Eine neue I-MSCP Version wurde released. Die für uns dabei wichtigsten Änderungen ist die Erweiterung der Apache Files um die Dual Stack Funktionalitäten. Diese ermöglichen zukünftig den Betrieb von IPv6 parallel zu IPv4 für alle Webseiten. Sobald wir die neue Version umfangreich getestet haben, werden wir unsere Webserver aktualisieren und die Webseiten auf Dual Stack konfigurieren so dass alle Kundendomains per IPv6 und IPv4 erreichbar sind.
Fortfolgende weitere Änderungen und Fixes bringt die neue I-MSCP Version mit sich:
Vor dem Update unbedingt – https://github.com/i-MSCP/imscp/blob/1.4.0/docs/1.4.x_errata.md – lesen.
ARPL
- Fixed: ARPL is failing due to unexpected encoding
- Removed: imscp-arpl-msgr log directory (ARPL error logs goes now into /var/log/mail.log)
BACKEND
- Added: isRoutableAddr() method to check whether a given IP address is world-routable (iMSCP::Net)
- Added: Support for prefix length (iMSCP::Net::addAddr())
- Changed: Event logging is now done on a per module basis – see the errata file for further details
- Changed: Listener files from deprecated /etc/imscp/hooks.d directory are now ignored (iMSCP::EventManager)
- Fixed: Couldn’t add IP address without label (iMSCP::Net::addAddr())
- Fixed: Couldn’t set user/group on dangling symlinks (iMSCP::Rights::setRights())
- Fixed: Don’t change permissions on symlink targets (iMSCP::File & MSCP::Rights)
- Fixed: Don’t connect to SQL server when that is not needed (iMSCP::Database::mysql)
- Fixed: Error `net.ipv6.conf.eth0:0.autoconf is an unknown key‘ (iMSCP::Provider::NetworkInterface::Debian)
- Fixed: Force addition of `CREATE DATABASE‘ statement in SQL dumps, even for empty databases
- Fixed: Make sure that ownership is fixed recursively when restoring a Web backup
- Fixed: Restore database using temporary SQL user in place of customer SQL user (Modules::Domain)
- Fixed: Several encoding issues (regression fix)
- Fixed: Usage of lchown(2) system call to avoid dereference of symlinks (iMSCP::Rights::setRights())
- Review: Read line by line to avoid opening in-memory file in STDOUT|STDERR routines (iMSCP::Execute::executeNoWait())
- Fixed: Read mount entries from /proc/self/mounts file to cover case where /etc/mtab is not a symlink (iMSCP::Mount)
CONFIG
- Changed: Usage of Courier authdaemon as password verifier (Cyrus SASL) – see the errata file for further details
- Merged: domain_redirect.tpl, domain_redirect_ssl.tpl and domain_ssl.tpl templates in domain.tpl template (Apache2)
- Merged: domain_disabled_ssl.tpl template in domain_disabled.tpl template (Apache2)
- Removed: domain_ssl.tpl, domain_redirect.tpl, domain_redirect_ssl.tpl and domain_disabled_ssl template files (Apache2)
- Updated: Courier configuration for use of new password scheme (SHA512-CRYPT)
- Updated: Cyrus SALS configuration for use of new password scheme (SHA512-CRYPT)
- Updated: Dovecot configuration for use of new password scheme (SHA512-CRYPT)
SCRIPTS
- Added: Support for IPv6 traffic data (imscp-srv-traff)
- Fixed: Missing iptables chains/rules for IPv6 traffic logging (imscp-net-traffic-logger)
DAEMON
- Fixed: Default Makefile target must not involves the `clean‘ target
DATABASE
- Removed: `ftp_users.rawpasswd‘ column (i-MSCP database)
- Removed: `sql_user.sqlu_pass‘ column (i-MSCP database)
- Updated: `server_ips.ip_number` column length (i-MSCP database)
DISTRIBUTIONS
- Added: MariaDB 10.1 for Ubuntu Xenial Xerus
- Added: Percona SQL Server (5.5, 5.6, 5.7) for Ubuntu Xenial Xerus
- Added: PHP 5.6, 7.0, 7.1 alternatives for Debian Jessie/Stretch through Ondřej Surý repository
- Added: PHP 5.6, 7.0, 7.1 alternatives for Ubuntu Trusty/Xenial through Ondřej Surý PPA
- Dropped: Support for Debian Wheezy – Many softwares and library are really too old
- Dropped: Support for PHP versions that are considered EOL by upstream PHP team (Ubuntu/Debian)
