Webmin v1.150 Release Notes
-
- ⚡️ Updated the setup.sh script to use MD5 password encryption by default, on systems where Perl supports it.
- 🛠 Fixed a security hole in the
maketemp.pl
script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Webmin writes to the link filename (CVE bug CAN-2004-0559). - 🔧 When PAM is used for Unix authentication, expired passwords are now detected and the user is prompted to select a new password (if this feature is enabled on the Webmin Configuration module).
- 💻 Make all functions in
ui-lib.pl
themable, allowing themes to have more detailed control over modules that make use of this library. - 🖨 Updated all modules to call
ui_print_header
instead of calling header and printing<hr>
, so that themes can avoid the<hr>
. Also updated the MSC theme to do this.