Dear community,

WARNING – Before updating your i-MSCP installation, don’t forget to read the errata file WARNING

We are pleased to announce the immediate availability of i-MSCP version 1.5.0 that is a new stable version.

This new version addresses the following issues:


  • Added: Flag allowing to ignore mount operation failures (iMSCP::Mount)
  • Deprecated: iMSCP::Database::mysql::doQuery() method — Will be removed in a later version
  • Deprecated: iMSCP::Database::mysql::endTransaction() method — Will be removed in a later version
  • Deprecated: iMSCP::Database::mysql::startTransaction() method — Will be removed in a later version
  • Fixed: Can’t use an undefined value as a HASH reference (iMSCP::EventManager)
  • Fixed: Couldn’t remove IP address: Unknown action requested for server IP (Modules::ServerIP)
  • Fixed: Permissions on files are always preverved when copying directory recursively
  • Fixed: Sets the SQL `group_concat_max_len’ variable on a per session basis
  • Fixed: Sets the SQL modes on a per session basis to `NO_AUTO_CREATE_USER’ (backward compatibility with plugins)
  • Removed: `FETCH_MODE’ option from iMSCP::Database::mysql


  • Removed: `.htgroup’ and `.htpasswd’ files from the skeleton directory; These files are now created only when needed


  • Added: Support for Percona DB 5.7 — Debian 9/Stretch (amd64 architecture only)
  • Added: ca-certificates package in list of pre-required packages
  • Fixed: Install openssl and libssl-dev packages from Debian/Ubuntu repositories, not from Ond?ej Surý repository


  • Added: Button to force refresh of service statuses as they are now cached for 20 minutes
  • Added: iMSCP_Database::inTransaction() method
  • Added: Routing for languages without territory information: eg. `de’ will be routed to `de_DE’ (autodetection)
  • Added: Setting that allows administrator to protect/unprotect default mail accounts against both edition and deletion
  • Added: Translaltion resources for Zend validators
  • Cosmetics: Make use of the mathematical infinity symbol (?) in place of the `Unlimited’ translation string
  • Deprecated: iMSCP_Database::getRawInstance() method — will be removed in a later release
  • Deprecated: Usage of customer ID field — will be removed in a later release
  • Enhancement: Make use of application cache for caching of configuration data (lifetime: indefinitely till change)
  • Enhancement: Make use of application cache for caching of rootkit logs (lifetime: 24 hours)
  • Enhancement: Make use of application cache for caching of service statuses (lifetime: 20 minutes)
  • Enhancement: Make use of Zend APC cache backend; fallback to Zend File backend if APC extension isn’t available
  • Enhancement: Make customers able to delete their subdomains without first having to delete FTP and mail accounts
  • Enhancement: Make customers able to edit mail autoresponder message even if the autoresponder is not activated yet
  • Enhancement: Make customers able to select more than one catch-all address in catch-all addresses drop-down list
  • Enhancement: Make customers able to show/hide default mail accounts
  • Enhancement: Protect default mail accounts against change and deletion (default)
  • Enhancement: Show a warning at the administrator UI level when the DEBUG mode is enabled
  • Enhancement: Show Catch-all accounts in client mail accounts overview interface
  • Fixed: Action links for FTP accounts must be hidden when they have a status other than ‘ok’
  • Fixed: All SQL queries must be compatible with the `ONLY_FULL_GROUP_BY’ SQL mode
  • Fixed: A user must not be able to clear his email address
  • Fixed: Cannot edit mailbox quota due to integer type casting (i386 arch)
  • Fixed: Cannot set value bigger than 2GB for mailbox quota due to integer type casting (i386 arch)
  • Fixed: Couldn’t generate self-signed SSL certificate (string passed as serial number while integer is expected)
  • Fixed: Customers must stay able to login when their password or their main domain are being modified
  • Fixed: Erroneous ftp_group.members field (Subsequent FTP accounts members are never added)
  • Fixed: Missing creation of default `webmaster’ mail account for subdomains
  • Fixed: PHP ini entries that belong to subdomains of an alias being removed are not removed
  • Fixed: Sets the SQL `group_concat_max_len’ variable on a per session basis
  • Fixed: Sets the SQL modes on a per session basis to ‘NO_AUTO_CREATE_USER’ (backward compatibility with plugins)
  • Fixed: Several integer type casting issues
  • Fixed: When an user personal email is being modified, the user identity must be updated as well (session)
  • Fixed: Wrong default mail accounts accounting (missing hostmaster email, wrong SQL queries…)
  • Removed: Administrator database update interface; Database update are executed by installer
  • Removed: Cached versions of navigation files; Make use of application cache instead
  • Removed: iMSCP_Initializer class (replaced by iMSCPApplication class)
  • Removed: Information about total items/limits assigned – People don’t understand their meaning (statistics)
  • Removed: Output compression, including related parameters — Compression is done at Nginx Web server level
  • Review: abuse, hostmaster and postmaster default mail accounts are now forwarded to customer email
  • Review: Catchall mail accounts are now counted in mail accounts limit
  • Review: Default mail accounts are not longer counted for the mail accounts limit (default)
  • Review: Default mail accounts are now hidden in the client mail accounts overview interface (default)
  • Review: Hide the i-MSCP update interface when Git version is in use (admin UI level)
  • Review: Make use of short syntax for arrays
  • Review: Extend Zend_Registry class instead of reinventing the wheel
  • Review: Show an explicite warning when the legacy and unsecure telnet server is running (service statuses)
  • Review: Skip the intermediate edit page when mail autoresponder is being enabled and that the message is already set
  • Rewritten: Add administrator interface (admin level)
  • Rewritten: Edit user and personal data interfaces (all UI levels)
  • Rewritten: Password update interface (all UI levels)
  • Security: Input for personal user data not filtered nor validated (all UI levels)


