v2.1.2 Stable - Security Release

Dated: 21st October 2021

This version does not introduce many front-end features. However we got audited by rack911labs and we did many changes to improve the security and make CyberPanel best, free and most secure control panel.

Features

• Ability to design CyberPanel user front-end design manager.
• Re-arrange some menu items
• Add option to switch to master again
• add bubblewrap default command
• Added translation tag for some elements
• Add table for dashboad css
• Load custom css
• More verbose logs
• Add logging
• Fix architecture detection
• Add vhost level cache root for openlitespeed
• Add further detect for rocky
• Zero ssl account registration

Bug fixes:

• Add Litespeed/OLS admin port to default allowed
• PHPMyAdmin autologin upon document ready
• Elastic search install
• Updated restic installer for Centos7/8
• cPanel importer set default php if the inherit php is not set
• Fix a bug in mailwatch sql file
• Email configs reset
• Email debugger
• Incremental backups
• Incremental backups delete
• Remove backup and meta directories from incremental backups
• Remove mount tmp
• Bring back mount tmp
• Some design issues
• Mail reset ubuntu 20
• Email reset fix for ubuntu 18
• Remove comodo rules packs
• Fix enable/disable for updated rules files
• Added support for LiteSpeed Ent for OWASP and updated the rules, ref
• Host selection in remote host;
• Fixed a bug that cause restore fail if 1 user have access to more the
• Bug fix in backup creation of complete website
• Resolve bug in modsec rules
• Watchdog updated to include Dovecot, Postfix, PowerDNS, and Pure-FTPd
• Fixed watchdog PowerDNS service name.
• Refactored watchdog to be easier to add additional services.
• Security fix: CP-10: Admin Websites Suspend / Unsuspend
• Security fix: CP-11: Admin Packages Delete Package
• Security fix: CP-12: CP-12: Admin Packages Modify Package
• Security fix: CP-13: Admin Back Up Create Back Up
• Security fix in backups
• Security fix: CP-13: Admin Back Up Create Back Up
• CP-14: Admin Back Up Create Back Up
• CP-16: Admin Back Up Start Transfer
• Security fix: CP-17: Admin – Security – CSF
• Security fix: CP-18: Users – Create New User
• Avoid possible removal of directories
• Security fix: CP-21: Websites – Create Website
• Security fix: CP-22: Websites – Modify Website
• Security fix: CP-24: Manage Website – Domain Alias (Delete)
• Security fix: CP-26: Manage Website – File Manager – Upload
• Security: Prevent leaking load average data
• Security: PyYAML dependency update
• Security: Multiple CVE dependency update
• Dependency fix
•  Install
• Securify fix: CP-29: Manage Website – SMTP Hosts – Verify
• Securityfix: CP-30: Manage Website – Compose
• Security fix: CP-33: Manage Website – Git
• Security fix: CP-36: DNS – Add / Delete Records
• Bug fix: cron jobs
• Fix in backup creation
• Update some permissions
• Wp staging
• Custom ssl save
• Deploy staging to production
• Create wp staging
• Security fix: CP-19: Websites – Create Website
• Fetch status
• File manager
• Dkim manager
• Bug fix: CP-17
• CP-19: Additional Domains to Block
• CP-21: Additional Security
• Fix wp staging
• Continue backups if website is deleted from main CP
• Postfix disable VRFY
• Simplify getPHPString() & update php version for mail domain
• Update issue templates
• During website creation
• Follow PEP 8 style guide

 

v2.1.1 Stable

Dated: 15th April 2021

Features

• Joomla installer: auto-install with LS cache
• Codemirror added to file manager (multiple language support )
• Allow users to manage SSH keys
• Initiate cloudbackup ( via CyberPanel Cloud ), Cloud backups to AWS, Restore s3 backups
• Add PHP 8.0
• WP deploy ( via Cloud )
• WP manager ( Cloud )
• Proprietary High Availability
• Add search and ordering to dropdowns
• Re-renders for all UI elements
• DigitalOcean remote DB support
• NEW installer script
• NEW upgrade script
• Enforce disk limits via packages.
• Support for multiple database users in backups

