i-MSCP 1.4.0 RELEASED

i-MSCP 1.4.0 RELEASED

Dear community,

WARNING – Before updating your i-MSCP installation, don’t forget to read the errata file WARNING

We are pleasure to announce the immediate availability of i-MSCP version 1.4.0 that is the new stable release.

This new version addresses the following issues:

ARPL

  • Fixed: ARPL is failing due to unexpected encoding
  • Removed: imscp-arpl-msgr log directory (ARPL error logs goes now into /var/log/mail.log)

BACKEND

  • Added: isRoutableAddr() method to check whether a given IP address is world-routable (iMSCP::Net)
  • Added: Support for prefix length (iMSCP::Net::addAddr())
  • Changed: Event logging is now done on a per module basis – see the errata file for further details
  • Changed: Listener files from deprecated /etc/imscp/hooks.d directory are now ignored (iMSCP::EventManager)
  • Fixed: Couldn’t add IP address without label (iMSCP::Net::addAddr())
  • Fixed: Couldn’t set user/group on dangling symlinks (iMSCP::Rights::setRights())
  • Fixed: Don’t change permissions on symlink targets (iMSCP::File & MSCP::Rights)
  • Fixed: Don’t connect to SQL server when that is not needed (iMSCP::Database::mysql)
  • Fixed: Error `net.ipv6.conf.eth0:0.autoconf is an unknown key’ (iMSCP::Provider::NetworkInterface::Debian)
  • Fixed: Force addition of `CREATE DATABASE’ statement in SQL dumps, even for empty databases
  • Fixed: Make sure that ownership is fixed recursively when restoring a Web backup
  • Fixed: Restore database using temporary SQL user in place of customer SQL user (Modules::Domain)
  • Fixed: Several encoding issues (regression fix)
  • Fixed: Usage of lchown(2) system call to avoid dereference of symlinks (iMSCP::Rights::setRights())
  • Review: Read line by line to avoid opening in-memory file in STDOUT|STDERR routines (iMSCP::Execute::executeNoWait())
  • Fixed: Read mount entries from /proc/self/mounts file to cover case where /etc/mtab is not a symlink (iMSCP::Mount)

CONFIG

  • Changed: Usage of Courier authdaemon as password verifier (Cyrus SASL) – see the errata file for further details
  • Merged: domain_redirect.tpl, domain_redirect_ssl.tpl and domain_ssl.tpl templates in domain.tpl template (Apache2)
  • Merged: domain_disabled_ssl.tpl template in domain_disabled.tpl template (Apache2)
  • Removed: domain_ssl.tpl, domain_redirect.tpl, domain_redirect_ssl.tpl and domain_disabled_ssl template files (Apache2)
  • Updated: Courier configuration for use of new password scheme (SHA512-CRYPT)
  • Updated: Cyrus SALS configuration for use of new password scheme (SHA512-CRYPT)
  • Updated: Dovecot configuration for use of new password scheme (SHA512-CRYPT)

SCRIPTS

  • Added: Support for IPv6 traffic data (imscp-srv-traff)
  • Fixed: Missing iptables chains/rules for IPv6 traffic logging (imscp-net-traffic-logger)

DAEMON

  • Fixed: Default Makefile target must not involves the `clean’ target

DATABASE

  • Removed: `ftp_users.rawpasswd’ column (i-MSCP database)
  • Removed: `sql_user.sqlu_pass’ column (i-MSCP database)
  • Updated: `server_ips.ip_number` column length (i-MSCP database)

