@@ -12,37 +12,37 @@ All notable changes to this project will be documented in this file.
1212
1313### Bugfixes
1414- Added a detection of web root for add .well-known ACME challenge.
15- - Reworked Let's Encrypt ACME staging to use hestia conform standard .
16- - Fixed if condition, use Nginx for Let's Encrypt ACME request if present.
15+ - Reworked Let's Encrypt ACME staging to use Hestia code standards .
16+ - Fixed issues with Let's Encrupt - use Nginx for Let's Encrypt ACME request if present.
1717- Reworked v-add-sys-ip, removed CentOS/Red Hat support and reworked conditions.
1818- Enabled HSTS and force SSL on v-add-letsencrypt-host.
1919- Prevented login action for webmail in list user view.
2020- Removed hardcoded mail in HELO data (cosmetic fix).
21- - Fixed SFTP server validation check, thanks to @dbannik !
22- - Implemented warning message for creating web domains under admin user .
23- - v-generate-api-key: Fixed wrong quotes used for default keys folder location.
21+ - Fixed SFTP server validation check - thanks @dbannik .
22+ - Implemented security warning message when creating web domains with the default admin account .
23+ - Fixed wrong quotes used for default keys folder location in v-generate-api-key backend script .
2424- Fixed permissions to allow access for FTP users created in web domains under admin account.
25- - Check if user home exists before set permission on sftp jail.
26- - Fix several security issues, thanks to Andrea Cardaci (https://cardaci.xyz/ )
27- - Improved input validation on File System operations scripts
28- - SecImprove: Cli arguments were glob expanded when written to log file
29- - Fixed: Removing web domains would let sftp accounts still configured in sshd
30- - SecImprove: File operations in user home folder will be executed as the real user
31- - Added a confirmation dialog when deleting user logs (/list/log/)
32- - Fixed issue with sftp-jail not working for users restored from backups
33- - SecImprove: Improved input validation in multiple cli scripts
34- - Performance: Do not load complete notifications list on every page load, reduced load time from over 1sec to under 100ms
35- - Performance: Do not resolve ip when listing iptables rules. Server tab could take multiple minutes to load in some cases.
36- - Update jQuery to 3.4.1 and adjust includes.
37- - Fixed cronjob issue with sftp jail due to missing user.
38- - Fixed issue #569 Remote backup hostname would reject ip addr without reverse dns (PTR record).
39- - Create a couple of writeable folders in each user home directory (#580 ).
25+ - Check if user home directory exists before setting permissions on SFTP fail2ban jail.
26+ - Fixed several reported security issues, thanks to Andrea Cardaci (https://cardaci.xyz/ )
27+ - Security fix: Command line arguments arguments were glob expanded when written to log file.
28+ - Ensure that SFTP accounts remain configured in sshd when removing web domains/
29+ - Improved security by ensuring that file operations in user home folder will be executed as the real user.
30+ - Added a confirmation dialog when deleting user logs.
31+ - Fixed an issue where the SFTP fail2ban jail was not working correctly for user accounts which were restored from backup archives.
32+ - Enhanced input validation in backend command line scripts.
33+ - Improved page load performance by optimizing how the notifications list is loaded (in some cases, improvement measured from 1sec to under 100ms).
34+ - Improved page load performance when loading IP ban rules in the Control Panel.
35+ - Updated panel framework to use jQuery to 3.4.1.
36+ - Fixed an issue with SFTP fail2ban jail due to missing user.
37+ - Fixed an issue where temote backup hostname would reject an IP address without reverse DNS (PTR record). (#569 )
38+ - Create default writable folders in user home directory (#580 ).
4039- Added gnupg/gnupg2 check to prevent issues with pubkey installation.
41- - Fixed nameserver validation on add new user packages.
42- - Implement additional debug informations for LE validation, thanks to @shakaran .
43- - Do not notify user if the backups are triggered from cronjob.
44- - Fixed issue with suspending resources when logged directly as a normal user.
45- - Fixed issue with unsuspending a user, PHP-FPM website pool configuration was being deleted.
40+ - Fixed DNS nameserver validation when adding new packages.
41+ - Implemented additional debug information for Let's Encrupt validation - thanks @shakaran .
42+ - Disabled alerts for successful cronjob backups.
43+ - Fixed an issue with suspending resources when logged in as a normal (non admin) user.
44+ - Fixed an issue with unsuspending a user, PHP-FPM website pool configuration was being deleted.
45+ - Fixed potential upgrade issue when using v-update-sys-hestia-git
4646
4747## [ 1.0.6] - 2019-09-24 - Hotfix
4848### Bugfixes
0 commit comments