Bug Fixes

• Bug fix in backup up websites restored via cPanel importer
• Bug fix for setting up remote access to databases.
• Fixing Mautic Installer link and title.
• Redis installation on Centos 8
• Restart backup if killed prematurely, bypass the stuck domain
• Remove systemd-resolvd on CentOS 8
• Postfix files during upgrade
• Remove default modsec rules in LSWS config
• Cloudlinux Reseller
• Imunify360 access URL
• Disk/bandwidth usage to calculate every 12 hour
• Sub folder WP installations
• Add website owner email for vhost SSL config
• Centralize ACL control
•  Cater remote DB during staging deployment
•  Database deletion
• Child domain deletion including directories 
• Major bug fixes in cPanel importer to find all paths for domains

Updates

• Install process refactorization 
• Local scheduled backups refactorization, tables for new backup schedules
• Remote backups on SFTP refactored
• Rainloop admin password randomization
• Install wordpress, joomla via CLI
• Pip packs installation
• venv version
• Refactor: install code for dovecot/postfix on ubuntu20
• Improvement: cron interface
• Default PHP CLI to php74

---

v2.0.3 Stable

Dated: 20 Sep 2020

Features

• Add/delete firewall rule via API
• Upgrade MariaDB to 10.5
• Trash folder
• PHPMyAdmin autologin
• 2FA support
• Allow CyberPanel port change
• ImunifyAV
• Elasticsearch
• Redis deamon one-click install/remove
• Mautic auto installer

Bug Fixes

• Initiate starttls if port 587
• Refresh license button ( Cyberpanel Ent )
• Fix permissions after move
• Improve size for SMTP host
• Remove leftover if backup failed
• Fix duplicate user issue that fallback to root
• Avoid creating duplicate mail records
• Remote restore of incremental backups
• Change password when remote access enabled
• Docker install on centOS 8
• Amazon RDS
• OLS/LS restart on htaccess change
• Restart postfix/dovecot on SSL renew
• restic fix

Updates

• Watchdog improvement
• Add restart on edit PHP config
• Update cyberpanel_utility.sh
• Enable pluginInstaller to run migrations
• Magento 2.4 installation process
• DNS Edit
• Update access-logparser.py
• Update fixperms.sh

v2.0.2 Stable

Dated: 22 July 2020

Features

• Google Drive backup
• Remote MySQL for whole CyberPanel
• Remote access for local databases
• Packages in API
• Bangla language
• Remote MySQL during WordPress installer

Bug Fixes

• Email marketing tool
• Mailscanner
• MySQL Server during backup
• Wrong status during backup
• Redis missing on Ubuntu 20
• Memcached extention on Ubuntu 20
• Postfix installation on centOS 8
• Minor improvement to create local backup
• Backup engine
• Top Processes
• compressArchive function
• Dovecot for centOS 8
• Restic
• createLocalBackup function
• Some backup versions of MySQL
• LSCPD
• UTC Fix for PHP.ini
• Update CLI

Updates

• Execute git commands from the repo folder
• Add PHP 7.1 for centOS 8
• Finalize removal of centOS 8 repo
• PIP download URL
• Cron Jobs Restore for cPanel Importer
• CloudLinux 8 detection during update

v2.0.1 Stable

Dated: 2 June 2020

Features

• Support on Ubuntu 20
• Support for CentOS8 & Repo
• Allow custom path for child-domains
• Remove duplicatte compression for emails
• Add remote access
• Cyberpanel repo,
• Add Indonesian language
• Translation into Portuguese of Portugal and Brazil
• Remote backup with non-root user,2,3
• Package manager,2,3,4,5,CentOS 7
• Load website preview
• Mailscanner  & Mailwatch ,2 ,3
• Child domain as hostname
• Detailed scheduled backup logs
• Display mail client details
• Update terminal to use tornado
• User add, edit, list, suspend and remove via CLI
• Display ssl port during list emails

