Features

• PHP 8.3 Support (#4175)
• Add new template with Wordpress XMLRPC Blocked by default (Nignx Only) (#4168)

Bug fixes

• Minimal change to the way BACKUP_LA_LIMIT is calculated (#4162)
• Change Filegator to 24 hr clock (#4168)
• Confirm before restoring part of backup (#4147)
• Multiple Bugfixes v-import-cpanel (#4150, #4149 #4144 #4139, #4120, #4121 thanks @vipxr)
• Fix an issue with small screens in logs header (#4126)
• Fixed a few bugs due to the permissions changes with hestiamail user
• Updated v-list-sys-users to fix issues with new hestiamail user
• Use -f instead --force=yes (#4097)
• Delay submit in Desktop Safari (#4137)
• Fixed an bug in v-add-backup-host to report inability to connect via sftp (#4119)
• Allow for optional domain directory write permissions #4109 @evonet

Bugfixes

• Update installers to create new user
• Include missing manual update script
• Include changes to www.conf

See 1.8.9 for security changes

[1.8.9] - Service release

Security

• Restrict PHP-FPM permissions to a new user to prevent permission escalation to admin or other users
• Reduce Nginx keepalive_requests to 1000 (Nginx default) to limit risks of CVE-2023-44487

Bug fixes

• Fix: removing certificates during apache reload #4053
• Fix: Firehol blacklists #4046
• Fix PHP error + Add option to update WPCLI + Composer #4039
• Update v-add-mail-domain #4027 #4026
• Update MediaWikiSetup.php #4034
• Fix: for v-list-sys-services, pidof command in Debian Buster doesn't support option -d #4022
• Update main.php humanize_usage_size() #4015
• Fix: Prevent the script v-add-sys-roundcube from freezing during Roundcube upgrade #4018
• Fixed an issue with login when 2FA was enabled

Dependencies

• Update Filegator to 7.9.3
• Update Roundcube to 1.6.4
• Update Snappymail to 2.29.1

Full Changelog: https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md

Full Changelog: https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md

Full Changelog: https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md

Full Changelog: https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md

Full Changelog: https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md

This update includes quality improvements and is recommended for all users of Hestia Control Panel.

• [UI] Fixed an issue where the wrong user type icon was displayed the top menu bar (#3810)
• [UI] Fixed back button links on SSH, API, Logs, and White Label pages (#3811)
• [UI] Fixed "No IPset lists defined" even when lists are defined (#3812)
• [UI] Removed animation effect from login screen (#3822)
• [UI] Fixed an issue where search results were not being returned for all users when logged in as admin (#3833)
• [UI] Removed animations from all page loads to improve performance (#3836)
• [UI] Moved debug mode enablement switch to a more logical place (#3838)
• [DNS] Ensure domain is formatted properly with DNSSEC (#3814)
• [API] Added update-dns-record permission to the API (#3819)

• Added more files to default proxy extensions (#3768)
• Increased width of menu bar dropdowns on mobile (#3765)
• Increased HSTS max-age to 31536000 (#3762)
• Add prompt to v-update-sys-hestia-git to install NodeJS if not present (#3779)
• Fixed an issue where v-update-sys-ip was not run on boot on Debian systems
• Fixed an issue where the system hostname would lose its FQDN format on reboot when using Proxmox VE containers
• Fixed an issue ith v-generate-ssl-cert (#3783)
• Fixed an issue where the port was missing in welcome email (#3784)
• Fixed an issue with the is_mail_new function (#3785)
• Fixed an issue where the "Save" button would appear before warning was dismissed when attempting to add a domain or database as admin (#3786)
• Fixed an issue where MySQL 8 could not be installed on Ubuntu (#3788)
• Fixed an issue with TLS connections when using ProFTPD (#3790)
• Fixed an issue where vlan or virtual NIC connections would fail the adapter validity check when adding an IP address (#3797)
• Fixed several PHP 500 errors and warnings in the Control Panel backend (#3789)
• Fixed an issue with v-change-dns-domain-ip and DNS cluster (#3803)
• Update Multiple Quick install apps (#3800 and #3801)
• Updated language translations

• Fixed Debian 10 not working with ip adresses check
• Fixed Exim4 update config via patch was unreliable added few safety checks and add notice if failed.
• Fixed hestia-nginx not loading with custom port

[1.8.0] - Feature / Major release

Notes

• Dropped support for Ubuntu 18.04 Bionic due to EOL Please upgrade to 20.04 or 22.04.
• Custom nginx templates require some changes due to deprecated http2 parameter for the listen directive by Nginx 1.25.1 (#3684, #3704) and 0-RRT Protection introduced in (#3692)
• Dropped support for Rainloop and replaced by Snappymail (#3590)

Features

• Added support for Debian 12 (#3661)

• Enhanced and Optimized TLS (#3555 @myrevery)

• TLS 1.3 0-RTT with replay protection (#3692 @myrevery)