DISTRIBUTIONS

  • Added: MariaDB 10.1 for Ubuntu Xenial Xerus
  • Added: Percona SQL Server (5.5, 5.6, 5.7) for Ubuntu Xenial Xerus
  • Added: PHP 5.6, 7.0, 7.1 alternatives for Debian Jessie/Stretch through Ond?ej SurĂ½ repository
  • Added: PHP 5.6, 7.0, 7.1 alternatives for Ubuntu Trusty/Xenial through Ond?ej SurĂ½ PPA
  • Dropped: Support for Debian Wheezy – Many softwares and library are really too old
  • Dropped: Support for PHP versions that are considered EOL by upstream PHP team (Ubuntu/Debian)
  • Dropped: Support for Ubuntu Precise Pangolin (12.04) – Will be EOL on April 2017
  • Updated: Debian Stretch packages file according last state of repository (full freeze since 20170205)

DOCUMENTATION

  • Added: CGI script sample for Perl, Python and Ruby

FRONTEND

  • Added: Function for overriding of native JS alert() function
  • Added: jQuery.imscp.confirm() and jQuery.imscp.confirmOnclick() global jQuery functions for confirmation dialogs
  • Added: Method to get IP address version (iMSCP::Net)
  • Added: Method to get IP prefix length (iMSCP::Net)
  • Added: Methods to compress/expand IPv6 addresses (iMSCP::Net)
  • Changed: Defer loading of NIC and IP data (iMSCP::Net)
  • Changed: Restricts character range for password generator to ASCII alphabet characters and numbers
  • Fixed: {CUSTOMER} template variable is not replaced in reseller alias order email notification
  • Fixed: Administrators cannot switch onto reseller/customer interface when database update is available
  • Fixed: Don’t list software that require database for customers that have not SQL feature enabled
  • Fixed: `iMSCP_Exception_Production’ class not compatible with PHP >= 7.0
  • Fixed: Infobox for new alias orders must be static (reseller/index.php)
  • Fixed: IP address input field is too small (admin/ip_manage.php)
  • Fixed: Store compressed IPv6 (ip_manage.php)
  • Fixed: Try to guess the prefix length whenever possible (ip_manage.php)
  • Fixed: Usage of non-numeric values (iMSCP_pTemplate)
  • Fixed: When IP address is pasted, netmask input field is not updated (admin/ip_manage.php)
  • Removed: PhpMyAdmin auto-login feature (password for SQL database are no longer stored plaintext in database)
  • Removed: Pydio auto-login feature (password for FTP users are no longer stored plaintext in database)
  • Review: Increased value for the PHP `post_max_size’ and `upload_max_filesize’ directives

INSTALLER

  • Fixed: APT GPG keys not updated when required
  • Fixed: Missing `mysql’ group; the `mysql’ group is only created by the mysql-server package (SQL remote server impl.)
  • Fixed: Patch for Apache 2 mod_proxy_fcgi module not required if Apache version is >= 2.4.24
  • Fixed: Patches for libpam-mysql not required if libpam-mysql version is >= 0.8.0
  • Fixed: Several files containing critical data are created world-readable, giving time to other processes to read them
  • Fixed: `W: Download is performed unsandboxed as root as file…’ warning with newest APT versions
  • Moved: Distribution package files from ./docs directory to ./autoinstaller/Packages directory
  • Review: Forbid usage of `debian-sys-maint’ SQL user
  • Updated: ./docs/preseed.pl preseeding template file

LISTENERS

  • Added: 10_postfix_transport_table.pl listener file (Allows to add entries in Postfix transport(5) table)
  • Fixed: Default hostname must be overridden to prevent hostname mismatches (10_roundcube_tls.pl)
  • Updated: 10_apache2_dualstack.pl listener file for i-MSCP Serie 1.4.x
  • Updated: 20_apache2_serveralias_override.pl.pl listener file for i-MSCP Serie 1.4.x
  • Updated: 30_apache2_tools_proxy.pl.pl listener file for i-MSCP Serie 1.4.x
  • Updated: 40_apache2_security_headers.pl.pl listener for i-MSCP Serie 1.4.x
  • Updated: 50_dovecot_plaintext.pl listener file according for i-MSCP Serie 1.4.x