- Dropped: Support for Ubuntu Precise Pangolin (12.04) – Will be EOL on April 2017
- Updated: Debian Stretch packages file according last state of repository (full freeze since 20170205)
DOCUMENTATION
- Added: CGI script sample for Perl, Python and Ruby
FRONTEND
- Added: Function for overriding of native JS alert() function
- Added: jQuery.imscp.confirm() and jQuery.imscp.confirmOnclick() global jQuery functions for confirmation dialogs
- Added: Method to get IP address version (iMSCP::Net)
- Added: Method to get IP prefix length (iMSCP::Net)
- Added: Methods to compress/expand IPv6 addresses (iMSCP::Net)
- Changed: Defer loading of NIC and IP data (iMSCP::Net)
- Changed: Restricts character range for password generator to ASCII alphabet characters and numbers
- Fixed: {CUSTOMER} template variable is not replaced in reseller alias order email notification
- Fixed: Administrators cannot switch onto reseller/customer interface when database update is available
- Fixed: Don’t list software that require database for customers that have not SQL feature enabled
- Fixed: `iMSCP_Exception_Production‘ class not compatible with PHP >= 7.0
- Fixed: Infobox for new alias orders must be static (reseller/index.php)
- Fixed: IP address input field is too small (admin/ip_manage.php)
- Fixed: Store compressed IPv6 (ip_manage.php)
- Fixed: Try to guess the prefix length whenever possible (ip_manage.php)
- Fixed: Usage of non-numeric values (iMSCP_pTemplate)
- Fixed: When IP address is pasted, netmask input field is not updated (admin/ip_manage.php)
- Removed: PhpMyAdmin auto-login feature (password for SQL database are no longer stored plaintext in database)
- Removed: Pydio auto-login feature (password for FTP users are no longer stored plaintext in database)
- Review: Increased value for the PHP `post_max_size‘ and `upload_max_filesize‘ directives
INSTALLER
- Fixed: APT GPG keys not updated when required
- Fixed: Missing `mysql‘ group; the `mysql‘ group is only created by the mysql-server package (SQL remote server impl.)
- Fixed: Patch for Apache 2 mod_proxy_fcgi module not required if Apache version is >= 2.4.24
- Fixed: Patches for libpam-mysql not required if libpam-mysql version is >= 0.8.0
- Fixed: Several files containing critical data are created world-readable, giving time to other processes to read them
- Fixed: `W: Download is performed unsandboxed as root as file…‘ warning with newest APT versions
- Moved: Distribution package files from ./docs directory to ./autoinstaller/Packages directory
- Review: Forbid usage of `debian-sys-maint‘ SQL user
- Updated: ./docs/preseed.pl preseeding template file
LISTENERS
- Added: 10_postfix_transport_table.pl listener file (Allows to add entries in Postfix transport(5) table)
- Fixed: Default hostname must be overridden to prevent hostname mismatches (10_roundcube_tls.pl)
- Updated: 10_apache2_dualstack.pl listener file for i-MSCP Serie 1.4.x
- Updated: 20_apache2_serveralias_override.pl. listener file for i-MSCP Serie 1.4.x
- Updated: 30_apache2_tools_proxy.pl listener file for i-MSCP Serie 1.4.x
- Updated: 40_apache2_security_headers.pl. listener for i-MSCP Serie 1.4.x
- Updated: 50_dovecot_plaintext.pl listener file according for i-MSCP Serie 1.4.x
PACKAGES
- Added: `beforeUpdateRoundCubeMailHostEntries‘ event listener (RoundCube package installer)
- Fixed: Apache2 needs to be reloaded on password update (AWStats)
- Fixed: AWStats interface is not reachable for redirected or proxied sites (AWStats)
- Fixed: Couldn’t access symlinked icons (AWStats)
- Fixed: Password not updated on customer password recovery (AWStats)
PLUGINS
- Updated: API version to 1.4.0
SERVERS
- Added: LAN IP address in virtualhost for local access (Servers::ftpd::proftpd::installer)
- Added: Support for Python and Ruby CGI scripts (Httpd server impl.)
