Merge pull request hestiacp#1302 from hestiacp/staging/release/v1.3.0

Staging/release/v1.3.0

Author: ScIT-Raphael

CHANGELOG.md

@@ -3,48 +3,58 @@ All notable changes to this project will be documented in this file.
 
 ## [1.3.0] - Major Release (Feature / Quality Update)
 ### Features
-- Users can now choose to point a domain to a different document root (similar to domain parking).
-- The software update procedure will now perform a system health check prior to installation and repair missing environment variables.
+- Users can now choose to point a domain to a different document root location (similar to domain parking).
+- The software update process will now perform a system health check before proceeding with installation.
 - Administrators now have control over software update notifications through the following settings in `$HESTIA/conf/hestia.conf` and through the Control Panel web interface:
-    - `UPGRADE_SEND_EMAIL` = Sends an email notification to admin email address
-    - `UPGRADE_SEND_EMAIL_LOG` = Sends installation log output to admin email address
-- Upgrade process will now save logs to the `hst_backups` directory.
-- Support for removing backup remote location (#1083).
-- Add support Proftpd TLS Support
-- Add the possibility to assign user "Administrators" rights on login. Replaces "root" login. Notifications are only send towards the "admin" account email.
-- Updated translations system with the use of Gettext. Modified / Updated all translated strings.
-- Use php7.4 as default version.
-- Updated MariaDB to 10.5 (Manual upgrade required install/upgrade/manual/upgrade_mariadb.sh).
-- Added support for Turkish (emrahk [Forum](https://forum.hestiacp.com/t/how-to-contribute-with-translations/1664/4?u=eris) )
+    - `UPGRADE_SEND_EMAIL` = Sends an email notification to primary admin account's email address
+    - `UPGRADE_SEND_EMAIL_LOG` = Sends installation log output to the primary admin account's email address
+- The upgrade process will now save installation logs to the `/root/hst_backups` directory by default for post-install troubleshooting.
+    - **Note:** We may adjust this path in the future and will document such changes as they happen.
+- We've introduced the ability to assign Administrator rights to other user accounts, enabling them to perform tasks under the Server Settings tab.
+- We've introduced a more robust translation system which will allow us to provide higher quality translations in future releases.
+    - **Note:** Some country codes have been updated, as a result your language setting may default back to English after upgrading.
+- For new installations, MariaDB 10.5 is now the default version.
+    - For existing installations, we've provided a manual post-install upgrade script. Please run `$HESTIA/install/upgrade/manual/upgrade_mariadb.sh` to migrate to MariaDB 10.5).
+- The user interface theme has been set to "Dark" by default. This can be changed from **Server Settings > Configure > Basic Options > Appearance**.
+    - **Note:** The name of the default theme has not been adjusted, and the change to the "dark" theme only applies to new installations at this time. This behavior may be changed in a future release.
 
