All Versions
55
Latest Version
Avg Release Cycle
91 days
Latest Release
-

Changelog History
Page 4

  • v1.4.4 Changes

    ๐Ÿ”‹ Features

    • โž• Add nginx user_agent separation to desktop/mobile (e.g. for fastcgi cache)
    • ๐Ÿ”’ Run phpmyadmin folder under www-data user instead of "user" improving security. (@bet0x)
    • โž• Added new template for mod php users to access phpmyadmin

    ๐Ÿ›  Bugfixes

    • โž• Add template for when webmail is disabled allowing to generate SSL.
    • ๐Ÿ›  Fixed PHP bug in /list/log/
    • ๐Ÿ›  Fixed issue with time in /list/services as it was showing as 50 minute1 instead of minutes
    • โž• Add missing back buttons + fix behaviour of back buttons on login page.
    • Set "default" when WEB_TEMPLATE and PROXY_TEMPLATE is missing in user.conf
    • โž• Add BACKEND_TEMPLATE to default package
    • ๐Ÿ›  Fixed possible error occur for v-rebuild-cron-jobs #1943 (thanks @clarkchentw)
    • Restrict access file manager when SSH is enabled for the user (@bet0x)
    • Check for DNS domains when running v-change-sys-ip-nat (@clarkchentw)
    • ๐Ÿ›  Fixed logical error in installer (@clarkchentw)
  • v1.4.3 Changes

    ๐Ÿ”‹ Features

    • Include DMARC record in DNS record list #1836
    • ๐Ÿ‘ Enabled phpMyAdmin Single Sign On support #1460
    • ๐Ÿ‘ Add command to add / delete from API_ALLOWED_IP list (#1904)

    ๐Ÿ›  Bugfixes

    • ๐Ÿ‘Œ Improve the calculated disk size of a new backup estimated by excluding the exclude folders, mail accounts and database in backups (#1616) @Myself5
    • ๐Ÿ‘Œ Improve v-update-firewall / v-stop-firewall to make it self healing (#1892) @myrevery
    • ๐Ÿš€ Update phpMyAdmin version to 1.5.1 (See https://www.phpmyadmin.net/news/2021/6/4/phpmyadmin-511-released/)
    • ๐Ÿ›  Fixed a bug after rebuilding mail with Exim4 and suspended domains (#1886)
    • ๐Ÿ›  Fixed "Allowed IP addresses for API" field with strange behaviour #1866
    • ๐Ÿ›  Fixed an issue where the "Saved confirmation" was not set due to a redirect #1879
    • Increased minimal memory requirements for ClamD / ClamAV. #1840
    • โช Restore of backup did not rebuild the "Forced SSL" and "HSTS" config on new account #1862
    • Keep changes made by /install/upgrade/manual/install_awstats_geopip.sh on update HestiaCP (via Discord)
    • ๐Ÿ”จ Refactor/improve PHP and HTML code @s0t (#1860)
    • ๐Ÿ›  Fixed XSS vulnerability in login page and a few other locations @briansemrau / @numanturle
    • Delete old session after session_regenerate_id() @briansemrau
    • ๐Ÿ‘Œ Improve error message when domain all ready exists on different account.
    • ๐Ÿ›  Fixed an issue where phpmyadmin did not update when Postgresql was available.
    • Webmail clients set to rainloop where not able to create a SSL certificate via LE #1913
    • ๐Ÿ›  Fixed an issue where plugin-hestia-change-pasword did not change the port on v-change-sys-port (Rainloop) #1895
    • ๐Ÿ›  Fixed an issue where HELO message was not set / error was created on NAT IP
  • v1.4.2 Changes

    • NOTE: During the 1.4.1 / 1.4.0 release we have introduced a bug for Ubuntu 20.04 and 18.04 users with multiple network ports on the server. This release will solve the problems caused by this bug! If you are unable to download the Hestia packages via apt. Run the following command via CLI or SSH as root
        iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    