- Added: `/.well-known‘ directory to site skeletons (Httpd server impl.)
- Changed: Usage of mpm_event in place of mpm_worker (PHP-FPM httpd server impl.)
- Dropped: Compatibility for Apache2 < 2.4.x (Httpd server impl.)
- Fixed: Any site must have a document root, even when redirected or proxied (Httpd server impl.)
- Fixed: apache2: Could not reliably determine the server’s fully qualified domain name, using ::1 for ServerName
- Fixed: Cleanup and disable unused PHP SAPIs
- Fixed: Even when a site is redirected or proxied, its Web folder must be created (Httpd server impl.)
- Fixed: Forward Secrecy not supported with reference browsers (Apache2)
- Fixed: Make sure that PHP Apache2 SAPI is disabled when needed (httpd server impl.)
- Fixed: Possible `NameVirtualHost <ip>:<port> has no VirtualHosts‘ warning (Apache2)
- Fixed: Possible `nginx: [emerg] bind() to <ip>:<port> failed (98: Address already in use)‘ error
- Fixed: POSTCONF(1) is being slow when called multiple-times, slowing down i-MSCP installer (Postfix server impl.)
- Fixed: Set HSTS `max-age‘ value to zero when HSTS is disabled (See RFC 6797)
- Fixed: The `/.well-known‘ directory is not reacheable when a site is redirected or proxied (httpd server impl.)
- Fixed: Wrong events triggered (Servers::mta::postfix)
- Fixed: Wrong permissions set on Courier Authdaemon socket dir, making maildrop MDA unable to connect
- Fixed: Wrong permissions set on Dovecot configuration files
SERVICES
- Added: Upstart job override files for PHP-FPM 5.6, 7.0 and 7.1 (reload with SIGUSR2)
- Added: –nodaemonize option in imscp_panel Upstart job configuration file
- Added: systemd-tmpfiles for creation of the /run/imscp directory
- Changed: run directory for imscp_panel service (/var/run to /run/imscp)
- Changed: run directory for PHP-FPM (/var/run to /run/php)
- Fixed: Make sure that the /run/imscp directory is created by imscp_panel.conf Upstart job configuration file
- Fixed: Make sure that the /run/imscp directory is created by imscp_panel sysvinit script
- Fixed: The imscp_mountall service must be started as late as possible on server boot
- Removed: imscp_panel_checkconf as FPM often ends with zend_mm_heap corrupted, preventing service to be (re)started
YOUTRACK
- #IP-0826 Any password should be encrypted
- #IP-1383 Security – Remove auto-login feature to remove plaintext passwords
- #IP-1686 Fields beginning or ending with braced tags are corrupted by the clean_input function.
- #IP-1688 /etc/postfix/domains.db entry not added if mail value was changed from -1 (disabled) to enabled (0 or a value)
- #IP-1689 Password reset conflict with PanelRedirect
- #IP-1694 Administrator: Order / Filter by Reseller
- #IP-1700 The /etc/mtab file get overwritten by the /etc/init.d/vzquota sysvinit script (Strato vServer) on reboot
Legend
- New features or minor changes/bugfixes
- Changes that can affect 3rd-party components (plugins, listener files…)
- Major changes or important bugfixes