|
|
@@ -2,6 +2,11 @@
|
|
|
All notable changes to this project will be documented in this file.
|
|
|
|
|
|
## [DEVELOPMENT]
|
|
|
+
|
|
|
+- **NOTE:** Ubuntu 16.04 (Xenial) is no longer supported as it has reached EOL (end-of-life) status.
|
|
|
+- **NOTE:** Apache in "standalone" mode is no longer actively supported and has been removed from installer options. Nginx (Proxy) + Apache2 will remain supported.
|
|
|
+- **NOTE:** Custom "quick installer apps" will not work anymore due to changes in how we handle quick installer apps. Minimal changes to the Quick installer apps are required! Please check https://github.com/jaapmarcus/hestia-quick-install for how to migrate!
|
|
|
+
|
|
|
### Features
|
|
|
- Introduced single sign-on support for phpMyAdmin.
|
|
|
- Introduced support for NGINX FastCGI cache.
|
|
|
@@ -12,7 +17,23 @@ All notable changes to this project will be documented in this file.
|
|
|
- Packages for phpMyAdmin, Roundcube, and Rainloop will be pulled directly from their upstream source instead of APT for new installations.
|
|
|
- Added DNS records view to mail domains which provides DKIM, SPF, and other entries to use with an external provider.
|
|
|
- Added an upgrade script to provide in-place upgrades to php7.4 (or any other version).
|
|
|
-
|
|
|
+- Added Drupal and Nextcloud quick installer support (Removed placeholder Joomla)
|
|
|
+- Added a new optional theme "Vestia"
|
|
|
+- Added a switch to disable the API and also limit the api by default to 127.0.0.1 only. For current installs added the option "allow-all" on default
|
|
|
+- After first reboot of Hestia will try do 1 attempt to request / generate a valid Lets encrypt certificate
|
|
|
+- Introduced multiple new security policies via WebUI.
|
|
|
+ - Allow users to edit Web / Proxy / DNS / Backend templates
|
|
|
+ - Allow users to edit account details
|
|
|
+ - Allow suspended users to login with "read-only" access
|
|
|
+ - Allow users view / delete user history
|
|
|
+ - Enforce sub domain ownership
|
|
|
+ - Limit access to admin account when other users have the role "Administrator" assigned to them.
|
|
|
+- Disable user to login via WebUI / Limit access to WebUI to certain IP address per user.
|
|
|
+- Discourage websites to be created under "admin" account and redirect users to create new users.
|
|
|
+- Added support for redirecting to www / non www domains (or custom) #427 / #1638
|
|
|
+- Log failed login attempts
|
|
|
+- Introduced support for ARM based systems. Currently the packages are not available via ATP!
|
|
|
+- Force reboot of system after install
|
|
|
|
|
|
### Bugfixes
|
|
|
- Fixed an issue where user name was duplicated when editing FTP users. (#1411)
|
|
|
@@ -46,9 +67,30 @@ All notable changes to this project will be documented in this file.
|
|
|
- Fixed XSS vulnerability in `v-add-sys-ip` and user history log (thanks **@numanturle**).
|
|
|
- Fixed remote code execution vulnerability which could occur when deleting SSH keys (thanks **@numanturle**).
|
|
|
- Fixed vulnerability in v-update-sys-hestia (thanks **@numanturle**)
|
|
|
+- Disabled the Update via WebUI due to timeout issues. Please update via ```apt update && apt upgrade``` in command line instead.
|
|
|
- Improve how Quick install of web apps are handled and allow users added apps to be maintained in list view.
|
|
|
-- Add Drupal quick installer
|
|
|
-- Add Nextcloud quick installer
|
|
|
+- Fixed an issue where the api was enabled after an update of HestiaCP
|
|
|
+- Fixed an issue when the default php version got deleted webmail didn't work any more. #1477
|
|
|
+- Limit access when "demo" mode is enabled.
|
|
|
+- Fixed an issue where limitations on aliases didn't work propperly
|
|
|
+- Fixed an issue where "Exit to control pannel" link got changed to "Logout" #1669
|
|
|
+- Allow packages to be deleted when in use. Current users are changed to "Default" package.
|
|
|
+- Fixed multiple bugs with in v-restore-users
|
|
|
+- Redesign statics page
|
|
|
+- Allow self signed certificates to be created with aliases.
|
|
|
+- Fixed issue where mail accounts where sorting incorrectly by size #1687
|
|
|
+- Improve results v-search-command #1703
|
|
|
+- Merge Codeiginiter / Drupal templates.
|
|
|
+- Prepare template for FastCGI support an improve security by allowing only .well-known for Let's encrypt requests
|
|
|
+- Update Cloudflare Ips in nginx.conf
|
|
|
+- Fixed an issue where emails where send to nobody when connection failed to database #1765
|
|
|
+- Fixed an issue where no notifications where send on failure and save local backup if remote backup failed.
|
|
|
+- Fixed an issue where domains containing 2 dots in the top level domain could accidentally got removed #1763
|
|
|
+- Fixed an issue where www could be created and after delete webmail doesn't work anymore #1746
|
|
|
+- Standardize headers for upgrade scripts
|
|
|
+- Improved how we handle custom themes
|
|
|
+- Refactored HMTL / PHP code WebUI
|
|
|
+
|
|
|
|
|
|
## [1.3.5] - Service Release
|
|
|
### Features
|
Jaap Marcus