Eine neue I-MSCP Version 1.3.9 wurde veröffentlicht. Wir werden unsere Webserver nächste Woche auf den aktuellsten Versionsstand aktualisieren. Dazu werden wir noch einmal gesondert Wartungsarbeiten über unser Statusportal http://status.ip-projects.de ankündigen.

Mit der neuen Version werden folgende Fehler behoben:


  • Fixed: Prevent replacement of Apache2 variables in vhost files (iMSCP::TemplateParser)
  • Fixed: Wrong substitution for deleted mount points (iMSCP::Mount)


  • Added: iMSCP_Authentication_AuthEvent class (Represent authentication event passed-in to listeners)
  • Added: `onSharedScriptStart‘ and `onSharedScriptEnd‘ events
  • Added: Static info in custom DNS management interface explaining rules for substitution with $ORIGIN (Custom DNS)
  • Added: Support for DNS NS resource record – only allowed for subzone delegation (Custom DNS)
  • Changed: Authentication service class now expects an authentication result object pulled from authentication event
  • Changed: FTP chooser script (ftp_choose_dir.php) is now a shared script (previously, it was a client script)
  • Fixed: A backend request must be triggered when a customer password is being updated by the administrator (Admin level)
  • Fixed: Authentication data (htuser(s)/htgroup(s)) must remain selected upon errors (Protected area form)
  • Fixed: Could not install a new software instance due to a bad check on installation path (Software installer)
  • Fixed: Default (credentials) authentication handler must not stop propagation of authentication event on failure
  • Fixed: Favicon not loaded in some browsers, specially MSIE
  • Fixed: Installation of a new software instance on forwarded domains must be prohibited (Software installer)
  • Fixed: Installation of a new software instance outside of the document root must be prohibited (Software installer)
  • Fixed: MCRYPT extension is being deprecated in PHP 7.1.x and will be removed in PHP 7.2.x (replaced by openssl)
  • Fixed: Missing check on FTP user owner while editing (Ftp user edit form – Security flaw)
  • Fixed: Missing check on Htuser(s)/Htgroup(s) owner while editing (Protected area form – Security flaw)
  • Fixed: Password hash is not updated on customer password change (Reseller level)
  • Fixed: Reseller cannot edit DocumentRoot of domain aliases (Reseller alias edit form)
  • Fixed: Several layout issues in admin/software_rights.tpl (Software installer)
  • Fixed: Several layout issues in client/software_view.tpl (Software installer)
  • Fixed: Wrong SQL query leading to an exception (Software installer)
  • Removed: decryptBlowfishCbcPassword() function (replaced by \iMSCP\Crypt library)


  • Fixed: Default timezone badly detected – DateTime::TimeZone object isn’t stringifiable


  • Added: 40_apache2_security_headers.pl listener file for Apache2 security headers – https://securityheaders.io
  • Fixed: 10_proftpd_tuning.pl listener file is broken


  • Renamed: Modules::Htusers package to Modules::Htpasswd package


  • Fixed: Don’t load unused data from plugin table (iMSCP_Plugin_Manager)
  • Updated: API version to 1.0.7 (due to changes made in Authentication service class)


  • Fixed: Hide DEBUG messages from the imscp-dpkg-post-invoke.pl script when running APT
  • Fixed: Missing `–debug‘ command line option in several scripts


  • Changed: Usage of AES-256 (Rijndael) algorithm to encrypt data in place of the Blowfish algorithm (see the errata)


  • Fixed: Several issues with ProxyErrorOverride directive. See https://i-mscp.net/index.php/Thread/15502


  • Dropped: Upgrade support for i-MSCP versions older than 1.1.0 (See the errata)


  • #IP-1639 When editing a hosting plan, some PHP INI values are not always those that were set while creation
  • #IP-1640 When editing reseller properties, customers’s PHP INI values are updated with incorrect values (IP-Projects reported)
  • #IP-1665 Allow underscore in CNAME-record
  • #IP-1666 Could not dump domain.tld when two DNS entries have same name
  • #IP-1667 ITK httpd server implementation – Variables not replaced in vhost template
  • #IP-1671 Backup script – literal error in sql query without visible or negative effect
  • #IP-1672 DocumentRoot no longer editable for domains with shared mount point feature enabled
  • #IP-1676 Input mask during installation when confirmation of password is wrong


Eine Übersicht der zu beachtenden Änderungen im Zusammenhang mit diesem Update finden Sie unter: https://github.com/i-MSCP/imscp/blob/1.3.9/docs/1.3.x_errata.md

Gerne stehen wir Ihnen bei Fragen zu der neuen Version oder einem möglichen Update zur Verfügung.