• Add support for SRS in Exim >= 4.9.5 (#3197 @henri-hulski)

• White label support and refactor translations (#3441 #3572)

• Improve user notifications UI (#3709)

• Continue work on UI improvements (#3700, #3693, #3691, #3685, #3682, #3680, #3672, #3668, #3662, #3659, #3651, #3634, #3629, #3628, #3619, #3615, #3608, #3606, #3602, #3600, #3598)

• Allow option to enable/disable backup suspended users (#3696 )

• Feature: v-dump-database (#3644)

• Allow users to create own document error / skeleton and do not overwrite them with updating (#3622)

• Consistent overlay styles (#3617)

• Integrate SnappyMail (#3590)

• Allow sorting on package name (#3726)

• Add templates for yourls (#3755 @ediazmurillo)

Bugfixes

• Fix: DNS cluster expected return code instead of string (#3706)
• Resolve #3684 Process "http2" directive for NGINX (#3704 @myrevery)
• Upload hestiacp.pot file directly to Crowdin (#3702)
• Refactor add ns buttons (#3701)
• Remove \r chars from VestaCP cron.conf (#3708 @maunklana)
• Unable to edit password domain smtp relay (#3690)
• Fix: #3687 Improve check if alias already exists (#3689)
• Fixed bug in v-update-sys-ip when multiple interfaces / ip addresses are available (#3688)
• Prevent empty ns1 / ns2 to be used (#3683)
• Reload web server up on deleting web domain. #3705
• Fix sed for installing sieve (#3679)
• Tidy development docs (#3677)
• Fix typo in v-delete-sys-filemanager (#3678)
• Improve DNS SEC Public key information display (#3676)
• Switch from Yarn v3 to npm (#3675)
• Fix #3643: SOA updating on rebuild command from main server (#3660)
• Fix: Import CPanel when account email is non existing (#3670 #3667)
• Fix: Import CPanel when mail domain and or web domain already exists (#3670 #3667)
• Normalize v-add-user-package input (#3671 #3669)
• smtputf8_advertise_hosts is not supported by deb10 (#3652)
• fix Gitea template (#3650 @asessa)
• Fix issue with redirect to subfolder (#3623)
• Replace current nginx template with suspended template (#3641)
• Fix issue with duplicated phpmyadmin-auth blocks in jail.local (#3642)
• Fix error in rebuild script (#3639)
• Fix bug in syshealth script
• Refactor and fixes for handling system IP/Interfaces (#3605 @myrevery)
• Fix #3496 Fix issue with Sieve and SMTP relay (#3581 @s4069b)
• Add jail rule for incorrect for phpmyadmin (#3596)
• Fix #3599 Disable SMTPUTF8 (#3603)
• Fix content shift on stats row hover (#3614)
• Fix issue with checkbox is not selected port return "no" (#3616)
• Encode passwords in emails send (#3566)
• Add support for PHPmyAdmin SSO support for Mysql 8 (#3539)
• add alias to wp-cli to the user's .bashrc and fix error handling. (#3569 @aosmichenko)
• Simplify suspend/unsuspend dialog translations (#3565)
• Tidy notifications copy (#3561)
• Predefined Ipset lists not loading #3552 (#3557)
• Minor UI fixes to server console output (#3556 @myrevery)
• Fix #3745 Translations not loading (#3746)
• Make IPset visible when F2B is not installed (#3750)
• Fix: #3729 Missing robots.txt get redirected to WP (#3739) / Add WordPress Multisite subdir support (#3741 @hudokkow )
• Fix issue with Global SMTP settings not updating (#3730)
• Add phpbb Nginx template (#3732 #3731 @xchwarze)
• Update Nextcloud template (#3725 @Steveorevo)
• Fix php error when DNS disabled when updating user (#3726)
• Fix: #3712 Unable to restore domain with custom doc root (#3726)
• Add BIENNIALLY & TRIENNIALLY stats on TaskMonitor (#3721 @caos30)

Dependencies

• Update hestia-php to 8.2.8
• Update hestia-nginx to 1.25.1
• Update Quick install apps versions

• Fix reflected XXS in debug panel when debug mode was enabled or the user accessed directly the debug panel template.

Bugfixes

• Fix https://github.com/hestiacp/hestiacp/issues/3588: Delete issue DNS record (https://github.com/hestiacp/hestiacp/pull/3589)
• Tidy notifications copy (https://github.com/hestiacp/hestiacp/pull/3561)
• Predefined ipset lists not loading https://github.com/hestiacp/hestiacp/issues/3552 (https://github.com/hestiacp/hestiacp/pull/3557)

• Fixed Error message "deleted" before shown due to register_shutdown_function (#3548 #3547)
• Fixed an in issue in humanize_usage_size with number format (#3546 #3547)
• Fixed rounding issue with humanize_usage_measure (#3540 #3541)

