i-MSCP 1.4.0 RELEASED –

i-MSCP 1.4.0 RELEASED

Dear community,

WARNING – Before updating your i-MSCP installation, don’t forget to read the errata file WARNING

We are pleasure to announce the immediate availability of i-MSCP version 1.4.0 that is the new stable release.

This new version addresses the following issues:

ARPL

Fixed: ARPL is failing due to unexpected encoding
Removed: imscp-arpl-msgr log directory (ARPL error logs goes now into /var/log/mail.log)

BACKEND

Added: isRoutableAddr() method to check whether a given IP address is world-routable (iMSCP::Net)
Added: Support for prefix length (iMSCP::Net::addAddr())
Changed: Event logging is now done on a per module basis – see the errata file for further details
Changed: Listener files from deprecated /etc/imscp/hooks.d directory are now ignored (iMSCP::EventManager)
Fixed: Couldn’t add IP address without label (iMSCP::Net::addAddr())
Fixed: Couldn’t set user/group on dangling symlinks (iMSCP::Rights::setRights())
Fixed: Don’t change permissions on symlink targets (iMSCP::File & MSCP::Rights)
Fixed: Don’t connect to SQL server when that is not needed (iMSCP::Database::mysql)
Fixed: Error `net.ipv6.conf.eth0:0.autoconf is an unknown key’ (iMSCP::Provider::NetworkInterface::Debian)
Fixed: Force addition of `CREATE DATABASE’ statement in SQL dumps, even for empty databases
Fixed: Make sure that ownership is fixed recursively when restoring a Web backup
Fixed: Restore database using temporary SQL user in place of customer SQL user (Modules::Domain)
Fixed: Several encoding issues (regression fix)
Fixed: Usage of lchown(2) system call to avoid dereference of symlinks (iMSCP::Rights::setRights())
Review: Read line by line to avoid opening in-memory file in STDOUT|STDERR routines (iMSCP::Execute::executeNoWait())
Fixed: Read mount entries from /proc/self/mounts file to cover case where /etc/mtab is not a symlink (iMSCP::Mount)

CONFIG

Changed: Usage of Courier authdaemon as password verifier (Cyrus SASL) – see the errata file for further details
Merged: domain_redirect.tpl, domain_redirect_ssl.tpl and domain_ssl.tpl templates in domain.tpl template (Apache2)
Merged: domain_disabled_ssl.tpl template in domain_disabled.tpl template (Apache2)
Removed: domain_ssl.tpl, domain_redirect.tpl, domain_redirect_ssl.tpl and domain_disabled_ssl template files (Apache2)
Updated: Courier configuration for use of new password scheme (SHA512-CRYPT)
Updated: Cyrus SALS configuration for use of new password scheme (SHA512-CRYPT)
Updated: Dovecot configuration for use of new password scheme (SHA512-CRYPT)

SCRIPTS

Added: Support for IPv6 traffic data (imscp-srv-traff)
Fixed: Missing iptables chains/rules for IPv6 traffic logging (imscp-net-traffic-logger)

DAEMON

Fixed: Default Makefile target must not involves the `clean’ target

DATABASE

Removed: `ftp_users.rawpasswd’ column (i-MSCP database)
Removed: `sql_user.sqlu_pass’ column (i-MSCP database)
Updated: `server_ips.ip_number` column length (i-MSCP database)

DISTRIBUTIONS

Added: MariaDB 10.1 for Ubuntu Xenial Xerus
Added: Percona SQL Server (5.5, 5.6, 5.7) for Ubuntu Xenial Xerus
Added: PHP 5.6, 7.0, 7.1 alternatives for Debian Jessie/Stretch through Ond?ej Surý repository
Added: PHP 5.6, 7.0, 7.1 alternatives for Ubuntu Trusty/Xenial through Ond?ej Surý PPA
Dropped: Support for Debian Wheezy – Many softwares and library are really too old
Dropped: Support for PHP versions that are considered EOL by upstream PHP team (Ubuntu/Debian)
Dropped: Support for Ubuntu Precise Pangolin (12.04) – Will be EOL on April 2017
Updated: Debian Stretch packages file according last state of repository (full freeze since 20170205)

DOCUMENTATION

Added: CGI script sample for Perl, Python and Ruby

FRONTEND

Added: Function for overriding of native JS alert() function
Added: jQuery.imscp.confirm() and jQuery.imscp.confirmOnclick() global jQuery functions for confirmation dialogs
Added: Method to get IP address version (iMSCP::Net)
Added: Method to get IP prefix length (iMSCP::Net)
Added: Methods to compress/expand IPv6 addresses (iMSCP::Net)
Changed: Defer loading of NIC and IP data (iMSCP::Net)
Changed: Restricts character range for password generator to ASCII alphabet characters and numbers
Fixed: {CUSTOMER} template variable is not replaced in reseller alias order email notification
Fixed: Administrators cannot switch onto reseller/customer interface when database update is available
Fixed: Don’t list software that require database for customers that have not SQL feature enabled
Fixed: `iMSCP_Exception_Production’ class not compatible with PHP >= 7.0
Fixed: Infobox for new alias orders must be static (reseller/index.php)
Fixed: IP address input field is too small (admin/ip_manage.php)
Fixed: Store compressed IPv6 (ip_manage.php)
Fixed: Try to guess the prefix length whenever possible (ip_manage.php)
Fixed: Usage of non-numeric values (iMSCP_pTemplate)
Fixed: When IP address is pasted, netmask input field is not updated (admin/ip_manage.php)
Removed: PhpMyAdmin auto-login feature (password for SQL database are no longer stored plaintext in database)
Removed: Pydio auto-login feature (password for FTP users are no longer stored plaintext in database)
Review: Increased value for the PHP `post_max_size’ and `upload_max_filesize’ directives

