# 0.3.5 Released on November 08, 2024 ### 🚀 New features - [Email notifications for OpenPanel users](/docs/panel/account/notifications/). - Option to change password for email accounts, set quota, suspend incoming/outgoing emails from the 'OpenPanel > Emails' page. - Users can now view and terminate active sessions for their account from the 'OpenPanel > Account > Active Sessions' page. - Administrators can now set [rate limiting and blocking limits](/docs/admin/intro/#brute-force-protection) for both OpenPanel and OpenAdmin login pages. - Administrators can now set [session duration](https://dev.openpanel.com/cli/config.html#session-duration) for OpenPanel users. - Administrators can now create [a custom template to be displayed on domains without any content](https://i.ibb.co/tXkHKyL/default-landing.png). - New command `opencli admin logs` is available for multitail [all OpenAdmin services logs](https://dev.openpanel.com/logs.html). - [Error IDs](https://i.postimg.cc/dtC3M7Mq/500.png) to help administrators trace OpenPanel errors with the new command [`opencli error`](https://dev.openpanel.com/cli/error.html). - [`opencli domais-delete` command](https://dev.openpanel.com/cli/domains.html#Delete-Domain). ### ️🚨 Security fixes - *Insecure Permission Modification via Fix Permission Function* – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the `/home/username/` directory within the user's container. - *Remote Code Execution via Fix Permission* – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users. - *Remote Code Execution via Change Time Zone* – vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users. - *Unauthorized File Access via Copy Function* – vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container. - *Unauthorized File Access via Compress Function* – vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container. - *Unauthorized File Access* – vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container. - *Unauthorized File Access via Download Function* – vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container. - *Unauthorized File Access via View Function* – path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container. ### 🐛 Bug fixes - [Password reset for openpanel users does not end all active sessions on that user #66](https://github.com/stefanpejcic/OpenPanel/issues/66) - [Error when changing email settings #208](https://github.com/stefanpejcic/OpenPanel/issues/208) - [phpmyadmin gives token error #265](https://github.com/stefanpejcic/OpenPanel/issues/265) - [Weird error when I add domain #266](https://github.com/stefanpejcic/OpenPanel/issues/266) - ['Supplied non-number argument' error when creating emails #268](https://github.com/stefanpejcic/OpenPanel/issues/268) - [_mysql_connector.MySQLInterfaceError: MySQL server has gone away #269](https://github.com/stefanpejcic/OpenPanel/issues/269) - [[Errno 2] No such file or directory: '/etc/openpanel/clamav/domains.list' #271](https://github.com/stefanpejcic/OpenPanel/issues/271) - [Bug with install script on Debian12 Hetzner ISO](https://community.openpanel.org/d/110-installation-issue/6). ### 💅 Polish - Python version for OpenPanel is updated from `3.10` to `3.12`. - [Inline documentation for every page on OpenAdmin interface](https://i.postimg.cc/6tzM8Rtg/2024-10-31-20-32.png). - `opencli user-login` will now display list of users to select and autocomplete username. - Optimized `openpanel/openpanel:latest` docker image. - `git` and `apparmor` are now installed automatically on Debian12. - Email and FTP accounts for use are now deleted when OpenPanel user is terminated. - Email folders are now automatically created for new domains. - SSL, DNS, Proxy settings, blocked IPs, ClamAV settings and websites are now automatically deleted when domain is removed. - Terms no longer need to be accepted for new installations.