    โšก๏ธ Then run the update via

        apt update && apt upgrade
    

    ๐Ÿ›  Bugfixes

    • ๐Ÿ›  Fixed issue wit startup script for iptables / network (#1849) (@myrevery)
    • ๐Ÿ›  Fixed problem with accidentally replacing nginx.conf during upgrade nginx (#1878 / @myrevery)
    • ๐Ÿ›  Fixed issue with installing Ubuntu 18.04
    • ๐Ÿ›  Fixed issue with login into file manger as admin user
    • โž• Added proxy_extentions back to support older custom templates
    • โž• Added the possibility to skip the forced reboot when interactive is set to no
    • ๐Ÿ›  Fixed an issue with modx template
    • โšก๏ธ Updated translations (Croatian, Czech and Italian)
    • ๐Ÿ‘‰ Fixed an issue where users where not able to save / update web domains when POLICY_USER_EDIT_WEB_TEMPLATES is enabled (#1872)
    • ๐Ÿ›  Fixed an issue where admin users where not able to add new ssh key for users (#1870)
    • ๐Ÿ›  Fixed an issue where domain.com was not affected as a valid domain (#1874)
    • ๐Ÿ›  Fixed an issue where "development" icon was not removed on update to release (#1835)
  • v1.4.1 Changes

    • ๐Ÿ›  Fixed bug with 2FA enabled logins
  • v1.4.0 Changes

    • NOTE: Ubuntu 16.04 (Xenial) is no longer supported as it has reached EOL (end-of-life) status.
    • NOTE: Apache in "standalone" mode is no longer actively supported and has been removed from installer options. Nginx (Proxy) + Apache2 will remain supported.
    • NOTE: Custom "quick installer apps" will not work anymore due to changes in how we handle quick installer apps. Minimal changes to the Quick installer apps are required! Please check https://github.com/hestiacp/hestia-quick-install for how to migrate!
    • NOTE: Manual upgrade scripts are available to update Roundcube, Rainloop and PHPmyadmin to the last version they can be found in /usr/local/hestia/install/upgrade/manual/

    ๐Ÿ”‹ Features

    • ๐Ÿ‘ Introduced support for NGINX FastCGI cache.
    • ๐Ÿ‘ Introduced support for SMTP Relay / smarthosts (server-wide or per-domain).
    • Introduced the ability to choose which webmail client to use per-domain (Roundcube or Rainloop).
    • โž• Added support for Rainloop (Run v-add-sys-rainloop to install it)
    • Added B2 Backup Support for Remote Backup Location - thanks @rez0n!
    • Added template support for osTicket - thanks @madito!
    • ๐Ÿ“ฆ Packages for phpMyAdmin, Roundcube, and Rainloop will be pulled directly from their upstream source instead of APT for new installations.
    • โž• Added DNS records view to mail domains which provides DKIM, SPF, and other entries to use with an external provider.
    • โž• Added an upgrade script to provide in-place upgrades to php7.4 (or any other version).
    • โž• Added Drupal and Nextcloud quick installer support (Removed placeholder Joomla)
    • โž• Added a new optional theme "Vestia"
    • โž• Added a switch to disable the API and also limit the api by default to 127.0.0.1 only. For current installs added the option "allow-all" on default
    • After first reboot of Hestia will try do 1 attempt to request / generate a valid Lets encrypt certificate
    • ๐Ÿ”’ Introduced multiple new security policies via WebUI.
      • Allow users to edit Web / Proxy / DNS / Backend templates
      • Allow users to edit account details
      • Allow suspended users to login with "read-only" access
      • Allow users view / delete user history
      • Enforce sub domain ownership
      • Limit access to admin account when other users have the role "Administrator" assigned to them.
    • Disable user to login via WebUI / Limit access to WebUI to certain IP address per user.
    • Discourage websites to be created under "admin" account and redirect users to create new users.
    • โž• Added support for redirecting to www / non www domains (or custom) #427 / #1638.
    • ๐Ÿ‘ Allow users to see failed login attempts on there account.
    • ๐Ÿ“ฆ Introduced support for ARM based systems. Currently the packages are not available via ATP!
    • ๐Ÿ‘ฎ Force reboot of system after install

