- Always download compatible ModSecurity binary after installation
- Removes conditional check for custom_ols_marker
- Fixes undefined symbol: mdb_env_create error
- Prevents OpenLiteSpeed crashes with SIGSEGV signal 11
- Compatible with Ubuntu 24.04, RHEL 8/9, Debian 11/12
The fix ensures that compatible ModSecurity binaries (built without
LMDB dependency or with LMDB statically linked) are always used,
preventing the runtime symbol lookup errors that cause crashes.
Related: https://github.com/usmannasir/cyberpanel/issues/1626
- Changed from incorrect URI splitting to proper request.GET.get() method
- Added proper URL decoding with unquote()
- Fixed both downloadFile and RootDownloadFile functions
- Added path normalization for additional security
- Added file existence validation
- Improved error messages to match reported error format
This fixes the 'Unauthorized access: Not a valid file' error when downloading files from the file manager.
- Updated pluginHolder/urls.py to use path() instead of url()
- Added new API routes for plugin installation, uninstallation, enable, and disable
- Compatible with Django 4.x (url() was removed in Django 4.0)
Ref: PR 1644
- Fixed bug where regular users (UserACL) cannot create websites
- Changed UserACL createWebsite permission from 0 to 1
- Also enabled modifyWebsite and deleteWebsite for consistency
- Resolves issue where non-admin/reseller users were blocked from creating websites
Related changes:
- UserACL: createWebsite: 0 -> 1
- UserACL: modifyWebsite: 0 -> 1
- UserACL: deleteWebsite: 0 -> 1
- suspendWebsite remains 0 (admin-only feature)
This allows regular users to create, modify, and delete their own websites
while maintaining proper ownership checks and security controls.
- Complete guide for plugin installation and management
- Plugin development guide with code examples
- Plugin structure and requirements documentation
- TestPlugin reference guide
- Best practices and troubleshooting sections
- Author: master3395
- Enhanced plugin installer to properly extract and install plugins
- Added security middleware exception for plugin webhook endpoints
- Improved plugin listing with better error handling
- Added testPlugin as example plugin for CyberPanel plugin system
- Updated INSTALLED_APPS and URL routing for plugins
Author: master3395
- Fixed CloudFlare proxy toggle button to display as oblong with a round dot
- Enable CloudFlare proxy by default for all domains/subdomains except mail domains
- Automatically add AAAA (IPv6) DNS records when creating domains/subdomains
- Added GetServerIPv6() function to retrieve server IPv6 address
- Updated DNS template styling and Angular.js binding for toggle buttons
- Fixed CloudFlare proxy toggle button to display as oblong with round dot
- Enable CloudFlare proxy by default for all domains/subdomains except mail domains
- Automatically add AAAA (IPv6) DNS records when creating domains/subdomains
- Added GetServerIPv6() function to retrieve server IPv6 address
- Updated DNS template styling and Angular.js binding for toggle buttons
- Filter domain dropdown to show only main domains (exclude sub-domains)
- Add automatic CloudFlare DNS record deletion when domains/sub-domains are removed
- Improve DNS Records table display to match SSH Logins/Logs table styling
- Add loading states and proper table structure with ng-if conditions
- Update CSS to match activity-table styling with sticky headers
Updated index.html to reference local copies of qrious.min.js and chart.umd.min.js. Added functionality in install.py and upgrade.py to download these libraries before running collectstatic. Updated website.html to ensure compatibility with the new local scripts.
- Introduced a `safeModifyHttpdConfig` method in `installUtilities` to handle modifications to the OpenLiteSpeed configuration file with backup, validation, and rollback capabilities.
- Updated various modules (`modSec.py`, `sslUtilities.py`, `tuning.py`, `vhost.py`, etc.) to utilize the new safe modification method, enhancing reliability and preventing configuration corruption.
- Improved error handling and logging throughout the configuration modification processes to ensure better traceability and debugging.
- Added logic to check for the successful installation of the timezonedb extension before creating the corresponding .ini file.
- Implemented a check to verify the existence of timezonedb.so in the PHP extension directory, improving the robustness of the installation process.
These changes ensure that the timezone configuration is only applied when the extension is available, enhancing the reliability of the setup script.
- Implemented logic to save new PHP versions (8.2, 8.3, 8.4, 8.5) and their corresponding extensions from XML configuration files.
- Enhanced compatibility with CentOS and Ubuntu distributions by dynamically determining the correct XML file paths for each PHP version.
- Improved error handling during the installation of PHP extensions to ensure robustness.
These changes enhance the PHP management capabilities within CyberPanel, allowing users to utilize the latest PHP versions seamlessly.
- Added new model `CatchAllEmail` to store catch-all email configurations per domain.
