to update virtual ProFTPD account with empty password
- new LiveConfig installations with v2.2.3 used a wrong default time zone for the web interface (“Europe/Astrakhan” instead of “Europe/Berlin”)
- Lua: fixed bug when using the flag
apache.FOLLOWSYMLINKS
(effectively SymLinksIfOwnerMatch was still enabled)
- fixed bug in
HostingPasswordPathAdd()
when adding a wildcard login
CustomerAdd()
didn’t check for duplicate customer IDs (parameter “cid”)
- lcsam: symbols hit by SpamAssassin were not passed to log & mail headers (X-Spam-Score), only score was logged
- HTTP(S) redirect did not work with NGINX Reverse Proxy configuration
- fixed bug when running a web application with HTTPS and NGINX Reverse Proxy
- fixed bug when saving “thai” as language in user preferences
- DNSSEC: DS RR was displayed base64-encoded instead of hexadecimal
- DNS: fixed bug when managing TXT records with more than 255 characters
- fixed location of “insserv” tool for Ubuntu 16 (nginx-php-fcgi, lcsam)
- supporting “only PHP7” configurations with Apache and NGINX on Ubuntu 16
- stop trying to renew Let’s Encrypt certificate if domain has been deleted but SSL certificate not
- systemd sometimes killed all nginx-php-fcgi processes when restarting LiveConfig service (moved nginx-php-fcgi into separate cgroup)
- SSL CA chain certificate was not configured with SNI default vHost
- IPv6 address in SOAP WSDL was in twice brackets
- fixed bug in ACME client when receiving unexpected response from CA server
- when mailbox was edited (domain changed), the domain didn’t get removed from “virtual_domains” file if domain wasn’t used any more
- if the SSL certificate of a vHost is “broken”, it’s not configured any more (this rendered Apache unusable in some cases)
- ACME: configuring HTTP->HTTPS redirect now only on initial certificate installation (not on renewal)
- mailbox passwords were limited to 40 characters with
HostingMailboxAdd()
- control characters were not escaped correctly in JSON output
- fixed bug when creating php-fcgi-starter script while user has exceeded his webspace quota
- fixed bug when trying to rename an account into a recently deleted user name
- improved language detection on “coming soon” placeholder page
- lcsam: outbound e-mails from SASL authenticated users are by default not scanned any more by SpamAssassin
- Spam prefix (Suspected SPAM) can be customized via LCDefaults (
mail.spam.prefix
)
- updated timezone database to 2016h
- allow “%” sign in local-part of e-mail addresses
- changed syslog prefix for postfix port 587 to “postfix/submission” and port 465 to “postfix/smtps”
- show web configuration (“destination”) for both HTTP and HTTPS (Hosting -> Domains)
- Postfix master.cf: chroot flag set to “y” (instead of “-”) to mitigate warnings with Postfix 3.x
- added workaround for broken OpenDKIM systemd script on Ubuntu 16
- domains/subdomains with custom DNS records are marked with an icon (Hosting -> Domains)
- updated OpenSSL to v1.0.2k
- improved database indices
- improved performance of statistics collection on large installations
- automatical management of SSL certificates (ACME) can be disabled
- allow override of Dovecot SSL ciphers (
LC.dovecot.SSL_CIPHERS
)
- proposing filename
data.csv
when downloading CSV table data
- minor GUI improvements
- optimized restart of LiveConfig services (lclogparse, lcpolicyd, lcsam) after package upgrade
- removed phone input from ACME registration (not supported any more by Let’s Encrypt)
- improved install/uninstall of systemd unit files on Debian Linux
Changes in version 2.2.3-r4343 (10/04/2016):
- display “DS Resource Record” (according to RFC4509) of DNSSEC keys
- updated TLS cipher list (Mozilla recommendations v4.0)
- disabled 3DES for LiveConfig access
- added “X-Content-Type-Options” header to LiveConfig
- display error message (reason) when application installer script couldn’t be run
- improved lcservice.sh (now also fixing file owner, optionally recursively)
- updated OpenSSL to v1.0.2j
- updated timezone database to 2016g
- show mail server name when adding/editing a mailbox
HostingMailboxAdd()
didn’t use aliases/forwards limits from LCDEFAULTS
- fixed too restrictive syntax check for e-mail aliases (both GUI and SOAP API)
- ACME: fixed bug with renewal of domain authorizations
- DNS template didn’t allow configuration of 4th secondary DNS server
- catch-all addresses remained in virtual_alias file after renaming
- TTL was not updated into zones when changed in DNS template (SOA)
- broken/hanging AppInstaller installations can now be deleted after restarting LiveConfig
HostingDatabaseDelete()
: parameter “subscription” was missing in API documentation
Changes in version 2.2.2-r4304 (08/31/2016):
- allow reassigning a subscription at any level to an administrator or reseller
- password for additional (virtual) FTP users was reset when editing the home directory
- Lua: fixed bug in
LC.timeout()
function, which in some cases made services reload too early
- SOAP API: permissions were not updated when hosting plan was changed via
HostingSubscriptionEdit()
- show status on customer details page when customer is locked or suspended
Changes in version 2.2.1-r4293 (08/15/2016):
- send notification e-mail when SSL certificate is about to expire
