Release 2.0.23

What's Changed

• [API] validate non-empy admin-name in Admins.update()
• [API] fix optional-flag for IpsAndPorts.add() and IpsAndPorts.update()
• rework path to certificates non-ecc/ecc, regardless of current setting
• adjust proftpd config for debian 12 bookworm
• correctly redirect to last-page if session is timed out and remove passing script/qrystr url parameters
• correct validation of hostingplan name and description
• Add config-diff CLI Command by @bashgeek in #1168

Full Changelog: 2.0.21...2.0.23

Release 2.0.21

What's Changed

• Correcting Nginx location match, fixes #1153
• remove hidden fields from login/passwd-reset; refs #1102
• adjust log-levels in API methods
• exclude password fields from being filtered/escaped by AntiXSS, fixes #1150
• Fix typo in pathDescriptionSubdomain; #1156
• validate generated config-json parameter string

Full Changelog: 2.0.20...2.0.21

Release 2.0.20

What's Changed

• Fix typo in English privileged_passwd by @n-thumann in #1136
• Fix IPv6 address in cookie domain by @n-thumann in #1137
• Add same loginfail restrictions for entering 2fa code as for user/pwd login
• Remove superfluous try_files in nginx config if php-backend (non-fastcgi) is used
• Fix missing idna encode adding/editing email-account/email-forwarder
• Secure filename of local-archive in webupdate
• Show 0 value of resource-fields if value is empty, fixes #1149
• Re-enable fcgid/php-fpm activation-validate-check

Full Changelog: 2.0.19...2.0.20

Release 2.0.19

• don't run cron tasks if requirements return non-success; fixes #1122
• respect no-try_files setting also in protected directories
• put php-fpm directives in Directory-directive in apache2; fixes #1120
• strictly check whether field to select is the id or the email-address b/c is cases of email-addresses starting with a digit this is somehow used as value for the id field and return the wrong entity
• fix adding mysql-server to customers without any prior assigned mysql-server, fixes #1123
• fix issues with displaying set value if path-mode is 'dropdown'
• trigger rebuild of config files after changing only ip-settings in domains
• add copy-system-details-to-clipboard button on admin dashboard; fixes #1126
• Allow admins to edit openbasedir_path for domains (#1125)
• set default value of 'openbasedir_path' to 0 in SubDomain.add() like we do in Domains.add()
• set default value for email_quota to settings-default in EmailAccounts.add(); fixes #1132
• Disable autocomplete on 2FA input element (#1133)
• introduce http-request rate-limit

Full Changelog: 2.0.15...2.0.19

Release 2.0.15

• use correct parameter in PowerDNS::cleanDomainZone(), fixes #1104
• add 'Passing HTTP AUTH BASIC' header option when using FCGID
• require php-gd extension for better/secure validating uploaded images
• add Spanish language (#1105)
• avoid socket length limitations leading to cut-off/invalid filename for very long domain and/or loginnames, fixes #1108
• corrected checkLocalGroup() validation if setting did not change, fixes #1111
• open newsfeed-links in a new tab, fixes #1112
• fix incorrect indexed array sorting in case of FTP-domain-usernames; fixes #1114
• add certificate metadata to db table to allow filter/sort of 'Issuer', 'Valid from' and 'Valid until' properties
• correctly retriggered certificate issue on froxlor-vhost alias-domain changes, fixes #1115

Full Changelog: 2.0.13...2.0.15

Release 2.0.13

• keep search-fields/text in pagination links of displaying a search-result
• specify clearly which tls settings are being overwritten/ignored depending on the 'Override system TLS settings' flag when adding/updating Domains
• type-safe comparsion of md5-compatibility hash-validation
  [CWE-305: Authentication Bypass by Primary Weakness]
• fix email-domain navigation and descriptions
• update dependencies

Full Changelog: 2.0.12...2.0.13

Release 2.0.12

• add new email-domain-overview for better overview of multiple email-domains/addresses
• fix let's encrypt dns validation check
• backup possible remote-db-server databases in backup-cron
• fix wrong function-definition in nginx-cron
• check for existing fields when setting/updating tablelisting-columns
  [CWE-352: Cross-Site Request Forgery (CSRF)]
• corrected validation of import-settings data to avoid injecting malicious content
  [CWE-94: Code Injection]

Full Changelog: 2.0.10...2.0.12

Security Release 2.0.10

• enforce password requirements set in settings for directory-protection
  [CWE-521: Weak Password Requirements]
• add missing use statement for error-reporting to include the dbms version
  [CWE-391: Unchecked Error Condition]
• validate existence of language in admin-templates
  [CWE-840: Business Logic Errors]
• verify cronjob interval is one of the fixed available values
  [CWE-96: Static Code Injection]
• fix possible privilege escalation from customer to root when specifying custom error documents in directory-options
  [CWE-94: Code Injection]

Full Changelog: 2.0.9...2.0.10

Release 2.0 - New UI/UX, quick and easy webinstaller, command line tool & more

We are excited to announce the release of froxlor 2.0! Our new version features a sleek new UI/UX design. The easy installer makes setup a breeze, and enhanced security measures keep your data safe. Upgrade to froxlor 2.0 today!

Full Changelog: 0.10.38.3...2.0.9

Release 0.10.38.3 - Security release

Full Changelog: 0.10.38.2...0.10.38.3