INSTALLER

Fixed: APT GPG keys not updated when required
Fixed: Missing `mysql’ group; the `mysql’ group is only created by the mysql-server package (SQL remote server impl.)
Fixed: Patch for Apache 2 mod_proxy_fcgi module not required if Apache version is >= 2.4.24
Fixed: Patches for libpam-mysql not required if libpam-mysql version is >= 0.8.0
Fixed: Several files containing critical data are created world-readable, giving time to other processes to read them
Fixed: `W: Download is performed unsandboxed as root as file…’ warning with newest APT versions
Moved: Distribution package files from ./docs directory to ./autoinstaller/Packages directory
Review: Forbid usage of `debian-sys-maint’ SQL user
Updated: ./docs/preseed.pl preseeding template file

LISTENERS

Added: 10_postfix_transport_table.pl listener file (Allows to add entries in Postfix transport(5) table)
Fixed: Default hostname must be overridden to prevent hostname mismatches (10_roundcube_tls.pl)
Updated: 10_apache2_dualstack.pl listener file for i-MSCP Serie 1.4.x
Updated: 20_apache2_serveralias_override.pl.pl listener file for i-MSCP Serie 1.4.x
Updated: 30_apache2_tools_proxy.pl.pl listener file for i-MSCP Serie 1.4.x
Updated: 40_apache2_security_headers.pl.pl listener for i-MSCP Serie 1.4.x
Updated: 50_dovecot_plaintext.pl listener file according for i-MSCP Serie 1.4.x

PACKAGES

Added: `beforeUpdateRoundCubeMailHostEntries’ event listener (RoundCube package installer)
Fixed: Apache2 needs to be reloaded on password update (AWStats)
Fixed: AWStats interface is not reachable for redirected or proxied sites (AWStats)
Fixed: Couldn’t access symlinked icons (AWStats)
Fixed: Password not updated on customer password recovery (AWStats)

PLUGINS

Updated: API version to 1.4.0

SERVERS

Added: LAN IP address in virtualhost for local access (Servers::ftpd::proftpd::installer)
Added: Support for Python and Ruby CGI scripts (Httpd server impl.)
Added: `/.well-known’ directory to site skeletons (Httpd server impl.)
Changed: Usage of mpm_event in place of mpm_worker (PHP-FPM httpd server impl.)
Dropped: Compatibility for Apache2 < 2.4.x (Httpd server impl.)
Fixed: Any site must have a document root, even when redirected or proxied (Httpd server impl.)
Fixed: apache2: Could not reliably determine the server’s fully qualified domain name, using ::1 for ServerName
Fixed: Cleanup and disable unused PHP SAPIs
Fixed: Even when a site is redirected or proxied, its Web folder must be created (Httpd server impl.)
Fixed: Forward Secrecy not supported with reference browsers (Apache2)
Fixed: Make sure that PHP Apache2 SAPI is disabled when needed (httpd server impl.)
Fixed: Possible `NameVirtualHost <ip>:<port> has no VirtualHosts’ warning (Apache2)
Fixed: Possible `nginx: [emerg] bind() to <ip>:<port> failed (98: Address already in use)’ error
Fixed: POSTCONF(1) is being slow when called multiple-times, slowing down i-MSCP installer (Postfix server impl.)
Fixed: Set HSTS `max-age’ value to zero when HSTS is disabled (See RFC 6797)
Fixed: The `/.well-known’ directory is not reacheable when a site is redirected or proxied (httpd server impl.)
Fixed: Wrong events triggered (Servers::mta::postfix)
Fixed: Wrong permissions set on Courier Authdaemon socket dir, making maildrop MDA unable to connect
Fixed: Wrong permissions set on Dovecot configuration files

SERVICES

Added: Upstart job override files for PHP-FPM 5.6, 7.0 and 7.1 (reload with SIGUSR2)
Added: –nodaemonize option in imscp_panel Upstart job configuration file
Added: systemd-tmpfiles for creation of the /run/imscp directory
Changed: run directory for imscp_panel service (/var/run to /run/imscp)
Changed: run directory for PHP-FPM (/var/run to /run/php)
Fixed: Make sure that the /run/imscp directory is created by imscp_panel.conf Upstart job configuration file
Fixed: Make sure that the /run/imscp directory is created by imscp_panel sysvinit script
Fixed: The imscp_mountall service must be started as late as possible on server boot
Removed: imscp_panel_checkconf as FPM often ends with zend_mm_heap corrupted, preventing service to be (re)started

YOUTRACK

#IP-0826 Any password should be encrypted
#IP-1383 Security – Remove auto-login feature to remove plaintext passwords
#IP-1686 Fields beginning or ending with braced tags are corrupted by the clean_input function.
#IP-1688 /etc/postfix/domains.db entry not added if mail value was changed from -1 (disabled) to enabled (0 or a value)
#IP-1689 Password reset conflict with PanelRedirect
#IP-1694 Administrator: Order / Filter by Reseller
#IP-1700 The /etc/mtab file get overwritten by the /etc/init.d/vzquota sysvinit script (Strato vServer) on reboot