PACKAGES

  • Added: `beforeUpdateRoundCubeMailHostEntries’ event listener (RoundCube package installer)
  • Fixed: Apache2 needs to be reloaded on password update (AWStats)
  • Fixed: AWStats interface is not reachable for redirected or proxied sites (AWStats)
  • Fixed: Couldn’t access symlinked icons (AWStats)
  • Fixed: Password not updated on customer password recovery (AWStats)

PLUGINS

  • Updated: API version to 1.4.0

SERVERS

  • Added: LAN IP address in virtualhost for local access (Servers::ftpd::proftpd::installer)
  • Added: Support for Python and Ruby CGI scripts (Httpd server impl.)
  • Added: `/.well-known’ directory to site skeletons (Httpd server impl.)
  • Changed: Usage of mpm_event in place of mpm_worker (PHP-FPM httpd server impl.)
  • Dropped: Compatibility for Apache2 < 2.4.x (Httpd server impl.)
  • Fixed: Any site must have a document root, even when redirected or proxied (Httpd server impl.)
  • Fixed: apache2: Could not reliably determine the server’s fully qualified domain name, using ::1 for ServerName
  • Fixed: Cleanup and disable unused PHP SAPIs
  • Fixed: Even when a site is redirected or proxied, its Web folder must be created (Httpd server impl.)
  • Fixed: Forward Secrecy not supported with reference browsers (Apache2)
  • Fixed: Make sure that PHP Apache2 SAPI is disabled when needed (httpd server impl.)
  • Fixed: Possible `NameVirtualHost <ip>:<port> has no VirtualHosts’ warning (Apache2)
  • Fixed: Possible `nginx: [emerg] bind() to <ip>:<port> failed (98: Address already in use)’ error
  • Fixed: POSTCONF(1) is being slow when called multiple-times, slowing down i-MSCP installer (Postfix server impl.)
  • Fixed: Set HSTS `max-age’ value to zero when HSTS is disabled (See RFC 6797)
  • Fixed: The `/.well-known’ directory is not reacheable when a site is redirected or proxied (httpd server impl.)
  • Fixed: Wrong events triggered (Servers::mta::postfix)
  • Fixed: Wrong permissions set on Courier Authdaemon socket dir, making maildrop MDA unable to connect
  • Fixed: Wrong permissions set on Dovecot configuration files

SERVICES

  • Added: Upstart job override files for PHP-FPM 5.6, 7.0 and 7.1 (reload with SIGUSR2)
  • Added: –nodaemonize option in imscp_panel Upstart job configuration file
  • Added: systemd-tmpfiles for creation of the /run/imscp directory
  • Changed: run directory for imscp_panel service (/var/run to /run/imscp)
  • Changed: run directory for PHP-FPM (/var/run to /run/php)
  • Fixed: Make sure that the /run/imscp directory is created by imscp_panel.conf Upstart job configuration file
  • Fixed: Make sure that the /run/imscp directory is created by imscp_panel sysvinit script
  • Fixed: The imscp_mountall service must be started as late as possible on server boot
  • Removed: imscp_panel_checkconf as FPM often ends with zend_mm_heap corrupted, preventing service to be (re)started

YOUTRACK

  • #IP-0826 Any password should be encrypted
  • #IP-1383 Security – Remove auto-login feature to remove plaintext passwords
  • #IP-1686 Fields beginning or ending with braced tags are corrupted by the clean_input function.
  • #IP-1688 /etc/postfix/domains.db entry not added if mail value was changed from -1 (disabled) to enabled (0 or a value)
  • #IP-1689 Password reset conflict with PanelRedirect
  • #IP-1694 Administrator: Order / Filter by Reseller
  • #IP-1700 The /etc/mtab file get overwritten by the /etc/init.d/vzquota sysvinit script (Strato vServer) on reboot

Legend

  • New features or minor changes/bugfixes
  • Changes that can affect 3rd-party components (plugins, listener files…)
  • Major changes or important bugfixes

DOWNLOAD

You can download this new version at:

Thank you for choosing i-MSCP.
Source: i-MSCP release