Bug Fixes

• Permissions on ubuntu
• Permpath after adding a custom path for child domains
• Fix to restore folders
• Convert child to a website
• Permissions during Cpanel import
• CloudAPI
• Correction of Japanese translation
• File Manager permissions,2
• Upgrade script, 2,3,4,5,6,7,8
• Directory check
• Permissions
• Pure-ftpd to 1.0.47-3 for Ubuntu 18, 2
• File download from File Manager
• Imunify after upgrade,2
• File permissions during upgrade
• Increase backup file holder name size
• Add incremental destination
• Incremental backups,2
• topProcessesStatus,2
• Backup remote transfer ajax update
• Add dkim keys to dns records during remote fetch
• Lswsgi for python 3.8
• Mail SSL fix UI
• Fetch access logs
• WordPress staging, 2
• Adding remote destinations
• dkim for subdomains
• Private Gitlab instance on non standard port
• Prevent local backup from running multiple processes
• PowerDNS Slave config persistance
• Job success calculator
• Check if backup process actually running

Updates

• Log Parser
• UI Update
•  cPanel Importer
• Backups: reduce number of compressions
• Change permission for backup file
• Change source of pip packages
• Repo replacement during install,2, 3,4
• Python packages
• FTP config file
• Indonesian translation
• German Translation,2
• 16 digit strong password for email,database,user,ftp

---

v2.0.0 Stable

Dated: 1st April 2020

Note: This is a major upgrade with many bug fixes. CyberPanel users are advised to upgrade as soon as possible.

Features

• CloudFlare DNS Synchronization 
• Redis Mass Hosting
• Imunify360 Integration
• Git Manager 
• Git Webhooks and Automation
• Configure server mailer for CyberPanel notifications
• Email Queue Management
• EasyEngine migration script
• DomLogs Stats for domains

Bug Fixes

• bug fix: calculate bw usage
• symlink protection, 2, 3
• fix lsphp74 build error on centos 7
• add custom ssl check
• speed up list users
• bug fix: suspend user
• security fix: submitDomainCreation
• bug fix: mail domain skip while restore
• bug fix: cli
• bug fix: specify venv version, 2, 3
• bug fix: cron path for ubuntu, 2,3,4
• bug fix: add default crons to root user
• bug fix: upgrade,2
• openvz centos 7 pure-ftpd issue
• bug fix: reseller to modify dns zone
• bug fix: child domain suspend
• bug fix : git
• change domain verify regex
• bug fix: css,2, 3, 4
• bug fix: joomla install following new perm structure
• fix php.ini  issue
• fix git attach
• bug fixes in application installers
• bug fix: allow - in website creation
• bug fix: allow file with spaces to be uploaded
• bug fix: allow numbers in domain
• fix:Email Forwarding Form
• bug fix: cron
• Fix --password issue during installation
• bug fix: delete linux user upon website deletion
• bug fix: increase size of external app
• bug fix: website creation
• bug fix: file manager permissions, 2
• bug fix: add path to git commands
• fix MarkupSafe module issue
• bug fix: inc backup cron job

Updates

• Update Portuguese
• Convert log parser to python3
• DB name/user length to 32
• Update for OpenVZ in Centos 7
• Update CLI to add the option to show current CyberPanel version
• Populate site user details during backup
• Preserve site user while backup/restore
• Add owner protection for reseller center
• Update some permissions structure
• Updated Log-parser to support cleaner output, Add other CMS detection and GET/POST counters
• Security: check if external app user already exists
• Change checkIfSpamAssassinInstalled method
• Update status path class
• Change domain validation scheme
• CN mirror for composer
• Add ssl notifications
• Phpmyadmin update

---

v1.9.4 Stable

Dated: 5th February 2020

Note: Upgrade to this version as soon as possible, this includes many security fixes, details to be announced in our news section.