    ๐Ÿ›  Bugfixes

    • ๐Ÿ›  Fixed an issue where user name was duplicated when editing FTP users. (#1411)
    • ๐Ÿ›  Fixed an issue where the iptables service would appear to be in a stopped state when fail2ban is stopped. (#1374)
    • ๐Ÿ›  Fixed an issue where the default language value was incorrectly set under Server Settings > Configure.
    • ๐Ÿ›  Fixed an issue with the dark theme where available updates were incorrectly displayed.
    • ๐Ÿ›  Fixed an issue where local and FTP backup files were not deleted when running v-delete-user-backup. (#1421)
    • ๐Ÿ›  Fixed an issue where IP addresses could not be deleted. (#1423)
    • ๐Ÿ›  Fixed an issue where v-rebuild-user would incorrectly rebuild domain items in addition to user account configuration.
    • ๐Ÿ›  Fixed an issue which caused a web domain's custom document root value to be lost when restoring from backup.
    • Fixed an issue which caused a NSPOSIXErrorDomain:100 error when using Safari/iOS (thanks @stsimb).
    • ๐Ÿ›  Fixed an issue where exim ignored the configured mail quota limit.
    • ๐Ÿ›  Fixed an issue where invalid character validation was performed when editing mail auto replies.
    • Fixed an issue which caused Let's Encrypt to fail when using the Moodle template (thanks @ArturoBlanco).
    • โฑ Fixed an issue where the MySQL wait_timeout value was not saved due to wrong regexp attribute (thanks @guicapanema).
    • ๐Ÿ›  Fixed an issue where nginx web statistics authorization file was placed in the wrong directory.
    • ๐Ÿ›  Fixed several small issues that were reported when using PostgreSQL.
    • ๐Ÿ‘Œ Improved reliability of mail domains and webmail clients.
    • ๐Ÿ‘Œ Improved reliability of service restarts during upgrades.
    • ๐Ÿ‘Œ Improved compatibility with Blesta / WHMCS plugins.
    • Improved API error handling routines - thanks @danielalexis!
    • ๐Ÿ‘Œ Improved backup performance through the use of multi-threading when creating archives using the zstd compression type.
    • ๐Ÿ‘Œ Improved error handling when creating firewall rules.
    • ๐Ÿ‘Œ Improved handling of suspended users and domains to allow deletion without unsuspension.
    • ๐Ÿ‘Œ Improved dependencies over package control to install lsb-release and zstd.
    • Improved SFTP connection handling to be case insensitive (thanks @lazzurs).
    • Improved domain validation to prevent creating subdomains when the top-level domain belongs to another account (thanks @KuJoe and @sickcodes).
    • ๐Ÿ‘Œ Improved IDN domain handling to resolve issues with Let's Encrypt SSL and mail domain services.
    • โž• Added private folder to openbasedir permissions for all main templates.
    • โช Disabled changing backup folder via Web UI because it used symbolic link instead of mount causing issues with restore mail / user files.
    • Fixed XSS vulnerability in v-add-sys-ip and user history log (thanks @numanturle).
    • Fixed remote code execution vulnerability which could occur when deleting SSH keys (thanks @numanturle).
    • Fixed vulnerability in v-update-sys-hestia (thanks @numanturle)
    • โšก๏ธ Disabled the Update via WebUI due to timeout issues. Please update via apt update && apt upgrade in command line instead.
    • ๐Ÿ‘Œ Improve how Quick install of web apps are handled and allow users added apps to be maintained in list view.
    • ๐Ÿ›  Fixed an issue where the api was enabled after an update of HestiaCP
    • ๐Ÿ›  Fixed an issue when the default php version got deleted webmail didn't work any more. #1477
    • Limit access when "demo" mode is enabled.
    • ๐Ÿ›  Fixed an issue where limitations on aliases didn't work propperly
    • ๐Ÿ›  Fixed an issue where "Exit to control pannel" link got changed to "Logout" #1669
    • ๐Ÿ‘ Allow packages to be deleted when in use. Current users are changed to "Default" package.
    • ๐Ÿ›  Fixed multiple bugs with in v-restore-users
    • Redesign statics page
    • ๐Ÿ‘ Allow self signed certificates to be created with aliases.
    • ๐Ÿ›  Fixed issue where mail accounts where sorting incorrectly by size #1687
    • ๐Ÿ‘Œ Improve results v-search-command #1703
    • ๐Ÿ”€ Merge Codeiginiter / Drupal templates.
    • ๐Ÿ”’ Prepare template for FastCGI support an improve security by allowing only .well-known for Let's encrypt requests
    • โšก๏ธ Update Cloudflare Ips in nginx.conf
    • ๐Ÿ›  Fixed an issue where emails where send to nobody when connection failed to database #1765
    • ๐Ÿ›  Fixed an issue where no notifications where send on failure and save local backup if remote backup failed.
    • ๐Ÿ›  Fixed an issue where domains containing 2 dots in the top level domain could accidentally got removed #1763
    • ๐Ÿ›  Fixed an issue where www could be created and after delete webmail doesn't work anymore #1746
    • โฌ†๏ธ Standardize headers for upgrade scripts
    • ๐Ÿ‘Œ Improved how we handle custom themes
    • ๐Ÿ”จ Refactored HMTL / PHP code WebUI
    • โšก๏ธ Updated ClamAV configuration
    • ๐Ÿ›  Fixed issue where file manger key got the wrong permissions
    • โšก๏ธ Update version Laveral @mariojgt
  • v1.3.5 Changes

    ๐Ÿ”‹ Features

    • ๐Ÿš€ No new features have been introduced in this release.

