Release notes for HestiaCP v1.4.0

Release date: May 26 2021

Warning

  • NOTE: Ubuntu 16.04 (Xenial) is no longer supported as it has reached EOL (end-of-life) status.
  • NOTE: Apache in "standalone" mode is no longer actively supported and has been removed from installer options. Nginx (Proxy) + - Apache2 will remain supported.
  • NOTE: Custom "quick installer apps" will not work anymore due to changes in how we handle quick installer apps. Minimal changes to the Quick installer apps are required! Please check https://github.com/hestiacp/hestia-quick-install for how to migrate!
  • NOTE: Manual upgrade scripts are available to update Roundcube, Rainloop and PHPmyadmin to the last version they can be found in /usr/local/hestia/install/upgrade/manual/

Features

  • Introduced support for NGINX FastCGI cache.
  • Introduced support for SMTP Relay / smarthosts (server-wide or per-domain).
  • Introduced the ability to choose which webmail client to use per-domain (Roundcube or Rainloop).
  • Added support for Rainloop (Run v-add-sys-rainloop to install it)
  • Added B2 Backup Support for Remote Backup Location - thanks @rez0n!
  • Added template support for osTicket - thanks @madito!
  • Packages for phpMyAdmin, Roundcube, and Rainloop will be pulled directly from their upstream source instead of APT for new installations.
  • Added DNS records view to mail domains which provides DKIM, SPF, and other entries to use with an external provider.
  • Added an upgrade script to provide in-place upgrades to php7.4 (or any other version).
  • Added Drupal and Nextcloud quick installer support (Removed placeholder Joomla)
  • Added a new optional theme "Vestia"
  • Added a switch to disable the API and also limit the api by default to 127.0.0.1 only. For current installs added the option "allow-all" on default
  • After first reboot of Hestia will try do 1 attempt to request / generate a valid Lets encrypt certificate
  • Introduced multiple new security policies via WebUI.
  • Allow users to edit Web / Proxy / DNS / Backend templates
  • Allow users to edit account details
  • Allow suspended users to login with "read-only" access
  • Allow users view / delete user history
  • Enforce sub domain ownership
  • Limit access to admin account when other users have the role "Administrator" assigned to them.
  • Disable user to login via WebUI / Limit access to WebUI to certain IP address per user.
  • Discourage websites to be created under "admin" account and redirect users to create new users.
  • Added support for redirecting to www / non www domains (or custom) #427 / #1638.
  • Allow users to see failed login attempts on there account.
  • Introduced support for ARM based systems. Currently the packages are not available via ATP!
  • Force reboot of system after install

Bugfixes

  • Fixed an issue where user name was duplicated when editing FTP users. (#1411)
  • Fixed an issue where the iptables service would appear to be in a stopped state when fail2ban is stopped. (#1374)
  • Fixed an issue where the default language value was incorrectly set under Server Settings > Configure.
  • Fixed an issue with the dark theme where available updates were incorrectly displayed.
  • Fixed an issue where local and FTP backup files were not deleted when running v-delete-user-backup. (#1421)
  • Fixed an issue where IP addresses could not be deleted. (#1423)
  • Fixed an issue where v-rebuild-user would incorrectly rebuild domain items in addition to user account configuration.
  • Fixed an issue which caused a web domain's custom document root value to be lost when restoring from backup.
  • Fixed an issue which caused a NSPOSIXErrorDomain:100 error when using Safari/iOS (thanks @stsimb).
  • Fixed an issue where exim ignored the configured mail quota limit.
  • Fixed an issue where invalid character validation was performed when editing mail auto replies.
  • Fixed an issue which caused Let's Encrypt to fail when using the Moodle template (thanks @ArturoBlanco).
  • Fixed an issue where the MySQL wait_timeout value was not saved due to wrong regexp attribute (thanks @guicapanema).
  • Fixed an issue where nginx web statistics authorization file was placed in the wrong directory.
  • Fixed several small issues that were reported when using PostgreSQL.
  • Improved reliability of mail domains and webmail clients.
  • Improved reliability of service restarts during upgrades.
  • Improved compatibility with Blesta / WHMCS plugins.
  • Improved API error handling routines - thanks @danielalexis!
  • Improved backup performance through the use of multi-threading when creating archives using the zstd compression type.
  • Improved error handling when creating firewall rules.
  • Improved handling of suspended users and domains to allow deletion without unsuspension.
  • Improved dependencies over package control to install lsb-release and zstd.
  • Improved SFTP connection handling to be case insensitive (thanks @lazzurs).
  • Improved domain validation to prevent creating subdomains when the top-level domain belongs to another account (thanks @KuJoe and @sickcodes).
  • Improved IDN domain handling to resolve issues with Let's Encrypt SSL and mail domain services.
  • Added private folder to openbasedir permissions for all main templates.
  • Disabled changing backup folder via Web UI because it used symbolic link instead of mount causing issues with restore mail / user files.
  • Fixed XSS vulnerability in v-add-sys-ip and user history log (thanks @numanturle).
  • Fixed remote code execution vulnerability which could occur when deleting SSH keys (thanks @numanturle).
  • Fixed vulnerability in v-update-sys-hestia (thanks @numanturle)
  • Disabled the Update via WebUI due to timeout issues. Please update via apt update && apt upgrade in command line instead.
  • Improve how Quick install of web apps are handled and allow users added apps to be maintained in list view.
  • Fixed an issue where the api was enabled after an update of HestiaCP
  • Fixed an issue when the default php version got deleted webmail didn't work any more. #1477
  • Limit access when "demo" mode is enabled.
  • Fixed an issue where limitations on aliases didn't work propperly
  • Fixed an issue where "Exit to control pannel" link got changed to "Logout" #1669
  • Allow packages to be deleted when in use. Current users are changed to "Default" package.
  • Fixed multiple bugs with in v-restore-users
  • Redesign statics page
  • Allow self signed certificates to be created with aliases.
  • Fixed issue where mail accounts where sorting incorrectly by size #1687
  • Improve results v-search-command #1703
  • Merge Codeiginiter / Drupal templates.
  • Prepare template for FastCGI support an improve security by allowing only .well-known for Let's encrypt requests
  • Update Cloudflare Ips in nginx.conf
  • Fixed an issue where emails where send to nobody when connection failed to database #1765
  • Fixed an issue where no notifications where send on failure and save local backup if remote backup failed.
  • Fixed an issue where domains containing 2 dots in the top level domain could accidentally got removed #1763
  • Fixed an issue where www could be created and after delete webmail doesn't work anymore #1746
  • Standardize headers for upgrade scripts
  • Improved how we handle custom themes
  • Refactored HTML / PHP code WebUI
  • Updated ClamAV configuration
  • Fixed issue where file manger key got the wrong permissions
  • Update version Laveral @mariojgt