Features

• Email SNI Support for Outlook and Postfix, details available here and here.
• feature: suspend/unsuspend users
• disable login for suspended users
• feature: edit incremental backup plans
• feature: edit/manage inc backups
• Improved and detailed dynamic logging
  • To enable detailed logging to run touch /usr/local/CyberCP/debug
  • This will generate detailed logs in /home/cyberpanel/error-logs.txt
  • If you also want these logs in email run touch /usr/local/CyberCP/emailDebug
  • When reporting any bugs, please create these files and provide output from the log file.
• feature: add dynamic install

Bug Fixes

• bug fix schedule backups - major updates
• bug file download - major fix
• bash-ize the upgrade script
• bug fix: update version number
• Correct package info php-xml
• bug fix: upgrade on ubuntu
• add return check
• bug fix: child domains
• bug fix: wp staging
• bug fix: display version
• fix language selection: https://forums.cyberpanel.net/discussion/3662
• bug fix: remove disk calculation - for time being
• bug fix: inc backups: email bypass
• bug fix: rewrite rules: encoding
• change minimal install message
• redis hosting apache file
• sudo detection...
• fix sudo detection
• bug fix: ftp delete
• fix alibaba cloud installation issue
• path check - security
• path check: listForTable - security
• bug fix: one backup job to not span multiple directories
• bug fix: list dns zones
• path check to upload - security
• remove settingspyc - security
• embed utils in cli
• add state to list users
• security check for user creation - security
• update expire time
• better logging and error reporting for inc backups

---

v1.9.3 Stable

Dated: 3rd January, 2020

Features

• Codebase upgraded to use Python 3
• DJANGO Upgraded to 3.0.2
• Must better CloudLinux integration
• Convert child-domains to websites.
• Enable: Install necessary services only (postfix, ftp or dns)
• Auto-Renew utility for SSL.
• Beta: Centos 8 support
• PHP 7.4
• Watchdog for MySQL and Webserver.
• api: submitUserCreation
• add quic port to csf default
• feature: new login page
• Removed unnecessary NS record

Bug Fixes

• bug fix: wp staging
• bug fix: backup engine
• bug fix: ignore password filter
• bug fix: add custom ssh port to csf
• bug fix: install and SpamAssassin
• bug fix: incremental backups
• bug fix: emails
• bug fix: inc backups
• bug fix: email password
• bug fix: restore email password
• update default php 7.3
• bug fix: phpmyadmin
• bug fix: firewalld

---

v1.9.2 Stable

Dated: 12th November, 2019

Features

• Remote restore of Incremental Backups.
• Web Based Terminal
• Magento Auto Installer
• Official CSF GUI Integration, thanks to CSF guys at configserver.com
• Email piping.

Bug Fixes

• resubmit commit to fix Server Logs for Ubuntu OS
• bug fix: incremental backups and upgrade process
• bug fix: subdomain creation
• Setup Hostname SSL to work for OLS LS admin
• Update csf.py
• lowercase the username input for emailaddy
• add a check for openvz containers for tmp.mount
• incremental backup: exclude repo folder
• Order sites by domain
• Japanese translation
• pci compliance headers
• fix csf menu while upgrade
• update lscpd
• move install/upgrade src to git stable
• update Email piping to work via postfix filters
• improved ssl configs

• bug fix: check for website existance without www.