    ๐Ÿ›  Bugfixes

  • v1.3.4 Changes

    ๐Ÿ”‹ Features

    • ๐Ÿš€ No new features have been introduced in this release.

    ๐Ÿ›  Bugfixes

    • Fixed xss vulnerability in v-add-sys-ip and user history log (thanks @numanturle)
    • Fixed remote execution possibility when deleting ssh key (thanks @numanturle)
  • v1.3.3 Changes

    ๐Ÿ›  Bugfixes

    • ๐Ÿ‘Œ Improved if web folder already exists and do not follow symlink on chmod (thanks @0xGsch and @kikoas1995).
    • ๐Ÿ‘Œ Improved api key authentification to prevent brute force attacks.
    • ๐Ÿ‘Œ Improved ssh keys folder permission to prevent unauthorized access.
  • v1.3.2 Changes

    ๐Ÿ”‹ Features

    • โž• Added PHP v8.0 support for multiphp environment.

    ๐Ÿ›  Bugfixes

    • ๐Ÿ‘Œ Improved session token handling in login as function, thanks to Vulnerability Laboratory - [Evolution Security GmbH]โ„ข.
    • ๐Ÿ›  Fixed an where fpm pool config was not deleted when changing backend template.
    • ๐Ÿ‘Œ Improved bats testing with multiphp (5.6-8.0) tests.
    • ๐Ÿ›  Fixed an issue where full webmail path was loaded as default value.
  • v1.3.1 Changes

    ๐Ÿ”‹ Features

    • ๐Ÿš€ No new features have been introduced in this release.

    ๐Ÿ›  Bugfixes

    • ๐Ÿ›  Fixed an issue where updates for hestia-php were incorrectly being marked as out-of-date in the UI due to a change in our servicing and package versioning scheme.
    • ๐Ÿ›  Fixed an issue that occured on the Updates page where the table row color of available updates would be difficult to read.
    • ๐Ÿ›  Fixed an issue where an administrator would get stuck in a loop trying to navigate back after adding a SSH key.
    • ๐Ÿ›  Fixed an issue where long table entries which exceeded the table length would overlap other UI elements.
    • ๐Ÿ›  Fixed an issue where the total amount of items on a page would fail to display correctly.
    • ๐Ÿ‘Œ Improved the accuracy and reliability of tooltips throughout the the Control Panel UI:
      • Removed unnecessary tooltips from buttons and other elements.
      • Fixed incorrect tags which prevented tooltips from being displayed.
      • Introduced tooltips to counter items on the Users, Packages, and Statistics pages to help better distinguish statistics.
    • Improved the display of items, quotas, and suspended items in the Control Panel navigation header - thanks @cmstew!
    • ๐Ÿ›  Fixed an issue which caused higher than normal CPU usage during an upgrade due to a duplicate condition in the rebuild process.
    • ๐Ÿ›  Fixed minor spelling inconsistencies in command line script comments and output text.
    • ๐Ÿ›  Fixed an issue where old configuration files were not cleaned up when moving domains with v-change-domain-owner.
    • ๐Ÿ›  Fixed an issue where a no backend template doesn't exist could potentially would appear after upgrade with older templates (#1322).
    • Introduced caching templates for nginx + php-fpm configurations - thanks @cmstew!
    • Fixed an issue where DNS cluster updates could fail due to the format of a DKIM record in an available zone - thanks @jrohde!
    • Improved the quality of comment formatting in command line scripts - thanks @bisubus!
    • Fixed an issue where the logo was not displayed in the File Manager - thanks @robothemes!
    • ๐Ÿ›  Fixed an issue in the Control Panel UI which caused databases and additional FTP accounts to be named incorrectly if manually prefaced with the username.
    • ๐Ÿ›  Fixed an issue where custom document roots were not saved correctly.
    • ๐Ÿ‘Œ Improved the visibility of service availability in the Control Panel UI.
    • ๐Ÿ›  Fixed an issue which let you unsuspend a cronjob on active demo mode.
    • โšก๏ธ Updated DE, EN, ES, KO, NL and TR languages, thanks to @Wibol, Blackjack, @emrahkayihan, areo and @hahagu!
    • ๐Ÿ›  Fixed an issue which let the auto compiler fail with local src builds.
    • โž• Added turkish language to system installers, thanks to @emrahkayihan!
    • ๐Ÿ›  Fixed incorrect error message when using unknown domain with v-delete-domain.