- some tables now contain a “copy to clipboard” and “open in new tab” link
- after editing a PHP setting for a subscription, the “log files” tab was displayed
- when the IPs of an IP group were changed, DNS updates were not applied immediately
- NGINX: PHP was not enabled if webspace was only configured with a web application
- NGINX: always started instances of default PHP version, even when not being used for any domain
- when accessing LiveConfig via HTTP on a HTTPS port, the KeepAlive connection was not closed immediately, allowing subsequent unencrypted requests
- updated time zone database (2016f)
- allow connecting to MySQL servers with pre-4.1.1 protocol
- no more logging of “a2ensite” calls (for a clearer log file)
- subscription names are now limited to 32 characters
- added trailing slashes to php.ini setting “open_basedir”
- IP addresses may not be added as “external domains” any more
- show eventually differing PHP version for domains with web application
- popup windows now can be closed using the Escape key
Changes in version 2.2.0-r4254 (07/14/2016):
Debian 6 is **not** supported any more (EOL since 03/2016)
- supporting autoresponder with forward-only mailboxes
- added configuration option to conceal DMI data on server overview (LCDEFAULTS key
server.info.dmi
)
- supporting ${subject} placeholder in subject or message of e-mail autoresponder
- serial number for domain can be set with HostingDomainAdd()
- added configuration option for default mailbox quota (LCDEFAULTS key
mail.quota.default
)
- allow replacing the default LiveConfig logo in custom template files
- supporting MySQL 5.7.6+
- allow configuration of NGINX as reverse proxy for Apache httpd
- supporting CSV download of domain table and subdomain table
- added Thai language support (thanks to Hostway!)
- supporting Ubuntu 16.04 LTS
- supporting custom BIND options (Lua table
bind.LOCALOPTIONS
)
- added parameter “ipgroup” to SOAP method
HostingDomainAdd()
(like in HostingSubdomainAdd()
)
- SSL certificate for SMTP, POP3/IMAP and FTP is updated when being modified or extended (eg. with Let’s Encrypt)
- added configuration parameter http_proxy_url to define the “public” URL when running LiveConfig behind a reverse proxy
- HostingSubscriptionGet() now also returns mail server hostname
- interval for collecting MySQL statistics is now configurable (LCDEFAULTS key
db.stats.interval
)
- fixed bug when requesting new password with standard mail template
- editing a LiveConfig user required entering a new password
- LiveConfig user password length isn’t limited any more
- editing a FTP user required entering a new password
- fixed bug when modifying secondary DNS servers in DNS templates
- country was not displayed in contact data list
- allowing dashes in user names for SOAP API if admin user was renamed
- fixed problem when adding a subdomain before new domain was loaded into primary DNS
- fixed bug when importing existing password hashes into vsftpd
- when editing an FTP account, a ‘/’ was inserted multiple times before the path name
- replaced “0.0.0.0” with “0.0.0.1” in access.log.1 placeholder and AWStats/Webalizer configuration, because no statistics were generated when IPv4 addresses were fully anonymized
- mailbox name in HostingMailboxAdd() had to be at least 2 characters long (1 character is now enough)
- improved TLS session cache configuration for ProFTPD
- revised list of allowed characters in mailbox names (now more consistent)
- updated translations
- changed Apache LogFormat directive ‘%h’ into ‘%a’ (log IP address instead of hostname, even if HostnameLookups is on; support reverse proxy)
- “liveconfig –diag” now shows which PHP version is configured by default
Changes in version 2.1.2-r4149 (04/12/2016):
- added support for OpenSUSE 42.1
- added configuration option to disable autoresponder management (LCDEFAULTS key “mail.autoresponder.enabled”)
- custom e-mail template for “recover password” wasn’t used in some cases
- fixed wrong encoding of some special characters in e-mail templates (&, <, …)
- ACME: handling possible error when received SSL certificate is empty or too small
- creating vsftpd user configuration file on password update (if not existing)
Changes in version 2.1.1-r4131 (03/07/2016):
- added SOAP method HostingDatabaseDelete()
- added option to not create automatic A/AAAA DNS records for webspace when custom A/AAAA records exist
- added configuration option
http_nonssl_redirect
- HTTP proxy support for outbound connections from LiveConfig (eg. for license activation, repository updates)
- HTTP proxy support for inbound connections (new configuration options
http_proxy_ip_header
and http_proxy_ip_from
)
- show warning message on login page when JavaScript is disabled
- allow manual configuration of database server name
- added LCDEFAULTS option “mail.autoconfig.default” (default value for new domains)
- fixed bug in NGINX FastCGI configuration with upper-case subscription names
- custom mail server name wasn’t used in login informations (
###MAILSERVER###
)
- checking for databases to be deleted when LiveConfig re-connects to MySQL (eg. on restart)
- checking for databases to be deleted when LiveConfig re-connects to MySQL (eg. on restart)
- ACME: better error handling when certificate download has failed
- optmized database indexes