- Implemented views for fetching, saving, and deleting catch-all email configurations, enhancing email management capabilities.
- Updated URL routing to include endpoints for catch-all email operations.
- Enhanced error handling and permission checks for email forwarding actions.
These changes improve the flexibility and user experience of email management within CyberPanel.
- Added a new function `detect_default_php` to dynamically determine the default PHP version based on symlink and available versions, enhancing compatibility with PHP 7.4-8.5.
- Updated `phpmyadmin_limits` to utilize the detected PHP version for configuration changes, ensuring accurate parameter adjustments for the current PHP environment.
- Enhanced installation scripts for Redis and Memcached extensions to support PHP versions 7.4-8.5, improving backward compatibility and installation reliability.
- Improved error handling for missing PHP configuration files, providing clearer feedback to users.
These changes enhance the flexibility and robustness of PHP management within CyberPanel.
- Added a new fixed position banner in the index.html to announce .htaccess support, including styling and functionality for showing and dismissing the notification.
- Enhanced file manager to support extraction of 7z and rar file formats, with appropriate command handling in filemanager.py.
- Updated JavaScript files to determine extraction types based on file extensions, ensuring compatibility with new formats.
- Modified HTML templates to include options for 7z and rar compression types in the user interface.
https://github.com/usmannasir/cyberpanel/issues/1617#issue-3727006951
These changes improve user experience by providing clear notifications and expanding file management capabilities within CyberPanel.
- Deleted the `apply-rdns-fix.sh` script, `INDEX.md`, `INSTALL.md`, `QUICK-INSTALL.md`, and related fixed code files as they are no longer needed.
- This cleanup helps streamline the codebase and remove outdated resources that are not compatible with the current version of CyberPanel.
These changes ensure that the repository remains clean and focused on the latest functionalities.
- Added detailed error handling and logging for reverse DNS lookups, improving robustness against network issues and invalid responses.
- Updated virtualHostUtilities to handle cases where reverse DNS lookups fail, providing clearer error messages and guidance for users.
- Ensured that the results from DNS queries are validated before processing, enhancing the reliability of the rDNS checks.
These changes improve the overall reliability and user experience of the reverse DNS lookup feature within the CyberPanel environment.
Update README and mysqlUtilities for MySQL account resolution
- Added a section in README.md detailing recent fixes, including enhancements to MySQL password rotation to prevent errors when metadata is missing.
- Removed outdated test files for MySQL utilities and ImunifyAV route checks.
- Improved mysqlUtilities.py to resolve MySQL accounts more reliably, including better handling of user and host resolution, and added logging for account resolution processes.
These changes enhance the robustness and clarity of MySQL user management within the CyberPanel environment.
- Changed versioning in README.md to 2.5.5-dev and updated the last modified date.
- Added a section for recent fixes in README.md detailing improvements to MySQL password rotation.
- Removed obsolete test files for MySQL utilities and ImunifyAV route.
- Enhanced mysqlUtilities.py to improve MySQL account resolution and logging, ensuring better handling of user and host identification during password changes.
- Added a static method to ensure ImunifyAV assets are created and permissions set correctly in CageFS.py.
- Updated the URL routing in urls.py to include paths for ImunifyAV, supporting both legacy and new routes.
- Modified the ImunifyAV HTML template to use Django's URL template tag for better maintainability.
- Enhanced the cyberpanel_fixes.sh script to ensure ImunifyAV UI assets are installed during fixes.
- Improved database user resolution and password handling in mysqlUtilities.py for better security and reliability.
This update enhances the integration and management of ImunifyAV within the CyberPanel environment.
Enhance Postfix management and validation in installation scripts
- Refactored the enableDisableEmail function to improve handling of Postfix service enabling and disabling, including better error logging and cleanup of stale marker files.
- Added a new method in mailUtilities to check if Postfix is installed, ensuring that DKIM setup only proceeds if Postfix is available.
- Updated virtualHostUtilities to verify Postfix installation before attempting DKIM setup, with appropriate logging for missing markers.
- Improved overall robustness of email service management during installation and configuration processes.
https://github.com/usmannasir/cyberpanel/issues/1570
- Refactored the enableDisableEmail function to improve handling of Postfix service enabling and disabling, including better error logging and cleanup of stale marker files.
- Added a new method in mailUtilities to check if Postfix is installed, ensuring that DKIM setup only proceeds if Postfix is available.
- Updated virtualHostUtilities to verify Postfix installation before attempting DKIM setup, with appropriate logging for missing markers.
- Improved overall robustness of email service management during installation and configuration processes.
https://github.com/usmannasir/cyberpanel/issues/1570
Master3395