You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+24-5Lines changed: 24 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,13 +7,22 @@ All notable changes to this project will be documented in this file.
7
7
### Notes
8
8
9
9
- To improve security we have deciced to allow users to rename the default admin user. And use a new user "hestia-web" to become the default user to run Hestia on.
10
-
- Dropped support Debian 10 due to EOL
10
+
-
11
+
- In initial versions of HestiaCP we had Jailed SSH enabled via Jailkit. It had major disadvantages we have decided it to replace with Bubble Wrap. Users running Jailed SSH in the past are adviced to run the migration script! Found in /usr/local/hestia/upgrade/manual/migrate_jailkit_to_bubblewrap.sh. See #4698
12
+
- We are aware that Cgroups are currently not working as it should be. It works fine if you login with SSH as the user how ever it doesn't work for PHP-FPM yet.
13
+
- Dropped support Debian 10 due to EOL.
14
+
15
+
### Security
16
+
17
+
- Fix issue where CIRD was not propperly validated CVE-XXXX-XXX-XXX
18
+
- Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin users. CVE-XXXX-XXX-XXX
19
+
- Solve security issues where restart flag did accecpt unvalidated values. CVE-XXXX-XXX-XXX
11
20
12
21
### Features
13
22
14
23
- Added support for PHP 8.4
15
24
- Add support for Ubuntu 24.04 Noble release (#4411#4451)
16
-
- Add support for Jailed SSH (#4052#4245) @rjd222
25
+
- Add support for Jailed SSH (#4052#4245, #4698#4687)
17
26
- Implement CLI for Quick Install Apps (#4443)
18
27
- Add support for Directadmin / Cpanel imports ( #4177#4415#4426#4252#4241)
19
28
- Add support for Increamental Backups via Restic
@@ -67,11 +76,21 @@ All notable changes to this project will be documented in this file.
- Add hestia-mail to hestia-users group and create hestia-users group on new install #4540#4531
79
+
- Fix translations MariaDB / PHPMyadmin (#4725)
80
+
- Some left overs from the old admin user still remaind (#4721)
81
+
- Disallow ` character in cronjobs to avoid errors in cron list #4708
82
+
- Drop Maxmind high-risk-ip-sample-list (#4692)
83
+
- Hardening of installer security and improving usability (#4690)
84
+
- White label for file manager (#4681) @MaxiZamorano
85
+
- Fixed with cronjob v-add-letsencrypt-domain created new cronjob onder "admin" user that didn't have sudo permisions
86
+
- Customization of the file manager with interface improvements (#4678) @MaxiZamorano
87
+
- Fix: Proftpd FTP Usage is showing incorrect information (#4672)
88
+
- template for using webasyst with nginx+php-fpm (#4660)
70
89
71
90
### Depencies
72
91
73
-
- Update hestia-nginx to 1.27.0
74
-
- Update hestia-php to 8.3.9
92
+
- Update hestia-nginx to 1.27.3
93
+
- Update hestia-php to 8.3.16
75
94
- Update Roundcube, Filegator, Snappy mail to the latest version
76
95
- Update Quick Installer apps to latest version (#4594)
77
96
@@ -114,7 +133,7 @@ All notable changes to this project will be documented in this file.
114
133
115
134
### Security
116
135
117
-
- Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin or other users [CVE-xxxx-xxxxx](https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0/)
136
+
- Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin or other users [CVE-2023-5839](https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0/)
118
137
- Reduce Nginx keepalive_requests to 1000 ([Nginx default](https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/#http2_max_concurrent_streams)) to limit risks of [CVE-2023-44487](https://www.cve.org/CVERecord?id=CVE-2023-44487)
0 commit comments