-## Bugfixes
-- Removed root login (root / root password )
-- Update apache2.conf replace Include with IncludeOptional (#1072)
-- Add ca-certificates, software-properties-common to the dependencies (#1073 + [Forum](https://forum.hestiacp.com/t/hestiscp-fails-on-new-debian-9-vps/1623/8) ) @daniel-eder
-- Fixed issues with database port during backup when port was missing (#1068)
-- Postqresql: forbid the use of upper case (#1084) causing issues with backup / creating database or user
-- Fixed permissions email account during restore (#1114)
-- Create .npm on creating new user (#1113) @hahagu 
-- Fixed Access to a website without a ssl certificate on https shows the content of the first, valid ssl website (#1103)
-- Fixed an issue when installing --with-debs and version check (#1110)
-- Improved Translations Chinese @myrevery
-- File manager create directory with proper permissions 
-- Removed loop ad v-rebuild-all (#1096)
-- Add $restart flag to v-add-web-domain-backend call (#1094) (#797) @bright-soft
-- Fixed an issue with Restore Failed on Domains with Mail Setups using SSL (#1069)
-- Fixed an issue with PHPMyAdmin button (#1078)
-- Changed WordPress name in Webapp installer (#1074)
-- Add a free disk space validation during backup routine (#1115)
-- Removed PHP validation SSH keys allowing support other types then RSA / DSA
-- Fixed an issue which cause wrong password generation (#1184)
-- Fixed issue with v-add-sys-ip and saving the ip configuration to correct port (@madito)
-- Updated Exim black list for extensions (@kpapad904 / #1138)
-- Fixed multiple bugs due to translations 
-- Fixed bug with passwords containing "'" [Forum](https://forum.hestiacp.com/t/two-factor-authentication-issue-with-standard-user/1652/)
-- Refactor LXD  Complier script
-- Set default theme to "Dark"
-- Clean up gmail.tpl (DNS) (@madito)
-- Improved translations (NL, DE, UK, RU, ES, IT, ZH-CN)
+### Bugfixes
+- Fixed a security issue where user password reset keys could potentially be gleaned from system process list - thanks **RACK911 LABS**
+- Fixed an issue with passwords containing "`'`" - [Forum](https://forum.hestiacp.com/t/two-factor-authentication-issue-with-standard-user/1652/)
+- Fixed an issue with database backups when the port was not specified (#1068)
+- Fixed an issue where websites without SSL enabled would display the content of the first valid SSL enabled website (#1103)
+- Fixed an issue that would occur when using the `--with-debs` flag with the installer due to an incorrect version check routine (#1110)
+- Fixed an issue with incorrect permissions which would occur when restoring email accounts (#1114)
+- Fixed an issue where the File Manager would apply the wrong permissions on new directories
+- Fixed an issue that prevented successful restoration of SSL-enabled mail domains from a backup archive (#1069)
+- Fixed an issue where the phpMyAdmin button would not work in the Control Panel Web UI (#1078)
+- Fixed an issue where passwords were generated incorrectly (#1184)
+- Fixed an issue in `v-add-sys-ip` to ensure IP configuration is set to the correct port - thanks **@madito**
+- Fixed an issue that resulted in an extended loop condition when running `v-rebuild-all`
+- Improved support for API key usage with the `v-add-remote-dns-host` command (#1265)
+- Improved validation of free disk space when executing backup routine (#1115)
+- Improved support for SSH key types other than RSA / DSA
+- Improved reliability of backup function when removing remote locations (#1083)
+- Improved spam filtering by adding additional known-dangerous file extensions in exim's blacklist (#1138) - thanks **@kpapad904**
+- Updated Apache2 configuration to use Include with IncludeOptional (#1072)
+- Removed the ability to log in as "root" (whic logged to the admin account, deemed no longer necessary)
+- Add ca-certificates, software-properties-common to the dependencies (#1073 + [Forum](https://forum.hestiacp.com/t/hestiscp-fails-on-new-debian-9-vps/1623/8)) - thanks **@daniel-eder**
+- Create .npm directory by default when creating new user accounts (#1113) - thanks **@hahagu** 
+- Improved accuracy of several UI translations (NL, DE, UK, RU, ES, IT, ZH-CN) - thanks **@myrevery** and other contributors for your work!
+- Added `$restart` flag to `v-add-web-domain-backend` command (#1094) (#797) - thanks **@bright-soft**
+- PostgreSQL: forbid the use of upper case (#1084) causing issues with backup / creating database or user
+- Changed WordPress name in Quick Web App installer (#1074)
+- Cleaned up entries used in the Google / Gmail DNS template - thanks **@madito**
+- Enhanced ProFTPd support for TLS
+- Refactored LXD compiler script
+- Updated phpMyAdmin to version 5.0.4
+
+## [1.2.4] - Service Release
+### Features
+- No new features have been introduced in this release.
+
+### Bugfixes
+- Fixes an issue on auto renewing let's encrypt certificates.
 
 ## [1.2.3] - Service Release
 ### Features

CONTRIBUTING.md

@@ -27,17 +27,17 @@ We have three primary or "evergreen" branches, which exist throughout our produc
 
 | Branch        | Description     | Cycle           |
 |---------------|:---------------:|:---------------:|
-| `main`        | Contains a snapshot of the latest development code.<br>**Not intended for production use and may be unstable.** | Daily  |
+| `main`        | Contains a snapshot of the latest development code.<br>**Not intended for production use and contains code from a merge snapshot.** | Daily  |
 | `beta`        | Contains a snapshot of the next version which is currently in testing.<br>**Not intended for production but should be highly stable.**  | Weekly |
-| `release`     | Contains a snapshot of the latest stable release.<br>**Intended for production use. Same code as packages in repository.** | Monthly |
+| `release`     | Contains a snapshot of the latest stable release.<br>**Intended for production use. This repository contains the same code as our compiled packages.** | Monthly |
 
 ### Creating a new branch and submitting pull requests
 The first step is to create a fork of the `hestiacp/hestiacp` repository under your account so that you may submit pull requests and patches via GitHub. 
 
 Once you've created your fork, clone the repository to your computer and make sure that you've checked out the `main` branch. **Always** create a new topic branch for you work. When submitting pull requests it is important that you target the correct branch to ensure that your changes are properly integrated and tested based on our release schedule. When creating a new branch, we ask that you please adhere to the following naming conventions as much as possible:
 
 ### Branch naming convention:
-- **Prefix:** `topic/` (such as **bugfix**, **feature**, **refactor**, etc.)
+- **Prefix:** `topic/` (such as **fix**, **feature**, **refactor**, etc.)
 - **ID**: `888` (GitHub Issue ID if an issue exists) -or- `2020-07` (Year-Month if an issue does not already exist)
 - **Separator:** `_` (underscore)
 - **Title:** `my-awesome-patch`
@@ -49,7 +49,7 @@ Branch name examples:
 * `test/2020-07_mail-domain-ssl`
 
 ### Squashing commits for smaller changes
-When submitting a pull request with multiple smaller commits which are related to the same file or issue, we ask that you please **squash your commits** whenever appropriate in order to keep the project's commit history clean and easy to follow for other developers.
+To aid other developers and keep the project's commit history clean, please **squash your commits** when it's appropriate. For example with smaller commits related to the same piece of code, such as commits labelled "Fixed item 1", "Adjusted color of button XYZ", "Adjusted alignment of button XYZ" can be squashed into one commit with the title "Fixed button issues in item". 
 