• Feature: allow user to disable session ip check
• bug fix: resolve user conflicts
• Bug fix: detect non-default SSH port for WebTerminal

Big thanks to following people for their contributions

• Whattheserver
• Henna

---

v1.9.1 Stable

Dated: 15th October, 2019

Features

• Incremental Backups.
• imagick extension added to CyberPanel PHP Extension Installer
• Feature: Auto Request 15 days trial for LSWS Ent

Bug Fixes

• detached mode: instantly change php version
• bug fix while creating email.
• Bug fix: dont update email passwords on upgrade if crypt detected
• WP Staging: Exclude some folders
• bug fix: backup schedule
• bug fix: reset acl for users.
• WP Staging: Skip site url in wp-config.php
• bug fix: remote transfer
• bug fix: upgrade process
• bug fix: git attach
• bug fix: relative path issue while compressing
• upgrade: postfix3
• bug fix: SpamAssassin
• bug fix backups: restore ssl
• bug fix: email limits, cPanel Importer: custom child domain path
• bug fix: dns manager
• bug fix: Correctly store databases and users for cPanel Importer
• bug fix: Cater special characters during database deletion
• bug fix: fix misconfigured database users in cPanel importer
• bug fix: Minor CSS issue
• bug fix: Remove strict ping check for remote backups [AWS]
• bug fix: backup engine
• bug fix: cagefs disable
• bug fix: install process
• improvement: LSWS Switch
• bug fix: select english default
• bug fix: owner:group from logs, dont write access&errors
• Fix Dates. Improve CSF integration. Fix Typos
• Fixed serverLogs pages for Maillog and FTP logs for Ubuntu. Fixed CSF
• Update CSF to enable Webui port 1025

Big thanks to following people for their contributions

• Whattheserver
• Julio Rodriguez

 

---

v1.9.0 Stable

Dated: 23th August, 2019

Features

• Ability to configure default nameservers.
• Configure custom path when scheduling local backups.
• Listing WEBSITES should show their space usage.
• LIST USERS should also be available from the /users/ page
• change user-acl shifted to list-users
• Rainloop: allow subfolders

Bug Fixes

• bug fix in zone listing
• LIST USERS should also be available from the /users/ page
• Delete user removed from left-bar
• bug fix to cPanel Importer: DNS
• Fixed: SpamAssassin configurations not working
• Fixed: Adding SOA record to dns fails
• list websites: choose to show number of records
• cPanel importer: fix symlink error.
• cPanel Importer: bug fix with emails import
• bug fix cPanel Importer: Import All emails folder
• cPanel Importer: Bug fix: Domain not allowed on rainloop
• cPanel Importer: Cater domains outside document root

 

---

v1.8.9 Stable

Dated: 12th August, 2019

Features

• Added list pages for Users, Packages and Emails.
• Ability to control these list pages via ACL.
• Enable/Disable creation of Fully Qualified Domains as child-domains through Packages.
• Login Page: Press Enter to login.

Bug Fixes

• Bug fixes to cPanel Importer for detecting email format.
• Many bug fixes to Backup Engine and Remote Backups.
• Bug fix to WordPress staging feature.
• Bug fix to CSF.

 

---

v1.8.8 Stable

Dated: 30th July, 2019

Features

• WordPress Staging Sites.
• Ubuntu Support is back on.

Bug Fixes

• Bug fixes to cPanel Importer.
• Many bug fixes to Backup Engine and Remote Backups.
• Fixed CVE-2019-13056 in v1.8.7

 

---

v1.8.7 Stable

Dated: 16th July, 2019

In between we also released v1.8.6, it was an emergency security release, thus this change log covers it.

Features

• CageFS integration.
• CloudLinux Integration.
• Setup SSH access for website users from its launcher.

Bug Fixes

• Bug fixes to cPanel Importer.
• Other bug fixes that were introduced because of emergency security release v1.8.6

Security Update

v1.8.6 and v1.8.7 have many security enhancements. For all end user operations CyberPanel now use run-as user (the website user) to perform those operations. Special CyberPanel -> LSCPD connection is used for security communication for different sort of user elevation and to drop priviliges when necessary. Authentication token is used for communication to prevent un-athorized access to the command socket.

This will be our first security release in our 2-stage security release model. Everyone must update your servers to v1.8.7 as soon as possible.

Special thanks to rack911labs.com, for doing a security audit and help us find/fix the issues.