- allow “%c” placeholder in FTP account prefix not only on first position
Changes in version 2.1.0-r4084 (02/01/2016):
- added systemd unit files for all LiveConfig services
- Lua-API: added function “LC.fs.is_symlink”
- allow manual configuration of SMTP server name
- automatically managing CNAME RRs for autodiscover/autoconfig (when upgrading LiveConfig, autodiscover/autoconfig CNAME RRs will be added automatically for all domains managed by LiveConfig, when autodiscover/autoconfig is enabled in the mail server settings)
- allow enabling/disabling autodiscover/autoconfig per domain
- allow configuration of IMAP/POP3 priority for autodiscover/autoconfig per mailbox
- support import of encrypted private keys (SSL) in PKCS#8 format
- automatically renewing ACME certificates and configuring new certificates
- symlinks in /etc/init.d/(lcsam|nginx-php-fcgi) are replaced by real files due to incompatibility with systemd on CentOS 7.2
- ACME challenges were not automatically deleted with subdomain
- ACME certificates were not requested if any subdomain was “invalid” before
- fixed NGINX_FCGI_INI_PATH in nginx-php-fcgi-starter for additional PHP versions
- PHP-FCGI processes for NGINX were not terminated when PHP version was switched or PHP was disabled
- SSL certificate for Dovecot will be updated even if NOUPDATE option is set (required for using Let’s Encrypt certificates with Dovecot)
- SMTP server configuration split into several tabs
- allowing up to 255 chars for web redirects and webspace paths
- prefixes for users/ftp/databases now more flexible
- also check for “mysql-community-server” package when searching for MySQL
- improved performance of SQLite database
- removing catch-all configurations from /etc/postfix/spamassassin
Changes in version 2.0.2-r4019 (01/13/2016):
- Lua: added “NOUPDATE” option for Dovecot configuration
- optional automatic configuration of HTTPS (and optional redirect to HTTPS) with ACME/Let’s Encrypt
- maldet/clamav upload scan (with PHP/Suhosin) didn’t work with NGINX
- fixed problem when updating mail password with RoundCube plugin
- Override CSS was not included within IFRAME popups
- fixed bug when deleting custom DNS RRs
- improved XSS protection
- updated translations
- when an ACME certificate (Let’s Encrypt) for multiple domains (with/without ‘www’) is requested, wait until all (sub)domains are successfully validated before installing a certificate
Changes in version 2.0.1-r3988 (12/07/2015):
- fixed bug when trying to rename “admin” user
- fixed bug with ACME challenges on NGINX vHosts with complex configuration
- fixed too restrictive access permissions to ACME challenges on some distributions
- supporting ACME challenges when webspace is password-protected
- NGINX configuration now supports PATH_INFO (NGINX #321)
- improved detection of Red Hat Enterprise Linux (RHEL)
Changes in version 2.0.1-r3979 (12/01/2015):
- supporting multiple PHP versions with NGINX
- fixed memory leak in ACME client
- fixed problem with “ssl_prefer_server_ciphers” and “ssl_protocols” in NGINX default configuration on Debian 8
Changes in version 2.0.1-r3973 (11/30/2015):
- supporting ACME authorization with NGINX
- fixed installation problem on Gentoo linux (“rm” command in ebuild)
- fixed bug in displaying number of CPU cores
- fixed bug in ACME authorization when no PHP is installed on a web server
- no more special chars allowed when renaming a LiveConfig user
- NGINX is restarted after initial configuration (not only reloaded) to force loading of new configuration
- prevent autofill of e-mail password when creating/editing a mailbox
- allow deletion of unused ACME accounts
- displaying possible errors from ACME authorization
- subscription names in reports are linked
- improved NGINX configuration
- large table content is now displayed in multiple rows
Changes in version 2.0.0-r3952 (11/18/2015):
- allow download of e-mail overview table as CSV
- fixed minor display bugs in CSS
- increased limit for e-mail forwards from 90 to 128 characters
Changes in version 2.0.0-r3944 (11/17/2015):
- completely revised web interface (“responsive”)
- supporting Let’s Encrypt (ACME protocol) for automated SSL certificate management
- supporting ARM platform (Raspberry Pi, Odroid, etc.)
- supporting FIDO U2F with experimental Firefox plugin
- session timeout can be configured (via LCDEFAULTS)
- warning before session expires, plus more session improvements
- added API for updating e-mail password eg. with RoundCube plugin
- supporting Dynamic DNS updates via URL
- supporting ARM platform (Debian/Ubuntu)
- suppressing browser password manager when setting/updating passwords
- check for custom CSS file when using custom logo
- custom “return URL” not used on session timeout (#70)
- “comment”, “subdomains”, “extdomains” and “traffic” values were not updated with SOAP method HostingSubscriptionEdit()
- correctly restarting “lclogparse” after upgrade
- fixed bug when adding/updating 2048 bit DKIM keys to DNS
- allowing up to 64 chars for MySQL database names
- allowing digits in PHP settings names
- allow arbitrary length of LiveConfig user passwords
- workaround for problems with FileZilla & ProFTPD (FactsAdvertise off)
- improved performance of “uploadscan.sh”, fixed problems with LMD (maldet)