Fixed an issue with the installers

Features

• Build JS/CSS Theme on release (#3525)
• Refactor away jQuery

Bugfixes

• Remove Font Awesome "brands" usage (#3535)
• Make uft8mb4 default charset for databases (#3534)
• Remove extra slash in SSO url (#3533)
• Improve Quick Install App password input (#3530)
• Kill OpenSSL server if its already running before validating SSL certificate (#3505)
• Improve redirect behaviour (#3503)
• Fix: PMA SSO for cp panel template (#3493)
• Fix: Bug in sftp backup (#3489)
• Improve Quick Install App password input (#3530)
• Refactor away on click usage on login pages (#3526)
• Refactor Add/Edit Firewall Rule JS (#3522)
• Build Alpine.js bundle (#3521)
• Improve charts JS (#3519)
• Show spinner when confirming dialog action (#3517)
• Refactor Edit Web JS/remove jQuery (#3513)
• Refactor Add/Edit Database JS (#3511)
• UI updates (#3510)
• Refactor JS (#3508)
• Fix #3318 Remove: decrepitation warning MariaDB (#3465)
• Fix: 3514 Fix UI not matching true value (#3515)
• Refactor form submit JS (#3502)
• Refactor JS (#3500)
• Refactor unlimited input JS (#3495)
• Tidy JS (#3492)
• IPV6 compatible prevent CSRF (#3491)
• Rewrite statistics UI mobile-first (#3490)
• Refactor JS (#3488)
• Add Quota info to the user list (#3487)
• Minor UI updates (#3485)
• Dynamically load Chart.js bundle (#3480)
• Refactor JS to use ES modules (#3476)

Features

• Re-implement RRD charts in Chart.js (#3452)
• Add JS/CSS build script (#3471)

Dependencies

• Update hestia-php to 8.2.5
• Update hestia-nginx to 1.23.4

Bugfixes

• Fix: named command warning (#3447 #neto737)
• Fix: Include Cloudflare IPS during install (#3449 #3448)
• Fix: Bug in upgrade_phppgadmin preventing folder from being created when not exists (#3450)
• Add warnings to php-fpm templates (#3450)
• Exim: Never show HELO for authenticated users (#3462 @myvesta)
• Misleading title "Error" on popup notification when creating manual backup (#3460 #3461)
• Fix: Do not add a trailing . on DNSKEY #3458
• Fix toolbar spacing on mobile in some scenarios e.g. Backups page (#3460)
• Fix: Users can not create a new DNS domain (#3451)
• Fix: Error message containing html are encode twice (#3473)
• Fix button width regression (#3474)
• Remove opacity from modal background (#3460)
• Refactor add/remove name server javascript ($3468)
• Refactor "Unlimited" inputs (#3464)
• Refactor password strength JS (#3459)

Note

• Hestia 1.7.2 fixes an issue with certificate downloading introduced by a new feature with LetsEncrypt and will go live on the 24th April 2023. Breaking existing setups! See: #3444

Bugfixes

• Fixed an issue php after default php version change (#3145 #3414)
• Fixed importing Add Domains v-import-cpanel (#3242 @adion-gorani)
• Fixed and issue with DNSSSEC check if DNSEC is available (#3430)
• Fixed an issue with v-add-web-domain-redirection (#3438 #3440)
• Remove leading and trailing spaces on a domain (#3439 #3440)
• Fixed an issue with domain.com:/public_html in v-backup-users (#3434)
• Fix and issue with custom webmail clients (#3419 #3420)
• Refine :focus styles (#3432)
• Replace jQuery UI tabs with vanilla JS (#3413)
• Reduce amount of animation styles (#3418)
• Minor UI updates (#3425)
• Fixed an issue with v-suspend-dns-record still loading after being disabled (#3441 @setiseta)
• Replace jQuery UI dialogs with (#3401)
• Fixed an issue SSL not found + php error on login page. (#3404)

[1.7.1] - Service release

Bugfixes

• Fixed an issue with wildcard overruling webmail.domain.com config in Apache2 (#3400 #1631)
• Removed delete button edit user page (#3997)
• Fixed an issue with serial not increasing (#3396)
• Fixed an issue with new hestia-zone sync and servers behind NAT or with multiple IPs (#3388 #3396)
• Remove option to enable DNSSEC when DNSSEC is not supported (#3372 #3396)
• Fix toolbar items on locales with long words (#3380 #3395)
• Only count *.tar files in rotate routine (#3393 #3385)
• Fixed broken upgrade_mariadb.sh (#3391 @myrevery)
• Improve add_firewall_ipset.php (#3390 @myrevery)
• Update Path change of IPset blacklist.sh (#3389 @myrevery)
• Improve upgrade script Cloudflare ips (#3388 @myrevery)
• Update supported message hst-install.sh (#3377 @shizualand)
• Fixed an issue with adding own ssl certificated to website config (#3374 #3371)
• Fixed javascript logic edit mail domains (#3373)
• Add required attribute to login forms (#3376)