---

v1.8.5 Stable

Dated: 3rd July, 2019

Features

• PowerDNS Master/Slave Replication.
• Ability to choose required components during installation (If you don't choose to install Postfix, it will not be installed at all and removed from CyberPanel interface), more details here.
• Auto import cPanel backups to CyberPanel.

Bug Fixes

• Fixed the API Access Disabled issue with WHMCS, more details here.
• Fixed the Remote Backup Storage Issue.

---

v1.8.4 Stable

Dated: 7th June, 2019

Features

• Allow Child Domains to create email accounts.
• Delete backups after they are sent to S3, DO or Minio Storage.
• Containerization via our partner.

---

v1.8.3 Stable

Dated: 9th May, 2019

Features

• Apache Manager through our partner.

Bug Fixes

• Bug fix to remote backups.
• Bug fix to File Manager while fixing permissions.
• Bug fix to ModSecurity.

---

v1.8.2 Stable (Security Release)

Dated: 2nd April, 2019

Details about the security patch can be found in our news section.

Features

• Search through websites.
• Random Password Generator.
• Rewrite Templates on top of Rewrite Rules Box.
• Enable/Disable API Access.

Bug Fixes

• Major bug fixes to Backup Engine (Remote and Scheduled Backups).
• Bug fix, that now allow git private repos to be attached.

---

v1.8.1 Stable

Dated: 6th February, 2019

Features

• Design Overhaul.
• Volume Mapping in Docker Manager.

Bug Fixes

• Bug fix to automatic S3 Backups from Platform.
• Replaced depreciated admin.type with ACLManager.
• Bug fix to Rainloop/PHPMyAdmin when Docker is running (Ref)

---

v1.8.0 Stable

Dated: 25th January, 2019

Features

• Containerization (Website Limits).
• Docker Manager.
• MINIO Backups.
• Set custom password during installation.
• MYSQL Optimizer ported to Ubuntu.

Bug Fixes

• Bug fix to AWS S3 Backups.
• Bug fix to Email Marketing.

---

v1.7.7 Stable

Dated: 8th January, 2019

Features

• MySQL Optimizer.
• Ability to see and Manage MySQL Databases/Tables from Platform.

Bug Fixes

• Bug fix for Mod Security Rules Packs.

---

v1.7.6 Stable

Dated: 26 December, 2018

Features

• Automated Backups to DigitalOcean Spaces.
• Top Processes Page on  platform.
• Issue Self-signed SSL from CLI.
• PHP 7.3 support.
• Ioncube loaders added to PHP Extensions installation.

Bug Fixes

• Bug fix for large files to AWS S3.
• Bug fix to CSF.

---

v1.7.5 Stable

Dated: 14 December, 2018

Features

• Automated Backups to AWS S3.
• Top Processes Page.
• Highly Available Sites.

Bug Fixes

• Bug fix to Backup Engine.
• Bug fix to SSH Keys.
• Improvements to upgrade process.

---

v1.7.4 Stable

Dated: 23 November, 2018

Features

• [Beta] CyberPanel for Ubuntu 18.04 and 18.10.
• Ability to switch from OpenLiteSpeed to LiteSpeed Enterprise Web Server.
• [Beta] Launch of CyberPanel on Cloud.

Bug Fixes

• Bug fix to tuning for LiteSpeed Enterprise.
• Bug fixes to SSL Engine (Drop certbot support).
• Bug fixes to Email Marketing Tool.
• Bug fix to Git.

 

---

v1.7.3 Stable

Dated: 23 October, 2018

Features

• Email Marketing Tool.
• Extending CyberPanel. (Plugin Development).
• Vietnamese Language Pack.

Bug Fixes

• Bug fix to SSL Engine.

Official Plugin

• beautiful_names

---

v1.7.2 Stable

Dated: 1st October, 2018

• Adjust niceness value for Backup/Restore process.
• Bug fix in SSL Engine.