 ### What happens when I submit a pull request?
 - Our internal development team will review your work and validate your request.

ISSUE_TEMPLATE.md

@@ -8,8 +8,8 @@
 Please enter your answer here (e.g. When I try adding a web domain, an error message appeared stating that the php-fpm pool did not exist).
 
 ### What steps did you take when the issue occured? 
-1. Ex.: Click on the Web tab
-2. Ex.: Click on Add Web Domain
+1. Ex.: Click on the "Web" tab.
+2. Ex.: Click on "Add Web Domain".
 3. Ex.: Attempted to add a domain and received an Internal Server Error.
 
 ### Expected behavior:
@@ -19,7 +19,7 @@ Please enter your answer here (e.g. the web domain should have been added succes
 Please enter your answer here (e.g. Ubuntu 20.04 LTS)
 
 ### Hestia Control Panel version:
-Please enter your answer here (e.g. 1.2.0). 
+Please enter your answer here (e.g. 1.3.0). 
 
 ### Additional notes:
-If there is anything else that you'd like us to know about this issue, feel free to share here.
+If there is anything else that you'd like us to know about this issue that will help us diagnose and troubleshoot more effectively, such as links to forum posts or other discussions, please feel free to share here.

README.md

@@ -2,12 +2,12 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.2.4 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.3.0 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
 **Forums:** [forum.hestiacp.com](https://forum.hestiacp.com/)<br>
-**Discord:** [Join HestiaCP Discord channel](https://discord.gg/nXRUZch)<br />
+**Discord:** [Join the discussion](https://discord.gg/nXRUZch)<br />
 <br>
 [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ST87LQH2CHGLA)
 <br>

SECURITY.md

@@ -2,6 +2,9 @@
 
 ## Reporting a Vulnerability
 
-If you have discovered a vulnerability in Hestia Control Panel,
-let our development team know via e-mail at info@hestiacp.com and
-we will respond as soon as possible.
+If you believe that you have have discovered a vulnerability in Hestia Control Panel,
+please let our development team know via email at info@hestiacp.com. 
+
+We ask that you please include a detailed description of the vulnerability,
+a list of services involved (e.g. exim, dovecot) and the versions which you've tested,
+full steps to reproduce the vulnerability, and include your findings and expected results.

bin/v-change-user-rkey

@@ -1,8 +1,8 @@
 #!/bin/bash
-# info: change user password
-# options: USER
+# info: change user random key
+# options: USER [HASH]
 #
-# The function changes user's password and updates RKEY value.
+# The function changes user's RKEY value thats has been used for security value to be used forgot password function only.
 
 
 #----------------------------------------------------------#
@@ -11,8 +11,9 @@
 
 # Argument definition
 user=$1
+hash=$2
 
-
+echo $rkeyhash;
 # Importing system enviroment  as we run this script
 # mostly by cron wich not read it by itself
 source /etc/profile
@@ -25,14 +26,21 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '1' "$#" 'USER'
+check_args '1' "$#" 'USER [HASH]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 
+if [ ! -z "$hash" ]; then
+    password=$hash
+    is_password_valid
+    hash=$password;
+else
+    hash=$(generate_password)
+fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
@@ -44,7 +52,7 @@ d=$(date +%s)
 #----------------------------------------------------------#
 
 # Changing RKEY value
-update_user_value "$user" '$RKEY' "$(generate_password)"
+update_user_value "$user" '$RKEY' "$hash"
 
 #check if RKEYEXP exists
 if [ -z "$(grep RKEYEXP $USER_DATA/user.conf)" ]; then

func/upgrade.sh

@@ -435,7 +435,8 @@ upgrade_start_backup() {
                 echo "      ---- mysql"
             fi
             cp -f /etc/mysql/*.cnf $HESTIA_BACKUP/conf/mysql/
-            cp -f /etc/mysql/conf.d/*.cnf $HESTIA_BACKUP/conf/mysql/      
+            cp -f /etc/mysql/conf.d/*.cnf $HESTIA_BACKUP/conf/mysql/ > /dev/null 2>&1
+            cp -f /etc/mysql/mariadb.conf.d/*.cnf $HESTIA_BACKUP/conf/mysql/ > /dev/null 2>&1       
         fi
         if [[ "$DB_SYSTEM" =~ "pgsql" ]]; then
             if [ "$DEBUG_MODE" = "true" ]; then

install/deb/mysql/my-large.cnf

@@ -40,3 +40,4 @@ interactive_timeout=50
 long_query_time=5
 
 !includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/

install/deb/mysql/my-medium.cnf

@@ -39,3 +39,4 @@ interactive_timeout=50
 long_query_time=5
 
 !includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/

install/deb/mysql/my-small.cnf

@@ -39,3 +39,4 @@ interactive_timeout=50
 long_query_time=5
 
 !includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/