  • Fixed: Don’t remove unused PHP variants configuration directories; PHP packages install INI files for all variants
  • Fixed: Hide notice about user/group changes (Courier)
  • Fixed: Missing LOGROTATE(8) configuration file for RSYSLOGD(8) (Debian 9/Stretch; Ubuntu 16.04/Xenial)
  • Fixed: Removal of obsolete files must be done before saving the persistent data, else some files won’t be deleted
  • Review: Raise GNU Wget timeout for slow DNS resolvers (Debian apdater)
  • Securiry: Permissions hardening – Files and folders are now copied with UMASK(2) 027 instead of 022


  • Fixed: Can’t locate Package/FileManager/Net2FTP/ when upgrading from some older versions (Package::FileManager)


  • Removed: Explicite unlocking of locked files — Files are automatically unlocked


  • Changed: Mount courier-authdaemon rundir on var/run/courier/authdaemon instead of private/authdaemon (Postfix/Cyrus-SASL)
  • Changed: The `postfix’ user is now added in the `mail’ group instead of the `daemon’ group (Postfix/Cyrus-SASL)
  • Changed: The ownership for the /var/run/courier/authdaemon directory is now `daemon:mail’ (courier-authdaemon)
  • Fixed: `.htgroup’ and `.htpasswd’ files are reseted when the main domain is being changed (Httpd servers)
  • Fixed: Couldn’t generate /etc/courier/dhparams.pem file: Unknown security parameter string: 2048 (Courier)
  • Fixed: SASL authentication failure: cannot connect to courier-authdaemon: No such file or directory (Postfix/Cyrus-SASL)
  • Fixed: Several warnings raised by POSTFIX(1) when files located inside its directories are not owned by the `postfix’ user (Postfix)
  • Fixed: Unwanted leading character in server alias names – Alternative URLs feature (Httpd servers)
  • Removed: sql_mode parameter from the mysql/imscp.cnf configuration file; it is now set on a per session basis) (SQL servers)
  • Review: Disallow recursive directory listing (ProFTPD)


  • Fixed: MOUNT(2) operation failures are ignored (imscp_mountall)
  • Review: Rotate log files on a daily basis instead of a weekly basis for faster processing (Mail service log files)


  • Review: Make use of fuzzy entries in machine object files


  • Updated: Zend Framework libraries to version 1.12.20


  • IP-0749 Protected areas under a mount point of a domain alias or subdomain that is being deleted are not removed
  • IP-1729 Couldn’t generate self-signed SSL certificates with OpenSSL 1.1.x
  • IP-1730 Couldn’t delete support tickets that are closed
  • IP-1733 Default mail accounts in client mail accounts overview should be hidden by default
  • IP-1737 Circular feature – A circular must not be send twice to the same email address


  • New features or minor changes/bugfixes
  • Changes that can affect 3rd-party components (plugins, listener files…)
  • Major changes or important bugfixes


You can download this new version at:

Thank you for choosing i-MSCP.
Source: i-MSCP release